/build/static/layout/Breadcrumb_cap_w.png

Deploy Windows 11 with the SDA

Here again your favorite Random Dude,


Hope everything have been going good for everyone. As it is well known Windows 11 is out there and everyone wants it, but there are some bigger changes that we need to keep in mind.

System firmware: UEFI, Secure Boot capable

TPM:           Trusted Platform Module (TPM) version 2.0. <-- pretty important

Storage          64 GB 

Windows 11 requirements


Secure boot is still not supported for PXE but you can use this workaround in the mean time. Now that we have cover our basis lets get on going.

1. KBE, KACE still haven't released documentation that Windows 11 is Officially supported, I tried to create a KBE with the newer Windows 11 ADK but it didn't work, so I went ahead and tested with my latest 8.2 2004 KBE and it worked like a charm. Here we have the KB on how to create the KBE.

2. Upload your Windows 11 media with the 8.2 Media Manager (KB how to upload the ISO )

3. You may need a new/modified Partitioning task, see this post. Is awesome! (ECHO Create partition msr size=128) <- remove that line from your partitioning task.

3a. Additionally, on that post you can find a way to bypass the compatibility checks for TPM and Secure boot 

4. As Windows 11 is not really supported by the SDA, in the Answer file wizard you need to define the version that you are going to install. See example

wDUM1zFm2VEdwAAAABJRU5ErkJggg==

5. Add the new task(s) created on step 3 and just deploy just Scripted install as expected

6. I confirmed that the Windows 10 Debloater works for Windows 11, so you can give it a try 

6a. You may still need to remove the following packages manually to get it working, they were giving me a hard time

Microsoft.OnedriveSync

MicrosoftTeams

5319275a.WhatsappDesktop

7. The KACE Sysprep tool does work! Just be sure to run the updated one (as of today 4.1.1.3), download here the 4.1.1.1 and then just do the upgrade when prompted. Protip, ignore that it refers to it as "Windows 10". 

vnX+H8B5P1Tk9b+caQAAAAASUVORK5CYII=

8. Disable the "Real-Time protection"

8fZq0GXpBl9gAAAAAASUVORK5CYII=

9. Execute the sysprep as administrator

10. Boot to your SDA and capture C: only as usual

11. After the image is captured, you can use the [DISK] Create/Apply BIOS/UEFI Partitions task and you are ready to go


I hope this helps someone. If you have any questions or comments put them down there.


Note: there is a fingerprint issue with recent windows 11 ISOs, KACE is aware of that and mentioned that this will be resolved ok the next release. In my example I used the first ISO that MS released. 


See you in my next post!


Comments

  • fantastic post, im glad to have some resources to look at when we get to our upgrade phase - LeftEyeTlc 2 years ago
  • Few comments on your excellent post
    1. Using the 8.2 Media Manager I and others on the team were able to successfully create a KBE using the new Windows 10 ADK, the only issue is that it thinks it is PE 10 because, well Microsoft. Seriously, it installs in Windows Kits\10 which is part of our check. That will be fixed in the next release. All you need to do is change the "Name" field to say PE11 and it is all good. If you had issues, maybe check your Media Manager log in %temp% of the machine used to build it. Also be aware that the footer in KBE will say PE 10 (2009), again Microsoft chose to use 10 as the major version and have 2009 in the build registry entry for some reason. Working on that as well.
    2. More informational than anything else, but you can also put your ISO on client drop and use the Source Media Import in the appliance UI.
    3, Definitely need that change for scripted installs, unless one wants to add all the partitioning stuff into the configuration (answer) file, which I have tested and works.
    6a. I definitely had to remove "Microsoft.OnedriveSync" before sysprep worked, I'll add that to sysprep executor. If you can grab the log on the other ones for move detail on app name, I can add those as well.
    7. Sysprep Creator has been depricated as the tool is now built into the UI and provides a link to download sysprep executor from the appliance. This also allows up to update the tool and the appliance downloads it during the nightly update check. If you could remove that link it would be appreciated.
    8. It is so frustrating that this must be done manually. Sysprep Executor does run a powershell script in a loop to try and turn it off, but since some change back in win10 it is not consistent at all. Wish there was a better way to automate that process. - cserrins 2 years ago
  • Not sure if this is helpful for people or not, but I've managed to get Windows 11 going following just about everything RandomITDude said. I used the 2004 KBE on a UEFI-USB bootable thumb drive. Here is a list of things that we've historically removed via powershell. (not using the debloater)

    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.Getstarted_10.2.41172.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.MicrosoftOfficeHub_18.2104.12721.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.People_2020.901.1724.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName microsoft.windowscommunicationsapps_16005.12827.20400.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.WindowsFeedbackHub_2021.427.1821.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.ZuneMusic_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.ZuneVideo_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe

    Remove-AppxPackage Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe

    One thing that DIDN'T work is the built in "Apply UEFI Partitions" section. We run:
    bcdboot C:\windows /s s: /f UEFI
    but use "Create UEFI partitons" in the pre-installation tasks.

    Hope this helps. - scdavissmith 2 years ago
    • Try using the built in [DISK] tasks instead. - cserrins 2 years ago
  • Didn't work for us got an error
    Windows could not format a partition on disk 0. the target disk, partition or volume does not support the specified operation. the error occurred while preparing the partition selected for install error code 0x80300024 - binuani 2 years ago
    • If you are running a scripted install and using the built in [DISK] tasks, you must make a modification to the pre on and remove the create partition MSR line. - cserrins 2 years ago
      • That worked! thank you very much!! - binuani 2 years ago
  • Able to PXE boot the machine using the USB and the Scripted installation starts, but I get "This PC doesn't meet the minimum requirements...." from Windows 11 setup even though I know this model (Optiplex 3080) does support it. Suggestions? - gochjj 2 years ago
    • When using Scripted installs that comes from the ISO itself, so first confirm that you have TPM on and Secure Boot on and if after that it keeps messing around you can then consider using the bypass task on point #3 - RandomITdude24 2 years ago
  • I'm having an issue getting the Windows 11 21H2 (Updated January 2022) ISO to work in the SDA. It's Operating System and Category show as "unable to fingerprint". This rings a bell but I cannot seem to fix it this time. I have the October 2021 ISO in the system working fine but i can't remember if there was a trick to getting it recognised. I anticipate Quest won't be updating the source media metadata to support Windows 11 until they have the fullest support to launch. It would nonetheless be helpful if the metadata was updated early.

    Have I forgotten the fix for this issue? T.I.A. - mcnaugha 2 years ago
    • Did you ever figure this out? Same exact issue, original Oct 2021 iso uploaded no prob (AFAIK anyways), but trying again in Mar 2022 and getting "Unable to Fingerprint". Same result uploading in Media Manager or pulling iso from clientdrop, on SDA 8.2 - adam.rowley 1 year ago
      • I have the same situation on mine, this could be due to the fact that the SDA doesn't fully support Win11 at the moment... I would say,
        keep using an older version and then run Windows Updates on it or patch it with the SMA or wait for a newer SDA release - RandomITdude24 1 year ago
    • I'm having this same issue. Not sure what's going on. I contacted Quest support and their response was "we don't support Windows 11." - andy.gilmore 1 year ago
      • Yeah I believe is that the SDA doesn't understand the ISO or doesn't know what to do with it.... but in my example, it work with the original Win11 ISO that they released (MS).. that's the one I am using and then running patching on it with the SMA - RandomITdude24 1 year ago
  • The SDA will support Windows 11 in the next release. During the upgrade to the next version we will see if you have any source media marked as "Unable to fingerprint" and attempt to fingerprint those again. - cserrins 1 year ago
    • Those are great news! I will add this to my post - RandomITdude24 1 year ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ