Real SysAdmins Compile Their Own WinPE Images

Notes by Ami Arwidmark | Session presented by Johan Arwidmark (If you're not on Twitter, get on Twitter!)

IP Plan/Addresses for ViaMonstra Lab
https://viamonstra.com/pages/ip-plan

Tip: Use Data-Deduplication but disable the schedule because it can corrupt VMs while they are running – better to run manually when you know that the VMs are off.

Why create own WinPE image?

  • To learn the processes of WinPE
  • To learn how to troubleshoot
  • To add components (front-ends, etc.) that SCCM/ConfigMgr can't add

Folder Structure for ADK:

Main installation folder for the deployment tools:

  • C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit

Main WinPE folder:

  • C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment

WinPE image folder (example with x64):

  • C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media

Optional Components for WinPE (example with x64)

  • C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs

Use copyPE to get list of commands

clip_image002

Makewinpemedia command to generate an ISO
http://technet.microsoft.com/en-us/library/hh825232.aspx

Use wpeinit to start networking and read (if it exists) unattend.xml
http://technet.microsoft.com/en-us/library/cc748941(v=ws.10).aspx

Johan Powershell script for boot image

<#
.Synopsis
    Sample script for Deployment Research
.DESCRIPTION
    Created: 2016-09-29
    Version: 1.2

    Author : Johan Arwidmark
    Twitter: @jarwidmark
    Blog   : https://deploymentresearch.com

    Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
    is not supported by the author or DeploymentArtist..
.EXAMPLE
    N/A
#>

# Check for elevation
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
    Write-Warning "Aborting script..."
    Break
}

# Settings
$WinPE_BuildFolder = "C:\Setup\WinPE10_x64"
$WinPE_Architecture = "amd64" # Or x86
$WinPE_MountFolder = "C:\Mount"
$WinPE_ISOfile = "C:\ISO\WinPE10_x64_ADSI.iso"

$ADK_Path = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit"
$WinPE_ADK_Path = $ADK_Path + "\Windows Preinstallation Environment"
$WinPE_OCs_Path = $WinPE_ADK_Path + "\$WinPE_Architecture\WinPE_OCs"
$DISM_Path = $ADK_Path + "\Deployment Tools" + "\$WinPE_Architecture\DISM"
$OSCDIMG_Path = $ADK_Path + "\Deployment Tools" + "\$WinPE_Architecture\Oscdimg"

# Delete existing WinPE build folder (if exist)
try
{
if (Test-Path -path $WinPE_BuildFolder) {Remove-Item -Path $WinPE_BuildFolder -Recurse -ErrorAction Stop}
}
catch
{
    Write-Warning "Oupps, Error: $($_.Exception.Message)"
    Write-Warning "Most common reason is existing WIM still mounted, use DISM /Cleanup-Wim to clean up and run script again"
    Break
}

# Check for existing folder
if (Test-Path -path "$WinPE_BuildFolder") { Write-Warning "Folder exist, delete it"; Break}

# Make a copy of the WinPE boot image
if (!(Test-Path -path "$WinPE_BuildFolder\Sources")) {New-Item "$WinPE_BuildFolder\Sources" -Type Directory}
Copy-Item "$WinPE_ADK_Path\$WinPE_Architecture\en-us\winpe.wim" "$WinPE_BuildFolder\Sources\boot.wim"

# Copy WinPE boot files
Copy-Item "$WinPE_ADK_Path\$WinPE_Architecture\Media\*" "$WinPE_BuildFolder" -Recurse

# Create Mount folder if not exists
if (!(Test-Path -path "$WinPE_MountFolder")) {New-Item "$WinPE_MountFolder" -Type Directory}

# Mount the WinPE image
$WimFile = "$WinPE_BuildFolder\Sources\boot.wim"
Mount-WindowsImage -ImagePath $WimFile -Path $WinPE_MountFolder -Index 1

# ------------- Add drivers -----------------

# Inject drivers using native PowerShell cmdlets, requires Windows 10 or Windows Server 2016 host
$DriverToAdd = "C:\WinPE\NicDriver\rt640x64.inf"
If (Test-path -path $DriverToAdd){
    Add-WindowsDriver -Path $WinPE_MountFolder -Driver $DriverToAdd
}

# Inject drivers using dism, requires Windows 10 or Windows ADK 10
$DriverToAdd = "C:\WinPE\NicDriver\rt640x64.inf"
If (Test-path -path $DriverToAdd){
    & $DISM_Path\dism.exe /Image:$WinPE_MountFolder /Add-Driver /Driver:$DriverToAdd
}

# ------------- Add application and registry settings old-school style -----------------

Set-Location "E:\Demo\IT Dev Connections 2016\WinPE"
Copy-Item .\Tools\x64\ZoomIt64.exe "$WinPE_MountFolder\Windows\System32"
& reg load "HKLM\WinPE" "$WinPE_MountFolder\Windows\System32\Config\Default"
Start-Sleep -s 5
& regedit /s .\WinPE-Settings.reg
Start-Sleep -s 5
& reg unload "HKLM\WinPE"

# ------------- Add application and registry settings new SHINY style -----------------

# Inject ADSI Components using native PowerShell cmdlets, requires Windows 10 or Windows Server 2016 host
Add-WindowsDriver -Path $WinPE_MountFolder -Driver "C:\Plugins\ADSIx64\ADSIx64.inf" -ForceUnsigned

# Inject ADSI Components using dism, requires Windows 10 or Windows ADK 10
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Driver /Driver:C:\Plugins\ADSIx64\ADSIx64.inf /ForceUnsigned

# --------------------------------------------------

# Copy ADSI sample VBScript
Copy-Item .\Connect_to_DC_Sample.vbs "$WinPE_MountFolder\Windows\System32"

# Add packages using native PowerShell cmdlets, requires Windows 10 or Windows Server 2016 host
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-Scripting.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-Scripting_en-us.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-WMI.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-WMI_en-us.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-HTA.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-HTA_en-us.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-MDAC.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-MDAC_en-us.cab

# Add WinPE optional components using ADK version of dism.exe instead of Add-WindowsPackage
# Requires Windows 10, or Windows 10 ADK DISM version
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-Scripting.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-Scripting_en-us.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-WMI.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-WMI_en-us.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-HTA.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-HTA_en-us.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-MDAC.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-MDAC_en-us.cab

# Unmount the WinPE image and save changes
Dismount-WindowsImage -Path $WinPE_MountFolder -Save

# Create a bootable WinPE ISO file (comment out if you don't need the ISO)
$BootData='2#p0,e,b"{0}"#pEF,e,b"{1}"' -f "$OSCDIMG_Pathetfsboot.com","$OSCDIMG_Pathefisys.bin"

$Proc = Start-Process -FilePath "$OSCDIMG_Pathoscdimg.exe" -ArgumentList @("-bootdata:$BootData",'-u2','-udfver102',"$WinPE_BuildFolder","$WinPE_ISOfile") -PassThru -Wait -NoNewWindow
if($Proc.ExitCode -ne 0)
{
    Throw "Failed to generate ISO with exitcode: $($Proc.ExitCode)"
}

Get-ChildItem $WinPE_ISOfile


Dell Command has the best package for WinPE – even for other vendors.
http://en.community.dell.com/techcenter/enterprise-client/w/wiki/11530.winpe-10-driver-pack

Johan ADSI Plugin. Useful to authenticate to AD in WinPE and to do other AD operations:
Adding ADSI Support for WinPE 10 – Deployment Research

PXE Booting WinPE

Available in MDT SCCM

SCCM requires a record to boot, MDT – doesn't care

WDS used in the background

3rd party PXE

Use default SCCM boot image in WDS
http://deployvista.com/Home/tabid/36/EntryID/54/Default.aspx

Failed to find valid adapter – but you have a network card installed!
https://deploymentresearch.com/528/Fixing-the-ldquo-Failed-to-find-a-valid-network-adapter-rdquo-error-in-ConfigMgr-Current-Branch

Install driver in WinPE

drvload <path to ini>

(if it was network driver, you can confirm by doing the following)

wpeinit

ipconfig

Much faster to validate what driver should be added to the boot image so you don't have to go through the process of creating and distributing a boot image just to found out it's a bad driver.

(Hardware Dependent) Tweak boot times
http://ccmexec.com/2016/09/tweaking-pxe-boot-times-in-configuration-manager-1606/

Deploying an MDT package:

If you have custom scripts that you want to always have available, put them in the ConfigMgr MDT package (the MDT package is created when you create the first MDT integrated task sequence in ConfigMgr).

Protect your Network Access account

http://oscc1-public.sharepoint.com/Blog/Post/11/Protecting-the-Network-Access-Account-using-Configuration-Items-Quest-%E2%80%93-Part1

tip: don't allow it to login interactively and don't make it domain admin

Nicolaj Anderson- DaRT remote viewer

http://www.scconfigmgr.com/2015/05/24/integrate-dart-remote-viewer-in-configmgr-2012-r2-console/

Q/A

Question: Does the ADSI front end help for scenarios using 802.1x?

Answer: for 802.1x – get a cert into the boot image

Q: PowerShell web services port is being blocked – can the port be secured?

A: Use a Johan webservice and put on the deployment server

http://prettygoodfrontend.codeplex.com/

Q: Healthcheck – will you come do it?

A: Johan comes on site or will remote in to do it

About the author

Ami Casto

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

>