RE: [MDT-OSD] UEFI -- Why do it? (was TMP issues with Dell m5510s)

[Marcum, John]

Is this blogged anywhere Mike????

________________________________
        John Marcum
            MCITP, MCTS, MCSA
              Desktop Architect
   Bradley Arant Boult Cummings LLP
________________________________
 [MVP] <https://mvp.microsoft.com/en-us/overview>
     [MMS] <http://mmsmoa.com/>

From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On 
Behalf Of Mike Terrill
Sent: Wednesday, February 24, 2016 5:33 AM
To: mdt...@lists.myitforum.com
Subject: RE: [MDT-OSD] UEFI -- Why do it? (was TMP issues with Dell m5510s)

"You have to switch to UEFI mode during the pre-execution hook and then get the 
computer rebooted with UEFI mode enabled.  It is tricky." - Yep, you are right 
here Todd. I have a process that I presented at the last MMS in November. It 
works well and involves PXE booting. I call it Zero Touch BIOS to UEFI.

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Miller, Todd
Sent: Tuesday, February 23, 2016 8:20 AM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Subject: RE: [MDT-OSD] UEFI -- Why do it? (was TMP issues with Dell m5510s)

I'd love to go to MMS in May as I found it to be a really good event and highly 
recommend it, but it is looking  like schedule conflicts prevent a May 
conference this year - never say never though.  Hopefully Warren and others at 
Dell will not hold off until May to publish some additional blogs/guidance on 
this topic.


Turning on UEFI via the tools provided by Dell is fairly trivial either with 
CCTK+HAPI or the new PS scripts. - -I've found a few missing PS items that make 
loading CCTK required anyway though right now I cant recall what those are - I 
feel like it had to do with modifying the boot order or boot list. I think the 
PS tools don't have that function yet.

The trick is getting the computer to re-boot from the 'desired' boot device in 
UEFI mode.

In order for MDT with SCCM to work properly, the computer must be booted into 
the "mode" UEFI/BIOS that matches the way the disk was first configured.  So 
you can't just flip the switch to UEFI mode during the task sequence and expect 
MDT/SCCM to accept that change.  You have to switch to UEFI mode during the 
pre-execution hook and then get the computer rebooted with UEFI mode enabled.  
It is tricky.

I was having a heck of a time forcing the computer to boot from USB stick, set 
UEFI if it was not set, and then rebooting back to the USB Stick in UEFI mode.  
There was no way  I could find to programmatically reboot the computer in UEFI 
mode to the USB stick.  The problem is that the USB boot device is no longer 
labeled as a predictable boot item.  It is labeled as device 0, or Device 1, or 
Device X, it is unpredictable what the USB Stick is going to be labeled in UEFI 
and so scripts to enforce booting to a particular device are trouble.  I 
eventually gave up and started working on something else with a plan to revisit 
when more information became available from my peers.

So let's drum up some interest for UEFI so that someone with more time than me 
and a keen interest in blogging can struggle through all the problems and 
publish! :)


From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Tuesday, February 23, 2016 8:27 AM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Subject: RE: [MDT-OSD] TMP issues with Dell m5510s

Good reason to go to MMS in May, there is a session on turning on UEFI for HP, 
Dell, an Lenovo models.

Daniel Ratliff

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Tuesday, February 23, 2016 9:23 AM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Subject: RE: [MDT-OSD] TMP issues with Dell m5510s

Thanks Todd... This is very helpful. I am all Windows 7 x64 right now. We don't 
do refreshes here; we always do bare metal OSD because we don't care about 
preserving any local data. I think I will start having the PC Techs use UEFI so 
we can have an easier transition to Win 10.

________________________________
        John Marcum
            MCITP, MCTS, MCSA
              Desktop Architect
   Bradley Arant Boult Cummings LLP
________________________________

  [H_Logo]

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Miller, Todd
Sent: Monday, February 22, 2016 4:47 PM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Subject: RE: [MDT-OSD] TMP issues with Dell m5510s

I think the main advantage for UEFI with Windows 7x64 (only available in 64bit) 
is that if you deploy Windows 7x64 with UEFI enabled with a GPT formatted HD, 
then you will be able to do an inplace upgrade to Windows 10 and still take 
advantage of the tremendous security advantages available when running Windows 
10 in UEFI mode.  If you want to upgrade Windows 7 -> Windows 10 and your disk 
is oldstyle MBT formatted, then you either need to do the upgrade to Windows 10 
as a bare metal/wipe&load or forgo the security benefits of UEFI in Windows 10. 
 I feel like the security benefits of running Windows 10 in UEFI mode are very 
real and significant. So deploying Windows 7 in UEFI mode now will ease the 
upgrade process to Windows 10 in the future when SCCM is able to support 
deploying Windows 10.  I don't think there's a real benefit to running Windows 
7 in UEFI, just significant future gains.

UEFI will also let you use gigantic drives as a boot disk.

One disadvantage of UEFI I've found  is that the scripts and tools provided to 
change the BIOS settings are "challenging."  I had a real hard time 
manipulating the boot devices in UEFI and eventually gave up.  So you know how 
can be difficult to do the TPM stuff in BIOS for Bitlocker -it is 
different/harder in UEFI mode.  It is easy to force the next reboot to come 
from the Hard Disk or disable booting from USB devices in BIOS mode-- that is 
difficult,  in my trials-impossible, in UEFI mode.  There are year's worth of 
examples for manipulating BIOS settings while the examples, blogs, and 
documentation for doing the same in UEFI are still kind of lacking.

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Monday, February 22, 2016 12:13 PM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Subject: RE: [MDT-OSD] TMP issues with Dell m5510s

Not trying to hijack your thread here but.... What are the 
advantages/disadvantages to using either UEFI or legacy bios now? Specifically, 
with Win 7.




________________________________
        John Marcum
            MCITP, MCTS, MCSA
              Desktop Architect
   Bradley Arant Boult Cummings LLP
________________________________

  [H_Logo]

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of ODONNELL Aaron M
Sent: Monday, February 22, 2016 11:41 AM
To: 'mdt...@lists.myitforum.com' 
<mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>>
Subject: RE: [MDT-OSD] TMP issues with Dell m5510s

We were unable to get bitlocker to encrypt on our Skylake-based optiplex 7040 
and 5040s until we applied the 1.2.1 BIOS update to them. We use legacy mode 
for Windows 7.


Thanks,

Aaron O'Donnell

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Jim Bezdan
Sent: Monday, February 22, 2016 5:36 AM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Subject: [MDT-OSD] TMP issues with Dell m5510s

I am curious if anyone has run across an issue with not being able to enable 
BitLocker on the new m5510 or other models due to a TPM driver issue?  I am not 
dealing with the issue myself but am being told the issue may be with the new 
Skylake processor models in general.

Has anyone on the list deployed a Dell with a new Intel Skylake (63xx) and 
BitLocker?

Jim

________________________________

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

________________________________
Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and 
may be legally privileged.  If you are not the intended recipient, you are 
hereby notified that any retention, dissemination, distribution, or copying of 
this communication is strictly prohibited.  Please reply to the sender that you 
have received the message in error, then delete it.  Thank you.
________________________________

The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

________________________________
Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and 
may be legally privileged.  If you are not the intended recipient, you are 
hereby notified that any retention, dissemination, distribution, or copying of 
this communication is strictly prohibited.  Please reply to the sender that you 
have received the message in error, then delete it.  Thank you.
________________________________