Notes by Ami Arwidmark | Session presented by Johan Arwidmark (If you're not on Twitter, get on Twitter!)
IP Plan/Addresses for ViaMonstra Lab
https://viamonstra.com/pages/ip-plan
Tip: Use Data-Deduplication but disable the schedule because it can corrupt VMs while they are running – better to run manually when you know that the VMs are off.
Why create own WinPE image?
- To learn the processes of WinPE
- To learn how to troubleshoot
- To add components (front-ends, etc.) that SCCM/ConfigMgr can't add
Folder Structure for ADK:
Main installation folder for the deployment tools:
- C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit
Main WinPE folder:
- C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment
WinPE image folder (example with x64):
- C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media
Optional Components for WinPE (example with x64)
- C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs
Use copyPE to get list of commands
Makewinpemedia command to generate an ISO
http://technet.microsoft.com/en-us/library/hh825232.aspx
Use wpeinit to start networking and read (if it exists) unattend.xml
http://technet.microsoft.com/en-us/library/cc748941(v=ws.10).aspx
Johan Powershell script for boot image
<#
.Synopsis
Sample script for Deployment Research
.DESCRIPTION
Created: 2016-09-29
Version: 1.2
Author : Johan Arwidmark
Twitter: @jarwidmark
Blog : https://deploymentresearch.com
Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
is not supported by the author or DeploymentArtist..
.EXAMPLE
N/A
#>
# Check for elevation
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator"))
{
Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
Write-Warning "Aborting script..."
Break
}
# Settings
$WinPE_BuildFolder = "C:\Setup\WinPE10_x64"
$WinPE_Architecture = "amd64" # Or x86
$WinPE_MountFolder = "C:\Mount"
$WinPE_ISOfile = "C:\ISO\WinPE10_x64_ADSI.iso"
$ADK_Path = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit"
$WinPE_ADK_Path = $ADK_Path + "\Windows Preinstallation Environment"
$WinPE_OCs_Path = $WinPE_ADK_Path + "\$WinPE_Architecture\WinPE_OCs"
$DISM_Path = $ADK_Path + "\Deployment Tools" + "\$WinPE_Architecture\DISM"
$OSCDIMG_Path = $ADK_Path + "\Deployment Tools" + "\$WinPE_Architecture\Oscdimg"
# Delete existing WinPE build folder (if exist)
try
{
if (Test-Path -path $WinPE_BuildFolder) {Remove-Item -Path $WinPE_BuildFolder -Recurse -ErrorAction Stop}
}
catch
{
Write-Warning "Oupps, Error: $($_.Exception.Message)"
Write-Warning "Most common reason is existing WIM still mounted, use DISM /Cleanup-Wim to clean up and run script again"
Break
}
# Check for existing folder
if (Test-Path -path "$WinPE_BuildFolder") { Write-Warning "Folder exist, delete it"; Break}
# Make a copy of the WinPE boot image
if (!(Test-Path -path "$WinPE_BuildFolder\Sources")) {New-Item "$WinPE_BuildFolder\Sources" -Type Directory}
Copy-Item "$WinPE_ADK_Path\$WinPE_Architecture\en-us\winpe.wim" "$WinPE_BuildFolder\Sources\boot.wim"
# Copy WinPE boot files
Copy-Item "$WinPE_ADK_Path\$WinPE_Architecture\Media\*" "$WinPE_BuildFolder" -Recurse
# Create Mount folder if not exists
if (!(Test-Path -path "$WinPE_MountFolder")) {New-Item "$WinPE_MountFolder" -Type Directory}
# Mount the WinPE image
$WimFile = "$WinPE_BuildFolder\Sources\boot.wim"
Mount-WindowsImage -ImagePath $WimFile -Path $WinPE_MountFolder -Index 1
# ------------- Add drivers -----------------
# Inject drivers using native PowerShell cmdlets, requires Windows 10 or Windows Server 2016 host
$DriverToAdd = "C:\WinPE\NicDriver\rt640x64.inf"
If (Test-path -path $DriverToAdd){
Add-WindowsDriver -Path $WinPE_MountFolder -Driver $DriverToAdd
}
# Inject drivers using dism, requires Windows 10 or Windows ADK 10
$DriverToAdd = "C:\WinPE\NicDriver\rt640x64.inf"
If (Test-path -path $DriverToAdd){
& $DISM_Path\dism.exe /Image:$WinPE_MountFolder /Add-Driver /Driver:$DriverToAdd
}
# ------------- Add application and registry settings old-school style -----------------
Set-Location "E:\Demo\IT Dev Connections 2016\WinPE"
Copy-Item .\Tools\x64\ZoomIt64.exe "$WinPE_MountFolder\Windows\System32"
& reg load "HKLM\WinPE" "$WinPE_MountFolder\Windows\System32\Config\Default"
Start-Sleep -s 5
& regedit /s .\WinPE-Settings.reg
Start-Sleep -s 5
& reg unload "HKLM\WinPE"
# ------------- Add application and registry settings new SHINY style -----------------
# Inject ADSI Components using native PowerShell cmdlets, requires Windows 10 or Windows Server 2016 host
Add-WindowsDriver -Path $WinPE_MountFolder -Driver "C:\Plugins\ADSIx64\ADSIx64.inf" -ForceUnsigned
# Inject ADSI Components using dism, requires Windows 10 or Windows ADK 10
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Driver /Driver:C:\Plugins\ADSIx64\ADSIx64.inf /ForceUnsigned
# --------------------------------------------------
# Copy ADSI sample VBScript
Copy-Item .\Connect_to_DC_Sample.vbs "$WinPE_MountFolder\Windows\System32"
# Add packages using native PowerShell cmdlets, requires Windows 10 or Windows Server 2016 host
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-Scripting.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-Scripting_en-us.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-WMI.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-WMI_en-us.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-HTA.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-HTA_en-us.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\WinPE-MDAC.cab
Add-WindowsPackage -Path $WinPE_MountFolder -PackagePath $WinPE_OCs_Path\en-us\WinPE-MDAC_en-us.cab
# Add WinPE optional components using ADK version of dism.exe instead of Add-WindowsPackage
# Requires Windows 10, or Windows 10 ADK DISM version
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-Scripting.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-Scripting_en-us.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-WMI.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-WMI_en-us.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-HTA.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-HTA_en-us.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\WinPE-MDAC.cab
& $DISM_Pathdism.exe /Image:$WinPE_MountFolder /Add-Package /PackagePath:$WinPE_OCs_Path\en-us\WinPE-MDAC_en-us.cab
# Unmount the WinPE image and save changes
Dismount-WindowsImage -Path $WinPE_MountFolder -Save
# Create a bootable WinPE ISO file (comment out if you don't need the ISO)
$BootData='2#p0,e,b"{0}"#pEF,e,b"{1}"' -f "$OSCDIMG_Pathetfsboot.com","$OSCDIMG_Pathefisys.bin"
$Proc = Start-Process -FilePath "$OSCDIMG_Pathoscdimg.exe" -ArgumentList @("-bootdata:$BootData",'-u2','-udfver102',"$WinPE_BuildFolder","$WinPE_ISOfile") -PassThru -Wait -NoNewWindow
if($Proc.ExitCode -ne 0)
{
Throw "Failed to generate ISO with exitcode: $($Proc.ExitCode)"
}
Get-ChildItem $WinPE_ISOfile
Dell Command has the best package for WinPE – even for other vendors.
http://en.community.dell.com/techcenter/enterprise-client/w/wiki/11530.winpe-10-driver-pack
Johan ADSI Plugin. Useful to authenticate to AD in WinPE and to do other AD operations:
Adding ADSI Support for WinPE 10 – Deployment Research
PXE Booting WinPE
Available in MDT SCCM
SCCM requires a record to boot, MDT – doesn't care
WDS used in the background
3rd party PXE
Use default SCCM boot image in WDS
http://deployvista.com/Home/tabid/36/EntryID/54/Default.aspx
Failed to find valid adapter – but you have a network card installed!
https://deploymentresearch.com/528/Fixing-the-ldquo-Failed-to-find-a-valid-network-adapter-rdquo-error-in-ConfigMgr-Current-Branch
Install driver in WinPE
drvload <path to ini>(if it was network driver, you can confirm by doing the following)
wpeinit
ipconfig
Much faster to validate what driver should be added to the boot image so you don't have to go through the process of creating and distributing a boot image just to found out it's a bad driver.
(Hardware Dependent) Tweak boot times
http://ccmexec.com/2016/09/tweaking-pxe-boot-times-in-configuration-manager-1606/
Deploying an MDT package:
If you have custom scripts that you want to always have available, put them in the ConfigMgr MDT package (the MDT package is created when you create the first MDT integrated task sequence in ConfigMgr).
Protect your Network Access account
tip: don't allow it to login interactively and don't make it domain admin
Nicolaj Anderson- DaRT remote viewer
http://www.scconfigmgr.com/2015/05/24/integrate-dart-remote-viewer-in-configmgr-2012-r2-console/
Q/A
Question: Does the ADSI front end help for scenarios using 802.1x?
Answer: for 802.1x – get a cert into the boot image
Q: PowerShell web services port is being blocked – can the port be secured?
A: Use a Johan webservice and put on the deployment server
http://prettygoodfrontend.codeplex.com/
Q: Healthcheck – will you come do it?
A: Johan comes on site or will remote in to do it