From abc2bbad821b38aed08d056813ef9c3908c61c1c Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Thu, 13 Jul 2023 14:40:03 -0400
Subject: [PATCH 001/273] Update Boot Image with CU Article
---
windows/deployment/update-boot-image.md | 27 +++++++++++++++++++++++++
1 file changed, 27 insertions(+)
create mode 100644 windows/deployment/update-boot-image.md
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
new file mode 100644
index 0000000000..1e1246c0a1
--- /dev/null
+++ b/windows/deployment/update-boot-image.md
@@ -0,0 +1,27 @@
+---
+title: Update Windows PE boot image with the latest cumulative updates
+description: This article describes how to update a Windows PE (WinPE) boot image with the latest cumulative update.
+ms.prod: windows-client
+ms.localizationpriority: medium
+author: frankroj
+manager: aaroncz
+ms.author: frankroj
+ms.topic: article
+ms.date: 07/13/2023
+ms.technology: itpro-deploy
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
+ - ✅ Windows Server 2022
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2016
+---
+---
+
+# Update Windows PE boot image with the latest cumulative update
+
+This walkthrough describes how to update a Windows PE (WinPE) boot image with the latest cumulative update.
+
+## Prerequisites
+
+- [Windows Assessment and Deployment Kit (ADK)](https://docs.microsoft.com/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK.
\ No newline at end of file
From b19b980b2e4a4f94a2fa65d3677fb85f86cd65fa Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 14 Jul 2023 18:02:18 -0400
Subject: [PATCH 002/273] Update Boot Image with CU Article 2
---
windows/deployment/update-boot-image.md | 83 ++++++++++++++++++++++++-
1 file changed, 82 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 1e1246c0a1..4c8b669cc4 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -20,8 +20,89 @@ appliesto:
# Update Windows PE boot image with the latest cumulative update
+
+
This walkthrough describes how to update a Windows PE (WinPE) boot image with the latest cumulative update.
## Prerequisites
-- [Windows Assessment and Deployment Kit (ADK)](https://docs.microsoft.com/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK.
\ No newline at end of file
+- [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK.
+
+## Overview
+
+Note about boot.wim from installation media
+
+## Steps
+
+1. Download and install ADK
+2. Download cumulative update (CU)
+3. Backup existing boot image (e.g. winpe.wim or boot.wim)
+4. Mount boot image to temporary mount folder
+5. Add optional components to boot image
+6. Add cumulative update (CU) to boot image
+7. Copy boot files from mounted image to ADK installation location
+8. Perform component cleanup
+9. Unmount boot image and save changes
+10. Export boot image to reduce size
+
+## Step 1: Download and install ADK
+
+## Step 2: Download CU
+
+## Step 3: Backup existing boot image
+
+## Step 4: Mount boot image to temporary mount folder
+
+## Step 5: Add optional components to boot image
+
+## Step 6: Add cumulative update (CU) to boot image
+
+## Step 7: Copy boot files from mounted image to ADK installation location
+
+## Step 8: Perform component cleanup
+
+## Step 9: Unmount boot image and save changes
+
+## Step 10: Export boot image to reduce size
+
+## Script outline
+
+This PowerShell script appears to be a patching script for the Windows Assessment and Deployment Kit (ADK) and the Windows Preinstallation Environment (WinPE). Here's a breakdown of what the script does:
+
+1. It begins with some comments explaining the purpose of the script and providing links to relevant documentation.
+
+2. The script defines various variables such as `$SMSProvider2012R2`, `$MountFolder`, `$downloads`, and several `$CUDownloadUrl` variables. These variables specify download URLs for cumulative updates (CUs) and other files.
+
+3. The script includes functions like `Test-RegistryValue` and `Get-RegistryValue` for checking and retrieving registry values.
+
+4. It checks if the ADK is installed on the system by checking the registry key `HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows Kits\Installed Roots`. If the ADK is detected, it retrieves the installation location from the registry.
+
+5. The script verifies the existence of the WinPE image file (`winpe.wim`) and extracts the version information from it.
+
+6. Depending on the WinPE version, the script selects the appropriate CU download URL and sets the `$SSURequired` flag if a Servicing Stack Update (SSU) is needed.
+
+7. It checks if certain folders exist and creates them if necessary (`$downloads`, `$downloads\SSU`, and `$MountFolder`).
+
+8. If the CU file does not already exist in the specified download folder, it uses `Start-BitsTransfer` to download it from the provided URL.
+
+9. If an SSU is required, it performs a similar download process for the SSU file.
+
+10. The script creates a backup of the existing `winpe.wim` file by copying it to `winpe.bak`. If a previous backup already exists, it renames it with the current date appended.
+
+11. It mounts the `winpe.wim` file using `Mount-WindowsImage` to a temporary mount folder (`$MountFolder`).
+
+12. If an SSU is required, it adds the SSU package to the mounted image using `Add-WindowsPackage`.
+
+13. It then iterates through a list of optional components (`$OptionalComponents`) and adds the corresponding packages to the mounted image using `Add-WindowsPackage`. It also checks for language-specific versions of the components and adds them if available.
+
+14. The script adds the downloaded CU package to the mounted image using `Add-WindowsPackage`.
+
+15. It copies updated boot manager files (`bootmgr.efi` and `bootmgfw.efi`) from the mounted image back to the ADK installation location.
+
+16. It performs a component cleanup operation on the mounted image using `dism.exe` to reduce the image size.
+
+17. The script exports the list of installed packages in the modified image to a text file.
+
+18. Finally, it dismounts the image with the modifications, saves the changes, and exports the modified `winpe.wim` file as a new file with reduced file size. It also creates a backup of the original `winpe.wim` file and cleans up temporary files.
+
+The script appears to be designed to update and patch the WinPE image in the ADK installation based on the installed ADK version and the provided CU and SSU files.
From 8e5971c66ef98ba71bffa1bfa461b3284f9054db Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 14 Jul 2023 18:37:13 -0400
Subject: [PATCH 003/273] Update Boot Image with CU Article 3
---
windows/deployment/update-boot-image.md | 54 +++++++++++++++++++------
1 file changed, 42 insertions(+), 12 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 4c8b669cc4..8e7895218f 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -26,11 +26,16 @@ This walkthrough describes how to update a Windows PE (WinPE) boot image with th
## Prerequisites
-- [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK.
+- [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install) - It's recommended to use the latest version of the ADK.
+- [Windows PE add-on for the Windows ADK](/windows-hardware/get-started/adk-install). Make sure the version of Windows PE matches the version of Windows ADK that is being used.
+- Boot image - This can be `winpe.wim` included with the Windows ADK.
+- Latest cumulative update downloaded from the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site.
## Overview
Note about boot.wim from installation media
+Note about Win11 ADK only having x64 boot images
+Note about Windows Server 2012 R2
## Steps
@@ -39,31 +44,56 @@ Note about boot.wim from installation media
3. Backup existing boot image (e.g. winpe.wim or boot.wim)
4. Mount boot image to temporary mount folder
5. Add optional components to boot image
-6. Add cumulative update (CU) to boot image
-7. Copy boot files from mounted image to ADK installation location
-8. Perform component cleanup
-9. Unmount boot image and save changes
-10. Export boot image to reduce size
+6. Add optional components OCs to boot image
+7. Add cumulative update (CU) to boot image
+8. Copy boot files from mounted image to ADK installation location
+9. Perform component cleanup
+10. Unmount boot image and save changes
+11. Export boot image to reduce size
## Step 1: Download and install ADK
-## Step 2: Download CU
+- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install).
+
+- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install). Make sure to download and install both components.
+
+- It's strongly recommended to download and install the latest version of the ADK.
+
+- When installing the Windows ADK, it's only necessary to install the **Deployment Tools**.
+
+## Step 2: Download cumulative update (CU)
+
+- Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated.
+
+- When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four digit current year, `` is the two digit current month, and `` is the version of Windows that Windows PE is based on. For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
+
+- Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems" version of the update.
+
+- Store the downloaded cumulative update in a known location for later use.
## Step 3: Backup existing boot image
+Before modifying the desired boot image, make a backup copy of the boot image being modified. For example,
+
+- For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
+
+- For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim`
+
## Step 4: Mount boot image to temporary mount folder
## Step 5: Add optional components to boot image
-## Step 6: Add cumulative update (CU) to boot image
+## Step 6: Add optional components OCs to boot image
-## Step 7: Copy boot files from mounted image to ADK installation location
+## Step 7: Add cumulative update (CU) to boot image
-## Step 8: Perform component cleanup
+## Step 8: Copy boot files from mounted image to ADK installation location
-## Step 9: Unmount boot image and save changes
+## Step 9: Perform component cleanup
-## Step 10: Export boot image to reduce size
+## Step 10: Unmount boot image and save changes
+
+## Step 11: Export boot image to reduce size
## Script outline
From 139b14ff6231958f61bbdeaf1ffa8b6d0bab301d Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Sat, 15 Jul 2023 12:26:04 -0400
Subject: [PATCH 004/273] Update Boot Image with CU Article 4
---
windows/deployment/update-boot-image.md | 200 ++++++++++++++++++++----
1 file changed, 168 insertions(+), 32 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 8e7895218f..58a067d325 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -43,24 +43,27 @@ Note about Windows Server 2012 R2
2. Download cumulative update (CU)
3. Backup existing boot image (e.g. winpe.wim or boot.wim)
4. Mount boot image to temporary mount folder
-5. Add optional components to boot image
-6. Add optional components OCs to boot image
+5. Add drivers to boot image
+6. Add optional components to boot image
7. Add cumulative update (CU) to boot image
8. Copy boot files from mounted image to ADK installation location
9. Perform component cleanup
-10. Unmount boot image and save changes
-11. Export boot image to reduce size
+10. Verify all desired packages have been added to boot image
+11. Unmount boot image and save changes
+12. Export boot image to reduce size
## Step 1: Download and install ADK
-- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install).
+- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
-- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install). Make sure to download and install both components.
+- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). Make sure to download and install both components.
- It's strongly recommended to download and install the latest version of the ADK.
- When installing the Windows ADK, it's only necessary to install the **Deployment Tools**.
+- The paths in this article assume the Windows ADK was installed to the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths accordingly.
+
## Step 2: Download cumulative update (CU)
- Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated.
@@ -71,9 +74,15 @@ Note about Windows Server 2012 R2
- Store the downloaded cumulative update in a known location for later use.
+> [!TIP]
+>
+> It is recommended to use the full cumulative update when updating boot images with a cumulative update. However, instead of downloading the full cumulative update, the cumulative update for SafeOS can be downloaded and used instead. This will reduce the size of the final updated boot image. If any issues occur with a boot image updated with the SafeOS cumulative update, then use the full cumulative update instead.
+>
+> The SafeOS cumulative update can be found in the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site by searching on...
+
## Step 3: Backup existing boot image
-Before modifying the desired boot image, make a backup copy of the boot image being modified. For example,
+Before modifying the desired boot image, make a backup copy of the boot image. For example,
- For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
@@ -81,58 +90,185 @@ Before modifying the desired boot image, make a backup copy of the boot image be
## Step 4: Mount boot image to temporary mount folder
-## Step 5: Add optional components to boot image
+- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
-## Step 6: Add optional components OCs to boot image
+```powershell
+Mount-WindowsImage -Path "" -ImagePath "\.wim" -Index 1 -Verbose
+```
+
+For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage)
+
+```cmd
+DISM.exe /Mount-image /imagefile:"" /Index:1 /MountDir:""
+```
+
+For more information, see [Modify a Windows image using DISM: Mount an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism) and [DISM Image Management Command-Line Options: /Mount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#mount-image).
+
+## Step 5: Add drivers to boot image
+
+If needed, add any drivers to the boot image.
+
+```powershell
+Command to be determined
+```
+
+```cmd
+DISM.exe/Image:"" /Add-Driver /Driver:"\.inf"
+
+DISM.exe /Image:"" /Add-Driver /Driver:" [!IMPORTANT]
+>
+> For Microsoft Configuration Manager boot images, don't manually add drivers to the boot image using the above steps. Instead, add drivers through Configuration Manager via the **Drivers** tab in the **Properties** of the boot image. This will ensure that the drivers in the boot image can be properly managed through Configuration Manager. Drivers are not affected by the cumulative update installed later in this walkthrough.
+
+## Step 6: Add optional components to boot image
+
+- Add any desired optional components to the boot image.
+- The below examples assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+
+```powershell
+Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" -Path "" -Verbose
+```
+
+For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+
+```cmd
+DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
+```
+
+You can add as many desired optional components as needed on a single DISM.exe command line.
+
+For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+
+- Make sure that after adding the optional component to also add the language specific component for that optional component. For example, for English United States (en-us), add the following:
+
+```powershell
+Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
+```
+
+```cmd
+DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
+```
+
+You can add as many desired optional components as needed on a single DISM.exe command line.
+
+> [!IMPORTANT]
+>
+> For Microsoft Configuration Manager boot images, make sure to add any desired optional components manually using the above command lines instead of adding them through Configuration Manager via the **Optional Components** tab in the **Properties** of the boot image. This is because the cumulative update being applied at the next step will also update any optional components as needed. If the optional components are instead added through Configuration Manager, then the optional components will not be updated with the cumulative update. This could lead to unexpected behaviors and problems.
+>
+> For this reason, make sure to add the following required optional components need by Configuration Manager:
+>
+> - Scripting (WinPE-Scripting)
+> - Startup (WinPE-SecureStartup)
+> - Network (WinPE-WDS-Tools)
+> - WMI (WinPE-WMI)
+>
+> Once any optional components has been manually added to a boot image, Configuration Manager will detect that the optional component has already been added. It will not try to add the optional component again whenever it is updating the boot image.
+
+### List of optional components
## Step 7: Add cumulative update (CU) to boot image
+- Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image.
+
+```powershell
+Add-WindowsPackage -PackagePath "" -Path "" -Verbose
+```
+
+For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage)
+
+```cmd
+DISM.exe /Image:"" /Add-Package /PackagePath:""
+```
+
+For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+
+> [!IMPORTANT]
+>
+> Make sure not to apply the cumulative update (CU) until all desired optional components have been installed. This will make sure that the optional components are also properly updated by the cumulative update. If in the future any additional optional components need to be added to the boot image, make sure to reapply the cumulative update.
+
## Step 8: Copy boot files from mounted image to ADK installation location
+- Copy the updated bootmgr files from the updated boot image to the ADK installation location.
+- This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+
+```powershell
+Copy-Item "\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" -Force
+
+Copy-Item "\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" -Force
+```
+
+```cmd
+CMD commands to be determined
+```
+
## Step 9: Perform component cleanup
-## Step 10: Unmount boot image and save changes
+- Run DISM.exe commands that will clean up the mounted image and help reduce its size
-## Step 11: Export boot image to reduce size
+```powershell
+Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer" -Wait -LoadUserProfile
-## Script outline
+Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase" -Wait -LoadUserProfile
+```
-This PowerShell script appears to be a patching script for the Windows Assessment and Deployment Kit (ADK) and the Windows Preinstallation Environment (WinPE). Here's a breakdown of what the script does:
+```cmd
+DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer
-1. It begins with some comments explaining the purpose of the script and providing links to relevant documentation.
+DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase
+```
-2. The script defines various variables such as `$SMSProvider2012R2`, `$MountFolder`, `$downloads`, and several `$CUDownloadUrl` variables. These variables specify download URLs for cumulative updates (CUs) and other files.
+For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Cleanup-Image](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#cleanup-image).
-3. The script includes functions like `Test-RegistryValue` and `Get-RegistryValue` for checking and retrieving registry values.
+## Step 10: Verify all desired packages have been added to boot image
-4. It checks if the ADK is installed on the system by checking the registry key `HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows Kits\Installed Roots`. If the ADK is detected, it retrieves the installation location from the registry.
+- After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed.
-5. The script verifies the existence of the WinPE image file (`winpe.wim`) and extracts the version information from it.
+```powershell
+Get-WindowsPackage -Path ""
+```
-6. Depending on the WinPE version, the script selects the appropriate CU download URL and sets the `$SSURequired` flag if a Servicing Stack Update (SSU) is needed.
+For more information, see [Get-WindowsPackage](/powershell/module/dism/get-windowspackage).
-7. It checks if certain folders exist and creates them if necessary (`$downloads`, `$downloads\SSU`, and `$MountFolder`).
+```cmd
+DISM.exe /Image:"" /Get-Packages
+```
-8. If the CU file does not already exist in the specified download folder, it uses `Start-BitsTransfer` to download it from the provided URL.
+For more information, see [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Get-Packages](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#get-packages).
-9. If an SSU is required, it performs a similar download process for the SSU file.
+## Step 11: Unmount boot image and save changes
-10. The script creates a backup of the existing `winpe.wim` file by copying it to `winpe.bak`. If a previous backup already exists, it renames it with the current date appended.
+- Once drivers, optional components, and the cumulative update (CU) have been applied to the boot image, unmount the boot image and save changes.
-11. It mounts the `winpe.wim` file using `Mount-WindowsImage` to a temporary mount folder (`$MountFolder`).
+```powershell
+Dismount-WindowsImage -Path "" -Save -Verbose
+```
-12. If an SSU is required, it adds the SSU package to the mounted image using `Add-WindowsPackage`.
+For more information, see [Dismount-WindowsImage](/powershell/module/dism/dismount-windowsimage).
-13. It then iterates through a list of optional components (`$OptionalComponents`) and adds the corresponding packages to the mounted image using `Add-WindowsPackage`. It also checks for language-specific versions of the components and adds them if available.
+```cmd
+DISM.exe /Unmount-Image /MountDir:"" /Commit
+```
-14. The script adds the downloaded CU package to the mounted image using `Add-WindowsPackage`.
+For more information, see [Modify a Windows image using DISM: Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image) and [DISM Image Management Command-Line Options: /Unmount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#unmount-image).
-15. It copies updated boot manager files (`bootmgr.efi` and `bootmgfw.efi`) from the mounted image back to the ADK installation location.
+## Step 12: Export boot image to reduce size
-16. It performs a component cleanup operation on the mounted image using `dism.exe` to reduce the image size.
+- Once the boot image has been unmounted and saved, its size can be further reduced by exporting it.
-17. The script exports the list of installed packages in the modified image to a text file.
+```powershell
+Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "\-export.wim" -CompressionType max -Verbose
+```
-18. Finally, it dismounts the image with the modifications, saves the changes, and exports the modified `winpe.wim` file as a new file with reduced file size. It also creates a backup of the original `winpe.wim` file and cleans up temporary files.
+For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
-The script appears to be designed to update and patch the WinPE image in the ADK installation based on the installed ADK version and the provided CU and SSU files.
+```cmd
+DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim"
+```
+
+For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
+
+Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
From 41a226ea5de5399cd9bd1e26e2693c5a4052e730 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Sat, 15 Jul 2023 12:32:04 -0400
Subject: [PATCH 005/273] Update Boot Image with CU Article 5
---
windows/deployment/update-boot-image.md | 29 +++++++++++++++----------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 58a067d325..46fcd30cdd 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -39,18 +39,23 @@ Note about Windows Server 2012 R2
## Steps
-1. Download and install ADK
-2. Download cumulative update (CU)
-3. Backup existing boot image (e.g. winpe.wim or boot.wim)
-4. Mount boot image to temporary mount folder
-5. Add drivers to boot image
-6. Add optional components to boot image
-7. Add cumulative update (CU) to boot image
-8. Copy boot files from mounted image to ADK installation location
-9. Perform component cleanup
-10. Verify all desired packages have been added to boot image
-11. Unmount boot image and save changes
-12. Export boot image to reduce size
+- [Update Windows PE boot image with the latest cumulative update](#update-windows-pe-boot-image-with-the-latest-cumulative-update)
+ - [Prerequisites](#prerequisites)
+ - [Overview](#overview)
+ - [Steps](#steps)
+ - [Step 1: Download and install ADK](#step-1-download-and-install-adk)
+ - [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu)
+ - [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image)
+ - [Step 4: Mount boot image to temporary mount folder](#step-4-mount-boot-image-to-temporary-mount-folder)
+ - [Step 5: Add drivers to boot image](#step-5-add-drivers-to-boot-image)
+ - [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image)
+ - [List of optional components](#list-of-optional-components)
+ - [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image)
+ - [Step 8: Copy boot files from mounted image to ADK installation location](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-location)
+ - [Step 9: Perform component cleanup](#step-9-perform-component-cleanup)
+ - [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image)
+ - [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes)
+ - [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size)
## Step 1: Download and install ADK
From 727d16180edb5582cc1d0ecd012c0ee02f9e4ad9 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Sat, 15 Jul 2023 12:38:23 -0400
Subject: [PATCH 006/273] Update Boot Image with CU Article 6
---
windows/deployment/update-boot-image.md | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 46fcd30cdd..64f6474518 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -51,7 +51,7 @@ Note about Windows Server 2012 R2
- [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image)
- [List of optional components](#list-of-optional-components)
- [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image)
- - [Step 8: Copy boot files from mounted image to ADK installation location](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-location)
+ - [Step 8: Copy boot files from mounted image to ADK installation path](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-path)
- [Step 9: Perform component cleanup](#step-9-perform-component-cleanup)
- [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image)
- [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes)
@@ -87,11 +87,11 @@ Note about Windows Server 2012 R2
## Step 3: Backup existing boot image
-Before modifying the desired boot image, make a backup copy of the boot image. For example,
+- Before modifying the desired boot image, make a backup copy of the boot image. For example,
-- For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
+ - For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
-- For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim`
+ - For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim`
## Step 4: Mount boot image to temporary mount folder
@@ -111,7 +111,7 @@ For more information, see [Modify a Windows image using DISM: Mount an image](/w
## Step 5: Add drivers to boot image
-If needed, add any drivers to the boot image.
+- If needed, add any drivers to the boot image.
```powershell
Command to be determined
@@ -195,9 +195,9 @@ For more information, see [Add or Remove Packages Offline Using DISM](/windows-h
>
> Make sure not to apply the cumulative update (CU) until all desired optional components have been installed. This will make sure that the optional components are also properly updated by the cumulative update. If in the future any additional optional components need to be added to the boot image, make sure to reapply the cumulative update.
-## Step 8: Copy boot files from mounted image to ADK installation location
+## Step 8: Copy boot files from mounted image to ADK installation path
-- Copy the updated bootmgr files from the updated boot image to the ADK installation location.
+- Copy the updated bootmgr files from the updated boot image to the ADK installation path.
- This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
```powershell
@@ -207,7 +207,7 @@ Copy-Item "\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files
```
```cmd
-CMD commands to be determined
+Command to be determined
```
## Step 9: Perform component cleanup
@@ -276,4 +276,4 @@ DISM.exe /Export-Image /SourceImageFile:"\.wim" /So
For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
-Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
+- Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
From 0a707c7512d5b2baea2b8b0b9effee9d650fa843 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Sat, 15 Jul 2023 13:49:25 -0400
Subject: [PATCH 007/273] Update Boot Image with CU Article 7
---
windows/deployment/update-boot-image.md | 30 +++++++++++--------------
1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 64f6474518..c8356bd297 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -39,23 +39,19 @@ Note about Windows Server 2012 R2
## Steps
-- [Update Windows PE boot image with the latest cumulative update](#update-windows-pe-boot-image-with-the-latest-cumulative-update)
- - [Prerequisites](#prerequisites)
- - [Overview](#overview)
- - [Steps](#steps)
- - [Step 1: Download and install ADK](#step-1-download-and-install-adk)
- - [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu)
- - [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image)
- - [Step 4: Mount boot image to temporary mount folder](#step-4-mount-boot-image-to-temporary-mount-folder)
- - [Step 5: Add drivers to boot image](#step-5-add-drivers-to-boot-image)
- - [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image)
- - [List of optional components](#list-of-optional-components)
- - [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image)
- - [Step 8: Copy boot files from mounted image to ADK installation path](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-path)
- - [Step 9: Perform component cleanup](#step-9-perform-component-cleanup)
- - [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image)
- - [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes)
- - [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size)
+- [Step 1: Download and install ADK](#step-1-download-and-install-adk)
+- [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu)
+- [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image)
+- [Step 4: Mount boot image to temporary mount folder](#step-4-mount-boot-image-to-temporary-mount-folder)
+- [Step 5: Add drivers to boot image](#step-5-add-drivers-to-boot-image)
+- [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image)
+- [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image)
+- [Step 8: Copy boot files from mounted image to ADK installation path](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-path)
+- [Step 9: Perform component cleanup](#step-9-perform-component-cleanup)
+- [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image)
+- [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes)
+- [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size)
+
## Step 1: Download and install ADK
From 71dadf67dd0f959f043c4f83f170993608fd3a75 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Sat, 15 Jul 2023 14:01:22 -0400
Subject: [PATCH 008/273] Update Boot Image with CU Article 8
---
windows/deployment/update-boot-image.md | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index c8356bd297..020627f1e1 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -52,7 +52,6 @@ Note about Windows Server 2012 R2
- [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes)
- [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size)
-
## Step 1: Download and install ADK
- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
@@ -273,3 +272,9 @@ DISM.exe /Export-Image /SourceImageFile:"\.wim" /So
For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
- Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
+
+## Considerations for Microsoft Configuration Manager
+
+## Considerations for Microsoft Deployment Toolkit (MDT)
+
+## Considerations for Windows Deployment Services (WDS)
From 50d91f3ddfaded2d3b78a1e28901d6902bff2b55 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 18 Jul 2023 08:36:09 -0700
Subject: [PATCH 009/273] ds-api-props-8092737
---
.../deployment/update/deployment-service-feature-updates.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/update/deployment-service-feature-updates.md b/windows/deployment/update/deployment-service-feature-updates.md
index b1a289befa..0b81021c36 100644
--- a/windows/deployment/update/deployment-service-feature-updates.md
+++ b/windows/deployment/update/deployment-service-feature-updates.md
@@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
-ms.date: 02/14/2023
+ms.date: 07/31/2023
---
# Deploy feature updates with Windows Update for Business deployment service
@@ -82,7 +82,8 @@ The following truncated response displays a **Catalog ID** of `d9049ddb-0ca8-4b
"displayName": "Windows 11, version 22H2",
"deployableUntilDateTime": "2025-10-14T00:00:00Z",
"releaseDateTime": "2022-09-20T00:00:00Z",
- "version": "Windows 11, version 22H2"
+ "version": "Windows 11, version 22H2",
+ "buildNumber": "22621"
}
]
}
From d943a7aedbd32499a892ccd114d27885b04d780e Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 18 Jul 2023 11:04:18 -0700
Subject: [PATCH 010/273] ds-api-props-8092737
---
.../deployment/update/deployment-service-expedited-updates.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/deployment-service-expedited-updates.md b/windows/deployment/update/deployment-service-expedited-updates.md
index 14b6fec38a..f284522eb8 100644
--- a/windows/deployment/update/deployment-service-expedited-updates.md
+++ b/windows/deployment/update/deployment-service-expedited-updates.md
@@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
-ms.date: 02/14/2023
+ms.date: 07/31/2023
---
# Deploy expedited updates with Windows Update for Business deployment service
From 26529560e5945ff543f1673fefd8011c3b451b9a Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Wed, 26 Jul 2023 17:01:41 -0400
Subject: [PATCH 011/273] Update Boot Image with CU Article 9
---
windows/deployment/update-boot-image.md | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 020627f1e1..ea37fe456d 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -7,7 +7,7 @@ author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
-ms.date: 07/13/2023
+ms.date: 07/26/2023
ms.technology: itpro-deploy
appliesto:
- ✅ Windows 11
@@ -92,12 +92,16 @@ Note about Windows Server 2012 R2
- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
+#### [**Intune**](#tab/powershell)
+
```powershell
Mount-WindowsImage -Path "" -ImagePath "\.wim" -Index 1 -Verbose
```
For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage)
+#### [**Intune**](#tab/cmd)
+
```cmd
DISM.exe /Mount-image /imagefile:"" /Index:1 /MountDir:""
```
From 11239b5bef1628a1a3eda78e3a145ad712ef524c Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Wed, 26 Jul 2023 17:13:43 -0400
Subject: [PATCH 012/273] Update Boot Image with CU Article 10
---
windows/deployment/update-boot-image.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index ea37fe456d..61569346a7 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -92,7 +92,7 @@ Note about Windows Server 2012 R2
- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
-#### [**Intune**](#tab/powershell)
+#### [**PowerShell**](#tab/powershell)
```powershell
Mount-WindowsImage -Path "" -ImagePath "\.wim" -Index 1 -Verbose
@@ -100,7 +100,7 @@ Mount-WindowsImage -Path "" -ImagePath "\" /Index:1 /MountDir:""
From a4bda15fba6942ae928430eed9b0a8ad14294b62 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Wed, 26 Jul 2023 17:21:46 -0400
Subject: [PATCH 013/273] Update Boot Image with CU Article 11
---
windows/deployment/update-boot-image.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 61569346a7..2ede59d33e 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -108,6 +108,8 @@ DISM.exe /Mount-image /imagefile:"" /Index:1 /MountDir:"
Date: Wed, 26 Jul 2023 18:00:45 -0400
Subject: [PATCH 014/273] Update Boot Image with CU Article 12
---
windows/deployment/update-boot-image.md | 58 ++++++++++++++++++++++++-
1 file changed, 56 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 2ede59d33e..f35ddfa10d 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -92,7 +92,7 @@ Note about Windows Server 2012 R2
- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
-#### [**PowerShell**](#tab/powershell)
+### [**PowerShell**](#tab/powershell)
```powershell
Mount-WindowsImage -Path "" -ImagePath "\.wim" -Index 1 -Verbose
@@ -100,7 +100,7 @@ Mount-WindowsImage -Path "" -ImagePath "\" /Index:1 /MountDir:""
@@ -114,10 +114,14 @@ For more information, see [Modify a Windows image using DISM: Mount an image](/w
- If needed, add any drivers to the boot image.
+### [**PowerShell**](#tab/powershell)
+
```powershell
Command to be determined
```
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe/Image:"" /Add-Driver /Driver:"\.inf"
@@ -126,6 +130,8 @@ DISM.exe /Image:"" /Add-Driver /Driver:" [!IMPORTANT]
>
> For Microsoft Configuration Manager boot images, don't manually add drivers to the boot image using the above steps. Instead, add drivers through Configuration Manager via the **Drivers** tab in the **Properties** of the boot image. This will ensure that the drivers in the boot image can be properly managed through Configuration Manager. Drivers are not affected by the cumulative update installed later in this walkthrough.
@@ -135,32 +141,44 @@ For more information, see [Add and Remove Driver packages to an offline Windows
- Add any desired optional components to the boot image.
- The below examples assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+### [**PowerShell**](#tab/powershell)
+
```powershell
Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" -Path "" -Verbose
```
For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
```
+---
+
You can add as many desired optional components as needed on a single DISM.exe command line.
For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
- Make sure that after adding the optional component to also add the language specific component for that optional component. For example, for English United States (en-us), add the following:
+### [**PowerShell**](#tab/powershell)
+
```powershell
Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
```
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
```
You can add as many desired optional components as needed on a single DISM.exe command line.
+---
+
> [!IMPORTANT]
>
> For Microsoft Configuration Manager boot images, make sure to add any desired optional components manually using the above command lines instead of adding them through Configuration Manager via the **Optional Components** tab in the **Properties** of the boot image. This is because the cumulative update being applied at the next step will also update any optional components as needed. If the optional components are instead added through Configuration Manager, then the optional components will not be updated with the cumulative update. This could lead to unexpected behaviors and problems.
@@ -180,18 +198,24 @@ You can add as many desired optional components as needed on a single DISM.exe c
- Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image.
+### [**PowerShell**](#tab/powershell)
+
```powershell
Add-WindowsPackage -PackagePath "" -Path "" -Verbose
```
For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage)
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Image:"" /Add-Package /PackagePath:""
```
For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+---
+
> [!IMPORTANT]
>
> Make sure not to apply the cumulative update (CU) until all desired optional components have been installed. This will make sure that the optional components are also properly updated by the cumulative update. If in the future any additional optional components need to be added to the boot image, make sure to reapply the cumulative update.
@@ -201,26 +225,36 @@ For more information, see [Add or Remove Packages Offline Using DISM](/windows-h
- Copy the updated bootmgr files from the updated boot image to the ADK installation path.
- This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+### [**PowerShell**](#tab/powershell)
+
```powershell
Copy-Item "\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" -Force
Copy-Item "\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" -Force
```
+### [**Command Line]**](#tab/command-line)
+
```cmd
Command to be determined
```
+---
+
## Step 9: Perform component cleanup
- Run DISM.exe commands that will clean up the mounted image and help reduce its size
+### [**PowerShell**](#tab/powershell)
+
```powershell
Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer" -Wait -LoadUserProfile
Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase" -Wait -LoadUserProfile
```
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer
@@ -229,54 +263,74 @@ DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Res
For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Cleanup-Image](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#cleanup-image).
+---
+
## Step 10: Verify all desired packages have been added to boot image
- After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed.
+### [**PowerShell**](#tab/powershell)
+
```powershell
Get-WindowsPackage -Path ""
```
For more information, see [Get-WindowsPackage](/powershell/module/dism/get-windowspackage).
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Image:"" /Get-Packages
```
For more information, see [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Get-Packages](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#get-packages).
+---
+
## Step 11: Unmount boot image and save changes
- Once drivers, optional components, and the cumulative update (CU) have been applied to the boot image, unmount the boot image and save changes.
+### [**PowerShell**](#tab/powershell)
+
```powershell
Dismount-WindowsImage -Path "" -Save -Verbose
```
For more information, see [Dismount-WindowsImage](/powershell/module/dism/dismount-windowsimage).
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Unmount-Image /MountDir:"" /Commit
```
For more information, see [Modify a Windows image using DISM: Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image) and [DISM Image Management Command-Line Options: /Unmount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#unmount-image).
+---
+
## Step 12: Export boot image to reduce size
- Once the boot image has been unmounted and saved, its size can be further reduced by exporting it.
+### [**PowerShell**](#tab/powershell)
+
```powershell
Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "\-export.wim" -CompressionType max -Verbose
```
For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
+### [**Command Line]**](#tab/command-line)
+
```cmd
DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim"
```
For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
+---
+
- Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
## Considerations for Microsoft Configuration Manager
From 4be99c5118c6ff8769cf924c3368e93f98a378b9 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Wed, 26 Jul 2023 18:45:37 -0400
Subject: [PATCH 015/273] Update Boot Image with CU Article 13
---
windows/deployment/update-boot-image.md | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index f35ddfa10d..080b060656 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -16,7 +16,6 @@ appliesto:
- ✅ Windows Server 2019
- ✅ Windows Server 2016
---
----
# Update Windows PE boot image with the latest cumulative update
@@ -100,7 +99,7 @@ Mount-WindowsImage -Path "" -ImagePath "\" /Index:1 /MountDir:""
@@ -120,7 +119,7 @@ For more information, see [Modify a Windows image using DISM: Mount an image](/w
Command to be determined
```
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe/Image:"" /Add-Driver /Driver:"\.inf"
@@ -149,7 +148,7 @@ Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessme
For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
@@ -169,7 +168,7 @@ For more information, see [Add or Remove Packages Offline Using DISM](/windows-h
Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
```
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
@@ -206,7 +205,7 @@ Add-WindowsPackage -PackagePath "" -Path "" /Add-Package /PackagePath:""
@@ -233,7 +232,7 @@ Copy-Item "\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (
Copy-Item "\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" -Force
```
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
Command to be determined
@@ -253,7 +252,7 @@ Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment
Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase" -Wait -LoadUserProfile
```
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer
@@ -277,7 +276,7 @@ Get-WindowsPackage -Path ""
For more information, see [Get-WindowsPackage](/powershell/module/dism/get-windowspackage).
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Image:"" /Get-Packages
@@ -299,7 +298,7 @@ Dismount-WindowsImage -Path "" -Save -Verbose
For more information, see [Dismount-WindowsImage](/powershell/module/dism/dismount-windowsimage).
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Unmount-Image /MountDir:"" /Commit
@@ -321,7 +320,7 @@ Export-WindowsImage -SourceImagePath "\.wim" -Sourc
For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
-### [**Command Line]**](#tab/command-line)
+### [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim"
From 1c1d83ed6034a4b5761aa3cb8b5ded4da7177162 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Thu, 27 Jul 2023 11:41:14 -0400
Subject: [PATCH 016/273] Update Boot Image with CU Article 14
---
.../images/icons/command-prompt-16.png | Bin 0 -> 343 bytes
.../images/icons/command-prompt-24.png | Bin 0 -> 455 bytes
.../images/icons/command-prompt-32.png | Bin 0 -> 510 bytes
.../images/icons/command-prompt.svg | 3 +
.../deployment/images/icons/powershell-16.png | Bin 0 -> 317 bytes
.../deployment/images/icons/powershell-24.png | Bin 0 -> 425 bytes
.../deployment/images/icons/powershell-32.png | Bin 0 -> 437 bytes
.../images/icons/powershell-color-18.svg | 20 +++
.../deployment/images/icons/powershell.svg | 3 +
windows/deployment/update-boot-image.md | 144 ++++++++++--------
10 files changed, 104 insertions(+), 66 deletions(-)
create mode 100644 windows/deployment/images/icons/command-prompt-16.png
create mode 100644 windows/deployment/images/icons/command-prompt-24.png
create mode 100644 windows/deployment/images/icons/command-prompt-32.png
create mode 100644 windows/deployment/images/icons/command-prompt.svg
create mode 100644 windows/deployment/images/icons/powershell-16.png
create mode 100644 windows/deployment/images/icons/powershell-24.png
create mode 100644 windows/deployment/images/icons/powershell-32.png
create mode 100644 windows/deployment/images/icons/powershell-color-18.svg
create mode 100644 windows/deployment/images/icons/powershell.svg
diff --git a/windows/deployment/images/icons/command-prompt-16.png b/windows/deployment/images/icons/command-prompt-16.png
new file mode 100644
index 0000000000000000000000000000000000000000..d3a5d0257cbb088e7d90f0751012d1bd70aa5f73
GIT binary patch
literal 343
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`jKx9jP7LeL$-D$|SkfJR9T^xl
z_H+M9WCij$3p^r=85sBugD~Uq{1quc!8e{Rjv*HQYcK81VsaE|dw7vMz%eKyGID9}
zTziFx3~?SaM%SDoW=$5(s4UHY3Brcv0{PCmTRo;*l~4SBCQ`gqT#VhmVp=}?Go9Vm
z&*WAncKNdl&(MGK@!bRVZ!fKTWMmTAbN04I%O+ft@F+atq^I4pw8C>?vw2F&!PCO4
zqW+$^*UiYO^RdU~(u+r|ku}PF!A#64$^NV5f1Xuco7UD9Hv2#W+pnmLNodyved|HtB6=6={
jc(cTH=f4NrkIkspY!587t}w^}`kTSi)z4*}Q$iB}Xexfn
literal 0
HcmV?d00001
diff --git a/windows/deployment/images/icons/command-prompt-24.png b/windows/deployment/images/icons/command-prompt-24.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5729faa7f8a423fbb8d5b494cb67b9adb34d0b4
GIT binary patch
literal 455
zcmV;&0XY7NP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0bEH$K~zXf)zmvL
z1wk0b@gam$NC=hCxP1c=iG)h6qf#m)isM#DC?pb5C`b^6hEgL6t;T2I14tA)4Wi)x
z%!PAyWmaNV;z@qlclPYgn=`Y!<}cEYUi6ee^O|iuPx#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0h38YK~z{r?Uy-A
z#6SQ><57qfUX@mYrC17rpddDar3xaVwH6+Tl~$J8c!Hg+cz}(Kje-gmTG*+LHvR(z
zZS;MU9d@%$Ocs`8g?;eId=o;x>`sPVuMCXf4sNBO?(6O2cZz!3nZW_hB7Nuif4F(jp(8V-|@(#aAFnEQ|R0ZR%#-Lip+5ocd^$bpLx`EO(waCRp1=;
zy8Oi<>iT7qd~{>Y&6(sTvOpbv;6d8&G(yBI6bKAb#xI~
zpccPy!lZCqYryh~C;spkkp;vRUi-sPTx-BGi#peAQjk~$x=`mfut5_UG`4Sro?O@F
zuK{5f
+
+
\ No newline at end of file
diff --git a/windows/deployment/images/icons/powershell-16.png b/windows/deployment/images/icons/powershell-16.png
new file mode 100644
index 0000000000000000000000000000000000000000..4ecfea848644068ea9bcb4506dabd981e216ef49
GIT binary patch
literal 317
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`jKx9jP7LeL$-D$|SkfJR9T^xl
z_H+M9WCij$3p^r=85sBugD~Uq{1quc!AqVljv*HQYcJXJF*=GI|JZp>Fy-2v
zBfctDf>IyVrRo;{FZg;r+;vs$-_@Xb7Z_^?Blf^*4VBhyXa7dr~3=S-a3
z+7cl>qvwN*@BW*@w-vfs^E6I7`K;kh+3@a$f-*PfMza?S-c4V{^)pY+Kg;rfi}{4?
zDZbl81m^Cu@ws=s!nNX9FXy7e#?3$fHE1ntebIkEPx#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0X|7YK~zXf)z!O7
z13?tV@$mwhLI`MOOcjNISX!sDu=OE?6oLt8AqW-}&iYON5
z{|&P+#Jx=7uHXkhvKh{v!(K8me~~h(*eZbfnp=$VT>$kp_wGv@Cpo%=`kEd-pj)+q
z)f}i#4R%1s9Tdgf;R_cy&(RI+fCt!zk#kD01EOc31wYH~bKdARO&qX*C%mAdg*lQr
z;1ntt;Rv%PbwHFo44}d;;%br-G(cIx6;wRL0YVZyK&j&$I^i0+g;@z6a0V5=;ZO^K
z$sDkQXQ-%;b
T;xcYW00000NkvXXu0mjflQymO
literal 0
HcmV?d00001
diff --git a/windows/deployment/images/icons/powershell-32.png b/windows/deployment/images/icons/powershell-32.png
new file mode 100644
index 0000000000000000000000000000000000000000..c28fd8f833588b38eddc94d0acdfcaa0e30a8361
GIT binary patch
literal 437
zcmV;m0ZRUfP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0ZK_kK~z{r?bp38
z1VJ3e@exGg6rvTCmMA3(|AGcBJ)KIT)1kO{38hvP3ZjrmC>0tSe}P1+(Mb3{VG_&A
z{$_W~DDFu<$-c~Hp1a-K%(+g;9QLr2f#!9Gc+1G`er_CLDWPi=3e0LJVb)P7aD{D@
z-K*F%&m9T{a``{cz=C!XW)p=1YLzm6-pT@l82#9c8dHH@oZ}huIuJ3Y0{u9J&dWYp
zh!Il(pJlv2
zzQnSY)cI+Y#Z*A)fo{Y197EStSwmUO1%8V@nXaiaj
+
+
+
+
+
+
+
+
+ MsPortalFx.base.images-10
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/windows/deployment/images/icons/powershell.svg b/windows/deployment/images/icons/powershell.svg
new file mode 100644
index 0000000000..7ea68cb8b0
--- /dev/null
+++ b/windows/deployment/images/icons/powershell.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 080b060656..42f137223d 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -53,25 +53,23 @@ Note about Windows Server 2012 R2
## Step 1: Download and install ADK
-- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
+1. Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
-- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). Make sure to download and install both components.
+1. Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). Make sure to download and install both components.
-- It's strongly recommended to download and install the latest version of the ADK.
+It's strongly recommended to download and install the latest version of the ADK. When installing the Windows ADK, it's only necessary to install the **Deployment Tools**.
-- When installing the Windows ADK, it's only necessary to install the **Deployment Tools**.
-
-- The paths in this article assume the Windows ADK was installed to the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths accordingly.
+The paths in this article assume the Windows ADK was installed to the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths accordingly.
## Step 2: Download cumulative update (CU)
-- Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated.
+1. Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated.
-- When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four digit current year, `` is the two digit current month, and `` is the version of Windows that Windows PE is based on. For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
+1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four digit current year, `` is the two digit current month, and `` is the version of Windows that Windows PE is based on. For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
-- Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems" version of the update.
+1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
-- Store the downloaded cumulative update in a known location for later use.
+1. Store the downloaded cumulative update in a known location for later use.
> [!TIP]
>
@@ -81,25 +79,25 @@ Note about Windows Server 2012 R2
## Step 3: Backup existing boot image
-- Before modifying the desired boot image, make a backup copy of the boot image. For example,
+Before modifying the desired boot image, make a backup copy of the boot image. For example:
- - For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
+- For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
- - For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim`
+- For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim`
## Step 4: Mount boot image to temporary mount folder
-- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
+Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
-### [**PowerShell**](#tab/powershell)
+### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell)
```powershell
Mount-WindowsImage -Path "" -ImagePath "\.wim" -Index 1 -Verbose
```
-For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage)
+For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage).
-### [**Command Line**](#tab/command-line)
+### [:::image type="icon" source="images/icons/command-prompt.svg"::: **Command Line**](#tab/command-line)
```cmd
DISM.exe /Mount-image /imagefile:"" /Index:1 /MountDir:""
@@ -111,19 +109,23 @@ For more information, see [Modify a Windows image using DISM: Mount an image](/w
## Step 5: Add drivers to boot image
-- If needed, add any drivers to the boot image.
+If needed, add any drivers to the boot image:
-### [**PowerShell**](#tab/powershell)
+### [:::image type="icon" source="images/icons/powershell-color-18.svg"::: **PowerShell**](#tab/powershell)
```powershell
Command to be determined
```
-### [**Command Line**](#tab/command-line)
+### [:::image type="icon" source="images/icons/command-prompt.svg"::: **Command Line**](#tab/command-line)
```cmd
-DISM.exe/Image:"" /Add-Driver /Driver:"\.inf"
+DISM.exe /Image:"" /Add-Driver /Driver:"\.inf"
+```
+or
+
+```cmd
DISM.exe /Image:"" /Add-Driver /Driver:".cab" -Path "" -Verbose
-```
+ ```powershell
+ Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" -Path "" -Verbose
+ ```
-For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
-### [**Command Line**](#tab/command-line)
+ For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
-```cmd
-DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
-```
+ ### [:::image type="icon" source="images/icons/command-prompt-16.png"::: **Command Line**](#tab/command-line)
----
+ ```cmd
+ DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
+ ```
-You can add as many desired optional components as needed on a single DISM.exe command line.
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
-For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+ You can add as many desired optional components as needed on a single **DISM.exe** command line.
-- Make sure that after adding the optional component to also add the language specific component for that optional component. For example, for English United States (en-us), add the following:
+ For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
-### [**PowerShell**](#tab/powershell)
+ ---
-```powershell
-Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
-```
+1. Make sure that after adding the optional component to also add the language specific component for that optional component. This needs to be done for every optional component that is added to the boot image.
-### [**Command Line**](#tab/command-line)
+ For example, for English United States (en-us), add the following:
-```cmd
-DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
-```
+ ### [:::image type="icon" source="images/icons/powershell-24.png"::: **PowerShell**](#tab/powershell)
-You can add as many desired optional components as needed on a single DISM.exe command line.
+ ```powershell
+ Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
+ ```
----
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+
+ ### [:::image type="icon" source="images/icons/command-prompt-24.png"::: **Command Line**](#tab/command-line)
+
+ ```cmd
+ DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
+ ```
+
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+
+ You can add as many desired optional components as needed on a single DISM.exe command line.
+
+ ---
> [!IMPORTANT]
>
@@ -195,9 +206,9 @@ You can add as many desired optional components as needed on a single DISM.exe c
## Step 7: Add cumulative update (CU) to boot image
-- Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image.
+Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image:
-### [**PowerShell**](#tab/powershell)
+### [:::image type="icon" source="images/icons/powershell-32.png"::: **PowerShell**](#tab/powershell)
```powershell
Add-WindowsPackage -PackagePath "" -Path "" -Verbose
@@ -205,7 +216,7 @@ Add-WindowsPackage -PackagePath "" -Path "" /Add-Package /PackagePath:""
@@ -221,8 +232,7 @@ For more information, see [Add or Remove Packages Offline Using DISM](/windows-h
## Step 8: Copy boot files from mounted image to ADK installation path
-- Copy the updated bootmgr files from the updated boot image to the ADK installation path.
-- This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+Copy the updated bootmgr files from the updated boot image to the ADK installation path:
### [**PowerShell**](#tab/powershell)
@@ -240,9 +250,11 @@ Command to be determined
---
+This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+
## Step 9: Perform component cleanup
-- Run DISM.exe commands that will clean up the mounted image and help reduce its size
+Run **DISM.exe** commands that will clean up the mounted image and help reduce its size:
### [**PowerShell**](#tab/powershell)
@@ -266,7 +278,7 @@ For more information, see [Modify a Windows image using DISM: Reduce the size of
## Step 10: Verify all desired packages have been added to boot image
-- After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed.
+After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed:
### [**PowerShell**](#tab/powershell)
@@ -310,27 +322,27 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
## Step 12: Export boot image to reduce size
-- Once the boot image has been unmounted and saved, its size can be further reduced by exporting it.
+1. Once the boot image has been unmounted and saved, its size can be further reduced by exporting it:
-### [**PowerShell**](#tab/powershell)
+ ### [**PowerShell**](#tab/powershell)
-```powershell
-Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "\-export.wim" -CompressionType max -Verbose
-```
+ ```powershell
+ Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "\-export.wim" -CompressionType max -Verbose
+ ```
-For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
+ For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
-### [**Command Line**](#tab/command-line)
+ ### [**Command Line**](#tab/command-line)
-```cmd
-DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim"
-```
+ ```cmd
+ DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim"
+ ```
-For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
+ For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
----
+ ---
-- Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
+1. Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
## Considerations for Microsoft Configuration Manager
From f7815742f63df0bcf10c79ac2b30099167b76c7c Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Thu, 27 Jul 2023 12:00:24 -0400
Subject: [PATCH 017/273] Update Boot Image with CU Article 15
---
windows/deployment/update-boot-image.md | 64 ++++++++++++-------------
1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 42f137223d..18a6350563 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -141,53 +141,53 @@ For more information, see [Add and Remove Driver packages to an offline Windows
1. Add any desired optional components to the boot image:
- ### [:::image type="icon" source="images/icons/powershell-16.png"::: **PowerShell**](#tab/powershell)
+ ### [:::image type="icon" source="images/icons/powershell-16.png"::: **PowerShell**](#tab/powershell)
- ```powershell
- Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" -Path "" -Verbose
- ```
+ ```powershell
+ Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" -Path "" -Verbose
+ ```
- This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
- For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+ For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
- ### [:::image type="icon" source="images/icons/command-prompt-16.png"::: **Command Line**](#tab/command-line)
+ ### [:::image type="icon" source="images/icons/command-prompt-16.png"::: **Command Line**](#tab/command-line)
- ```cmd
- DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
- ```
+ ```cmd
+ DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab"
+ ```
- This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
- You can add as many desired optional components as needed on a single **DISM.exe** command line.
+ You can add as many desired optional components as needed on a single **DISM.exe** command line.
- For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+ For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
- ---
+ ---
1. Make sure that after adding the optional component to also add the language specific component for that optional component. This needs to be done for every optional component that is added to the boot image.
For example, for English United States (en-us), add the following:
- ### [:::image type="icon" source="images/icons/powershell-24.png"::: **PowerShell**](#tab/powershell)
+ ### [:::image type="icon" source="images/icons/powershell-24.png"::: **PowerShell**](#tab/powershell)
- ```powershell
- Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
- ```
+ ```powershell
+ Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose
+ ```
- This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
- ### [:::image type="icon" source="images/icons/command-prompt-24.png"::: **Command Line**](#tab/command-line)
+ ### [:::image type="icon" source="images/icons/command-prompt-24.png"::: **Command Line**](#tab/command-line)
- ```cmd
- DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
- ```
+ ```cmd
+ DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab"
+ ```
- This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+ This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
- You can add as many desired optional components as needed on a single DISM.exe command line.
+ You can add as many desired optional components as needed on a single DISM.exe command line.
- ---
+ ---
> [!IMPORTANT]
>
@@ -300,7 +300,7 @@ For more information, see [DISM Operating System Package (.cab or .msu) Servicin
## Step 11: Unmount boot image and save changes
-- Once drivers, optional components, and the cumulative update (CU) have been applied to the boot image, unmount the boot image and save changes.
+Once drivers, optional components, and the cumulative update (CU) have been applied to the boot image, unmount the boot image and save changes.
### [**PowerShell**](#tab/powershell)
@@ -324,7 +324,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
1. Once the boot image has been unmounted and saved, its size can be further reduced by exporting it:
- ### [**PowerShell**](#tab/powershell)
+ # [**PowerShell**](#tab/powershell)
```powershell
Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "\-export.wim" -CompressionType max -Verbose
@@ -332,7 +332,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
- ### [**Command Line**](#tab/command-line)
+ # [**Command Line**](#tab/command-line)
```cmd
DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim"
@@ -344,8 +344,8 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
1. Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
-## Considerations for Microsoft Configuration Manager
+## Microsoft Configuration Manager considerations
-## Considerations for Microsoft Deployment Toolkit (MDT)
+## Microsoft Deployment Toolkit (MDT) considerations
-## Considerations for Windows Deployment Services (WDS)
+## Windows Deployment Services (WDS) considerations
From 59a9cb288eec470145d58f1950a72275ad7e06bf Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Thu, 27 Jul 2023 12:10:00 -0400
Subject: [PATCH 018/273] Update Boot Image with CU Article 16
---
windows/deployment/update-boot-image.md | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md
index 18a6350563..9a195963e4 100644
--- a/windows/deployment/update-boot-image.md
+++ b/windows/deployment/update-boot-image.md
@@ -167,7 +167,7 @@ For more information, see [Add and Remove Driver packages to an offline Windows
1. Make sure that after adding the optional component to also add the language specific component for that optional component. This needs to be done for every optional component that is added to the boot image.
- For example, for English United States (en-us), add the following:
+ For example, for English United States (en-us), add the following:
### [:::image type="icon" source="images/icons/powershell-24.png"::: **PowerShell**](#tab/powershell)
@@ -324,23 +324,23 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
1. Once the boot image has been unmounted and saved, its size can be further reduced by exporting it:
- # [**PowerShell**](#tab/powershell)
+ ### [**PowerShell**](#tab/powershell)
- ```powershell
- Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "