How To Create a Custom WinPE Boot Image With PowerShell Support #PowerShell #WindowsServer

This article aims to show you how to customize a WinPE boot image with PowerShell enabled for advanced scripting capabilities.

Introduction

Microsoft Windows Preinstallation Environment (WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. WinPE is a stripped-down version of Windows that can be booted via PXE, USB, DVD, or virtual media drives such as iLO (HPE), iDRAC (DELL EMC), or Cisco UCS Manager to provide a quick way to deploy an Operating System onto a targeted machine.

Out of the box, WinPE contains basic elements. To make it really useful, it generally has to be modified. For example, it comes with a minimum number of device drivers. Therefore, it is often necessary to add additional device drivers that you know will be needed to deploy your system. For example, if you are using HPE servers, you can also inject specific hardware drivers. WinPE also comes with basic command-line scripting abilities.

Assessment and Deployment Kit (ADK)

A copy of WinPE is available as part of Microsoft’s Assessment and Deployment Kit (ADK). It is best to always use the latest kit. Newer kits work with earlier versions of the operating system. As of this writing, the latest kit available for Windows 10, is version 1709. You can download Windows ADK for Windows 10, version 1709 from the following link:

When you launch the installation of ADK from the above link, you will be presented with two options – one is to install ADK as an online installation and the second one is to download all the files needed for offline installation. You can choose the desired option.

The ADK contains more capabilities than what we need here. When you run the installation, you will be presented with a window similar to the following screenshot, all that you need for this process are the Deployment Tools and Windows Preinstallation Environment (Windows PE). Unselect all other options and click Install.

Create a Custom WinPE Boot Image

In the following sections, we will illustrate the required steps for preparing and creating the Custom WinPE Boot Image with PowerShell support.

Setting up the WinPE Environment

The Windows Assessment and Deployment Kit (Windows ADK) includes a batch file that creates an environment for working with WinPE images. This batch file requires two arguments. The first one is the architecture type of the target image, we will use amd64 because we will deploy Windows Server 2016 (That’s the topic of my next post. Check it here).

The second argument is the working folder. In this example, the location for the WinPE folder will be D:\TempPE\

Now take the following steps:

1) On the workstation where you installed Windows ADK, open Deployment, and Imaging Tools Environment cmd.

2) Type the following command:

copype.cmd amd64 D:\TempPE\ 

2) The command above will create the specified directory for you. Ensure there were no errors during this operation.

3) Included in the copied file is a boot.wim file that we will be modifying. The boot.wim image is located at D:\TempPE\media\sources\boot.wim

4) In order to modify it, we need to mount it to make it available to the system. The following DISM command mounts the boot.wim file. Please make sure that you are running an elevated command prompt to complete these tasks.

Dism /Mount-Image /ImageFile:D:\TempPE\media\sources\boot.wim /index:1 /MountDir:D:\TempPE\mount

5) The boot.wim image that was just mounted contains default Windows device drivers. It is necessary to inject specific boot-critical drivers for the custom WinPE boot.wim image, please check with your preferred hardware vendor to get those drivers before you continue with the remaining steps. In this example, I will use the latest HPE Windows Driver Pack Version 11.01.

6) Copy the drivers to a folder located on the same workstation.

7) When inserting multiple device drivers into the image, you may issue a single command to load all the drivers. The following command will find all .inf files in the specified directory and any subdirectories, and then add them to the image:

Dism /Add-Driver /Image:D:\TempPE\mount /Driver:D:\TempPE\HPE-Windows-DriverPack-V11.01 /Recurse

8) To see what device drivers are injected into this image, you can use the following command:

Dism /Get-Drivers /Image:D:\TempPE\mount

Adding Windows PowerShell

WinPE is designed to be a very compact image because it is often used for PXE booting a system, and for that purpose, it is desired to keep the image as small as possible. As a result, it comes with basic command-line capabilities. But with higher speed networks, and using WinPE to boot from USB or DVD media, you can add PowerShell to the image, allowing you to create powerful scripts for WinPE to execute for tailoring images.

The following commands demonstrate how to add PowerShell capability into the WinPE image that is required for this example.

1) First I will store the location of the PowerShell packages to be installed and the location for the temporary Windows PE media in two PowerShell variables named $WinADK and $WinPETemp. Open Windows PowerShell and run the following commands:

$WinADK='C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs'
$WinPETemp='D:\TempPE'

2) The boot.wim image is still mounted from the previous section. You need to make sure the image is mounted before you use the DISM commands and add the PowerShell packages.

3) At this point, we need to add the PowerShell packages to the WIM file to enhance its capabilities, because it is so much easier to script in PowerShell. The list of all packages (OCS files) can be found under the following location: C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs

4) To do so, we use the Add-WindowsPackage cmdlet. The following commands demonstrate how to install the six optional PowerShell components to extend WMI capability in a Windows PE environment that is required for this example. You will notice that there are two CAB files per component–the component and its associated language pack. Both are required to be installed. Additionally, the added components often need to be added in a specific sequence.

5) The following list follows the prescribed sequence. I will use an array of all the CAB file names and then add a loop to make the process easier and more readable.

$CABfiles = @("$WinADK\WinPE-WMI.cab","$WinADK\en-us\WinPE-WMI_en-us.cab", "$WinADK\WinPE-NetFX.cab", `
  "$WinADK\en-us\WinPE-NetFX_en-us.cab", "$WinADK\WinPE-Scripting.cab","$WinADK\en-us\WinPE-Scripting_en-us.cab", `
  "$WinADK\WinPE-PowerShell.cab","$WinADK\en-us\WinPE-PowerShell_en-us.cab", "$WinADK\WinPE-StorageWMI.cab", `
  "$WinADK\en-us\WinPE-StorageWMI_en-us.cab", "$WinADK\WinPE-DismCmdlets.cab","$WinADK\en-us\WinPE-DismCmdlets_en-us.cab")

Foreach ($CABfile in $CABfiles) {
  Add-WindowsPackage -PackagePath "$CABFile" -Path "$WinPeTemp\Mount" -IgnoreCheck
}

6) In the last step, you need to dismount and save the customization to the image by running the following command:

Dismount-WindowsImage -path "$WinPETemp\Mount" -save

Creating a WinPE ISO Image

Once the tailoring of WinPE is complete, the files can be saved for use as a bootable image to either an ISO file or a USB drive.

This step is only required if you will be booting WinPE from an ISO image, for example, booting from the BMC port such as HPE iLO or integrated DELL EMC Remote Access Controller (iDRAC). You can also create a WinPE bootable USB thumb drive and accomplish the same thing. If you want to know more about this process, please check my recently published Book Getting Started with Nano Server.

1) First, make sure you are running a Windows ADK CMD session with elevated privileges. Open Deployment and Imaging Tools Environment.

2) You must create a destination folder (i.e. ISO) before running the command in Step 3. Type:

mkdir D:\TempPE\ISO

3) Run the following command to create a bootable ISO image:

MakeWinPEMedia.cmd /iso D:\TempPE D:\TempPE\ISO\WindowServer_WinPE.iso

PXE Boot with PowerShell Support

In the final section, you need to boot your physical machine from the ISO image that we created in the previous section using HPE, DELL EMC, or Cisco UCS virtual media drive.

The Physical machine will boot into WinPE with PowerShell support V5.1.16229.15 as shown in the following screenshot. With a little imagination, you can automate anything you can think of with PowerShell. Enjoy!

That’s it there you have it!

Summary

In this article, we showed you how to customize a WinPE boot image with PowerShell enabled for advanced scripting capabilities.

See Also: How To Deploy Windows Server from VHDX on SD Cards with PowerShell and WinPE.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-