1 2 Previous Next 25 Replies Latest reply on Sep 6, 2017 5:54 AM by 1EarEngineer

    Reboot to 64-bit PE if in 32 bit

    1EarEngineer Specialist

      Am curious if anyone else might be doing this, but is there a way to detect if the device is in 32 bit PE instead of 64 boot, and if so, reboot into 64bit PE? We are trying to counteract folks not changing to BIOS or legacy booting and kicking off our Win10 templates which are designed specifically for 64 bit. Since this is template based, i do not want to simply make a copy of the boot64.wim and rename it boot.wim as our Windows 7 templates will still need legacy booting.


      Just curious if anyone has done this conditional provisioning, or something else for those still on 9.6

        • 1. Re: Reboot to 64-bit PE if in 32 bit
          phoffmann SupportEmployee

          Wouldn't password-protecting the BIOS against your users be one relatively easy step to put an end to this sort of stuff?


          <My condolences that you have to suffer from users that go to such lengths to make your life needlessly difficult >

          • 2. Re: Reboot to 64-bit PE if in 32 bit
            1EarEngineer Specialist

            Sadly, it's not the user's, it's the techs who are imaging who don't always follow procedure. Typically what happens is this will be a re-image of an older device that was legacy bios with Win7, then forget to change BIOS to UEFI, PXE boot into 32 bit PE, then get to the part where we start doing things that use the 64 bit versions of DISM, and other stuff and it doesn't work, then they email me saying how they have no drivers, they did them manually and now have Win10 that's not standard and have to then go back and either re-image the proper way or jump hoops because they already deployed the machine.,

            • 3. Re: Reboot to 64-bit PE if in 32 bit
              Leslie2k Apprentice

              Question do you need to disable legacy boot in order for Windows 10 to provision correctly?

              • 4. Re: Reboot to 64-bit PE if in 32 bit
                phoffmann SupportEmployee

                I getcha!


                Soo ... what I would suggest is perhaps investigating into automating the solution to your problem.


                Depending on how diverse or homogenous your hardware environment is, this MAY be a nice help.


                Check with your HW-vendor if they've got a way to change/set BIOS settings from a command-line tool (some vendors have them for all / certain models - and we have integration with HP systemsn, for instance to help with this sort of thing).


                *IF* you can secure yourself such a thing, then you can try to script something up that runs (say) "every week on Sunday" (so as not to interfere with any Win-7 refreshes, should they happen) and auto-force devices to be in the proper BIOS setting, for instance.


                And/Or you might combine it potentially with a separate script that at least QUERIES said BIOS value (you may be able to hit it up through WMI ... easier than accessing DMI), and return that data to the Core in some form (I'd suggest a custom vulnerability personally from preference -- but you can do it as a bit of custom data with a "Yes / No"-type flag as well).


                Since you can't trust the human element in this equation, it may be easier to just "accept your loss" there, and try & use automated tech to make up for it. Does that sound like an idea? .


                Hope this helps.

                • 5. Re: Reboot to 64-bit PE if in 32 bit
                  1EarEngineer Specialist

                  No. Windows 10 does not require the BIOS to be set to UEFI to image. However, a lot of the Windows security features DO require UEFI. Additionally, things like DISM have different versions based on the bitness of the WinPE. So, in our case our Windows 10 templates are configured to use 64bit actions, so when the tech boots into 32 bit PE, they will fail and they often times they don't bother to see WHY it failed, so will just kick off the task again, rinse and repeat.

                  • 6. Re: Reboot to 64-bit PE if in 32 bit
                    1EarEngineer Specialist

                    that is what i am currently looking into. We are a lenovo/dell shop, so am currently testing the SetConfig and CCTK, the trick is getting the detection logic working properly across the many different versions while still being on 9.6 SP3 in prod.. so no conditional provisioning

                    • 7. Re: Reboot to 64-bit PE if in 32 bit
                      phoffmann SupportEmployee

                      Rather than dealing with it as conditional provisioning, you could "just" do a longer script with a bunch of "IF... THEN..." conditionals by means of a custom definition.


                      You can use pretty much any scripting language you prefer, and things like BIOS version / Make / Model should be queryable/resolvable on the device itself (usually in WMI) ... so that may be the easier solution for you potentially?


                      Essentially write script so it can cope / run with any of your hardware, and just "ab"-use patch manager to get it checked / "patched" repeatedly as needed (by setting it to autofix once it's all working)?

                      • 8. Re: Reboot to 64-bit PE if in 32 bit
                        scitewalker Apprentice


                        In this case I would run a powershell "one liner" to check %PROCESSOR_ARCHITECTURE% in WinPE in relation to your final image, and generate an error / or process kill for "ldprovision.exe" to interrupt the provisioning process prior to Image deploying.

                        Learning on the hard way...

                        1 of 1 people found this helpful
                        • 9. Re: Reboot to 64-bit PE if in 32 bit
                          jParnell Specialist

                          I like this implementation. A scripted "kill" switch, perhaps with specific feedback, would encourage users to take the extra 2 minutes to properly configure BIOS settings prior to provisioning, so that they don't waste 10 minutes of booting, logging in, selecting a template, configuring BIOS settings again, and repeating the process.

                          • 10. Re: Reboot to 64-bit PE if in 32 bit
                            phoffmann SupportEmployee

                            Yep - there's a bunch of "essentially similar" solutions to the problem. Depends on how fancy you want to get (my suggestion of changing the BIOS values directly for instance, is more complex & requires more effort on the scripting side / access to relevant tools for instance, but in return does automate the "doing the change" and thus doesn't rely on fallible human factors as much).


                            So it's all about knowing one's audience & figuring out what works best for you . There's no single "right" answer - just what's "right for you" as it were (and that may change year on year as well) .

                            • 11. Re: Reboot to 64-bit PE if in 32 bit
                              jParnell Specialist

                              The VBS implementation would be:


                              strComputer = "."

                              Set objWMIService = GetObject("winmgmts:" _

                              & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")


                              Set colProcessors = objWMIService.ExecQuery("Select * From Win32_Processor")


                              For Each objProcessor in colProcessors

                                  If objProcessor.AddressWidth = 32 Then

                                      Wscript.Echo "You are booting with the Legacy BIOS enabled. Please configure your BIOS settings to use UEFI and restart the task"


                                  ElseIf objProcessor.AddressWidth = 64 Then

                                      Wscript.Echo "UEFI BIOS detected - Proceeding"


                                  End If



                              As long as your task is "execute file", you target cscript with the argument of your VBS script, set it to capture output and have the expected return of 64, it would fail the task. If you have it stop provisioning because of failure, this would be the best way to notify the tech that they need to update the BIOS settings.

                              1 of 1 people found this helpful
                              • 12. Re: Reboot to 64-bit PE if in 32 bit
                                jParnell Specialist

                                The problem with automating the BIOS change is that Provisioning is going to partition the drive to be either MBR or GPT depending on how the BIOS is currently set, and there's no way to reboot and boot back into the WinPE environment (I asked that same question) without placing it in either Migration or System Config. Migration he cant do, because he's booting from a PXE rep rather than pushing a provisioning task. System Config wouldn't help either, because it's already processed the crucial steps it would need to.


                                If memory serves, you can't even place a standard "Reboot" command in the WinPE environment - you could probably script it to change the default boot to the NIC and the reboot in PowerShell or VBS, then script it to boot the hard drive first, but that would go against best practices (I have been told by Ivanti engineers to ALWAYS let LANDesk / Ivanti handle the reboots during provisioning and tasks until everything is completed), and there's no guarantee the template would pick up where it left off IF the machine has never had a full inventory report done, such as a new machine with the OEM OS that never had the agent installed.

                                • 13. Re: Reboot to 64-bit PE if in 32 bit
                                  phoffmann SupportEmployee

                                  Ah right - we were talking cross purposes.


                                  I was talking about running a script via custom vulnerability - in "regular Windows" ... so that it'd fix the BIOS setting before the migration / PXE booting ever became an issue, as it were (or thus the intention goes, at any rate). So I wanted to prevent the "wrong" BIOS boot-style from the get-go, as it were .


                                  While you're attacking the problem "at PXE time" -- so yeh, 2 different approaches at 2 different attack points .

                                  • 14. Re: Reboot to 64-bit PE if in 32 bit
                                    jParnell Specialist

                                    Right - we're doing something similar for converting and upgrading from prior Windows 10 builds to Windows 10 1607 - most that are on previous are in Legacy Boot, because we were using McAfee Endpoint Encryption, which didn't like TPM / SecureBoot. However, in fielding 1607 (and with newer models, i.e. Latitude 547X / 548X / 727X / 728X with TPM version 2.0), we decided to move to BitLocker, which requires UEFI. So our implementation is to use CCTK to migrate to UEFI settings and process the 1607 upgrade during the Migration phase, reboot to the vboot WIM (which is WinPE 10 1703) and run Microsoft GPT2MBR utility, reboot from there, and let Windows do it's thing.


                                    The only difference between your solution and mine is that mine is scripted via "Execute File" and a batch script, whereas yours is a custom vulnerability definition - they ultimately amount to the same thing.

                                    1 2 Previous Next