How to Provision a UEFI Tablet Using ImageW

Version 12

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.x

    Purpose

     

    This document will outline getting started with provisioning a tablet using UEFI Unified Extensible Firmware Interface (UEFI) firmware.

    .

    Table of Contents

     

     

     

     

    Assumptions

     

    • LANDESK Management Core is installed and activated
    • User is familiar with Basic OS Provisioning Capture and Deployment
    • User is familiar with Basic HII use

     

     

    Samples and Information

     

    This document will use an HP Elitepad 1000 G2 as its sample tablet. The steps outlined here are for reference only. Different tablets will have unique driver packages and hardware information, but the process outlined should still be applicable.

     

     

    Tablet Requirements

     

    • This document is specific to UEFI based tablets/computers.
      • Though this document is not designed to address BIOS machines directly, the information can still be used as a guideline.
    • The steps outlined here assume the tablet is not currently managed by the LDMS Core (i.e. there is no inventory record for the device)
    • An Ethernet doc or Ethernet dongle
      • Provisioning via Wi-Fi is not supported
    • Drivers for the Device
    • Network Driver for Adapter

     

        Recommendation

     

    • Vendor Whitepapers on Operating System Deployment (OSD) for the specific device
      • Though the steps outlined here will be general enough to be use-able for most UEFI tablets/computers, often times vendor whitepapers on the topic can shed light on known issues you may run into during imaging the device.

     

    Example: Operating System Deployment to the HP ElitePad 1000 with MDT and ConfigMgr

     

     

    Disclaimer:

     

    This document is intended as an example only and is offered "as is" without warranty of any kind. This document makes use of 3rd party software (Wireshark, Microsoft Sysprep). LANDESK does not support nor endorse any 3rd party programs.

     

     

    Steps

     

    Get Doc/Dongle MAC address

    Prior to the client being within WinPE, the LDMS PXE Rep and LDMS Core will recognize communications from the device as originating from the doc/dongle (adapter). Because of this, the MAC of the adapater must be known. Often times the adapter will have the MAC address stamped on it directly. If this information is not present, these steps outline how to obtain this information.

     

        Running GetMAC

     

    • With the client hooked up to the adapter, boot into Windows and open a command prompt window.
    • In command prompt run getmac
    • The physical address will indicate known MAC addresses
    Note: More than one physical address may be identified. If uncertain which is specific to the adapter, use one of the other methods of identification.

     

    1-getmac.png

     

        Check Provisioning.log

     

    • Attempt to network boot the client.
      • This will cause the client to communicate with the PXE rep and subsequently check the Core for known provisioning tasks.
    • On the LDMS Core open the log file: \\{LDMS-CORE}\ldmain\log\provisioning\provisioning.log
      • Example: "C:\Program Files\LANDesk\ManagementSuite\log\provisioning\provisioning.log"
    • The first line in the log will list the MAC address of the adapter
      • VERBOSE    ProvisioningService        2/11/2015 8:20:21 AM    : >>GetProvisioningBootOption, clientMacAddress=000C293C7ABD
    Note: If there are multiple entries in this log, and it is difficult to identify the correct entry for the intended device, try clearing the log first then network booting the client. This will generate new log information only for the specified client.

     

        Use Wireshark

     

    Note:This test will make use of the free 3rd party application Wireshark. LANDESK does not endorse nor support any 3rd party software. Users assume all liability when working with 3rd party software.
    • Install Wireshark on the LDMS PXE rep and begin a network capture
    • Attempt to network boot the client.
      • This will cause the client to communicate with the PXE rep.
    • In Wireshark, apply the Bootp filter
    • Locate the DHCP Discover entry from your client
    • Expand Bootstrap Protocol (Discover)
    • Locate Client MAC Address, this is the adapters MAC Address
    2-wireshark_mac.png

     

    Add Client Adapter as Bare Metal Server

     

    If a device PXE boots, and does not have a scheduled, started Provisioning task on the LDMS Core, it will receive a menu option which allows a user to decide whether to boot into WinPE.

     

    (screenshot from client using BIOS)

     

    1-f8menu.png

     

    Devices that utilize UEFI are unable to make use of the menu option by design. Because of this limitation, Provisioning a UEFI device requires the Provisioning task be scheduled on the LDMS Core.

    .

    When the client PXE Boots, it will broadcast its boot request information, including who it is (identified by its mac address).

    If the PXE rep receives a DHCP Discover packet that contains PXE sub-options, it will communicate with the LDMS Core, and query to find if there are any Scheduled Provisioning Tasks for the device based off of its mac address.

    We see this analysis on the core in the provisioning.log. (\\{LDMS-CORE}\ldmain\log\provisioning\provisioning.log)

     

    • If the LDMS core does find a scheduled and started Provisioning task, it will inform the PXE rep what options it should send to the requesting client, and boot directly into WinPE.
    • If the LDMS core does not find a scheduled and started Provisioning task for the requesting mac address, it will respond to the PXE rep indicating it should issue the F8 Boot Menu option. This is what we do not want for UEFI devices.

     

    In order to schedule a Provisioning task for the client, there must first be a record on the LDMS Core to assign to the task. If the device already was managed by the LDMS core, you could use the existing device record in inventory. If however the device is not a managed device we need to add it into inventory as a Bare Metal Server

    .

     

    • On the LDMS Core, click Network View | Configuration | right click Bare Metal Server | choose Add Devices

     

    2-bms.png

     

     

    • In the Add a bare metal server window, click Add.

     

    3-addnewbms.png

     

     

    • In the Bare Metal Server window that opens, enter
      • Name - something that will identify what the bare metal server is associated with
        • Since more than one tablet may use the adapter, I have named the bare metal server TabletAdapter.
      • Identifier Type - MAC Address
      • Identifier - The adapters MAC address we obtained earlier

     

    4-bmsdetails.png

     

     

    • Click Add to commit the New Server Identifier

     

    5-bmsadded.png

     

     

    • Click OK to commit the new Bare Metal Server
    • In the Add a bare metal server window we see the newly added bare metal server. Click OK.

     

    6-addbms-close.png

     

     

    • The Bare Metal Server list now contains the TabletAdapter we added. We will be able to assign this 'device' to scheduled provisioning jobs later.

     

    7-bms_in_inventory.png

     

     

    Notes & Warnings

     

    • Names cannot contain spaces, or most special characters. If you have invalid characters you will receive this prompt -

     

    The computer name is invalid. Type a new name consisting of only alphanumeric characters and certain special characters such as - and _. A computer name can't contain any of the following characters:  `[email protected]#$%^&*()+[]{}\\|'\",<>/?.
              

     

    4-name_error.png

     

    • If you enter a Name, and click OK without first selecting Add it will not commit the change and you will receive this prompt.

     

    To add a new bare metal server, you must specify at least one server identifier.
              

     

    4-error_not_added.png

     

    • MAC addresses must be alphanumeric only (no special characters such as : or - ). If the address includes any of these, you will receive this prompt.

     

    The format of the MAC address is invalid.
              

     

    4-error_bad_mac.png

     

     

    Install Windows with GPT

     

    We need an image of Windows configured for use on tablets. Since the tablets we are working with are UEFI, we must take some special considerations when configuring the OS so it will work on the devices. This includes configuring Windows to use the GUID Partition Table (GPT) as defined by Windows.

     

    "When you deploy Windows® to a UEFI-based PC, you must format the hard drive that includes the Windows partition by using a GUID partition table (GPT) file system. " - Configure UEFI/GPT-Based Hard Drive Partitions

             

     

    Note: When selecting the OS to be used on your device, it is advisable to verify vendor recommendations through published white papers specific to the device. For our sample tablet, the vendor has recommended use of Windows 8.1.

     

    • Select a UEFI enable device to install and configure the GPT based image on.
      • How to setup a VM to use UEFI
      • If the following steps are performed on a device using BIOS instead of UEFI, it the GPT partitioning may be lost when Windows actually installs.
    • Begin the Windows installation and stop at the Windows Setup screen

     

    1-setup.png

     

     

    • At the Windows Setup screen, press Shift + F10 to open a command prompt

     

    2-cmd.png

     

     

    • Type: diskpart
    • Press: Enter
      • This opens the windows diskpart command line tool
    • Type: List Disk
    • Press: Enter
    • The results show detected disks on the computer. There is a column shown as GPT, which currently does not have a mark in it which indicates we are not using GPT on this disk currently.

     

    3-nogpt.png

     

     

    Note: We need to select the disk that will have Windows installed to it. In our Diskpart output we see there is only Disk 0. You may have to adjust the following commands depending on your output.

     

    Warning: The following commands will delete partition data from the drive. User assumes all liability when performing any actions contained within this document. Be certain you have selected the correct drive, there's no going back.

     

    • Type: Select Disk 0
    • Press: Enter
      • Output should show - Disk 0 is now the selected disk
    • Type: Clean
    • Press: Enter
      • Output should show - DiskPart succeeded in cleaning the disk
    • Type: Convert GPT
    • Press: Enter
      • Output should show - DiskPart successfully converted the selected disk to GPT format
    • Type: List Disk
    • Press: Enter
      • Output should show Disk 0 marked as GPT

     

    4-clean-convert.png

     

    • Type: Exit
    • Press: Enter
      • This will Exit Disk Part.
    • Close the Command Prompt window.
    • Select Next to continue.
    • Select: Install Now

     

    5-installnow.png

     

     

    • Select: Custom: Install Windows only (Advanced)

     

    6-custominstall.png

     

     

    • Select: New

     

    7-unallocateddrive.png

     

     

    • In the Windows Setup prompt select OK

     

    8-windowssetup.png

     

     

    • There should be 4 partitions shown. Select Drive 0 Partition 4 (Primary) and select Next to finish installing.

     

    9-4partitions.png

     

     

    Once installed, and inside windows, use DiskPart - List Disk to verify Disk 0 is still using GPT.

      • If the DiskPart does not show that GPT is in use, retry the steps above and verify that the device is UEFI enabled.

     

    More Info: How to perform a clean installation of Windows

     

    Sysprep

     

    With Windows installed and configured for our needs, the OS needs to be sysprepped to allow for use of the image among different machines.

     

    Note:  OS Provisioning requires use of Sysprep to continue Provisioning commands after rebooting out of the WinPE environment and into Windows.

     

    • On the machine with our configured Windows install,  run as admin  %WINDIR%\system32\sysprep\sysprep.exe
    • In the System Preparation Tool use the following options
      • System Cleanup Action - Enter system Out-of-Box Experience (OOBE)
      • Generalize Check-box Checked
      • Shutdown Options - Shutdown

     

    sysprep.png

     

     

    Note: We are using these options as outlined by Microsoft for preparing an image for deployment on other machines.

     

    If you intend to transfer a Windows image to a different computer, you must run sysprep /generalize, even if the computer has the same hardware configuration. The sysprep /generalize command removes unique information from your Windows installation, which enables you to reuse that image on different computers. - What is Sysprep?

             

     

    Once you select OK in the System Preparation Tool, the process will begin and shutdown the computer once finished. Since OOBE is in use, if you forget to configure something with the image prior to running sysprep and try to load back into Windows, you will have to go through the 'Welcome' screens before you can make your adjustments. Ensure everything is the way you intend prior to running Sysprep. Now that Windows is configured and sysprepped, it is ready to be captured to an image for later deployment.

     

    Add Drivers to HII Library

     

    Drivers specific to the device will be needed to allow full functionality once it has been imaged. Without utilizing HII to include tablet drivers, it is a common problem to end up without input drivers and not be able to use the touch-screen.

     

    • Add device specific drivers to HII Library
    • Rebuild Library

     

    Related Documents:

    About the LANDESK HII Driver Repository

    About LANDESK Hardware Independent Imaging (HII)

    About HII Driver Selections

     

     

    Add Adapter Network Driver to Boot.wim

     

    The tablet adapter will likely require a specific network driver that is not part of the default list of drivers contained within the Boot.wim. This driver is needed for the adapter to establish network communication with the PXE rep and Core during Provisioning.

     

    • Extract the downloaded network driver and verify the presence of an .inf file
    • On the LDMS Core click Tools | Distribution | OS Provisioning

     

    1_tools.png

     

     

    • In the Operating system provisioning section select Preboot | Manage Drivers in WinPE Image

     

    1-preboot-managedrivers.png

     

     

    • In the Manage Drivers in Windows PE Image window, select the 32-bit or 64-bit boot.wim image and click Next
      • During the PXE boot process, the appropriate boot.wim file will be offered to the client. Depending on your tablets, it may be necessary to add drivers to the corresponding boot.wim file to prevent ending up loading a boot.wim that has no NIC driver.

     

    2-select_image.png

     

     

    • In the Add driver to Windows PE image click Browse

     

    3-add_driver.png

     

     

    • In the Select the driver file window navigate to the extracted NIC drivers files, select the *.inf file, and click Open

     

    4-select_driver_inf.png

     

     

    • In the Add driver to Windows PE image the path to the *.inf file has been populated.
    • Enter a Driver Name to indicate what driver it applies to and click Ok

     

    5-add_driver_with_name.png

     

     

    • Verify the adapters NIC driver is listed in the Driver List
    • Click Finish to commit the changes

     

    6-driver_in_list.png

     

     

    After adding the adapters NIC driver, the boot.wim files will need to be redistributed to any PXE reps in use. This can be done 1 of 2 ways:

     

    • Redeploy the PXE rep
    • Manually copy/paste the boot.wim and boot_x64.wim to PXE reps
      • It is advisable to redeploy all PXE reps as it helps ensure no files are overlooked as oposed to the manual copy/paste process.

     

     

    Capture Image

     

    With the Windows Image configured, we are ready to capture.  The steps here outline basic, high-level configuration of a capture template to use ImageW.exe to obtain a .tbi file of the client device.

     

    • On the LDMS Core click Tools | Distribution | OS Provisioning

     

    1_tools.png

     

     

    • In the Operating system provisioning section select My Templates | All My Templates or Public | All Public Template

     

    2_all_templates.png

     

     

    • Click New Template | Capture Template

     

    3_capture.png

     

     

    • Fill out the Create Capture Image Template Window
      • Template Name - Provide a name for the Template that will identify it within the LDMS console
      • Template Description - Provide information about what this template will be used for
      • Image Type - LANDESK Image W V2
        • Other types are available for use. This document will utilize ImageW.
      • UNC Path to Image File - The Preferred server, share, Image name and extension.
        • When using ImageW the extension is .TBI
    • Click Create

     

    4_capture_details.png

     

     

    • Using the new template, capture the previously configured Windows Image.

     

    Create Deploy Image Template

     

    Now that the image has been captured to a .tbi file, we are ready to deploy to the tablet.  The steps here outline basic, high-level configuration of a deployment template.

     

    • On the LDMS Core click Tools | Distribution | OS Provisioning

     

    1_tools.png

     

     

    • In the Operating system provisioning section select My Templates | All My Templates or Public | All Public Template

     

    2_all_templates.png

     

     

    • Click New Template | Deploy Template

     

    1-deploy.png

     

     

    • Fill out the Create Deploy Image Template Window
      • Template Name - Provide a name for the Template that will identify it within the LDMS console
      • Template Description - Provide information about what this template will be used for
      • Image Type - LANDESK Image W V2
      • UNC Path to Image File - The Preferred server, share, Image name and extension.
        • When using ImageW the extension is .TBI
      • Agent Configuration Name - The Agent that will be installed on the Tablet
      • Unattend Script - The Windows Unattend file to be used
        • For this example we will use the 9.6 default LD_Default_Unattend.xml
      • Target file name - C:\windows\panther\unattend.xml
        • This default path is automatically listed.
      • Use Hardware Independent Imaging - Checked
        • HII is necessary to make sure the tablet can be navigated once it is imaged. Without this, it is common for tablets to be missing input drivers.

     

    4-deploy_info.png

     

     

    • Click Create

     

    The deploy image template will now be available for use.

     

     

    Deploy Image

     

    With the image captured, and the templates created, we are ready to deploy to the tablet.

     

    • On the LDMS Core click Tools | Distribution | OS Provisioning

     

    1_tools.png

     

     

    • In the Operating System Provisioning section, right click the Deployment Template | choose Schedule Template

     

    5-schedule-template.png

     

     

    • On the LDMS Core, click Network View | Configuration | Bare Metal Server
    • Select the Tablet Adapter  Bare Metal Server and drag it onto the Deploy Template scheduled task
      • Alternatively right click the Tablet Adapter | choose Copy | right click the scheduled task | choose paste
    • Expand the scheduled task and select All Devices to verify the Tablet Adapter is shown as assigned

     

    6-scheduledtask_withmachine.png

     

     

    • Right click the Scheduled Task and choose Start now | All

     

    7-start-task.png

     

     

    • The task will go from Pending to Active

     

    8-active.png

     

     

    • The task will go from Active to Pending and the Icon for the task will remain a Yellow Clock indicating it is started

     

    9-pending-active.png

     

     

    • With the Tablet hooked to the adapter, network boot the device

    Example: On the Elitepad this is done by hooking up a keyboard and pressing F12 while it powers on

     

     

    As it completes the PXE Boot process, the device will be issued the Provisioning Information from the scheduled task and load directly into WinPE. The Provisioning task will lay down the captured image, then install drivers using HII. When CTOS runs and reboots the device into Windows, it will continue any configuration steps contained in the provisioning template. Provided the correct drivers were included in the HII Library, the device should have full functionality including touch screen capabilities. The scheduled task can now be restarted and used for other tablets that use the same adapter.