Capture Win32 applications into a provisioning package using ScanState tool

Hi guys,

Today I’m gonna cover how to capture Win32 applications into a PPKG using ScanState tool (available in USMT of Windows 10 ADK).

The standard way to capture Win32 applications using ScanState tool is to run the following command:

scanstate /apps /ppkg c:\Temp\win32apps.ppkg /l:c:\Temp\win32_scan.log

But by default ScanState tool, using the /apps option, will capture all the applications located under the following folders:

  1. C:\Windows
  2. C:\Program Files
  3. C:\Program Files (x86)
  4. C:\ProgramData
  5. C:\Users

This might capture way too much data into the provisioning package so we need to limit the captured data to a specific scope. Let’s go through the different steps to execute that.

Create an external media containing ScanState tool

To run ScanState tool on a reference Windows 10 machine, you need to create a removable media containing ScanState. To do so, copy the content of the following folders into a external USB drive. from a computer where USMT (of Windows 10 ADK) is installed.

  • "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\windows setup\adm64\sources"
  • "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\User State Migration Tool\adm64"

In my lab, I copied those folders content in a USB drive under “D:\scanstate_amd64”



Restrict data captured by ScanState tool

To limit our capture to specific applications, we first need to use an application discovery template provided by USMT. That template is called “MigApp.xml” and is located in the USMT installation path.


That file contains a detection method for most of the popular applications. You can see in the below picture the detection information for Adobe Reader 9.0.


Using that application detection file with ScanState tool, you can generate a configuration file which contains all the detected applications.

Run the following command to generate the configuration file:

scanstate.exe /i:d:\scanstate_amd64\migapp.xml /genconfig:C:\Temp\installed-app.xml /l:C:\Temp\scanstate.log


That command line will create a new configuration file containing information about detected installed applications on your reference Windows 10 machine. Here’s an example of output file:


Before using that configuration file to execute the Win32 applications capture on the reference computer, you need to modify the [migrate=”yes”] setting of each application, whether we want or not to capture that application.

Once the configuration has been modified to only include the Win32 applications that we want to capture, run the following command line to capture selected Win32 applications into a provisioning package.

scanstate /apps /ppkg c:\Temp\win32apps.ppkg /l:c:\Temp\win32_scan.log /config:C:\Temp\installed-app.xml


This will generate a provisioning package in the output folder.

Here’s you can see the size difference between an unfiltered and filtered capture.


Comments (2)

  1. iven says:

    Thank you Hammoudi, great article but I have one question.

    After I capture the ppkg , I apply the .ppgk File to an another online System(same Win10 version).

    Provisioning failure is occurred, Reported error code: 0x80070103

    Installation of a provisioning package failed. Please work with the package author to diagnose the problem.

  2. Hi Iven, have you tried to import your provisioning package in an offline image?

    I think you can't import captured app/driver in an online system.

    To import the ppkg to an offline image, follow my previous article:…/add-a-provisioning-package-in-an-offline-image-using-dism.aspx



Skip to main content