https://miketerrill.net/2015/08/31/automating-dell-bios-uefi-standards-for-windows-10/
KEVIN JOHNSTON From: [email protected] [mailto:[email protected]] On Behalf Of Marcum, John Sent: Wednesday, February 24, 2016 9:34 AM To: [email protected] Subject: RE: [MDT-OSD] UEFI -- Why do it? (was TMP issues with Dell m5510s) Is this blogged anywhere Mike???? ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [MVP] <https://mvp.microsoft.com/en-us/overview> [MMS] <http://mmsmoa.com/> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mike Terrill Sent: Wednesday, February 24, 2016 5:33 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] UEFI -- Why do it? (was TMP issues with Dell m5510s) "You have to switch to UEFI mode during the pre-execution hook and then get the computer rebooted with UEFI mode enabled. It is tricky." - Yep, you are right here Todd. I have a process that I presented at the last MMS in November. It works well and involves PXE booting. I call it Zero Touch BIOS to UEFI. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Tuesday, February 23, 2016 8:20 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] UEFI -- Why do it? (was TMP issues with Dell m5510s) I'd love to go to MMS in May as I found it to be a really good event and highly recommend it, but it is looking like schedule conflicts prevent a May conference this year - never say never though. Hopefully Warren and others at Dell will not hold off until May to publish some additional blogs/guidance on this topic. Turning on UEFI via the tools provided by Dell is fairly trivial either with CCTK+HAPI or the new PS scripts. - -I've found a few missing PS items that make loading CCTK required anyway though right now I cant recall what those are - I feel like it had to do with modifying the boot order or boot list. I think the PS tools don't have that function yet. The trick is getting the computer to re-boot from the 'desired' boot device in UEFI mode. In order for MDT with SCCM to work properly, the computer must be booted into the "mode" UEFI/BIOS that matches the way the disk was first configured. So you can't just flip the switch to UEFI mode during the task sequence and expect MDT/SCCM to accept that change. You have to switch to UEFI mode during the pre-execution hook and then get the computer rebooted with UEFI mode enabled. It is tricky. I was having a heck of a time forcing the computer to boot from USB stick, set UEFI if it was not set, and then rebooting back to the USB Stick in UEFI mode. There was no way I could find to programmatically reboot the computer in UEFI mode to the USB stick. The problem is that the USB boot device is no longer labeled as a predictable boot item. It is labeled as device 0, or Device 1, or Device X, it is unpredictable what the USB Stick is going to be labeled in UEFI and so scripts to enforce booting to a particular device are trouble. I eventually gave up and started working on something else with a plan to revisit when more information became available from my peers. So let's drum up some interest for UEFI so that someone with more time than me and a keen interest in blogging can struggle through all the problems and publish! :) From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Tuesday, February 23, 2016 8:27 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] TMP issues with Dell m5510s Good reason to go to MMS in May, there is a session on turning on UEFI for HP, Dell, an Lenovo models. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcum, John Sent: Tuesday, February 23, 2016 9:23 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] TMP issues with Dell m5510s Thanks Todd... This is very helpful. I am all Windows 7 x64 right now. We don't do refreshes here; we always do bare metal OSD because we don't care about preserving any local data. I think I will start having the PC Techs use UEFI so we can have an easier transition to Win 10. ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [H_Logo] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Monday, February 22, 2016 4:47 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] TMP issues with Dell m5510s I think the main advantage for UEFI with Windows 7x64 (only available in 64bit) is that if you deploy Windows 7x64 with UEFI enabled with a GPT formatted HD, then you will be able to do an inplace upgrade to Windows 10 and still take advantage of the tremendous security advantages available when running Windows 10 in UEFI mode. If you want to upgrade Windows 7 -> Windows 10 and your disk is oldstyle MBT formatted, then you either need to do the upgrade to Windows 10 as a bare metal/wipe&load or forgo the security benefits of UEFI in Windows 10. I feel like the security benefits of running Windows 10 in UEFI mode are very real and significant. So deploying Windows 7 in UEFI mode now will ease the upgrade process to Windows 10 in the future when SCCM is able to support deploying Windows 10. I don't think there's a real benefit to running Windows 7 in UEFI, just significant future gains. UEFI will also let you use gigantic drives as a boot disk. One disadvantage of UEFI I've found is that the scripts and tools provided to change the BIOS settings are "challenging." I had a real hard time manipulating the boot devices in UEFI and eventually gave up. So you know how can be difficult to do the TPM stuff in BIOS for Bitlocker -it is different/harder in UEFI mode. It is easy to force the next reboot to come from the Hard Disk or disable booting from USB devices in BIOS mode-- that is difficult, in my trials-impossible, in UEFI mode. There are year's worth of examples for manipulating BIOS settings while the examples, blogs, and documentation for doing the same in UEFI are still kind of lacking. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcum, John Sent: Monday, February 22, 2016 12:13 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] TMP issues with Dell m5510s Not trying to hijack your thread here but.... What are the advantages/disadvantages to using either UEFI or legacy bios now? Specifically, with Win 7. ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [H_Logo] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of ODONNELL Aaron M Sent: Monday, February 22, 2016 11:41 AM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: RE: [MDT-OSD] TMP issues with Dell m5510s We were unable to get bitlocker to encrypt on our Skylake-based optiplex 7040 and 5040s until we applied the 1.2.1 BIOS update to them. We use legacy mode for Windows 7. Thanks, Aaron O'Donnell From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jim Bezdan Sent: Monday, February 22, 2016 5:36 AM To: [email protected]<mailto:[email protected]> Subject: [MDT-OSD] TMP issues with Dell m5510s I am curious if anyone has run across an issue with not being able to enable BitLocker on the new m5510 or other models due to a TPM driver issue? I am not dealing with the issue myself but am being told the issue may be with the new Skylake processor models in general. Has anyone on the list deployed a Dell with a new Intel Skylake (63xx) and BitLocker? Jim ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
