We’ve been doing Windows 7 with UEFI for well over a year. Nothing with secure boot though.
Mark Kent (MCP) Sr. Desktop Systems Engineer Computing & Technology Services - SUNY Buffalo State From: [email protected] [mailto:[email protected]] On Behalf Of Roger Truss Sent: Wednesday, December 16, 2015 12:46 PM To: [email protected] Subject: Re: [MDT-OSD] Windows 7 and UEFI deployment stuck So Michael your telling me that we can use UEFI based partitioning and secure boot for WIN7 deploys? This sounds like a nightmare to configure correctly. If doing bare metal builds why not just start with WIN10 and then for in place upgrades convert them by attrition if need be. I understand that there are some security items that require UEFI, etc for WIN 10 but we were under the impression the WIN7 and UEFI were a unsupported config. In fact I even set my tasks to detect UEFI and report errors if not detected for a WIN8+ build and the reverse for WIN7 builds. We have Lenovo, Panasonic and Dells so I certainly would not want to manage tasks to configure UEFI for WIN7 for all those. Just check for it and bail if not found and make your tech manually change it. But if someone truly has it working I would be game to try it. On Wed, Dec 16, 2015 at 9:56 AM Miller, Todd <[email protected]<mailto:[email protected]>> wrote: I think that I just misunderstood the “Legacy OROMs” option. It works to enable UEFI and ENABLE Legacy OROMS and boot Windows 7 64bit with the GPT partitioning scheme. I think this should be enough for doing future in place upgrades to Windows 10 since it is the change from MBR to GPT that is the hurdle for in place upgrades (right?) It is the repartitioning that is the killer. If I deploy Windows 7 with UEFI enabled and Legacy OROM support enabled, the computer boots OK and it is still GPT formatted, which is the main goal here. UEFI with Legacy OROMS enabled is still UEFI and still works with GPT partitioned disks. When I am ready to deploy Windows 10, I can just disable Legacy OROM support and enable safeboot – and the disk will still be GPT formatted and not need to be repartitioned. Does Windows 10 work with disabling Legacy OROM and enabling safeboot after it is deployed? Can you just decide to turn on Safeboot after Windwos 10 is deployed or must that change be made in firmware before Windows 10 is installed? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Jerousek, Jeff Sent: Wednesday, December 16, 2015 9:15 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Windows 7 and UEFI deployment stuck UEFI on 8.1 and 10 just works. Do you get the same error when trying to use one of those? This may help you isolate the problem to the .wim and not the TS or hardware. Thanks, Jeff Jerousek From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Wednesday, December 16, 2015 8:56 AM To: <[email protected]<mailto:[email protected]>> <[email protected]<mailto:[email protected]>> Subject: Re: [MDT-OSD] Windows 7 and UEFI deployment stuck Thanks. I'll check to see if there is a CSM setting in the Dell Bios. I think the reason for doing two task sequences is for OS deployments other than bare metal. I am pretty close to this working I think, I just can't get the boot to work. After all, it is booting to winpe, setting Uefi, rebooting to the GPT partitioned drive staged winpe, and then laying down the WIM. Just can't get it to boot into the deployed windows 7 image. Sent from my iPhone On Dec 16, 2015, at 12:03 AM, Michael Niehaus <[email protected]<mailto:[email protected]>> wrote: Windows 7 x64 supports UEFI, but it does require CSM in order to display boot-time video. So you can’t turn that off until you get to Windows 8/8.1/10. (They support UEFI GOP video.) I agree that changing between legacy BIOS and UEFI boot in a single task sequence is at best complicated and at worst impossible. I’ve yet to see anyone pull it off, although I’ve been talking to people recently that are trying. Doing it in two different task sequences, leveraging the SMP for state storage if you are refreshing the machine, is certainly doable and not that hard. Automating the firmware configuration change requires using OEM-specific utilities though. Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Niall Brady Sent: Tuesday, December 15, 2015 9:48 PM To: [email protected]<mailto:[email protected]> Subject: Re: [MDT-OSD] Windows 7 and UEFI deployment stuck let's ignore the UEFI switch for a moment are you deploying Window 7 ? if so i've had nothing but painful experiences with that and UEFI, and yes for Lenovo models at least we had to enable CSM mode to 'emulate' a sort of crossover between legacy and UEFI otherwise UEFI wouldn't work, and even in that scenario secure boot doesn't work so much so that we gave up on the idea of doing UEFI with Windows 7 altogether and decided to only do UEFI to Windows 8.1 and later os's, as those os's have proper support for it (and secure boot) secondly, it's not supported to switch between legacy and uefi in one task sequence as far as i recall, the very action should change the hard disc format and as a result wipe away your ts environment, however i'd let those that design the product answer, you may have better luck doing two task sequences, one to do the flip and the other to lay down the UEFI only operating system image (such as Windows 10 itself) good luck Todd cheers niall On Wed, Dec 16, 2015 at 12:36 AM, Miller, Todd <[email protected]<mailto:[email protected]>> wrote: One of the things I took away from MMS last month was a desire for getting machines on UEFI – even Windows 7 machines so that we would be able to in-place-upgrade them to Windows 10 in the future. I am beginning to test flipping machines to UEFI during the OSD bare metal process for Windows 7 64bit. My current environment is SCCM 2012R2CU4 + MDT 2013. For this testing process, I am interested only in deploying Windows 7 64bit to reasonably recent dell Optiplex models (9010 9020 9030). And in the first test case specifically an Optiplex 9010 running the current A24 firmware. I have a lot of the process worked out and functioning correctly, but I am running into a problem that I hope someone here will know about. I am able to switch the system to UEFI and disable legacy BIOS. I can partition the drive and boot WinPE back onto the staged WinPE boot image on the Hard Disk. I am able to lay down the Windows 7 64bit image. When it comes time to reboot into the full OS, I get an error. So it boots and reboots OK into the staged WinPE 5 x64 boot image, but will not boot into the Win7 x64 WIM that is deployed by SCCM. The error looks like this… Windows Boot Manager –Windows Failed to start—File EFI\Micrtosoft\Boot\BCD Status 0xc000000d An error occurred while attempting to read the boot configuration data. I booted back into WinPE and then ran diskpart to look at the partitions. I can only see three partitions instead of 4 The WinRE tools is part0, EFI is part1, and OSDisk is part2 – there is no MSR partition listed in between EFI and OSDisk. Not sure if there should be visible in diskpart or not – but it IS listed in the Format and Partition (UEFI) that runs on the client during the task sequence. If I enable legacy ROM when the computer is in this state, the computer will boot correctly. Do I need to do something myself to populate that EFI partition with an EFI bootloader or does the OSD process take care of that? My Windows 7 x64 machine is built on HyperV VM that is almost certainly emulating a BIOS with MBR partition machine. Is that the reason? When I look up the problem people suggest enabling Legacy ROM in the BIOS – but doesn’t that defeat the who idea of UEFI? This web page makes me think I need to deploy both a Windows WIM to the OSDisk AND a EFI.wim to the EFI partition…. Where would I get that EFI.WIM from. https://technet.microsoft.com/en-us/library/cc765951(v=ws.10).aspx Here is the first bit of my task sequence where I am setting UEFI and formatting the disk to prepare for the Windows 7 image and the details of the UEFI partition step in the Preinstall phase. Help me Obi-Wan Kanobi. <image003.png>. <image004.png>[cid:[email protected]] ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
