Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to Customize WinPE 4.x in Altiris 7.5

Created: 06 Mar 2014 • Updated: 06 Mar 2014 | 13 comments
Language Translations
ortolani's picture
+15 15 Votes
Login to vote

##########################################################################################################

This is NOT supported by Symantec, so remember to back up the files, case you want to revert back.

##########################################################################################################

How to modified WinPE 4.x in Altiris 7.5 HF4

In this article, you'll learn, 

  • How to add tools and utilities into WinPE x86 (since most of these tools are not available in x64)
    • VNC
    • RocketDock
    • Sysinternals Tools
    • Unix Utilities
    • Notepad
    • Regedit
    • BGInfo
    • Q-Dir (WinPE version of explorer)
  • How to add WinPE optional packages, like: PowerShell, .Net, etc.
  • How to change WinPE background picture
  • Display the Symantec GUID, Computer Serial Number (Dell since that is what we use) in the BGINFO
     

*All the files I use in my environment will be included in the end

My WinPE Environment:

On our WinPE environment we decide to implement extra tools to help us troubleshooting problems during the WinPE. Also we added extra information on the background (BGInfo) so is easy for our tech guys on the field to identify a computer when deploying to a lab with 100+ computers. Normally when is manage this is not a problem, but for new computers and replace computers, where Altiris uses the minint name (in 7.5 serial) helps identify and send tasks.

After trying different configurations we settle for the configuration show on the picture below. We display general computer information, plus serial number, minint name and Altiris GUID number.

Also we have the Microsoft components running like PowerShell and .Net added to the WinPE environment and for remote connections we decide to use VNC for now.

WinPE.jpg

Important File Locations to Know:

The Folders and Files locations below is assuming the PXE server is install on a speared server (so not on the NS). Since I don’t have an environment where the PXE and NS are in the same server, I can’t tell info the location below will change. So make sure you keep that into consideration.

[Altiris Install Dir] - assuming it is on default locations [C:\Program Files\Altiris]

  • On the Notification Server - (these will be the files you need to modified)
  • Location of the WinPE Background Picture: [winpe.bmp] and [winpe.jpg]
  • [Altiris Install Dir]\Deployment\BDC\bootwiz\Platforms\WinPE\x86\Optional\Boot
     
  • Location to add the utilities and tools:
  • [Altiris Install Dir]\Deployment\BDC\bootwiz\oem\DS\winpe\x86\Base
     
  • Location of the [WINPE.WIM] file:
  • [Altiris Install Dir]\Deployment\BDC\WAIK\Tools\PETools\x86
     
  • Location of Automation Files:
  • [Altiris Install Dir]\Notification Server\NSCap\bin\Win32\X86\Deployment\Automation\PEinstall_x86
     
  • On the Site Server (PXE) - (files below get overwrite every time you re-build the WinPE environment, from the package server)
  • Location of the WinPE Background Picture: [winpe.bmp] and [winpe.jpg]
  • [Altiris Install Dir]\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{GUID}\cache\bootwiz\Platforms\WinPE\x86\Optional\Boot
     
  • Location to add the utilities and tools:
  • [Altiris Install Dir]\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{GUID}\cache\bootwiz\oem\DS\winpe\x86\Base
     
  • Location of the [WINPE.WIM] file:
  • [Altiris Install Dir]\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{GUID}\cache\WAIK\Tools\PETools\x86

Geting ready for the WinPE customizations:

Before starting the customization, make sure you have done the following steps:

  1. Download the attached files from this article "WinPETools.zip"
  2. Read the notes on the bottom of the article that explains what the files (scripts) do, case you would like to add or remove extra tools and functionality
  3. Have access to your NS, Package and PXE server
  4. Have a reference computer ready, since you will need to install ADK, and you don’t want do that on the server
    a. Install the Windows Assessment and Deployment Kit (ADK) for Windows 8 (which is WinPE 4.0) on a reference computer to add the extra components into WinPE, instructions for the process is on section “Adding PE Optional Components Ref into WinPE”
    b. To download ADK: http://www.microsoft.com/en-us/download/details.aspx?id=30652
  5. If you decide to use VNC as a remote option, on “Adding Tools to the WinPE” have the KB link explain the process. But if you decide not to used, than you need to do the following:
    a. Delete the files: ultravnc.ini, winvnc.exe, vnchooks.dll
    b. Delete or comment the following lines 19 and 20 from the file “WKU_WinPE.bat”
        i.  echo Launching VNC server...
        ii. start x:\Utilities\winvnc.exe

So let's get started:

Once the pre-configurations above are in place, there are only 3 steps:

  • Adding PE components
  • Adding the Extra Tools, like BGIngo, RocketDock, etc
  • Build the WinPE environment

Adding PE Optional Components Reference into WinPE:

I noticed that after build a standard WinPE using the Altiris tools, that components like PowerShell and .Net was not enable by default, this present a problem if you are trying to use scripts in PowerShell or .Net. One of the problems I found it was that if you run the powershell script from the console. It will display it was run successfully. Like the picture below:

powershell.jpg

But after looking at the details of the job, I noticed the output properties display the powershell.exe is missing or not install. So the script never run. Since we use powershell scripts and .Net tools, I decided to add the extra components into WinPE and below are the steps to do it.

For more information in building and modifying the WinPE environment, go to the following links:

There is 2 files inside the .ZIP attached to this article:

Before running the batch script “WinPESettings.bat” you will need:

  • Make sure ADK is installed
     
  • Create the following structure on the reference computer root
    • C:\WinPEx86
    • C:\WinPEx86\mount
       
  • Copy the file “WINPE.WIM” from the notification server to “C:\WinPEx86”.
    • NS File location: [Altiris Install Dir]\Deployment\BDC\WAIK\Tools\PETools\x86 - for the x86 WINPE.WIM.
       
  • Copy the “WinPESettings.bat” to the reference computer root
     
  • Browse to > Start > All Programs > Windows Kits > Windows ADK
    • Run: Deployment and Imaging Tools Environment
    • This will open a CMD with the right environment variables set, just go back to the root and run the WinPESettings.bat file from the open CMD
       
  • If you decide to added the “unattend.xml” to set the resolution than, you will need to comment out lines 78, 79 and 80 from the “WinPESettings.bat”, once the batch file added all the components you need to copy the unattend.xml to the following locations:
    • C:\WinPEx86\mount
    • C:\WinPEx86\mount\Windows\System32
    • once you added the xml file
    • unmount the WINPE.WIM image by running the following command on the open CMD
    • Dism /Unmount-Image /MountDir:"C:\WinPEx86\mount" /commit

Once you are done with the WINPE.WIM file, than you will need to move the file back to the Notification Server.

Just a sample of the batch file, full code is attached to this article:

ECHO ***********************************************************
ECHO ** Mount Windows PE boot image "winpe.wim"               **
ECHO ***********************************************************
imagex /mountrw c:\winpex86\winpe.wim 1 c:\winpex86\mount

ECHO ** Adding Package [WinPE-WMI]                            **
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:"[path to Windows Kits]\x86\WinPE_OCs\WinPE-WMI.cab"

ECHO ** Adding Package [WinPE-NetFx4]                         **
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:"[path to Windows Kits]\x86\WinPE_OCs\WinPE-NetFx4.cab"

ECHO ** Adding Package [WinPE-Scripting]
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:"[path to Windows Kits]\x86\WinPE_OCs\WinPE-Scripting.cab"

ECHO ** Adding Package [WinPE-PowerShell3]                    **
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:"[path to Windows Kits]\x86\WinPE_OCs\WinPE-PowerShell3.cab"

ECHO ** Adding Package [WinPE-MDAC]                           **
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:" [path to Windows Kits]\x86\WinPE_OCs\WinPE-MDAC.cab"

ECHO ** Adding Package [WinPE-HTA]                            **
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:" [path to Windows Kits]\x86\WinPE_OCs\WinPE-HTA.cab"

ECHO ** Adding Package [WinPE-DismCmdlets]                    **
DISM /Add-Package /Image:"C:\WinPEx86\mount" /PackagePath:" [path to Windows Kits]\x86\WinPE_OCs\WinPE-DismCmdlets.cab"

ECHO ***********************************************************
ECHO ** Unmount the Windows PE Image                          **
ECHO ***********************************************************
Dism /Unmount-Image /MountDir:"C:\WinPEx86\mount" /commit

Adding Tools into WinPE

These part you will prepare the environment with all the files, so the system will be ready to build the WinPE.

Download the WinPETools.zip from the article and make sure you have all your settings ready.

For VNC, there are other articles out there that explain the process (http://www.symantec.com/connect/articles/winpe-21-remote-control-ultravnc), this one is not necessary for 7.1 or 7.5, but the process is very similar, the major difference is that VNC change the settings location from registry to INI file. All the VNC files are include on the download, all you need to do is build the ultravnc.ini I am including the file but I erase the password field.

Getting all files setup:

  • Login to the NS
    • Make sure you back up the originals Files, case you want to revert back.
  • Extract the “WinPETools.zip”
     
  • Copy folder “Utilities” > [Altiris Install Dir]\Deployment\BDC\bootwiz\oem\DS\winpe\x86\Base
    • While you are on the “[Altiris Install Dir]\Deployment\BDC\bootwiz\oem\DS\winpe\x86\Base” folder
    • Edit the file “runagent.bat”
    • Add the following command on the bottom of the batch file
REM Set PowerShell to unrestricted
ECHO Starting PowerShell
IF EXIST x:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe x:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe Set-ExecutionPolicy Unrestricted
  • This will initialize the custom script to start rocketdock, bginfo, etc …
REM Start Utilities
ECHO Start Utilities
IF EXIST x:\Utilities\WKU_WinPE.bat x:\Utilities\WKU_WinPE.bat
  • Copy background pictures > [Altiris Install Dir]\Deployment\BDC\bootwiz\Platforms\WinPE\x86\Optional\Boot
    • I didn’t add the background picture, since it is customize for my environment, but you just need to create one and replace the files on the folder above
       
  • Replace the modified “WINPE.WIM” > [Altiris Install Dir]\Deployment\BDC\WAIK\Tools\PETools\x86

Process to build the WinPE files on a PXE Site Server

Since in our environment we don’t have the PXE services running on the NS, we assign a site server as our PXE server.

So the process to get your custom files inserted into the WinPE environment is:

  1. Add all the customizations files/settings on the locations show above (Notification Server)
  2. In 7.5 the BootWiz folder is itself, part of a package, so normal package replication will pick up the changes, though it could take up to 24 hrs to update site servers. You can either wait or force the replication by running the Scheduler task:
    1. Run taskschd.msc
      1. Click [Task Scheduler Library]
      2. Right-click > run the following tasks
    2. NS.Package Distribution Point Update
    3. NS.Package Refresh
    4. NS.Delta Resource Membership Update
  3. Once the replication tasks runs, go to the package server to make sure the following package was update:
    bcd_pck.jpg
  4. Once the package is update on the Site Server [Package]
    1. Go to the Altiris Console > Settings > All Settings > Deployment and Migration > Preboot Configurations
    2. Click on the WinPE environment you would like to re-create and click the button [Recreate Preboot Environment
      preboot.jpg
  5. Go to the Site Server [PXE]
    1. Check if the following process is running, you will need to wait until this is done before trying to boot into WinPE using PXE
      bootwiz.jpg
  6. Once this is done, run a task to boot the client computer into PXE and see if all the changes you made are correct.
  7. Don't forget that there is also an X64 folder that may need to be modified if you use 64bit PE

Attached Articles files:

Utilities Files:

  • Q-Dir – file explorer for WinPE
  • RocketDock – strip down version for WinPE
  • SysInternalsSuite – list of tools that we use in our environment, so if you need more just added to this folder
  • UnxUtils – couple unix tools that comes in handy when need it

Utilities Files:

  • BGInfo – display the info on the background
  • ultravnc.exe – remote desktop
  • ultravnc.ini – settings for vnc
  • wmiexplorer – allow to load the wmi environment in WinPE
  • WKU_Get_BGInfo_Vars.vbs
    • This script will retrieve machine Serial Number and Altiris GUID Number
    • Create a file call “SetVars.bat”
  • WKU_WinPE.bat
    • First run the WKU_Get_BGInfo_Vars.vbs
    • Run the Set Vars.bat (created by the previous call)
    • Create a hostname file call “hostname.txt”
      • We notice that BGInfo was not reading the write hostname in WinPE, so this was the work around we found it.
    • Registry imports for custom settings
    • Start
      • RocketDock
      • VNC
      • BGInfo

Extra Files

  • WinPESettings.bat – this will mount the WINPE.WIM file, added the preset packages and unmounts
  • unattend.xml (optional) – this have just a setting, so the resolution of your WinPE environment will be set to 1024x768 32bit

Conclusion:

After BootWiz.exe finished building the WinPE environment, than you can test it and make sure all your configuration is working. I hope this can help people add tools and the Microsoft components into WinPE to take full advantage of WinPE 4.

Also want thanks everyone that post articles before, that help me develop this process.

Comments 13 CommentsJump to latest comment

JannasTo's picture

Very good article - thanks.

0
Login to vote
Klim_Belchev's picture

Great stuff - thank you!

0
Login to vote
Ch@gGynelL_12's picture

Thank you for posting. But it was also applicable or can be done with the Altiris 7.5 only without the hotfix?

Thank you.

Regards,

JM

0
Login to vote
ortolani's picture

hello JM, the customizations will work without the hotfix, the reason I mention the hotfix version is because we are using SSL in our environment and HF3 broke the communication between PXE and NS. So I did test this when I first install 7.5 with no HF install, but by the time I wrote the article HF4 is current install in our environment.

thanks,

0
Login to vote
SK's picture

This is a very good article.

The SSL issue is only relevant if SSL was NOT enabled during the initial installation phase of SMP plus solution(s)/suite(s).  There is also a workaround if SSL was enabled after the installation.

Connect Etiquette: "Mark as Solution" those posts which resolve your problem, and give a thumbs up to useful comments, articles and downloads.

0
Login to vote
no-idea's picture

Nice, but how about 64bit winPe? 32bit programs will not run there...
rocketdock - no but launchbar would, uvnc - yes, bginfo no. Explorer++ for file browsing...

0
Login to vote
ortolani's picture

The process will work with the x64, but the problem is with the utilities, and at the moment unless the company release an x64 version, we can’t use it or have to find alternatives.

I am current searching for x64 version of all the tools we have in our x86 environment. So far I found a 64 version of BGInfo and VNC, but there is still a lot of tools missing.

I found an article that show how to added x86 files, so x86 and x64 tools would work on WinPE, but that almost double the size of the WinPE. So I am not sure if this is a path to take. So if you find x64 versions of the tools please let me know or post on this article so it can be done in x86 and x64.

I am also working on my version of the “Initial Deployment Menu” converting to x64, since the version Symantec offers can be initiated by anyone as long they boot into PXE. So if you have Deployment Jobs in there a user could erase and image his HD by accident and lose all his data.

So my version take advantage of Symantec web services to trigger any task that you like (of course what u have publish for the user), but on my interface it ask for user name and password, and I do a 2 level of authentication, first the user has to exist in AD and be a valid user, second have rights the Altiris console. Than if both criteria’s are meet than triggers the jobs/task in the Altiris NS  (since web services only works with account that have Admin rights) I create a specific account to handle this, but on the description I insert the user username so I know who send the task. Is not perfect but it work great so far, I am converting to work with Workflow so I can post the code if people would like to use in their environment.

This is a small screenshot what the utility look like:

taskdeploy.jpg

thanks,

0
Login to vote
Tommy Nilsson's picture

Great article, thanks!

Have you seen/tried anything to speed upp the process for agent registration in DS 7.5?

0
Login to vote
rscovel's picture

Greetings,

Thanks for the great writeup about the tools to use. It will definitely be helpful to find x64 applications similar to those mentioned.

Since UEFI/GPT is only supported on the x64 WinPE 4 build using our Ghost standalone release or the DS 7.5 WinPE 4, these replacement tools are really needed. 

For those that want x86 and x64 tools in their WinPE could you post a link to the article you mentioned?

Your PXE menu project looks outstanding. I can't wait to see the finished project documentation.

Best Regards.

Russ

Russ Scovel
Inside Systems Engineer

Altiris SOS – Endpoint Management and Mobility
Symantec Corporation 
www.symantec.com

0
Login to vote
no-idea's picture

What I already use for some time is

- Lerup's Launchbar x64/64 with shortcuts to File Browser, CMD, Regedit, Notepad,Agent Logs...

- BgInfo x64/64

- UltraVNC x64/64

- Explorer++ x64/64

I call everything frm a VBscript out of runagent.bat Launchbar is a little bit tricky to configure because it relies on shortcuts but works well. The creation of these shortcuts is done before with the same VBscript.

Everything else depends on your needs and the availability.

0
Login to vote
SK's picture

Could you please provide the steps you used to implement the x64 bits into the provided x86 process.

Connect Etiquette: "Mark as Solution" those posts which resolve your problem, and give a thumbs up to useful comments, articles and downloads.

0
Login to vote
rscovel's picture

Greetings no-idea!

Could you perhaps provide the VBScript that you use? (It would be a big help since you have already done the work).. :)

Russ

Russ Scovel
Inside Systems Engineer

Altiris SOS – Endpoint Management and Mobility
Symantec Corporation 
www.symantec.com

0
Login to vote
Tomasz Wozniak's picture

I like it. Thumb up from me.

0
Login to vote