Solved

Driver exe's auto run after DISM/PNPUtil Import

Posted on 2014-04-16
6
1,046 Views
Last Modified: 2016-11-23
I've tried adding Dell drivers to my .wim file using DISM, and I have also tried using pnputil to add the drivers then re-capturing the image.
But it appears, after I use either method, when the computer starts up, executable files are in the start up (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) that call the exe of some of the drivers.

All of these Run entries appear out of box:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\DellTPad\\Apoint.exe"
"IgfxTray"="\"C:\\Windows\\system32\\igfxtray.exe\""
"HotKeysCmds"="\"C:\\Windows\\system32\\hkcmd.exe\""
"Persistence"="\"C:\\Windows\\system32\\igfxpers.exe\""
"RtHDVCpl"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe /s"
"RtHDVBg"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /MAXX4P1"
"WavesSvc"="C:\\Program Files\\Realtek\\Audio\\HDA\\WavesSvc64.exe"
"RtHDVBg_PushButton"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /IM"

Windows at startup of loading the desktop, prompts me to Run or cancel, in order for each of these entries.

If I click "run", I guess they install. For a couple, like the Realtek one, it appears to add a system tray icon of a sound icon (separate from the Windows sound volume icon).

When I reboot, the same thing happens again, all these programs try to run.

If I delete the entries, then reboot, they go away, but the icons in the system tray like for Realtek for example, are gone.
However no devices appear to be missing from the device manager...
0
Comment
Question by:garryshape
  • 5
6 Comments
 
LVL 87

Expert Comment

by:rindi
ID: 40006393
Drivers installed via exe files, are usually just compressed zip packages, which get extracted by running the exe file. Those extracted files are then copied to another directory, and after that the installer installs them.

On a Dell, when you manually run those files, you can usually choose where those extracted files will be stored at. So what you should do is to first run those exe's, then look at the extracted folders and just copy the relevant folders or contents of folders to your installation directory. Don't copy the complete exe. You'll probably also notice that the folders contain sub folders for different OS's, so you only need those that are relevant to your OS.
0
 

Author Comment

by:garryshape
ID: 40006476
What I did was I had downloaded the .cab file from Dell for this particular computer model
http://en.community.dell.com/techcenter/enterprise-client/w/wiki/4963.latitude-e6440-windows-7-driver-cab.aspx

I didn't download individual exe drivers

I just downloaded that .cab file above, extracted it, then mounted the .wim image of my Windows 7 image and used DISM with /recurse command to add all inf drivers found within that x64 folder of the extracted cab file from Dell.

It's the same process I used for the E6430 laptop but the E6430 didn't have this issue with driver exe's running after reboot.
0
 

Author Comment

by:garryshape
ID: 40006713
Ok I came across a couple of other threads and it appears it's because maybe the .cab file I extracted had to be "unblocked" first.

http://social.technet.microsoft.com/Forums/en-US/8af05827-2e38-4a0a-8249-a4ff07434a67/executables-installed-during-driver-installation-not-running?forum=w7itproinstall

http://blogs.technet.com/b/askcore/archive/2010/11/12/open-file-security-warning-prompt-during-deployment.aspx

These entries are indeed supposed to remain in the Run key, but because the exe's seem to have originated from another computer, I need to try and "unblock" the files so I don't get that security prompt every time.

I will try it out and check.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:garryshape
ID: 40006831
Now I've got to figure out how to remove all these exes and drivers so I can re-add the "unblocked" ones. Restoring old image then will try dism add-drivers with unblocked ones
0
 

Accepted Solution

by:
garryshape earned 0 total points
ID: 40007035
Ok, UNBLOCKING the .cab file of driver pack I downloaded from Dell (right-click cab file, properties, then unblock", before extracting it.
Then I extracted it and slipstreamed the drivers into my .wim image.

Now the driver exes run at startup just fine and I get no security prompts.
0
 

Author Closing Comment

by:garryshape
ID: 40014375
FOUND SOLUTION
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now