Modify Boot Images

MS Docs

MS Docs: https://docs.microsoft.com/en-us/mem/configmgr/osd/get-started/manage-boot-images#BKMK_ModifyBootImages

MS Docs (Win-PE): https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-intro

PowerShell:

• Get-CMBootImage
• New-CMBootImage
• Set-CMBootImage
• Set-CMDriverBootImage
• New-CMBootableMedia

Reasons to Modify the Boot Images:

• Common Reasons
  • Update CM Client
  • Update OS Version
  • Add Components
  • Add Drivers
  • Enable F8 Support (Command Prompt)
• Additional, but less common reasons
  • Customize Boot Media
    • Enable Pre-Start Command
    • Customize Wallpaper (Replace the Default Microsoft Endpoint Manager Wallpaper)

Requirements

Microsoft Windows Assessment and Deployment Kit (Windows ADK). You’ll want to check out the ConifgMgr Support page for which versions of Windows and ADK are supported. You need two parts, the Base ADK installer, and the WinPE Add-on. It needs to be installed on:

• The site server of the top-level site in the hierarchy
• The site server of each primary site in the hierarchy
• Every instance of the SMS Provider
• MS Docs – ADK ConfigMgr Infrastructure

Links:

• MS Docs – Supported ADK with ConfigMgr
• MS Docs – ADK Download
• Community – ConfigMgr Prerequisites Tool
  • This will automate the download and install of the ADK.

If you’re upgrading ADK, you need to uninstall the previous version first. My personal experience and recommendation is to reboot the machine after uninstall of the old ADK before installing the new version, then reboot again after the install of the new version.

Example of Updating

Current Boot Image Info:

Updating to new CM Client Version & New OS Build Version
In this example, the Boot Image is currently 17763 (1809) and I’ve updated my ADK on the server to 19041 (2004).

Now I want to update my Boot image to reflect the new ADK & CM Clients. Right Click Media -> Update Distribution Points. That will launch this wizard:

Here you can see that it detects the updated ADK that is installed on the server which is newer than the boot image, and it also shows the current CM Client, which is newer than what is in the boot image. Check the box to reload the boot image to incorporate the updates. Let’s go ahead and do this!

When it runs, behind the scenes it is using DISM to mount the boot image and apply the changes for you. This is why you’ll need ADMINISTRATOR access on the Server that is building the boot image, or it will fail with access denied.
You can watch the status bar for a while, or you can follow along in the dism log (c:windowslogsdismdism.log)

Once Complete:


You can see my boot image OS Version has updated to match the ADK, and the Client Version has updated to match the production CM Client in the Console. I don’t bother to update the x86 image, as I don’t use it. I manually updated the Version column with the date. Then if the date modified doesn’t match, I know that CM updated it for me, vs me doing it manually.

Adding Components

Adding Components allows additional functionality in WinPE at the price of using up more space. There are several standard ones that ConfigMgr / MDT will add for you at the check of a box. You can add additonal things like DaRT or Branch Cache with a fair bit of extra effort.

Built in Options:

My Recommendations:

• Windows PowerShell (WinPE-DismCmdlets)
• Storage (WinPE-EnhancedStorage)
• HTML (WinPE-HTA)
• Windows PowerShell (WinPE-StorageWMI)
• Microsoft .NET (WinPE-NetFx)
• Windows PowerShell (WinPE-PowerShell)
• Microsoft Secure Boot Cmdlets (WinPE-SecureBootCmdlets)

Adding Drivers

https://docs.microsoft.com/en-us/mem/configmgr/osd/get-started/manage-boot-images#drivers
To Add drivers to the boot image, you first must have imported them into CM as drivers, so they are available for your boot media to use.

I’ll be honest, I haven’t needed to import drivers into the boot image for doing OSD on physical machines for a very long time. The only thing I’ve had to add drivers for in the past several years has been VMWare, so I can image VMWare VMs.
So once you have drivers imported, you can add them to a boot image.

When you go to the Drivers tab, you can click the little start to add drivers, which launching the “select a driver” dialog. At this point they pre-filter a lot of things out for you. In VMWare, I was adding a mouse driver, so I had to uncheck the first box so I could find the mouse driver.
In this example, I’m adding a few Network Card Drivers, then clicking OK which adds them into the Boot Image Drivers Properties as shown below:

When I click Ok on the properties, I now get a notification that I’d have to update it to make the changes be applied:

If you click “Yes” it will go ahead and start the process.

Adding Command Prompt (F8) Support

If you’re creating and testing, this is a must have. This was one of your only options before the TS Debugger was created, which I’ll cover in another post and link when I get that far.
This is a simple check box, check the box, and rebuild.

After the rebuild is complete, you will now have the modified boot images to be used in your boot media.

Adding Custom Background

You want to add a simple item to let your users know that when a computer boots to your WinPE, that’s it coming from you and not some malware thing? A Corporate Background says a lot.
On the Customization Tab, check a box for the custom background, browse to your file, and then it will prompt to update your media.

Community Links

• Create a new WinPE Boot Image

---

Additional Windows PE Support Series Posts

• Windows PE Support
• Create Boot Media (ISO)
• Enable PSGallery Support
• Leverage BGInfo in WinPE

---

About Recast Software

1 in 3 organizations using Microsoft Configuration Manager rely on Right Click Tools to surface vulnerabilities and remediate quicker than ever before.

• Download Free Tools
• Request Pricing