Managing WinPE

Published by david on

To modify WinPE, I use a script that performs the following actions:

  • Backup the WIM file
  • Edit the corename.txt file to specify the FQDN of the EPM server. Using the short name can cause issues in certain environments.
  • Edit the startnet.cmd to add a keyboard selection menu
  • Add drivers directly into the WinPE

Windows ADK

Install the Windows ADK for Windows 10 on the machine where you will modify the WinPE (Do not install directly on the core server):

  • Download and install the Windows ADK
  • Download and install the PE add-on for the Windows ADK

Source: Download

Identify the Drivers

Drivers.cab WinPE

Download the WinPE drivers corresponding to your needs, for example, you can get the WinPE CAB drivers for HP

Additional Drivers

Only do this in WinPE if:

  • The network card is not visible: from WinPE, the ipconfig command does not return a network card
  • The hard drive is not visible: from WinPE, the diskpart command does not return a hard drive

Version of WinPE used in LANDESK: Since WinPE is based on Windows 10, you will need drivers for Windows 10

To avoid driver conflicts, add only the necessary drivers. To test the drivers, use the following command:

  • Copy the drivers to a USB drive
  • From WinPE, run the command:
drvload path\file.inf

If the command resolves the driver issue (network or HDD), add this driver to WinPE from the LANDESK console.

The Scripts

Download

  • updateWinPE_x64.bat
  • updateWinPE_x86.bat
  • CreateISOx64.bat
  • CreateISOx86.bat
  • choice_x86.exe
  • choice_x64.exe

Make sure to modify the “ServeurLDMS” variable in each script.

Also replace the path containing the drivers to be added if necessary.

Download link: https://github.com/DavidWuibaille/Tools/tree/main/EPMmanageWinPE

UpdateWinPE

Run the updateWinPE_xxx.bat

  • The WIM file will be backed up
  • It will then be mounted
  • The startnet.cmd file will open, allowing you to add (at the very beginning of the script) a keyboard selection menu:
@echo off
rem Add at the top of startnet.cmd
ECHO 1: Keyboard = FR
ECHO 2: Keyboard = IT
ECHO 3: Keyboard = EN
ECHO 4: Keyboard = CA

CHOICE /C 1234 /N /T 90 /D 1 /M "Choose keyboard"

echo %ERRORLEVEL%
IF %ERRORLEVEL% == 1 SET Keyboard=040C:0000040C
IF %ERRORLEVEL% == 2 SET Keyboard=0410:00000410
IF %ERRORLEVEL% == 3 SET Keyboard=0409:00000409
IF %ERRORLEVEL% == 4 SET Keyboard=0c0c:00001009

wpeutil setkeyboardlayout %Keyboard%
@echo on
  • Then, the corename.txt file will open

Replace the short name with the FQDN

  • Drivers will then be installed
  • The WIM will be unmounted

You can also do the same for the second architecture.

CreateISO

You can create an ISO directly from the boot.wim file rather than using the dual boot option offered by the EPM assistant. To do this:

  • Run “Deployment and Imaging Tools Environment” as administrator
  • Run the CreateISOx64.bat script
  • The winpe_amd64.iso file will be available. You can also make it a bootable USB drive.

To create a bootable USB drive:

  • Format the drive
Diskpart
List disk (to see the disks)
select disk 1
clean
Create partition primary
Active
Assign
Format FS=FAT32 Quick
  • Copy the contents of the ISO to the root of the USB drive

Additional Configurations

UEFI vs Legacy

When using vboot, EPM will choose:

  • WinPE X86 image for Legacy systems
  • WinPE X64 image for UEFI systems

It may sometimes be preferable to rename the winpe_x64.wim image to Winpe.wim in \\EPMServer\ldmain\landesk\vboot to force the use of the X64 Boot in all circumstances.

Wallpaper

You can configure a specific wallpaper in the WinPE images. This can be used, for example, to indicate a version number.

  • The background image must have a size of 1024*768
  • Example of a background image:
  • The wallpaper change will be done via the assistant from the EPM console

Additional Drivers

  • You can also add drivers from the EPM console assistant
  • You will need to add each .inf file individually, which can be a bit time-consuming

Vboot on Preferred Servers

A new feature in version 9.6 is the ability to use vboot during a provisioning task.

Reminder: The vboot option allows you to start the deployment of an image from an active OS without using PXE.

The problem is that the WinPE images needed for vboot are only accessible on the core server, even when preferred servers are present with the PXE option enabled.

  • Example script to create boot shares in IIS:
%cmdNet% share vboot /delete /y
%cmdNet% share vboot="C:\Program Files (x86)\LANDesk\PXE\System\images\Boot" /GRANT:Everyone,FULL

:: Add MIME types:
%windir%\system32\inetsrv\appcmd set config /section:staticContent /+"[fileExtension='.',mimeType='application/octet-stream']"
%windir%\system32\inetsrv\appcmd set config /section:staticContent /+"[fileExtension='.*',mimeType='application/octet-stream']"


md "%programfiles(x86)%"\landesk\PreferredServer
%SYSTEMROOT%\System32\inetsrv\appcmd add app /site.name:"Default Web Site" /path:/landesk /physicalpath:"C:\program files (x86)\landesk\PreferredServer"
%SYSTEMROOT%\System32\inetsrv\appcmd add vdir /app.name:"Default Web Site/landesk" /path:/vboot /physicalpath:"C:\Program Files (x86)\LANDesk\PXE\System\images\Boot"
%SYSTEMROOT%\System32\inetsrv\appcmd set config /section:directoryBrowse /enabled:true
C:\Windows\System32\ICACLS.exe "%ProgramFiles(x86)%"\LANDesk\PXE\System\images\Boot /grant iusr:(RX)
C:\Windows\System32\ICACLS.exe "%ProgramFiles(x86)%"\LANDesk\PXE\System\images\Boot /grant iusr:(OI)(CI)(IO)(GR,GE)
C:\Windows\System32\ICACLS.exe "%ProgramFiles(x86)%"\LANDesk\PXE\System\images\Boot /grant "Network Service":(OI)(CI)(F)
C:\Windows\System32\ICACLS.exe "%ProgramFiles(x86)%"\LANDesk\PXE\System\images\Boot /grant SYSTEM:(OI)(CI)(F)
C:\Windows\System32\ICACLS.exe "%ProgramFiles(x86)%"\LANDesk\PXE\System\images\Boot /grant Everyone:(RX)
C:\Windows\System32\ICACLS.exe "%ProgramFiles(x86)%"\LANDesk\PXE\System\images\Boot /grant Everyone:(OI)(CI)(IO)(GR,GE)
  • Copy the two boot images to "C:\Program Files (x86)\LANDesk\PXE\System\images\Boot" on each preferred server

PXE

EPM Option

EPM provides a PXE service that is configured in three parts:

  • In the EPM agent, you can authorize an agent to become PXE
  • Authorize PXE by VLAN

You can specify the VLANs where PXE is authorized

  • In the PXE options
  • You can authorize UEFI

WDS Option

An alternative option is the WDS service. It is not a native option but is very stable.

Categories: EPM
Tags:

Related Posts

EPM

IVANTI Documentation

Official IVANTI documentation

EPM

IVANTI EPM Provisioning 2024 Agent (Error 1603)

Resolve the IVANTI agent installation issue by ensuring the correct installation sequence of .NET Framework, including reboot steps and provisioning integration.

EPM

Uninstall Agent EBA

Uninstall Ivanti EPM agent effectively with step-by-step PowerShell commands. Learn to remove both new and legacy agents with ease