In this article, I am going to write down the steps that I took to create a WinPE 3.1 boot image that can be used to contact the GSS console. This is by no means required, and, in all honesty, doesn't work correctly 100% of the time. I will give examples later.
Here is a great resource that talks about the WAIK, using it to create an image, and has the links for getting it: Adventures with WinPE 3.1
Thanks EdT! He also touches on the idea of scripting out a lot of the process, which I do as well.
The first thing you need to do is get the Microsoft WAIK, and install it. You can use a VM for this, or your regular machine, it's up to you.
When we go to build the PE, we will be using the 32bit PE since the ability to ping the console is built into a 32bit app.
Second, on the server that is running your Ghost Solution Suite console, open the Ghost Boot Wizard. Select WinPE, click edit. Highlight the WinPE 2.0 boot partition you are using that has all of your drivers. Make sure you highlight this one, and not a stock one. Click copy, and give it a nice short name (like WinPE3). Make note of where it is storing the files (ProgramData\Symantec\Ghost\Template\COMMON). Your newly made PE will be in that folder under its own folder with the name you gave it. Remember this.
Third, make yourself a new WinPE 3.0 PE on your PE'ing machine! Open the "Deployment Tools Command Prompt" as an admin from the machine you installed the WAIK. DON'T CLOSE THIS PROMPT. NOT UNTIL THE VERY END. Think of a nice folder name for your PE so you remember where it is! (this guide will use "C:\winpe" as the location) Next, come up with a holding directory for files and folders before you copy them over (maybe c:\bootcd\makepe). Now, create your PE with the following commands
- copype x86 c:\winpe
- copy c:\winpe\winpe.wim c:\winpe\ISO\sources\boot.wim
Awesome, you now have the PE made, and it is time to mount that WIM file with the following command
- dism /mount-wim /wimfile:c:\winpe\winpe.wim /index:1 /mountdir:c:\winpe\mount
Now, this allows you to mess with the WIM file as a directory instead of a file. It is located at c:\winpe\mount. This is the section of the fun where we add all of the utilities, files, custom backgrounds, drivers, etc. I will give some examples, as well as the commands for adding drivers, since that is important
I HIGHLY recommend you do the following at this point (some of these really are required for this to work as a Ghost PE, but not all of it)
- Add IMAGEX or GIMAGEX to your holding folder (its a nice graphical front end for IMAGEX) and also copy it to the "c:\winpe\mount\windows\system32" directory. Necessary? No, but its a useful tool for the future.
- Make a folder called "Scripts" under your holding folder earlier. We will come back to this later!
- Open a console boot partition that you have made some time before inside Ghost Explorer and steal all of the stuff in the Ghost directory. Put that all in a directory in your holding folder called "Ghost". You want the following things in this folder: copy.bat (from the console partition), GDISK32, GhConfig32, Ghost32, Ghostoem32, ghreboot.bat (from the console partition), GhRegEdit32, ghvp.bat (from the console partition), NGCTW32 (this is the biggest piece, you NEED this. Get it from the console partition if necessary), your pubkey.crt, and the file VPartition.dll (from the console partition). Copy that directory over to "c:\winpe\mount\Ghost". This whole step is MANDATORY for this to contact the server. I am sure there will be questions on this step. Ask below.
- Make a file named STARTNET.CMD in your holding folder. This is super important. I will come back to it as its own numbered list in a minute.
- Want a custom background? Name it "winpe.bmp", put it in your holding folder, and also put it in the "c:\winpe\mount\windows\system32" folder
- Go get the program "GETMAC" from an old XP install. You know you have one. Put it in the holding folder and the mount\windows\system32 folder just as above. This is not required, but it is really nice to be able to pull the MAC address without all the other ipconfig stuff.
You will see me using this holding folder a lot. It is nice because if you mess up, you have duplicates and can just move them over! Also allows for great scripting!
Now, back to that command prompt. run the following commands:
dism /image:%_location%\mount /add-package /packagepath:"C:\program files\windows aik\tools\petools\x86\winpe_FPs\WinPE-HTA.cab"
- dism /image:%_location%\mount /add-package /packagepath:"C:\program files\windows aik\tools\petools\x86\winpe_FPs\WinPE-Scripting.cab"
- dism /image:%_location%\mount /add-package /packagepath:"C:\program files\windows aik\tools\petools\x86\winpe_FPs\WinPE-WMI.cab"
Doing those adds abilities to your PE to run HTML stuff, scripts, and return WMI info. There are more, but those 3 are really good.
Now, I recommend you go get Network drivers for your network cards (Win7 has a lot of them, but you will probably still need some.), maybe even a chipset driver too. Put all the folders inside a folder somewhere. For the network drivers, you only need the NDIS62 drivers, and all drivers you are going to include MUST BE 32bit Win7 drivers! for sake of argument, lets say you stored them in a folder called "c:\bootcd\makepe\winpedrivers32". Now from the command prompt you have open, run the following command
- dism /image:c:\winpe\mount /add-driver /driver:c:\bootcd\makepe\winpedrivers32 /recurse
That will put all of your drivers in your PE image. It does take a minute.
Now, we are going to go back to some of the folders and files from earlier, and make some new ones too!! Note the PE isnt "committed" yet.
Now we start in on the scripts. This is important. They help so much. Make each of these as its own CMD file in that "Scripts" folder you made in the holding area.
First, make a script called "setPath.cmd". It has one line in it. This sets up your PATH variable so you can just call your scripts
- set path=%path%;x:\Program Files;x:\ghost;x:\scripts;
Second, make a script called "reboot.cmd". It has one line in it. This allows you to type "reboot" at the prompt and the computer will restart
- wpeutil reboot
Third, the most important script. This is flat out taken from a boot partition and makes the comp phone home to the console. call it "startGhost.cmd". It has the following (yes line 3 is blank)
- rem --- This will remove any traces of virtual partition from hard drive ---
- x:\ghost\gdisk32.exe /revert >> x:\ghost\startlog.txt
- rem --- This will create primary OS drive configuration ---
- x:\ghost\ghost32.exe /setosdrives /blind >> x:\ghost\startlog.txt
- start x:\ghost\ngctw32.exe -console
NGCTW32.exe -console is what opens the window that sends and acknowledges your GSS server. Super important
Add some more scripts if you want. i have ones that reinitialize the WINPE networking, start backup sessions, even use VNC inside the PE! (i can talk about that later if people want)
Now, copy the SCRIPTS folder over into the c:\winpe\mount directory.
Next, we turn our attention to the STARTNET.CMD file we made. Edit it, and add in the following
- wpeutil disablefirewall
- start /min cmd.exe
- cmd /c x:\scripts\startGhost.cmd
This file is what gets everything going. First we initialize the PE, then we shut off the firewall to help kill some issues. We open ANOTHER cmd prompt for later use (it will be minimized by default). We then start up the ghost phone home. We then set our PATH as before so we can call other scripts if we want to (from this window, the other one wont have the path set, but system32 is in the path by default, so GETMAC works from that window, so does IPCONFIG, etc)
Copy the STARTNET.CMD file from your holding directory to c:\winpe\mount\system32. Yes you want to replace it with your new, more awesome one.
Now its time to commit. Settle down, start a WinPE3.0 session. Run the following:
- dism /unmount-wim /mountdir:c:\winpe\mount /commit
That seals in your changes. Next, we replace the WIM with the new one you just lovingly hand made. run this:
- copy c:\winpe\winpe.wim c:\winpe\ISO\sources\boot.wim /y
Make an ISO of it! You need to know where you are saving it. How about c:\ISOs? Run this:
- oscdimg -n -bc:\winpe\etfsboot.com c:\winpe\ISO c:\ISOs\winpe3.iso
See how there is no space after the "-b", it just slams right into the "c:\" part. That is on purpose. There is no space there. Don't do it.
PEing is hard work! Now toss it in your CD burner oven and let it bake you a lovely CD. Don't have time? Need to use the USB microwave? Sure! mount that ISO in the utility of your choice. Take a thumb drive (when I build the above, it fits on a 512MB drive [where can you even find them that small anymore?!])
Go into DISKPART, and select the USB drive. Run the following commands after that select command you just did to pick the USB drive and not your HD. Super important you pick the right one, since were going to nuke it (microwave joke!)
- create partition primary
- select partition 1
- format fs=NTFS quick
Now, to give an example, we will assume your ISO drive is E:\, and your thumb drive is L:\. Change this to make it match yours. You don't want to overwrite the wrong drive, or copy the wrong files
- xcopy E:\*.* /s/e/f L:\
That copies the ISO onto the thumbdrive.
If done correctly, you can now actually boot a comp from the CD or thumb drive. When it starts pinging your GSS server "sending...acknowledged" you can pull it out and it will keep doing it!
Remember earlier when I said remember where GSS kept that WinPE3 folder under COMMON? Open your folder, open "Sources" and replace the boot.wim in there with the one from the CD/USB key. Confirm the move! Now, you can NEVER EVER AGAIN open that PE in the Ghost Boot Wizard. It will give you lots of errors. But it does work.
If you go into the GSS console, you can now assign this as the Virtual Partition under the client tab.
The reason I had you take the working partition you normally use as the starting point and copying it is that the MANIFEST files are still used by GSS, and it still checks the manifest for drivers it assumes will be there.
So, since nothing is perfect, I'm sure you want to know what I know is broken (since I mentioned it earlier). I have a weird situation where, from Windows, i can issue a Clone command, or a Config command, but not both together. The config will fail after the clone succeeds. But I can do the clone, let it succeed, then do the config. Extra weird is that if I boot to that CD/USB key and issue the clone and config together, it works! But only if the machine was already in the PE.
Please leave questions or feedback. This is still a work in progress, it is a nice way to make a new boot CD. It's also faster than taking a CD and ghosting the partition onto it.
edit to add link to Part 2 in this body of this! easier to find now rather than going through the comments! Thanks EdT for reminding me!