Perfect and thanks. My test task seems to be working , now that I turned off my UEFI checking steps in the task. If only we started this long ago we would be much better off for WIN 10. But better late than never and configuring a bios to turn on secure boot post in-place upgrade is much easier than USMT using SMB and resetting partitions and bios and and and.. ;)
On Wed, Dec 16, 2015 at 3:57 PM Michael Niehaus < [email protected]> wrote: > There’s no requirement that you turn off the CSM later (Windows 10 won’t > use it on a UEFI system, but with it off you prevent “accidental” booting > using MBR), but you would want to turn on Secure Boot to get the security > benefits. > > > > Images aren’t specific to MBR or UEFI, so building an image an either type > of VM and deploying to either type of physical machine is fine. > > > > Thanks, > > -Michael > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Roger Truss > *Sent:* Wednesday, December 16, 2015 1:48 PM > > > *To:* [email protected] > *Subject:* Re: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > OK, so leave csm on but partition for UEFI then reconfigure bios later for > WIN8+. Hmm. i will have to see about getting this working. So for the > partition option just force the partition (UEFI) part even if WIN 6.1 what > if the image I am using was built from a MBR based VM? Will that work or > do I redo it using UEFI partioning? > > > > On Wed, Dec 16, 2015 at 1:16 PM Michael Niehaus < > [email protected]> wrote: > > And yes, Windows 7 x64 fully supports UEFI. > > > > If you have Windows 7 using legacy BIOS today and want to upgrade to > Windows 10, you have to decide what you want to do. If you don’t move to > UEFI and Secure Boot, you’re missing out on some capabilities. But it’s > still more secure than Windows 7. If you want to go through the effort to > move to UEFI at the same time, you can do that – but it will certainly be > more effort. > > > > Thanks, > > -Michael > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Niehaus > *Sent:* Wednesday, December 16, 2015 11:09 AM > > > *To:* [email protected] > *Subject:* RE: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > You can do UEFI partitioning and Windows 7 without issue (as long as you > don’t turn off the CSM altogether); you have to wait until Windows 8.1 or > 10 to turn on secure boot. But that’s much, much easier than trying to > convert a machine from BIOS to UEFI. > > > > Thanks, > > -Michael > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kent, Mark > *Sent:* Wednesday, December 16, 2015 10:41 AM > > > *To:* [email protected] > *Subject:* RE: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > We’ve been doing Windows 7 with UEFI for well over a year. Nothing with > secure boot though. > > > > Mark Kent (MCP) > > Sr. Desktop Systems Engineer > > Computing & Technology Services - SUNY Buffalo State > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Roger Truss > *Sent:* Wednesday, December 16, 2015 12:46 PM > > > *To:* [email protected] > *Subject:* Re: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > So Michael your telling me that we can use UEFI based partitioning and > secure boot for WIN7 deploys? This sounds like a nightmare to configure > correctly. If doing bare metal builds why not just start with WIN10 and > then for in place upgrades convert them by attrition if need be. I > understand that there are some security items that require UEFI, etc for > WIN 10 but we were under the impression the WIN7 and UEFI were a > unsupported config. In fact I even set my tasks to detect UEFI and report > errors if not detected for a WIN8+ build and the reverse for WIN7 builds. > We have Lenovo, Panasonic and Dells so I certainly would not want to manage > tasks to configure UEFI for WIN7 for all those. Just check for it and bail > if not found and make your tech manually change it. But if someone truly > has it working I would be game to try it. > > > > On Wed, Dec 16, 2015 at 9:56 AM Miller, Todd <[email protected]> > wrote: > > I think that I just misunderstood the “Legacy OROMs” option. > > > > It works to enable UEFI and ENABLE Legacy OROMS and boot Windows 7 64bit > with the GPT partitioning scheme. > > > > I think this should be enough for doing future in place upgrades to > Windows 10 since it is the change from MBR to GPT that is the hurdle for in > place upgrades (right?) It is the repartitioning that is the killer. > > > > If I deploy Windows 7 with UEFI enabled and Legacy OROM support enabled, > the computer boots OK and it is still GPT formatted, which is the main goal > here. UEFI with Legacy OROMS enabled is still UEFI and still works with > GPT partitioned disks. > > > > When I am ready to deploy Windows 10, I can just disable Legacy OROM > support and enable safeboot – and the disk will still be GPT formatted and > not need to be repartitioned. > > > > Does Windows 10 work with disabling Legacy OROM and enabling safeboot > after it is deployed? Can you just decide to turn on Safeboot after > Windwos 10 is deployed or must that change be made in firmware before > Windows 10 is installed? > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jerousek, Jeff > *Sent:* Wednesday, December 16, 2015 9:15 AM > *To:* [email protected] > *Subject:* RE: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > UEFI on 8.1 and 10 just works. > > > > Do you get the same error when trying to use one of those? This may help > you isolate the problem to the .wim and not the TS or hardware. > > > > Thanks, > > Jeff Jerousek > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Miller, Todd > *Sent:* Wednesday, December 16, 2015 8:56 AM > *To:* <[email protected]> <[email protected]> > *Subject:* Re: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > Thanks. I'll check to see if there is a CSM setting in the Dell Bios. I > think the reason for doing two task sequences is for OS deployments other > than bare metal. I am pretty close to this working I think, I just can't > get the boot to work. After all, it is booting to winpe, setting Uefi, > rebooting to the GPT partitioned drive staged winpe, and then laying down > the WIM. Just can't get it to boot into the deployed windows 7 image. > > > > > > Sent from my iPhone > > > On Dec 16, 2015, at 12:03 AM, Michael Niehaus < > [email protected]> wrote: > > Windows 7 x64 supports UEFI, but it does require CSM in order to display > boot-time video. So you can’t turn that off until you get to Windows > 8/8.1/10. (They support UEFI GOP video.) > > > > I agree that changing between legacy BIOS and UEFI boot in a single task > sequence is at best complicated and at worst impossible. I’ve yet to see > anyone pull it off, although I’ve been talking to people recently that are > trying. > > > > Doing it in two different task sequences, leveraging the SMP for state > storage if you are refreshing the machine, is certainly doable and not that > hard. Automating the firmware configuration change requires using > OEM-specific utilities though. > > > > Thanks, > > -Michael > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Niall Brady > *Sent:* Tuesday, December 15, 2015 9:48 PM > *To:* [email protected] > *Subject:* Re: [MDT-OSD] Windows 7 and UEFI deployment stuck > > > > let's ignore the UEFI switch for a moment > > are you deploying Window 7 ? if so i've had nothing but painful > experiences with that and UEFI, and yes for Lenovo models at least we had > to enable CSM mode to 'emulate' a sort of crossover between legacy and UEFI > otherwise UEFI wouldn't work, and even in that scenario secure boot doesn't > work so much so that we gave up on the idea of doing UEFI with Windows 7 > altogether and decided to only do UEFI to Windows 8.1 and later os's, as > those os's have proper support for it (and secure boot) > > secondly, it's not supported to switch between legacy and uefi in one task > sequence as far as i recall, the very action should change the hard disc > format and as a result wipe away your ts environment, > > however i'd let those that design the product answer, > > you may have better luck doing two task sequences, one to do the flip and > the other to lay down the UEFI only operating system image (such as Windows > 10 itself) > > good luck Todd > > cheers > > niall > > On Wed, Dec 16, 2015 at 12:36 AM, Miller, Todd <[email protected]> > wrote: > > One of the things I took away from MMS last month was a desire for getting > machines on UEFI – even Windows 7 machines so that we would be able to > in-place-upgrade them to Windows 10 in the future. > > I am beginning to test flipping machines to UEFI during the OSD bare metal > process for Windows 7 64bit. > > > > My current environment is SCCM 2012R2CU4 + MDT 2013. For this testing > process, I am interested only in deploying Windows 7 64bit to reasonably > recent dell Optiplex models (9010 9020 9030). And in the first test case > specifically an Optiplex 9010 running the current A24 firmware. > > > > I have a lot of the process worked out and functioning correctly, but I am > running into a problem that I hope someone here will know about. > > I am able to switch the system to UEFI and disable legacy BIOS. I can > partition the drive and boot WinPE back onto the staged WinPE boot image on > the Hard Disk. I am able to lay down the Windows 7 64bit image. When it > comes time to reboot into the full OS, I get an error. So it boots and > reboots OK into the staged WinPE 5 x64 boot image, but will not boot into > the Win7 x64 WIM that is deployed by SCCM. > > > > The error looks like this… > > Windows Boot Manager –Windows Failed to start—File > EFI\Micrtosoft\Boot\BCD Status 0xc000000d An error occurred while > attempting to read the boot configuration data. > > > > I booted back into WinPE and then ran diskpart to look at the partitions. > I can only see three partitions instead of 4 The WinRE tools is part0, EFI > is part1, and OSDisk is part2 – there is no MSR partition listed in between > EFI and OSDisk. Not sure if there should be visible in diskpart or not – > but it IS listed in the Format and Partition (UEFI) that runs on the client > during the task sequence. > > > > If I enable legacy ROM when the computer is in this state, the computer > will boot correctly. Do I need to do something myself to populate that EFI > partition with an EFI bootloader or does the OSD process take care of > that? > > My Windows 7 x64 machine is built on HyperV VM that is almost certainly > emulating a BIOS with MBR partition machine. Is that the reason? When I > look up the problem people suggest enabling Legacy ROM in the BIOS – but > doesn’t that defeat the who idea of UEFI? This web page makes me think I > need to deploy both a Windows WIM to the OSDisk AND a EFI.wim to the EFI > partition…. Where would I get that EFI.WIM from. > https://technet.microsoft.com/en-us/library/cc765951(v=ws.10).aspx > > > > > > Here is the first bit of my task sequence where I am setting UEFI and > formatting the disk to prepare for the Windows 7 image and the details of > the UEFI partition step in the Preinstall phase. Help me Obi-Wan Kanobi. > > <image003.png>. > > > > <image004.png> > > > > Notice: This UI Health Care e-mail (including attachments) is covered by > the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is > confidential and may be legally privileged. If you are not the intended > recipient, you are hereby notified that any retention, dissemination, > distribution, or copying of this communication is strictly prohibited. > Please reply to the sender that you have received the message in error, > then delete it. Thank you. > ------------------------------ > > > ------------------------------ > > Notice: This UI Health Care e-mail (including attachments) is covered by > the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is > confidential and may be legally privileged. If you are not the intended > recipient, you are hereby notified that any retention, dissemination, > distribution, or copying of this communication is strictly prohibited. > Please reply to the sender that you have received the message in error, > then delete it. Thank you. > ------------------------------ > > > ------------------------------ > > Notice: This UI Health Care e-mail (including attachments) is covered by > the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is > confidential and may be legally privileged. If you are not the intended > recipient, you are hereby notified that any retention, dissemination, > distribution, or copying of this communication is strictly prohibited. > Please reply to the sender that you have received the message in error, > then delete it. Thank you. > ------------------------------ > >
