This message was deleted.

@Nick Panaccio aren't you running Windows Defender in your VDI setup?

Yep - never onboard your master image.

I have a word doc with details as well that may help. I started going down this path and got about 80% way done. Then they switched gears. But @Nick Panaccio did it all.

But generally speaking, we don't onboard our master images at all. We run the onboarding scripts via GPO (startup script), which are only applied to the VDAs.

so i got the offboarding script

I don't know if the Sense service matters if you're offboarding, honestly. All I've read is that you mainly need to be worried about the GUIDs in the registry and some files, and if you remove those in your master, you should be fine.

Yeah I can't remove the files or the GUIDs once that service is running

The startup script works, but you definitely need to remove that info from your master image first.

yes I'm just running the startup script by placing it into c windows system32 group policy startup instead of to running it via gpo

Have you tried running psexec as SYSTEM to run the offboarding script?

yup

Unless I'm misreading the offboarding script, it doesn't look like it's actually trying to stop the sense service, just checks to see if it was stopped.

yup exactly that, so I tried various ways to stop the service including using pexec but no dice

Safe Mode?

Yeah that was my next step, but I was also concerned about operational changes we would need to implement for updating our images (we got 8 images which require manual update at the mo) - asking the engineers to boot into safe mode to offboard, then back into normal mode to do their bits seems a bit much

Was just about to go down this road. This is VERY helpful - thank you William and Nick.