/build/static/layout/Breadcrumb_cap_w.png

Systems Deployment Question


Deploying an image via USB drive

11/20/2019 150 views

I created a KBE boot device on a thumb drive and then added my image file to it per the instructions on the K2000.  Everything seems to go fine until it gets to the 'Set Engine Run Key' step where it pauses with an 'Open File - Security Warning' for the VBS script it's attempting to run.  From this point forward, every post-install task either stops with this warning or a Windows Defender Smart Screen warning.  Quite a hassle to approve each step along the way.  While the task is waiting for a response from me, I can get into Internet Options, Security and change the Custom level flag for 'Launching applications and unsafe files' to Enable and the remaining tasks complete without my intervention.  Seems like an unnecessary step.  I opened a ticket with Quest support and they suggested it was because I was deploying a UEFI image from a USB drive formatted NTFS.  I explained my image was greater than 5GB so formatting the single thumb drive as FAT32/EFI was not an option.  They had me create a second thumb drive:  one formatted as FAT32/EFI for the KBE and one NTFS that had my image files.  Booting to the FAT32 KBE while the NTFS drive was in another USB slot seemed to deploy the image OK but I still get the security warning popups.  Happens with Windows 10 x64 v1809 and v1903.  SDA is 7.0.357.

0 Comments   [ + ] Show comments

Comments


All Answers

2

It seems your O.S. has security settings or software  that are disrupting or blocking KACE engine.

1- Make sure this doesn't happen when deploying the Image from the SDA server.

2- Make sure you are not joining too soon to a domain or having an AntiVirus or Security solution as part of the Image.
(security software must be installed  as post install task).

Also these task need to follow an order, read this KB:

https://support.quest.com/kb/131472/what-order-should-i-place-my-post-install-tasks-


Also , if you are deploying an UEFI Image, you will need two drives, here's a guide in regards how to properly "cook-it":

https://www.itninja.com/blog/view/create-bootable-usb-kace-images-with-system-images-larger-than-4gb

Answered 11/20/2019 by: Channeler
Red Belt

  • Thanks for the response. Deploys just fine from the SDA without intervention. Both USBs created properly. I did some additional sniffing on the Quest support site and found KB264148. In the KB, they suggest running a SysInternals utility called Streams on the NTFS USB stick. Problem solved. Maybe Quest support could consider automating this step into the USB creation process. Also, in the ITNinja blog post you linked, one comment indicated there was no need for a FAT32 KBE. I'm going to try it again with a single NTFS KBE/Image stick. Fingers crossed...
    • The UEFI specification explicitly requires support for FAT32 for system partitions removable media; specific implementations may support other file systems.

      Source:
      https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Disk_device_compatibility


      NOW, two years ago, there were no Motherboards capable of UEFI booting from NTFS formatted media, this might not be true for devices manufactured\updated during mid 2018 or newer.

      KACE SDA has built-in tasks to disable UAC before executing any post install task, if this is not happening , then:
      -A software or GPO prevented this from happening
      - UAC is disabled in the golden image (not recommended)

      source:
      https://support.quest.com/kace-systems-deployment-appliance/kb/121713/explanation-of-the-disable-enable-uac-tasks-in-3-6