NTLite processing error with Windows 11 24H2 WIM's

[GL100HMP]

Hello, until last month I was using as host OS Windows 10 22H2 (all updates included) and was able to customize all Windows 10 & 11 editions (also fully updated and generalized with SYSPREP in VMWare).

When I've changed the host system to Windows 11 24H2 LTSC and done all updates until today, I cannot customize with NTLite any Windows 11 editions (WIM file) anymore. It works with Windows 10 (WIM file).

I've tried the whole process of NTLite customization in VMs (Windows 11 &10 guest OSs) with Windows Defender disabled but no success. Something is blocking "Save changes to image process" no matter what I'm trying. I mention that a test was also done in a VM with Windows 7 guest OS and errors were only in "Removing Features" (which is normal). The rest was normal until the end.

I've attached the error picture, DISM log and NTLIte log.

So I mention again that the problem is only with Windows 11 24H2 WIMs (maybe something happened after August Windows updates).

I'm using the last version of NTLite. Older versions don't help also.

 

[garlin]

You had a File Explorer process opened somewhere in the temporary mount folder.

9/6/2025 8:58:59 PM     Saving changes to the image - C:\Users\Administrator\Desktop\Win11_general.wim - Windows 11 IoTEnterpriseS 24H2 x64 - 10.0.26100.5074 (en-US)
9/6/2025 8:58:59 PM     SM [um]: C:\Users\Administrator\Desktop\Win11_general.wim
9/6/2025 8:58:59 PM     - UnReg (di:1)
9/6/2025 9:05:51 PM     WIM error_17: 3242328343
9/6/2025 9:05:51 PM     Terminating process: explorer.exe
9/6/2025 9:06:17 PM     WIM error_17: 3242328343

NTLite needs exclusive file access to the mount folder while processing, to block any files from being changed.

 

[GL100HMP]

I do not think is any file explorer issue as you can see in picture attached. That process is taskbar itself. Only Windows 11 WIMs (customized as master image) have this problem as mentioned before and, more strange, starting with the end of August (when all lately updates were applied to WIM image). The rest of the testing environment is identical.

When I'm dealing with clean, original WIM, there is no problem.

 

[garlin]

Do you have a preset to attach (after removing any user passwords)?

 

[GL100HMP]

Attached.

The process I use is the following:

1. Installing Clean OS into VM with an autounattend.xml file (to avoid user interaction and all bs stuff);
2. Installing all needed apps;
3. Sysprep with Generalize;
4. NTLite for final fixes and customization.

I've just thought to the following thing: Before August, the master image was installed customized WITHOUT ACL tamper (based on autounattend.xml) and all is OK. In August I've installed again clean OS but WITH ACL tamper and all things went south.

I've attached also the option about ACL which I'm referring at. Autounattend is generated by a well known online, free, cool, generator.

 

[nuhi]

Hi,

the ACL authenticated strip option from it in question is a Post-setup command:
icacls.exe C:\ /remove:g "*S-1-5-11"

I tested it and no issues, unfortunately.

To help replicate, please post NTFS Security (ACL) screenshot for:
C:\NTLite
C:\Users\Administrator\Desktop\Win11_general.wim

Right-click Properties - Security - Advanced.

Thank you.

 

[GL100HMP]

Attached.

Hi nuhi, indeed the ACL is a post setup mod but somehow when generalizing installation (which was already tampered in first place with ACL stripping), something is inherited and mess up access rights when doing NTLite.

I've retested without any tamper and there is no issue. I think the issue was solved. Please give me 24 hrs to make a final conclusion.
Meanwhile if you consider another root cause, please let me know.

 

[nuhi]

Thanks, but still cannot replicate it with just that ACL option or manually replicating NTFS permissions.
Do let me know if you have a way to replicate it on my side, maybe upload an ISO for me which has that issue when deployed.
DM me, it's not allowed to publish custom ISOs.

 

[GL100HMP]

I've done all the tests and is like this:

Host OS = OS from which NTLite is running for modifying WIM images.

- Host with ACL modded + WIM with ACL modded = FAIL
- Host with ACL modded + WIM without ACL modded = SUCCSESS
- Host without ACL modded + WIM without ACL modded = SUCCESS
- Host without ACL modded + WIM with ACL modded = FAIL

In SUCCESS scenarios there is no need to close/terminate any Explorer processes or antivirus (I use Bitdefender or Windows Defender).

All the testing were done with Windows 11 Editions NOT Windows 10. In Windows 10 there is also a problem (like Win 11) when ACL is modded but there is an workaround by adjusting accordingly Security settings for working NTLite folder. That workaround is not valid for Windows 11.

There is no need to send any ISO. I've attached an answer file from which I've done all the installing. In 3rd line of script is the site link from which I've done all the stuff. There you can find that infamous ACL option (Harden ACLs). In this way you can replicate all scenarios.

garlin, nuhi Thank you for your prompt and full support! NTLite is a TOP TOOL which I'm using since 2005. Great job!!!

Have a nice day.

 

[nuhi]

Thanks. Tested the attached unattended file + Harden ACLs, still no issue loading an image from it, changing some settings and making an ISO.

So let's drop it, since you had all kinds of issues because of that Harden ACLs option.
Let me know if you ever get more info how to replicate that environment so I can see if possible to adapt NTLite to that hellish scenario.