deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update Boot Image with CU Article 51

Browse Source
This commit is contained in:
Frank Rojas
2023-08-05 20:38:44 -04:00
parent 10e125d36b
commit 169e427384
1 changed files with 52 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
windows/deployment/update-boot-image.md
View File

@ -50,9 +50,9 @@ Microsoft recommends updating Windows PE (WinPE) boot images with the latest cum
1. Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
When installing the Windows ADK, for the purpose of this walk-through, it's only necessary to install the **Deployment Tools**. Other products, such as Microsoft Configuration Manager and Microsoft Deployment Toolkit (MDT), may require additional features installed, such as the **User State Migration Tool (USMT)**.
For this walk-through, when the Windows ADK is installed, it's only necessary to install the **Deployment Tools**. Other products, such as Microsoft Configuration Manager and Microsoft Deployment Toolkit (MDT), may require additional features installed, such as the **User State Migration Tool (USMT)**.
One of the tools installed when installing the the **Deployment Tools** feature will be the **Deployment and Imaging Tools Environment** command prompt. When using the **Command Line** option to run the commands in this walk-through, make sure to run the commands from an elevated **Deployment and Imaging Tools Environment** command prompt. The **Deployment and Imaging Tools Environment** command prompt can be found in the Start Menu under **Windows Kits** > **Deployment and Imaging Tools Environment**.
One of the tools installed when installing the the **Deployment Tools** feature is the **Deployment and Imaging Tools Environment** command prompt. When using the **Command Line** option to run the commands in this walk-through, make sure to run the commands from an elevated **Deployment and Imaging Tools Environment** command prompt. The **Deployment and Imaging Tools Environment** command prompt can be found in the Start Menu under **Windows Kits** > **Deployment and Imaging Tools Environment**.
The paths in this article assume the Windows ADK was installed at the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths during the walk-through accordingly.
@ -70,7 +70,7 @@ Microsoft recommends updating Windows PE (WinPE) boot images with the latest cum
## Step 2: Download cumulative update (CU)
1. Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of the Windows PE boot image that is being updated.
1. Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update. The Windows version of the cumulative update should match the version of the Windows PE boot image that is being updated.
1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"<year>-<month> cumulative update for windows <x>"` where `year` is the four digit current year, `<month>` is the two digit current month, and `<x>` is the version of Windows that Windows PE is based on. Make sure to include the quotes (`"`). For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`, again making sure to include the quotes. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
@ -90,7 +90,7 @@ Before modifying the desired boot image, make a backup copy of the boot image th
- For the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
- For the default 64-bit boot image that is generated by **Microsoft Configuration Manager**, the boot image is located at `<ConfigMgr_Install_Directory>\OSD\boot\x64\boot.wim`. For other boot images in Configuration Manager, the path to the boot image will be displayed in the **Image path:** field under the **Data Source** tab in the **Properties** of the boot image.
- For the default 64-bit boot image that is generated by **Microsoft Configuration Manager**, the boot image is located at `<ConfigMgr_Install_Directory>\OSD\boot\x64\boot.wim`. For other boot images in Configuration Manager, the path to the boot image is displayed in the **Image path:** field under the **Data Source** tab in the **Properties** of the boot image.
However, for **Microsoft Configuration Manager** it's recommended to instead modify the `winpe.wim` boot image included with the **Windows PE add-on for the Windows ADK**. For more information, see [Microsoft Configuration Manager considerations](#microsoft-configuration-manager-considerations).
@ -102,10 +102,10 @@ Before modifying the desired boot image, make a backup copy of the boot image th
Adjust the above paths for 32-bit boot images (only available with Windows 10 ADKs).
The following commands will backup the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**:
The following commands backs up the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**:
### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
From an elevated **PowerShell** command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
From an elevated **PowerShell** command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed-up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
```powershell
Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.bak.wim"
@ -117,7 +117,7 @@ To automatically overwrite an existing backed up boot image without confirmation
### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
From an elevated command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
From an elevated command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed-up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.bak.wim"
@ -135,7 +135,7 @@ To automatically overwrite an existing backed up boot image without confirmation
## Step 4: Mount boot image to mount folder
1. Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`. If using a previously created mount folder, ensure that it is empty and doesn't have any previously mounted images in it.
1. Create a new empty folder to mount the boot image to. For example, `C:\Mount`. If using a previously created mount folder, ensure that it's empty and doesn't have any previously mounted images in it.
1. Mount the boot image to the mount folder using one of the following methods:
@ -233,7 +233,7 @@ For more information, see [Add and Remove Driver packages to an offline Windows
---
Drivers are not affected by the cumulative update installed later in this walkthrough. Once a driver is added to a boot image, it does not need to be added again if a newer cumulative update is applied to the boot image at a later point in time.
The cumulative update installed later in this walkthrough doesn't affect drivers. Once a driver is added to a boot image, it doesn't need to be added again if a newer cumulative update is applied to the boot image.
> [!TIP]
>
@ -284,7 +284,7 @@ Drivers are not affected by the cumulative update installed later in this walkth
DISM.exe /Image:"C:\Mount" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WMI.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WDS-Tools.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-SecureStartup.cab"
```
These examples assume a 64-bit boot image image. If a different architecture is being used, then adjust the paths in the commands accordingly.
These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths in the commands accordingly.
You can add as many desired optional components as needed on a single **DISM.exe** command line.
@ -296,7 +296,7 @@ Drivers are not affected by the cumulative update installed later in this walkth
Not all optional components have the language specific component. However, for optional components that do have a language specific component, make sure that the language specific component is installed.
To check if an optional component has a language component, check the `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Language>\` directory to see if there is a matching language component for that optional component.
To check if an optional component has a language component, check the `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Language>\` directory to see if there's a matching language component for that optional component.
For example, to install the English United States (en-us) language component for an optional component, use the following command line:
@ -338,17 +338,21 @@ Drivers are not affected by the cumulative update installed later in this walkth
> [!IMPORTANT]
>
> When adding optional components, make sure to check if an optional component has a prerequisite for another optional component. When an optional component does have a prerequisite, make sure that the prerequisite component is installed first. For more information on adding optional components, see [WinPE Optional Components (OC) Reference: How to add Optional Components](/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference#how-to-add-optional-components).
> When adding optional components, make sure to check if an optional component has a prerequisite for another optional component. When an optional component does have a prerequisite, make sure that the prerequisite component is installed first. For more information, see [WinPE Optional Components (OC) Reference: How to add Optional Components](/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference#how-to-add-optional-components).
> [!IMPORTANT]
>
> Both **Microsoft Configuration Manager** and **Microsoft Deployment Toolkit (MDT)** boot images require certain optional components to work properly. Make sure to add these required components when using either **Microsoft Configuration Manager** and **Microsoft Deployment Toolkit (MDT)**
> Cumulative updates always need to be applied or reapplied after adding optional components to the boot image. If additional optional components are added to a boot image after a cumulative update has been applied, then the cumulative update needs to be reapplied.
> [!IMPORTANT]
>
> Additionally, when adding any optional component for either **Microsoft Configuration Manager** or **Microsoft Deployment Toolkit (MDT)** boot images, make sure to add the components manually using the above command lines instead of adding them through **Configuration Manager** or **MDT**. For more information, see [Microsoft Configuration Manager considerations](#microsoft-configuration-manager-considerations) or [Microsoft Deployment Toolkit (MDT) considerations](#microsoft-deployment-toolkit-mdt-considerations).
> Both **Microsoft Configuration Manager** and **Microsoft Deployment Toolkit (MDT)** boot images require certain optional components to work properly. Make sure to add these required components when using either **Microsoft Configuration Manager** and **Microsoft Deployment Toolkit (MDT)**. For more information, see [Configuration Manager boot image required components](#configuration-manager-boot-image-required-components) or [MDT boot image required components](#mdt-boot-image-required-components).
>
> Additionally, when adding any optional component for either **Microsoft Configuration Manager** or **Microsoft Deployment Toolkit (MDT)** boot images, make sure to manually add the optional components using this walkthrough instead of adding them through **Configuration Manager** or **MDT**. For more information and reasons why, see [Microsoft Configuration Manager considerations](#microsoft-configuration-manager-considerations) or [Microsoft Deployment Toolkit (MDT) considerations](#microsoft-deployment-toolkit-mdt-considerations).
### Popular optional components
The following is a list of popular optional components that are commonly added to boot images:
The following list contains the more popular optional components that are commonly added to boot images:
| **Feature** | **File Name** | **Dependency** | **Purpose** | **Required by ConfigMgr** | **Required by MDT** |
| --- | --- | --- | --- | --- |
@ -358,7 +362,7 @@ The following is a list of popular optional components that are commonly added t
| Startup/WinPE-SecureStartup | `WinPE-SecureStartup.cab` | Scripting/WinPE-WMI | Supports managing BitLocker and TPMs within WinPE | Yes | Yes|
| File management/WinPE-FMAPI | `WinPE-FMAPI.cab` | NA | Supports access to the Windows PE File Management API | No | Yes |
| Windows PowerShell/WinPE-PowerShell | `WinPE-PowerShell.cab` | Scripting/WinPE-Scripting <br> Scripting/WinPE-WMI <br> Microsoft .NET/WinPE-NetFx | Supports running PowerShell commands and scripts in WinPE | No | No |
| Microsoft .NET/WinPE-NetFx | `WinPE-NetFx.cab` | Scripting/WinPE-WMI | Supports .Net applications in WinPE | No | No |
| Microsoft .NET/WinPE-NetFx | `WinPE-NetFx.cab` | Scripting/WinPE-WMI | Supports .NET applications in WinPE | No | No |
| Network/WinPE-Dot3Svc | `WinPE-Dot3Svc.cab` | NA | Supports the 802.1X network protocol in WinPE | No | No |
| HTML/WinPE-HTA | `WinPE-HTA.cab` | Scripting/WinPE-WMI | Supports running HTML applications in WinPE | No | No |
| Database/WinPE-MDAC | `WinPE-MDAC.cab` | NA | Supports connecting to databases in WinPE | No | No |
@ -437,7 +441,7 @@ The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
---
Inspecting the **DISM.log** will reveal the following error:
Inspecting the **DISM.log** reveals the following error:
### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@ -487,9 +491,9 @@ DISM Package Manager: PID=<PID> TID=<TID> Failed while processing command add-pa
---
The problem occurs when the WinPE boot image that is being serviced requires installation of a servicing stack update (SSU) before installation of the cumulative update (CU) can occur. The problem usually occurs when using older Windows ADKs and older versions of Windows PE. The suggested fix is to upgrade to the latest version of the Windows ADK and Windows PE which most likely won't need a servicing stack update (SSU) installed before installing the cumulative update (CU).
The problem occurs when the WinPE boot image that is being serviced requires installation of a servicing stack update (SSU) before installation of the cumulative update (CU) can occur. The problem usually occurs when using older Windows ADKs and older versions of Windows PE. The suggested fix is to upgrade to the latest version of the Windows ADK and Windows PE. The latest versions of the Windows ADK and Windows PE most likely don't need a servicing stack update (SSU) installed before installing the cumulative update (CU).
For scenarios where an older version of the Windows ADK and Windows PE need to be used, for example when using Microsoft Deployment Toolkit (MDT), the servicing stack update needs to be installed before installing the cumulative update. The servicing stack update (SSU) is contained within the cumulative update (CU). To obtain the servicing stack update (SSU) so that it can be applied, it can be extracted from the cumulative update (CU).
For scenarios where older versions of the Windows ADK and Windows PE need to be used, for example when using Microsoft Deployment Toolkit (MDT), the servicing stack update needs to be installed before installing the cumulative update. The servicing stack update (SSU) is contained within the cumulative update (CU). To obtain the servicing stack update (SSU) so that it can be applied, it can be extracted from the cumulative update (CU).
The following steps outline how to extract and then install the servicing stack update (SSU) to the boot image. Once the servicing stack update (SSU) has been installed in the boot image, then the cumulative update (CU) should install to the boot image without error:
@ -565,11 +569,11 @@ The following steps outline how to extract and then install the servicing stack
## Step 8: Copy boot files from mounted boot image to ADK installation path
Some cumulative updates will update the bootmgr boot files in the boot image. After these bootmgr boot files have been updated in the boot image, it's recommended to copy these updated bootmgr boot files from the boot image back to the Windows ADK. This will ensure that the Windows ADK has the updated bootmgr boot files.
Some cumulative updates contain updated bootmgr boot files that are added to the boot image. After these bootmgr boot files have been updated in the boot image, it's recommended to copy these updated bootmgr boot files from the boot image back to the Windows ADK. Copying these files ensures that the Windows ADK has the updated bootmgr boot files.
### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
From an elevated **PowerShell** command prompt, run the following commands to copy the updated bootmgr boot files from the mounted boot image to the ADK installation path. These commands will also back up any existing bootmgr boot files its finds. When applicable, the commands need confirmation to overwrite any existing files:
From an elevated **PowerShell** command prompt, run the following commands to copy the updated bootmgr boot files from the mounted boot image to the ADK installation path. These commands also back up any existing bootmgr boot files its finds. When applicable, the commands need confirmation to overwrite any existing files:
```powershell
Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.bak.efi"
@ -597,7 +601,7 @@ To overwrite the bootmgr boot files and any backed up bootmgr boot file without
### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
From an elevated command prompt, run the following command to copy the updated bootmgr boot files from the mounted boot image to the ADK installation path. These commands will also back up any existing bootmgr boot files its finds. When applicable, the commands need confirmation to overwrite any existing files:
From an elevated command prompt, run the following command to copy the updated bootmgr boot files from the mounted boot image to the ADK installation path. These commands also back up any existing bootmgr boot files its finds. When applicable, the commands need confirmation to overwrite any existing files:
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.bak.efi"
@ -625,7 +629,7 @@ To overwrite the bootmgr boot files and any backed up bootmgr boot file without
---
This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr boot files are available to the Windows ADK when creating bootable media via the Windows ADK. This may include any product that uses the Windows ADK to create bootable media.
This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr boot files are available to the Windows ADK when creating bootable media via the Windows ADK. When these files are updated in the Windows ADK, products that use the Windows ADK to create bootable media also have access to the updated bootmgr boot files.
In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
@ -635,7 +639,7 @@ In particular, this step is needed when addressing the BlackLotus UEFI bootkit v
## Step 9: Perform component cleanup
Run **DISM.exe** commands that will clean up the mounted boot image and help reduce its size:
Run **DISM.exe** commands that clean up the mounted boot image and help reduce its size:
### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@ -681,7 +685,7 @@ For more information, see [Modify a Windows image using DISM: Reduce the size of
## Step 10: Verify all desired packages have been added to boot image
After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed:
After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they're showing as installed:
### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@ -861,19 +865,19 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
## Step 13: Update boot image in products that utilize it (if applicable)
After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the product(s) that utilize the boot image . The following links contain information on how to update the boot image for several popular products that utilize boot images:
After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the product(s) that utilize the boot image. The following links contain information on how to update the boot image for several popular products that utilize boot images:
- [Microsoft Configuration Manager](#updating-the-boot-image-in-configuration-manager)
- [Microsoft Deployment Toolkit (MDT)](#updating-the-boot-image-in-mdt)
- Windows Deployment Services
For any other products that utilize boot images, please consult their documentation on how to finish updating the boot image.
For any other products that utilize boot images, consult the product's documentation on updating the boot image.
## Microsoft Configuration Manager considerations
### How Microsoft Configuration Manager creates boot images
Microsoft Configuration Manager creates its own boot images by taking the `winpe.wim` from the Windows ADK, adding some [optional components it requires](#configuration-manager-boot-image-required-components) to function correctly, and then saving the boot image as `boot.wim` in the directory `<ConfigMgr_Install_Directory>\OSD\boot\<architecture>\boot.wim`. This `boot.wim` boot image is considered the pristine authoritative copy of the boot image by Configuration Manager and is never touched, modified, or updated by Configuration Manager except in some very specific scenarios. Instead, when changes are done in the properties of the boot image in Configuration Manager such as:
Microsoft Configuration Manager creates its own boot images by taking the `winpe.wim` from the Windows ADK, adding some [optional components it requires](#configuration-manager-boot-image-required-components) to function correctly, and then saving the boot image as `boot.wim` in the directory `<ConfigMgr_Install_Directory>\OSD\boot\<architecture>\boot.wim`. This `boot.wim` boot image is considered the pristine authoritative copy of the boot image by Configuration Manager. Configuration Manager never touches, modifies, or updates the `boot.wim` boot image except in some specific scenarios. Instead, when changes are done in the properties of the boot image in Configuration Manager such as:
- Adding drivers
- Adding optional components
@ -881,21 +885,21 @@ Microsoft Configuration Manager creates its own boot images by taking the `winpe
Configuration Manager makes a copy of `boot.wim`, applies the changes to the copy, and then saves the new boot image as `boot.<package_id>.wim`.
If in the future any additional changes are done to the boot image, Configuration Manager discards the previously created `boot.<package_id>.wim` boot image, makes a new copy of `boot.wim`, applies the changes to the copy, and then saves the new boot image as `boot.<package_id>.wim`. In other words, `boot.wim` is never touched. Any time any changes are made to a boot image, both the new changes and any changes done in the past are all reapplied to a new copy of `boot.wim`.
If in the future any additional changes are done to the boot image, Configuration Manager discards the previously created `boot.<package_id>.wim` boot image, makes a new copy of `boot.wim`, applies the changes to the copy, and then saves the new boot image as `boot.<package_id>.wim`. In other words, `boot.wim` is never touched. Anytime any changes are made to a boot image, both the new changes and any changes done in the past are all reapplied to a new copy of `boot.wim`.
This process has the following advantages:
1. Keeps `boot.wim` pristine.
1. Makes sure that when changes are made to a boot image, they are being done to a copy of a pristine version of the boot image that hasn't had been modified in the past. This helps avoid corruption when a boot image is updated multiple times. I can also correct issues with existing boot images.
1. Makes sure that changes done to a boot image are being done to a pristine unmodified version of the boot image. This process helps avoid corruption when a boot image is updated multiple times. I can also correct issues with existing boot images.
1. Helps manage components in the boot image. The process doesn't need to know what components may need to be removed from the boot image each time the boot image is rebuilt. Instead, it just needs to know what components need to be added to the boot image.
1. Reduces the size of the boot image that can occur when components are repeatedly added to and removed from the boot image.
1. It reduces the size of the boot image that can occur when components are repeatedly added to and removed from the boot image.
There are two scenarios when the `boot.wim` boot image is updated by Configuration Manager:
Configuration Manager updates the `boot.wim` boot image in two scenarios:
1. When upgrading between versions of Configuration Manager or when applying hotfix roll ups (HFRUs) to Configuration Manager, `boot.wim` may be updated as part of the upgrade process.
1. When Configuration Manager is upgraded between version or a hotfix roll ups (HFRUs) is applied, `boot.wim` may be updated as part of the upgrade process.
1. When selecting the option **Reload this boot image with the current Windows PE version from the Windows ADK** in the **Update Distribution Points Wizard**.
@ -905,7 +909,7 @@ In theses scenarios, the `boot.wim` boot image is updated using the `winpe.wim`
When manually adding a cumulative update to a Configuration Manager boot image, it's recommended to update the `winpe.wim` boot image from the Windows ADK instead of directly updating the `boot.wim` boot image generated by Configuration Manager.
The `winpe.wim` boot image from the Windows ADK should be updated because if `boot.wim` generated by Configuration Manager is updated instead, then the next time `boot.wim` is updated via a Configuration Manager upgrade or the **Reload this boot image with the current Windows PE version from the Windows ADK** option, then changes made to `boot.wim`, including the applied cumulative update, will be lost. If the `winpe.wim` boot image from the Windows ADK is updated instead, then changes boot image, including the applied cumulative update, will persist and be preserved even when Configuration Manager does update the `boot.wim` boot image.
The `winpe.wim` boot image from the Windows ADK should be updated because if `boot.wim` generated by Configuration Manager is updated instead, then the next time `boot.wim` is updated via a Configuration Manager upgrade or the **Reload this boot image with the current Windows PE version from the Windows ADK** option, then changes made to `boot.wim`, including the applied cumulative update, will be lost. If the `winpe.wim` boot image from the Windows ADK is updated with the cumulative update instead, then the cumulative update persists and is preserved even when Configuration Manager does update the `boot.wim` boot image.
> [!IMPORTANT]
>
@ -915,7 +919,7 @@ The `winpe.wim` boot image from the Windows ADK should be updated because if `bo
>
> - Manually changing the `boot.<package_id>.wim` boot image changes the hash value of the boot image. A change in the hash value of the boot image can lead to download failures when downloading the boot image from a distribution point.
By updating `winpe.wim` from the Windows ADK, this will ensure that the cumulative update will stay applied regardless of what changes are made to the `boot.wim` boot image via Configuration Manager.
Updating `winpe.wim` from the Windows ADK ensures that the cumulative update stays applied regardless of what changes are made to the `boot.wim` boot image via Configuration Manager.
### Updating the boot image in Configuration Manager
@ -937,9 +941,9 @@ After updating the `winpe.wim` boot image from the Windows ADK, generate a new `
1. The **Progress** page appears while the boot image builds.
1. Once the boot image finishes building, the **The task "Update Distribution Points Wizard" completed successfully**/**Completion** page will appear. Select the **Close** button.
1. Once the boot image finishes building, the **The task "Update Distribution Points Wizard" completed successfully**/**Completion** page appears. Select the **Close** button.
This process updates the boot image used by Configuration Manager. It will also update the boot image and the bootmgr boot files used by any PXE enabled distribution points.
This process updates the boot image used by Configuration Manager. It also updates the boot image and the bootmgr boot files used by any PXE enabled distribution points.
> [!IMPORTANT]
>
@ -947,13 +951,13 @@ This process updates the boot image used by Configuration Manager. It will also
### Add optional components manually to Configuration Manager boot images
For Microsoft Configuration Manager boot images, when applying a cumulative update to a boot image, make sure to add any desired optional components manually using the command lines from the walkthrough instead of adding them through Configuration Manager. Optional components are usually added to boot images in Configuration Manager via the **Optional Components** tab in the **Properties** of the boot image.
For Microsoft Configuration Manager boot images, when applying a cumulative update to a boot image, make sure to add any desired optional components manually using the command lines from the walkthrough instead of adding them through Configuration Manager. Optional components are added to boot images in Configuration Manager via the **Optional Components** tab in the **Properties** of the boot image.
Optional components need to be added to the boot image manually instead of via Configuration Manager because:
- When the cumulative update is applied, it will also update any optional components as needed.
- When the cumulative update is applied, it also updates any optional components as needed.
- If optional components are added through Configuration Manager on a boot image that has a cumulative update, then the optional components will not be updated with the cumulative update. This could lead to unexpected behaviors and problems. The cumulative update needs to be added after the optional components have been added to the boot image for the optional components to be updated properly with the cumulative update.
- If optional components are added through Configuration Manager on a boot image that has a cumulative update, then the optional components aren't updated with the cumulative update. Adding the optional components through Configuration Manager could lead to unexpected behaviors and problems. The cumulative update needs to be added after the optional components have been added to the boot image for the optional components to be updated properly with the cumulative update.
> [!NOTE]
>
@ -961,7 +965,7 @@ Optional components need to be added to the boot image manually instead of via C
### Configuration Manager boot image required components
The following components are required by Microsoft Configuration Manager boot images for Configuration Manager to function correctly:
For Microsoft Configuration Manager boot images to function correctly, it requires the following optional components:
| **Feature** | **File Name** | **Dependency** | **Required by ConfigMgr** |
| --- | --- | --- | --- |
@ -976,13 +980,13 @@ For a list of all available WinPE optional components including descriptions for
### Updating Configuration Manager boot media
After completing the walkthrough, including updating boot images in Configuration Manager, update any Configuration Manager task sequence media to ensure that the task sequence media has both the updated boot image and if applicable, updated boot files.
After completing the walkthrough, including updating boot images in Configuration Manager, update any Configuration Manager task sequence media. Updating any Configuration Manager task sequence media ensures that the task sequence media has both the updated boot image and if applicable, updated boot files.
## Microsoft Deployment Toolkit (MDT) considerations
When adding a cumulative update to a Microsoft Deployment Toolkit (MDT) boot image, it's recommended to update the `winpe.wim` boot image from the Windows ADK instead of directly updating the `LiteTouchPE_<arch>.wim` boot image in the MDT Deployment Share.
The `winpe.wim` boot image from the Windows ADK should be updated because if `LiteTouchPE_<arch>.wim` is updated instead, then the next time the MDT Deployment Share is updated, the changes made to `LiteTouchPE_<arch>.wim`, including the applied cumulative update, will be lost. If the `winpe.wim` boot image from the Windows ADK is updated instead, then the changes to the boot image, including the applied cumulative update, will persist and be preserved when the MDT Deployment Share is updated.
The `winpe.wim` boot image from the Windows ADK should be updated because if `LiteTouchPE_<arch>.wim` is updated instead, then the next time the MDT Deployment Share is updated, the changes made to `LiteTouchPE_<arch>.wim`, including the applied cumulative update, will be lost. If the `winpe.wim` boot image from the Windows ADK is updated with the cumulative update instead, then the cumulative update persists and is preserved even when the MDT Deployment Share is updated.
### Updating the boot image and boot media in MDT
@ -1000,19 +1004,19 @@ After updating the `winpe.wim` boot image from the Windows ADK, generate a new `
1. In the **Summary** page, select the **Next >** button.
1. The **Progress** page appears while the boot image and deployment share builds.
1. The **Progress** page appears while the boot image and deployment share build.
1. Once the boot image and deployment share finishes building, the **The process completed successfully**/**Confirmation** page appears. Select the **Finish** button.
1. Once the boot image and deployment share finish building, the **The process completed successfully**/**Confirmation** page appears. Select the **Finish** button.
These steps also update the MDT boot media in the MDT Deployment Share. After following the above steps, use the newly updated ISO files in the `<DeploymnetShare>\Boot` folder to create new MDT boot media.
### MDT and Windows ADK versions
Microsoft Deployment Toolkit (MDT) doesn't support versions of Windows or the Windows ADK beyond Windows 10. When using MDT, the recommendation is to use the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads) instead of the latest version of the Windows ADK. **ADK for Windows 10, version 2004** was the last version of the Windows ADK supported by MDT.
Microsoft Deployment Toolkit (MDT) doesn't support versions of Windows or the Windows ADK beyond Windows 10. When MDT is used, the recommendation is to use the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads) instead of the latest version of the Windows ADK. **ADK for Windows 10, version 2004** was the last version of the Windows ADK supported by MDT.
### MDT boot image required components
The following components are required by Microsoft Configuration Manager boot images for Configuration Manager to function correctly:
For Microsoft Deployment Toolkit (MDT) boot images to function correctly, it requires the following optional components:
| **Feature** | **File Name** | **Dependency** | **Required by MDT** |
| --- | --- | --- | --- |
@ -1032,4 +1036,4 @@ The **boot.wim** that is part of Windows installation media isn't supported for
## Windows Server 2012 R2
This walk-through isn't intended for use with Windows Server 2012 R2. There may be additional steps necessary when using Windows Server 2012 R2, such as also having to apply the latest servicing stack update (SSU) to the WinPE boot image. For server OSes, it's strongly recommended to use Windows Server 2016 or later for this walk-through. For more information see, [Windows Server 2012 R2 Lifecycle](/lifecycle/products/windows-server-2012-r2).
This walk-through isn't intended for use with Windows Server 2012 R2. There may be additional steps necessary when using Windows Server 2012 R2, such as also having to apply the latest servicing stack update (SSU) to the WinPE boot image. For server OSes, it's recommended to use Windows Server 2016 or later for this walk-through. For more information, see [Windows Server 2012 R2 Lifecycle](/lifecycle/products/windows-server-2012-r2).