Dell - Internal Use - Confidential I’m all in favor of buying new hardware! ☺
I think the challenge comes when Security teams get onto the Secure Boot or Device Guard ideas and don’t fully realize the HW dependencies that are required to enable those OS features. That leaves *you* in a bind to deliver the HW dependencies. The question is whether you want to proactively prepare for it, or wait for it to be dropped in your lap via some 0-day exploit that Secure Boot/Device Guard enabled systems are immune from? Do your homework and make sure that proactive decisions have been made for how/when to: 1. Support UEFI via OSD in your environment. (Legacy BIOS is going away….don’t wait!) 2. Transition to UEFI or maintain existing Legacy BIOS systems. 3. Support UEFI dependent features (SecureBoot, Device Guard, etc.) Here’s the Device Guard overview. https://msdn.microsoft.com/en-us/library/dn986865%28v=vs.85%29.aspx Thanks, Warren From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, May 21, 2015 9:25 AM To: [email protected] Subject: RE: [mssms] Switch to UEFI during OSD The other point brought up here by many (including Johan) is why go through the pain of switching existing hardware? What’s the gain in relation to the pain to getting this work and any problems caused? A handful of seconds better boot time? That’s a ppor trade-off IMO. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Thursday, May 21, 2015 6:42 AM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Switch to UEFI during OSD Then switch them before build and switch them back after. Same thing we did with our Win7 migration. Was a huge pain on Lenovo’s though. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Roland Janus Sent: Wednesday, May 20, 2015 6:33 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Switch to UEFI during OSD To risky. Only works if PXE/USB are on top of the boot order. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Roland Janus Sent: Mittwoch, 20. Mai 2015 21:49 To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Switch to UEFI during OSD Hm, have to think about that ☺ -roland From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Niall Brady Sent: Mittwoch, 20. Mai 2015 10:23 To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Switch to UEFI during OSD ah right for required task sequences, well i guess that too could be reset with a web service call in the prestart, On Wed, May 20, 2015 at 8:40 AM, Michael Niehaus <[email protected]<mailto:[email protected]>> wrote: PXE has a safety mechanism to prevent boot loops: After the first time the machine is booted via PXE, it will not do so again without manually resetting the flag. Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Niall Brady Sent: Tuesday, May 19, 2015 11:37 PM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Switch to UEFI during OSD why wouldn't it work with pxe, just embed whatever logic you need in the boot wim and away you go... On Wed, May 20, 2015 at 12:38 AM, Roland Janus <[email protected]<mailto:[email protected]>> wrote: That’s what I meant. But that wouldn’t work with PXE boot. It would with USB though. But still, the TS, or the boot media, hence the TS in my case would need to start twice. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Niall Brady Sent: Dienstag, 19. Mai 2015 22:58 To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Switch to UEFI during OSD no, it's not a ts, it's a prestart (before a ts) which would detect if legacy, and if so, change to uefi, reboot and then on with normal business. On Tue, May 19, 2015 at 10:53 PM, Roland Janus <[email protected]<mailto:[email protected]>> wrote: Doesn’t that reboot also mean the TS, with the prestart, has to run again? That would be an issue with a required TS and PXE boot. -Roland From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Roland Janus Sent: Dienstag, 19. Mai 2015 22:26 To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Switch to UEFI during OSD What’s the magic part here, that it is in prestart? I can get HPs to switch to UEFI with a command line, but I think doing it in a single TS is the hard or impossible part. Would prestart help here also? -Roland From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of [email protected]<mailto:[email protected]> Sent: Dienstag, 19. Mai 2015 16:50 To: [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Switch to UEFI during OSD Dell - Internal Use - Confidential Dell IT has worked out a Legacy -> UEFI solution using the Dell PowerShell Provider. Bill Moore blogged about it here - http://www.billamoore.com/2014/05/16/easy-legacy-efi-dells-powershell-provider/ Thanks, Warren From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael Niehaus Sent: Monday, May 18, 2015 11:58 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Switch to UEFI during OSD Overall, it’s a painful thing to do – most people who ask want to do this as part of an OS refresh, preserving user data and settings at the same time without moving data off of the system. We don’t recommend even trying – just keep the system running legacy BIOS emulation until it’s replaced (or until you “reclaim” the system for redeployment). If you just want to automate the switchover (and destroy the contents of the drive later), it’s a little easier, but still vendor-specific (to modify firmware settings). You would only want to consider this for Windows 8 logo-certified devices (those running UEFI 2.3.1 or higher), since previous UEFI versions were way too flaky. I would also start thinking about this as a point-forward change: Stop deploying Windows 7 systems using legacy BIOS emulation if you are planning to upgrade or refresh them to Windows 10 sometime within the machine’s lifetime. Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Niall Brady Sent: Monday, May 18, 2015 9:49 PM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Switch to UEFI during OSD i've thought about it and perhaps you could build some type of script to run before the prestart even, which checks for UEFI and if not, set's the bios to UEFI (lenovo and others have scripts for that), then reboots to the correct mode before allowing you to select a UEFI mode task sequence you'd have to use something that kicks off before the task sequence engine, like this<http://www.windows-noob.com/forums/index.php?/topic/12277-updated-script-how-can-i-check-for-network-connectivity-storage-before-starting-a-task-sequence-in-system-center-2012-r2-configuration-manager/> i have not tested it but i believe it will work for some hardware at least, the key is that it would be a script that is not task sequence aware, that runs before your task sequence and involves user input of some sort (to make the decision) On Tue, May 19, 2015 at 1:07 AM, Jason Sandys <[email protected]<mailto:[email protected]>> wrote: Correct. There have discussions on this by Tim Mintner, Keith Garner, and Michael Niehaus and the conclusion is that this is not possible in an unattended manner or with a single TS. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Roland Janus Sent: Monday, May 18, 2015 5:02 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Switch to UEFI during OSD Anyone tried that? Switching the BIOS to UEFI with a command line isn’t the problem, but doing this as part of OSD might be. Refresh using hardlinks can’t work, but anyone tried switching to UEFI during OSD for baremetal? (That of course would lead to a mix of legacy and UEFI installations) Assuming the computer is currently configured to use Legacy bios mode, that seems like a chicken/egg problem. -Roland The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
