cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

MSIX App Attach Group Policy Issues

%3CLINGO-SUB%20id%3D%22lingo-sub-1438404%22%20slang%3D%22en-US%22%3EMSIX%20App%20Attach%20Group%20Policy%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1438404%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%E2%80%99ve%20been%20testing%20out%20MSIX%20App%20Attach%20on%20the%20new%202004%20build%20of%20Windows%2010%20Multi-User%20and%20works%20fine%20running%20the%20staging%2C%20register%2C%20deregister%20and%20destaging%20scripts%20manually.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20having%20issues%20getting%20them%20to%20run%20via%20GPO.%3CBR%20%2F%3E%3CBR%20%2F%3EAny%20possible%20combination%20I%20use%20the%20Stage%20script%20fails%20to%20run.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20believe%20it%20is%20permission%20based%20and%20the%20Mount-VHD%20command%20is%20failing.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20run%20the%20stage%20script%20manually%20the%20register%20and%20others%20work%20fine%20via%20GPO%3CBR%20%2F%3E%3CBR%20%2F%3EI%E2%80%99ve%20also%20tried%20the%20combined%20script%20below%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fblog.itprocloud.de%2FAutomatic-MSIX-app-attach-scripts%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.itprocloud.de%2FAutomatic-MSIX-app-attach-scripts%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Eand%20still%20the%20Startup%20script%20doesn%E2%80%99t%20run.%20As%20per%20the%20article%20I%20have%20granted%20the%20Gpsvc%20permission%20to%20mount%20the%20VHD.%3CBR%20%2F%3E%3CBR%20%2F%3EAnyone%20have%20any%20ideas%3F%3CBR%20%2F%3E%3CBR%20%2F%3EJames%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1446961%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20App%20Attach%20Group%20Policy%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1446961%22%20slang%3D%22en-US%22%3EI%20answered%20this%20myself%20in%20the%20end.%3CBR%20%2F%3E%3CBR%20%2F%3EWas%20due%20to%20permissions%20as%20I%20had%20the%20VHDs%20hosted%20on%20Azure%20File%20Share%20so%20the%20Gpsvc%20couldn%E2%80%99t%20mount%20them.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20moved%20them%20to%20a%20local%20share%20on%20my%20file%20server%20and%20working%20perfectly.%3CBR%20%2F%3E%3CBR%20%2F%3EWould%20be%20nice%20to%20know%20if%20I%20could%20get%20it%20to%20work%20off%20the%20Azure%20File%20Share%20but%20I%E2%80%99m%20unsure%20how%20to%20get%20it%20working%3CBR%20%2F%3E%3CBR%20%2F%3EJames%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1610448%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20App%20Attach%20Group%20Policy%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1610448%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F688159%22%20target%3D%22_blank%22%3E%40Jamesatighe%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20running%20into%20the%20same%20issue%20and%20to%20work%20around%20it%20we%20have%20moved%20it%20to%20a%20file%20share%20on%20a%20VM%20in%20the%20Azure%20Vnet.%20However%20it%20would%20be%20a%20nicer%20solution%20to%20use%20Azure%20files%26nbsp%3B%20we%20are%20using%20that%20for%20our%20profile%20storage%20with%20ADDS%20integration.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIssue%20is%20authentication.%20The%20logon%20script%20GPO%20is%20run%20with%20the%20local%20system%20account%2C%20I%20can't%20find%20a%20way%20to%20allow%20access%20to%20the%20AZ%20file%20share%20for%20this%20account.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1657300%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20App%20Attach%20Group%20Policy%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1657300%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F516290%22%20target%3D%22_blank%22%3E%40R_Akers%3C%2FA%3E%26nbsp%3Byou%20can%20create%20a%20scheduled%20task%20to%20run%20as%20a%20%22user%22%20account%20on%20startup%20that%20has%20mount%20permissions%20and%20access%20to%20the%20share%20in%20Azure%20Files%20with%20AD%20permission%20sync%20enabled%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jamesatighe
Occasional Contributor

‎06-03-2020 12:34 PM

‎06-03-2020 12:34 PM

MSIX App Attach Group Policy Issues

Hi,

I’ve been testing out MSIX App Attach on the new 2004 build of Windows 10 Multi-User and works fine running the staging, register, deregister and destaging scripts manually.

I am having issues getting them to run via GPO.

Any possible combination I use the Stage script fails to run.

I believe it is permission based and the Mount-VHD command is failing.

If I run the stage script manually the register and others work fine via GPO

I’ve also tried the combined script below

https://blog.itprocloud.de/Automatic-MSIX-app-attach-scripts/

and still the Startup script doesn’t run. As per the article I have granted the Gpsvc permission to mount the VHD.

Anyone have any ideas?

James
578 Views
0 Likes
3 Replies
Reply
3 Replies
Best Response confirmed by Jamesatighe (Occasional Contributor)
Jamesatighe

‎06-07-2020 10:30 AM

‎06-07-2020 10:30 AM

Solution

Re: MSIX App Attach Group Policy Issues

I answered this myself in the end.

Was due to permissions as I had the VHDs hosted on Azure File Share so the Gpsvc couldn’t mount them.

I moved them to a local share on my file server and working perfectly.

Would be nice to know if I could get it to work off the Azure File Share but I’m unsure how to get it working

James
0 Likes
Reply
R_Akers

‎08-25-2020 05:44 AM

‎08-25-2020 05:44 AM

Re: MSIX App Attach Group Policy Issues

@Jamesatighe 

 

We are running into the same issue and to work around it we have moved it to a file share on a VM in the Azure Vnet. However it would be a nicer solution to use Azure files  we are using that for our profile storage with ADDS integration. 

 

Issue is authentication. The logon script GPO is run with the local system account, I can't find a way to allow access to the AZ file share for this account.

0 Likes
Reply
David Brophy

‎09-11-2020 06:30 AM

‎09-11-2020 06:30 AM

Re: MSIX App Attach Group Policy Issues

@R_Akers you can create a scheduled task to run as a "user" account on startup that has mount permissions and access to the share in Azure Files with AD permission sync enabled

0 Likes
Reply