Forum Discussion

Saani05's avatar
Saani05
Copper Contributor
Oct 29, 2021

Windows 11 update failed, going into endless loop

I got notification to Upgrade to Windows11. It got installed but during configuration it restarted. Now it's now showing "Preparing Automatic Repair " and after 10 mins or so getting on to another bla...
Update management
Mousefluff's avatar
Mousefluff
Iron Contributor
Nov 10, 2021

Saani05

If the root DACL is corrupt, run this from WinPE ONLY to reset it (this takes between 20 minutes to several hours easily, don't interrupt it either.) Once again ONLY in WinPE for system drives. The volume letter A: or A:\ obviously can be changed to match the volume letter on the offline Windows Image:

 

REM ++++++++++----------++++++++++----------++++++++++----------++++++++++----------++++++++++----------
REM ----------++++++++++----------++++++++++----------++++++++++----------++++++++++----------++++++++++

REM Batch file to reset ACLs on WinPE for offline images only:

@ECHO OFF
SETLOCAL
icacls A: /remove "ALL RESTRICTED APPLICATION PACKAGES" /c /l /q
icacls A: /remove "ALL APPLICATION PACKAGES" /c /l /q
icacls A: /remove "NT AUTHORITY\Authenticated Users" /c /l /q
icacls A: /remove "NT SERVICE\TrustedInstaller" /c /l /q
icacls A: /inheritance:r /grant:r "NT SERVICE\TrustedInstaller":(OI)(CI)(F) /c /l /q
icacls A: /remove "NT AUTHORITY\SYSTEM" /c /l /q
icacls A: /inheritance:r /grant:r "NT AUTHORITY\SYSTEM":(OI)(CI)(F) /c /l /q
icacls A: /remove "BUILTIN\Users" /c /l /q
icacls A: /inheritance:r /grant:r "BUILTIN\Users":(OI)(CI)(F) /c /l /q
icacls A: /remove "BUILTIN\Administrators" /c /l /q
icacls A: /inheritance:r /grant:r "BUILTIN\Administrators":(OI)(CI)(F) /c /l /q
icacls A: /inheritance:r /grant:r "NT AUTHORITY\Authenticated Users":(OI)(CI)(F) /c /l /q
icacls A: /inheritance:r /grant:r "ALL APPLICATION PACKAGES":(OI)(CI)(F) /c /l /q
icacls A: /remove "Everyone" /c /l /q
icacls "A:\*.*" /reset /t /c /l /q

REM ----------++++++++++----------++++++++++----------++++++++++----------++++++++++----------++++++++++
REM ++++++++++----------++++++++++----------++++++++++----------++++++++++----------++++++++++----------

 

https://docs.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/microsoft-store-apps-fail-to-start#fix-file-system-permissions-thats-changed-manually

 

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive?view=windows-11

 

https://docs.microsoft.com/en-us/windows/win32/secauthz/sid-strings | https://docs.microsoft.com/en-us/windows/win32/secauthz/well-known-sids | https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format

 

https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-definition-language-for-conditional-aces-

 

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/convertfrom-sddlstring?view=powershell-7.1

 

Resources