Unified Extensible Firmware Interface (UEFI)

Unified Extensible Firmware Interface

For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it is time to replace it with something better. UEFI is the replacement for BIOS, so it is important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment.

Introduction to UEFI

BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including:

  • 16-bit code
  • 1 MB address space
  • Poor performance on ROM initialization
  • MBR maximum bootable disk size of 2.2 TB

As the replacement to BIOS, UEFI has many features that Windows can and will use.

With UEFI, you can benefit from:

  • Support for large disks. UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks.
  • Faster boot time. UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate.
  • Multicast deployment. UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start.
  • Compatibility with earlier BIOS. Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS.
  • CPU-independent architecture. Even if BIOS can run both 32- and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS.
  • CPU-independent drivers. On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment.
  • Flexible pre-operating system environment. UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors.
  • Secure boot. Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader.


UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a small number of machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later.

Hardware support for UEFI

In regard to UEFI, hardware is divided into four device classes:

  • Class 0 devices. This is the UEFI definition for a BIOS, or non-UEFI, device.
  • Class 1 devices. These devices behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured.
  • Class 2 devices. These devices have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available.
  • Class 3 devices. These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS.

Windows support for UEFI

Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers.

With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system.

How UEFI is changing operating system deployment

There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices:

  • Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS.
  • When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa.
  • When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4GB.
  • UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit).

Automating Windows 10 Enterprise Technical Preview with MDT 2013 Update 1 Preview

To follow-up on my earlier post “Deploying Windows 10 Enterprise Technical Preview with MDT 2012 Update 1 Preview” Let’s try to do a little automation to make the deployment experience a little smoother.

We just need to do a little configuration within the Microsoft Deployment Toolkit 2013 Update 1 Preview.

The first thing that comes to mind is, when we PXE/media boot our client.
We are shown the Microsoft Deployment Toolkit Welcome Wizard. We need to click Run the Deployment Wizard to install a new Operating System.

Note that in this picture is also the option to set Default Keyboard layout for Windows PE as well as a Static IP. I’m going to assume that we always have DHCP in place and accessible for our clients.

To skip the Welcome Wizard:

  1. Right Click your Deployment Share
  2. Click Properties
  3. Click Rules
  4. Click Edit Bootstrap.ini
    1. The bootstrap.ini contains configuration needed before we connect to our Deployment Share.
    2. Keep in mind that all changes here will not be reflected until a new media has been generated.
  5. in the [Default] section right under that path to your DeployRoot add: SkipBDDWelcome=YES
  6. Close the editor
  7. Click Ok to close Deployment Share Properties
  8. Right click your Deployment Share
  9. Click Update your deployment share
  10. Click Next
  11. Click Next
  12. Click Finish
  13. The ISO and WIM image within the Boot folder of your Deployment Share has now been updated – attached ISO media to VM or update WIM file on your Windows Deployment Server. I’m going to copy the Wim to my Hyper-V Host and mount it in my test VM.
  14. Boot your client to verify the changes

Next up – User Credentials Prompt

MDT User Credentials Wizard

Specify credentials for connecting to network shares

This is where need to type in the credentials for the Deployment Share. This is the last prompt before we start processing data from the Deployment Share – so we need to edit bootstrap.ini again

  1. Right Click your Deployment Share
  2. Click Properties
  3. Click Rules
  4. Click Edit Bootstrap.ini
  5. in the [Default] section right under that path to your SkipBDDWelcome add: UserID=<someusername>
    UserDomain=<domain or servername>

    1. The UserID can we a local account on the server hosting our Deployment Share.
    2. UserDomain must reflect if the account is Domain based or local on our Deployment Share server
    3. We only need NTFS read rights (and of course read share permissions) for the Deployment Share
  6. Close the editor
  7. Click Ok to close Deployment Share Properties
  8. Right click your Deployment Share
  9. Click Update your Deployment Share
  10. Click Next
  11. Click Next
  12. Click Finish
  13. Update your ISO or PXE Media
  14. Boot your client to verify the changes

We are now taken directly to the Task Sequence wizard

MDT Task Sequence list

Select a task sequence to execute on this computer

Let suppose that we only have and need one task sequence job – lets automate this step as well

Changes will be a bit easier this time, hence we don’t need to update the ISO or PXE media each time – we are now working with CustomSettings.ini

  1. Right Click your Deployment Share
  2. Click Properties
  3. Click Rules
  4. in the [Default] section right under the last line (In my case its SkipBitLocker=Yes) add:
    1. SkipTaskSequence=Yes
    2.  TaskSequenceID=IW10ETPX64
      1. The Task Sequence ID can be found in Task Sequences tab under the Deployment Share
  5. MDT Task Sequence list

    List of Task Sequences within your Deployment Share

  6. Click Ok
  7. Boot your client to verify the changes

You should now be brought directly to the Computer Details page

Domain or workgroup information

Domain or workgroup information

I’m going to keep this window visible for the computer naming part, but it can of course be skipped. It will require two skip options:

  • SkipComputerName=Yes
  • SkipDomainMembership=Yes

You could also just prepopulate the fields in CustomSettings.ini for either Domain or Group


  • JoinDomain=ClientGeeks.com
  • MachineObjectOU=OU=Staging,DC=CLientgeeks,DC=com


  • JoinWorkgroup=SomeWorkGroup

It will automatically use the account used to connect the network share, you can for obviously reasons use a different account

  • JoinDomain=ClientGeeks.local
  • DomainAdmin=DomainJoinAccount
  • DomainAdminDomain=Clientgeeks.com
  • DomainAdminPassword=Pa$$w0rd1

The great part of working with CustomSettings.ini is that there is no need to rebuild boot media – changes are effective immediately – go ahead and give it a try

When you boot your client again with the latests additions, we have arrived at Move Data and Settings:

move user data and settings

Move data and settings from a previous version of Windows

The default option for this step is: Do not move user data and settings, If we where to just skip this step, the outcome would be no data and settings backup

  • SkipUserData=YES

Some other configuration options are:

  • USMTOfflineMigration=True
  • DoNotFormatAndPartition=Yes
  • OSDStateStorePath=\\MDT01\StateStore$

Configure CustomSettings.ini and boot the client again – you could also just click next, BUT we know that testing is good, and more testing is better! 😉

Next up is the Locale and Time Zone selection

Specify locale and time preferences

Specify locale and time preferences

The valid skip options:

  • SkipLocaleSelection=Yes
  • SkipTimeZone=Yes

I’m going to configure the optional options just as default

  • KeyboardLocale=0409:00000409
  • UserLocale=0409:00000409
  • UILanguage=en-us
  • TimeZone=004
  • TimeZoneName=Pacific Standard Time

If you ready and retry – you should now only be prompted with a “Ready to begin” and a blank details section, don’t see any need for this page, so let’s just skip this as well

Ready to begin

Ready to begin

This can be skipped with the follwing option:

  • SkipSummary=Yes

Let try it out! 🙂

Hopefully you have achieved an automated installation progress now

Installation Progress

Installation Progress

The IT Organization and Running Package name can also we changed, here is an example that includes the current date and tasksequence ID using a variable – can of course just be static text.

  • _SMSTSOrgName=ClientGeeks.com #day(date) & “-” & month(date) & “-” & year(date)#
  • _SMSTSPackageName=%TaskSequenceID%
Customized Installation Progress Window

Customized Installation Progress Window

Here is a snip of my CusomSettings.ini and Bootstrap.ini – yours should look similar to this









TimeZoneName=Pacific Standard Time


_SMSTSOrgName=ClientGeeks.com #day(date) & “-” & month(date) & “-” & year(date)#






Have fun deploying! 🙂

Deploying Windows 10 Enterprise Technical Preview with MDT 2013 Update 1 Preview

Start the Microsoft Deployment Toolkit Workbench

  1. Open Deployment Workbench
  2. Right Click Deployment Shares
  3. Click New Deployment Share
  4. Change Deployment Share Path to match your environment – in my case I change to D:\DeploymentShare
  5. Click Next
  6. Change the share name or leave as is
  7. Click Next
  8. Change Deployment share description or leave as is
  9. Click Next
  10. Remove all the checks – we will configure these at a later point (CustomSettings.ini)
  11. Click Next
  12. Review details
  13. Click Next
  14. Click Close

Now we have the a deployment share to work from – Now we need some data

Let’s start by importing Windows 10 Enterprise Technical Preview

If you haven’t already downloaded the iso – get it though the Windows Insider Program (http://windows.microsoft.com/da-dk/windows/preview-iso)

  1. Expand Deployment Shares
  2. Expand the newly created MDT Deployment Share
  3. Right click Operating Systems
  4. Click Import Operating System
  5. Mark Full set of source Files
  6. Click Next
  7. Browse to the content of the ISO downloaded from the Windows Insider Program – I mounted the ISO onto my MDT VM, you could also just extract the content and move it to a reachable location UNC or otherwise.
  8. Click Next
  9. Destination Name will show up as Windows 8.1 Enterprise x64 – change this to Windows 10 Enterprise Technical Preview x64
  10. Click Next
  11. Review the details
  12. Click Next
  13. Click Finish
    1. The imported operating system will name appear in Operating Systems with the name Windows 8.1 Enterprise in Windows 10 Enterprise Technical Preview x64 Install.wim

Now let’s go ahead and create Task Sequence to install this nice vanilla version of Windows 10 Enterprise Technical Preview

  1. Right Click Task Sequences
  2. Click New Task Sequence
  3. Type in an ID for your new install task sequence – I will Type IW10ETPX64, could be anything
  4. Type Task sequence name – I will type Install Windows 10 Enterprise Technical Preview x64
  5. Maybe we even type a comment – I will type todays date, this field is not mandatory
  6. Click Next
  7. Choose Standard Client Task Sequence
  8. Click Next
  9. Choose the newly import Windows 10 Enterprise Technical Preview x64 Install.wim
  10. Click Next
  11. We could specify the MAK Key that we got from the Windows Insider Program, but it’s not required
  12. Click Next
  13. Type in Full Name, Organization Name and homepage
  14. Click Next
  15. Type a local administrator password
  16. Click Next
  17. Review the details
  18. Click Next
  19. Click Finish

So now we got the task sequence ready – so what’s next?

Let’s start the creation of the needed boot images (or either ISO or PXE boot)

  1. Right click the Deployment Share
  2. Click Update Deployment Share
  3. Click Next
  4. Click Next
  5. Click Finish

Browse to your Deployment Share in Windows Explorer

Locate the boot folder – We now have the newly generated boot files. Wim files if we want to PXE boot using Windows Deployment Services, or ISO if we want to use a Boot CD.

I’m going to copy the LiteTouchPE_x64.iso to my Hyper-V host, so I can test boot a VM.
Let’s boot and see what happens

  1. Insert the boot media into your VM or test computer (keep in mind we still haven’t added any drivers
  2. Boot on the media

We are now being presented with the Deployment Wizard Welcome screen

If we to automate or just plain and simple skip this window

    • Add SkipBDDWelcome=Yes to bootstrap.ini
  1. Click Run the Deployment Wizard to install a new Operating System
  2. We are now being prompted for Network credentials to access the share
    1. Type in valid user credentials
    2. This can be automated or skipped with
      1. UserID, UserDomain and UserPassword in Bootstrap.ini
  3. Click OK

Now we are connect to the deployment share – all changes needed from heron out is done within the task sequecen, CustomSettings.ini or within the Deployment Share

  1. Choose your Task Sequence – Install Windows 10 Enterprise Technical Preview x64
    1. This can be automated with the SkipTaskSequence=Yes & TaskSeuqneceID=IW10ETPX64 (ID of your task seuqecen) – the changes is needed in CustomSettings.ini
  2. Click Next
  3. Type in a computer name
    1. Of course we can automate this as well… – CustomSettings.ini
  4. Type in Domain or Workgroup information
  5. Click Next
  6. Choose whether or not to move data and settings from previous versions of Windows
  7. Click Next
  8. Choose to restore user data – we don’t in this case
  9. Click Next
  10. Choose your locale and time preferences
    1. Again – we ca automate this in…… CustomS……s.ini
  11. Click Next
  12. Review the details
  13. Click Begin

The computer is now being installed with the Windows 10 Enterprise Technical Preview

Automating the process will be covered in another post, as well as adding applications and customizing J

Windows 10 – Windows Updates troubleshooting

If you experience problems with Windows Updates and need to debug on the actual process, WindowsUpdates.log has always been a good place to start……… but not on Windows 10

According to Microsoft these steps are relevant only for the January Tech Preview of Windows 10.

Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written. To decode the resulting ETL files and create a log that you can read, follow these steps.

  1. Download the public symbols by following the directions here. Install these symbols to a directory such as C:\symbols.
  2. Download the Tracefmt.exe tool by following the instructions here.
  3. Open a command prompt with administrative rights.
  4. Create a temporary folder, such as %systemdrive%\WULogs.
  5. Locate the directory that contains Tracefmt.exe, as downloaded and installed in step 2. Then, copy Tracefmt.exe to %systemdrive%\WULogs.
  6. Run the following commands at a command prompt, in the order presented:
    • cd /d %systemdrive%\WULogs
    • copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
    • tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols

For example, the last line might resemble the following:

tracefmt.exe -o windowsupate.log Windowsupdate.103937.1.etl Windowsupdate.103937.10.etl -r c:\Symbols

Lucky for us, we don’t always need to dig deep – there is a deprecated logfile we can use for now (January Tech Preview) WindowsUpdate_AU_deprecated.log

How To: Debug missing Drivers in MDT

Came across this great post by Keith Garner (http://ow.ly/JeHHD) on Microsoft Social forum

Its the most thorough debugging guide I’ve seen on drivers in MDT

How to debug Network Driver Problems

One of the earliest hurdles an MDT administrator will come across is the management of device drivers, specifically networking drivers. With most other drivers, like Audio, printer, and video drivers, a quick call to Windows Update or install over the network will resolve the Installation. However unless the Network (and storage) Drivers are installed into Windows from the start, it will be much more difficult to install the rest of the system.

This post should help you get started if you find a machine that did not install a device driver properly, and you want to know how to find and import the correct drivers.

Installing network drivers in the full OS

  • Step 1 – Try network connection again
    It’s possible that you might get a DHCP error from MDT, but when you try again later to connect the Deployment Share it works! This may be caused by a slow or malfunctioning DHCP server in your network. Re-check your DHCP servers, ensure that PortFast is enabled on your routers. If all else fails get your network administrators to document the DHCP delay. A long delay in modern networks is unnecessary.
  • Step 2 – Verify connectivity
    You may not have a driver problem but a network problem. Check the physical connection on the computer (Network installs on MDT *REQUIRE* a wired network connection, no Wi-Fi). Open a web browser. Check the IP Address (ipconfig.exe /all). Ping the Deployment Server, manually connect to the Deployment Share. IF you can’t connect to the Deployment Share, neither can MDT.
  • Step 3 – Find the Correct Driver Package
    Before you load the driver into MDT, first verify that you have the correct driver. There are scenarios where you may *think* you have the correct driver, but the driver will never run because the package is designed for a different OS/SKU/Platform/whatever. Install the driver package by:
    ○ Open the Device Manager (devmgmt.msc).
    ○ Find the network device in the list (ensure this is the wired device, not the wireless device)
    ○ Right click on “Properties” and click on the “Details” tab.
    ○ From the “Details” tab, select the property “Hardware Ids” select all the values, and copy to the clipboard, it would be a good idea to save for later. Should look something like:
    ○ From the “Driver” tab, click on “Update Driver…”, click on “Browse my computer for driver software” locate the driver package on the local machine or USB Drive, and install the package.
    ○ You should get a confirmation that the driver package was installed.
    ○ IF you do not get confirmation, MDT driver installation may not work.

Windows will install the driver starting with the *.inf install package, and will typically include a *.sys (binary) and a *.cat (digital Signature). If the driver package has been re-packaged into a *.cab, *.zip, or other compressed *.exe file, the package must be extracted first. This is a hard requirement for any driver used by MDT and/or SCCM. All driver packages that are signed by Microsoft (WHQL) will be installed from the *.inf file, and you should only use devices that have the Microsoft WHQL Logo as a sign of quality.

If you need a help on where to find driver packages for your devices, the 3 largest Computer OEM manufacturers supply drivers grouped by Make and Model that are easily imported into MDT and SCCM. See: http://deploymentbunny.com/2014/07/08/back-to-basicwhere-to-find-drivers-for-servers-and-clients/

  • Step 4 – Load driver into MDT
    If you have more than 20 driver packages, or if you anticipate you will have more than 20 drivers, you should start grouping your drivers in sub-folders for organization. One popular method is to group by Computer Make and Model. Ensure that you are using the correct Driver Selection Profile in your task sequence. If you are unsure, disable any selection profile(s) to ensure the driver is installed correctly.
  • Step 5 – Run the full MDT installation
    During installation MDT will perform the following:
    ○ Run the PNPEnum.exe utility and capture output to PnPEnum.xml. The VEN_Xxxx and DEV_Yyyy from the “HardwareIDs” property above must be present in this list. Otherwise we won’t have a match.
    ○ Search through the %DeployRoot%\control\drivers.xml file looking for a match for the HardwareID. MDT may filter the search based on the folder search type.
    ○ MDT will copy each matching driver to the local c:\drivers directory using the xcopy.exe command. You can search (grep) for the string “xcopy” in the ZTIDrivers.log file, that will get you list of all driver packages matched by MDT.
    ○ MDT will allow the machine to boot into the NEW OS, and Driver Installation will begin in the OS. IF there are multiple drivers found and copied locally, the Windows (not MDT) will determine the best one. The c:\windows\inf\SetupAPI.*.log files will detail which drivers copied locally were installed (or *not* installed).

Installing Network Drivers in WinPE

  • Step 6 – Try the network connection again
    (See above
  • Step 7 – Verify Connectivity from within WinPE
    Verifying network connectivity will be a bit more difficult in WinPE, since we have a limited User Interface, so all investigation must be done in the debugging mode (Press F8) cmd.exe
    ○ Try connecting to the Deployment Share:
    c:\> net use * \\MDT\DeploymentShare$ /u:UserDomain\UserName *
    ○ Try pinging the Deployment Server:
    c:\> Ping.exe MDT.Corp.contoso.com
    ○ Verify that you have an IP address ( ipconfig /all ) If you have an AutoConfiguration address – Driver OK – WinPE can’t reach the DHCP server. If you have “Media Disconnected” – Driver OK – Physical adapter not plugged to network. If no devices are listed – Driver bad – Driver not installed.
    ○ Check the x:\windows\system32\WpeInit.log – This log will show the network driver (if found) being installed.
  • Step 8 – Verify driver packages are getting included into WinPE
    Firstly, verify the correct driver package from within the full OS above. By default MDT will import *all* Storage and Networking drivers into your WinPE image. However it is possible to change the subset of files copied via “Selection Profile” or other method. Cross check your WinPE Driver Settings.
    ○ From within the MDT console, right click on the root of your Deployment Share and select properties.
    ○ Click on the “Windows PE” tab, and the “Drivers and Patches” sub tab for both x86 and x64.
    ○ Your Network Drivers package must be in the “Selection Profile” if enabled.Finally verify that the correct Network Driver package is being copied to WinPE. If necessary this may include setting up a debugger to watch the MDT Provider build the WinPE Image from scratch. My preference is to use the SysInternals  http://live.sysinternals.com/Dbgview.exe tool.
    ○ Open up the MDT console.
    ○ Download and run the DbgView.exe tool.
    ○ Update the deployment share in question.
    ○ The DbgView tool should show what drivers were copied to each WinPE Image.


  • Whenever you add a driver into the MDT console, you must update the deployment share for that drivers to be added to your WinPE Image. If you are unsure, select “Completely regenerate the boot images.” to ensure the drivers is imported. Additionally, you must copy the updated LitetouchPE_x??.wim and *.iso files to the other consumers of the WinPE image like WDS/PXE and or any USB offline media.
  • Note that some Broadcom NetXtreme class of drivers have a multi-function driver architecture that may have difficulty loading in WinPE. Ensure that you load the “RIS” class of drivers from Broadcom in your MDT environment.
  • Note that by default MDT does *NOT* support the installation of Windows over Wireless network devices (Wi-Fi). The MDT installation sources must either be available through wired networking, or offline (USB Flash) media.
  • This post does not discuss origination of drivers within MDT ( Chaos vs. Total Control ), that is a different topic. http://www.deploymentresearch.com/Research/tabid/62/EntryId/112/MDT-2013-Lite-Touch-Driver-Management.aspx

Further Help

If you are still having problems with drivers in via MDT, ask the experts in the MDT Technet Forum:

  • Include a short description of the problem. Including the Make/Mode if necessary.
  • Include the HardwareIDs from the Device Manager (Devmgmt.msc) into the post (from above).
  • Copy your known good driver package (step 3 above) to OneDrive.
  • Copy the following log files to a public site like OneDrive and include the link:
    ○ PnpEnum.xml (from Client)
    ○ Bdd.log (From Client) – or at least the ZTIDrivers.log file.
    ○ c:\windows\inf\SetupAPI.*.log (from client)
    ○ %DeployRoot%\control\Driver*.xml
    ○ %DeployRoot%\control\SelectionProfile*.xml
    ○ %DeployRoot%\control\settings.xml (if problems in WinPE)
    ○ x:\windows\System32\WpeInit.log (if problems in WinPE)
    ○ If the MDT server is not including your driver package in WinPE include the DBGView log.

Advanced Installer

For many years I’ve been working with Wise Package Studio, the best tool ever for application repackaging projects. Since Wise Package Studio is End of life – announced in December 2011. Now seemed like a good time to find a new tool, Flexera Admin Studio seemed like the obvious choice, but is rather expensive (still a great tool)

In some cases Orca (http://www.technipages.com/download-orca-msi-editor) would get the job done, but still would take a long time

I remembered coming across Advanced Installer at TechEd NA, so decide to have a look at the tool

There is a free trial from the website and also a free version: http://www.advancedinstaller.com/download.html

Advanced Installer comes in multiple versions, I choose to test the Architect version, mainly because it had the following features highlighted

  • Repacker
  • App-V
  • SCCM
  • MSI Quick-Edit

My test of the product was a great success !

Today I will recommend this product to my customers looking to repackage or edit MSI’s, it has a nice and intuitive interface, much like Wise Package Studio had 😉

Have a look at some of the videos from Advanced Installer on YouTube: https://www.youtube.com/channel/UCIPx2SPC1K7_DoPdVeFHoNg



Application repackaging – Active Setup & Windows Installer Repair

If you repackage or deploy applications you need to know about Active Setup and Windows Installer Repair

The best methods are documented first, but also other alternative ways.

Method I

Active Setup Method:

This is one of the best practices in MSI Packaging which uses the native Active Setup behavior of Windows and Windows Installer HKCU keys repair techniques.

One should follow these specific steps while using this method:

  1. Make sure all HKCU keys in the MSI Package that we are creating are under structured component names like CurrentUser, CurrentUser1, etc.
  2. The Package author should be able to judge and set the key path for that Component properly.
  3. As per Microsoft Component guidelines, make sure the components containing HKCU keys are as few in count as possible, for example only one component (CurrentUser) with all HKCU keys with best key path set is the best practice.
  4. Create the following registry keys under the main hive:
  1. HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI}
  2. ComponentID=PackageName_ComponentName
  3. StubPath=[SystemFolder]msiexec.exe /fu {Product Code of the MSI} /q
  4. Version=ProductVersion

The principle of Active Setup behavior is when a new user logs on for the first time, then the Active Setup will perform a checksum between HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI} and HKCUSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI}; and if the GUID is not present under HKCU, then it performs all actions which are under that main hive (StubPath, Version) and populates the GUID under HKCU. The main Advantage of Active Setup is it performs an action only once per User with the Checksum behavior by matching the entries under HKLM and HKCU.

Method II

Active Setup Method:

This method can be used for both MSIs and Non-MSIs

Create a silent SMS script or Wise Script (for eg:-Script.exe) which will create the needed HKCU registry entries for the application. Then place that EXE in the Application [INSTALLDIR] in your MSI Pkg or Executable binary memory.

Then create the following additional registry entries in the MSI Package or within the Script whichever is applicable:

HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID or AppName}





The Active Setup performs the regular checksum (comparison of entries under) HKLM and HKCU and if the respective unique GUID or AppName is not present under HKCU hive, then it will perform all actions (StubPath, Version) and populates the GUID or AppName under HKCU hive too. This is only once per user — for the first time — to populate HKCU hive.

Method I and method II use the Active Setup feature, and One should understand the advantages of one over the other. Method I requires source resiliency to populate HKCU keys, where as method II does not require this as the Script.exe does everything.

Method I and method II can be used in any scenarios like if Advertised entry points are present or NOT present.

Method III

Windows Installer repair method

Typically the body of the script will be;

Check for the existence of a Flag key under
HKCUSoftwareCompany NameApplications{ProductName][productversion]

If the key exists then quit else initiate the Windows Installer repair to populate HKCU keys:

Msiexec /fu {Product Code of the MSI} /q


And edit and create registry key (Basically a Flag Key which can be any key which your firm adopts)
* XYZ= Name of the organization Company
And keep this script exe in HKLMSoftwareMicrosoftWindowsCurrentVersionRun.

One should keep in mind that the /p switch can also be used to repair files (populate) user-specific data (Profile data) with the following syntax:

Msiexec /fup {Product Code Of the MSI) /q


Method IV

Silent empty exe with valid shortcut:

Create a silent empty exe and its Advertised shortcut and place both of them in the Application [INSTALLDIR]. And use them as entry points to trigger healing to populate HKCU keys.

Microsoft System Center 2012 R2 Configuration Manager – Clients for Additional Operating Systems has been updated

The Clients for Additional Operating Systems allow you to manage Apple Mac, UNIX and Linux computers using System Center 2012 R2 Configuration Manager

Date Published: 10/23/2013
File name:
File size:
ConfigMgr Clients for Linux.exe 46.7 MB
ConfigMgr Clients for AIX.exe 115.7 MB
ConfigMgr Clients for HP-UX.exe 49.0 MB
ConfigMgr Clients for Solaris.exe 57.2 MB
ConfigmgrMacClient.msi 5.4 MB

Microsoft System Center 2012 R2 Configuration Manager supports the management of Apple Mac clients. The client for Mac computers allows you to discover Mac OS X devices, collect inventory, manage settings, and deploy applications and patches using your Configuration Manager environment.
Microsoft System Center 2012 R2 Configuration Manager supports the management of UNIX and Linux servers. The clients for UNIX and Linux extends the scope of your Configuration Manager environment to collect inventory, deploy software, and run reports about UNIX and Linux servers in your enterprise. The client operates as a workgroup client that is managed by Configuration Manager.
Mac Client: The following Mac versions are supported in this release:

  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

The following scenarios are supported through the Mac client in Microsoft System Center 2012 R2 Configuration Manager Preview:

  • Discovery – Discovers Mac OS X system in Active Directory and through network discovery
  • Hardware Inventory – Provides hardware inventory and auditing of computers running Mac OS X, including a list of installed software similar to add/remove programs for Windows systems.
  • Settings Management – Ensures computers running Mac OS X comply with company policies using scripts and preference list management.
  • Application Deployment – Distributes required software via app model.
  • Software Updates Management – Distributes patches utilizing Software Distribution and Settings management features.

UNIX/Linux Client: The following UNIX and Linux versions are supported in this release.

  • AIX Version 7.1, 6.1, 5.3
  • Solaris Version 11, 10, 9
  • HP-UX Version 11iv2 , 11iv3
  • RHEL Version 6 , 5, 4
  • SLES Version 11, 10, 9
  • CentOS Version 6, 5
  • Debian Version 6, 5
  • Ubuntu Version 12.4 LTS, 10.4 LTS
  • Oracle Linux 6, 5

The following scenarios are supported by the UNIX and Linux clients:

  • Hardware Inventory – Hardware inventory can be viewed through Resource Explorer and can be used to create collections of UNIX and Linux computers.
  • Software Inventory – Through hardware inventory the list of natively installed software can be gathered from the UNIX and Linux computers – similar to add/remove programs for Windows systems.
  • Software Distribution – Deploy new software, update existing software and apply OS patches to collections of UNIX/Linux computers (using a package and program). Run arbitrary maintenance scripts on a collection of UNIX/Linux servers.
  • Secure and Authenticated Communications
  • Consolidated Reports