Boot Media Driver Injection in Altiris 6.9 Using WinPE 3.1

Purpose:

With advent of Symantec Client Management Suite (CMS) 7.1, Altiris 6.9 is now considered to be a legacy program. Unfortunately, CMS’s deployment pieces are not production quality and should not have been released until they had a product that was optimized for enterprise environments. I will not expound upon the reasons why here but sufficeth to say it is sufficient to take the time to resurrect Altiris.

Altiris 6.9 uses a Windows kernel from the Vista era known as the Windows Pre-installation Environment (WinPE) 2.1. For older machines this has worked well in the “Automation” environment, where computers are imaged, but has recently been failing for newer models of computers. The problem is, hardware drivers. Though Altiris has a utility to inject drivers into this WinPE kernel, it relies on the Vista platform for supportability. Because Vista was such a hasty release, very few of the larger organizations have moved to it and in response Microsoft released a more polished and enterprise friendly release, Window 7. As such, few hardware manufacturers provide Vista drivers for their newer hardware but do release Windows 7 drivers.

In order to use these new drivers we need to be able to use the Windows 7 equivalent of WinPE, which is version 3.1, and inject the correct drivers and services into it to be useable in the “Automation” environment. This document will step through a process that I’ve implemented to give new life to the Altiris 6.9 imaging solution.

An overview of the process is as follows:

1.       Install the Windows 7 WAIK tools from Microsoft onto a designated VM or Machine

2.       Copy the Custom Driver Injection Scripts folder to the root of the root of the system drive

3.       Gather the correct drivers

4.       Place the drives in the appropriate folder on a machine that has been setup with the MS WAIK tools and custom scripts

5.       Run a script that:

a.       Copies a fresh 64 bit WinPE.wim file

b.      Mounts the WIM file to the local file-system

c.       Injects the drivers from the previously designated driver folder

d.      Commits the changes and Unmounts the WIM file from the local file-system

e.      Repeats for the 32 bit WinPE.wim

6.       Copy the new WIM file to their respective places on the Altiris server

7.       Remove any links from jobs that reference the old “WinPE Managed” environment

8.       Delete the “WinPE Managed” boot option from the PXE Boot Manager

9.       Create a new “WinPE Managed” boot option in the PXE Boot Manager

10.   Ensure options in the PXE Boot Manager reference the new “WinPE Managed” boot option

11.   Save and Done

Install the Windows 7 WAIK Tools and Custom Scripts

At the present time, the following link will take you to the Microsoft website that contains the installation files for Windows 7 WAIK: http://www.microsoft.com/download/en/details.aspx?id=5753 This will give you access to the WinPE 3.0 environment but in order to be up-to-date you will need to update it to the WinPE 3.1 environment by following the instructions under the title “Installing Windows PE 3.1” from this webpage: http://technet.microsoft.com/en-us/library/dd349350(WS.10).aspx The Windows AIK supplemental ISO image that it references can be found here: http://www.microsoft.com/download/en/details.aspx?id=5188

Next I have made some custom scripts to simplify the process of injecting the drivers into the WinPE image file. These files can be found in a zipped file available here: http://techhandbook.evertechconsulting.com/sites/techhandbook.evertechconsulting.com/files/injectDrivers.zip. There should be a folder called “injectDrivers” in the zip file, copy that folder to the root of the system drive (e.g. C:\injectDrivers). In that folder there should be two folders and one batch script. The “drivers” folder is where you’ll put all of the drivers that you want to inject into the WinPE image. The “mount” folder is where the WinPE image will be mounted in order to inject the drivers and should be empty when you run the script. The file named “injectDrivers.bat” is the script that will simplify the driver injection process.

Gather the Correct Drivers

When in the “Automation” state, the most important things to have working are 1) Internet Access and 2) Hard Drive access, because most likely you’re going to write an image that is stored on a network location to the local Hard Disk Drive.

There are several ways to get the drivers for a new model of computer. New HP machines have a folder on the root of the system drive called “swsetup” and all of the programs and drivers that come with the machine are typically in that directory. As a rule of thumbs, I copy this folder to a share that I use as a driver repository and then only copy the network and disk drivers to the “drivers” folder previously mentioned (e.g. C:\injectDrivers\drivers).

If you are unable to get the original drivers off of the machine, the manufacturer’s website often has a place where you can download all of the drivers for that particular model. More often than not they are in an archived format ZIP or EXE and will need to be expanded before copied into the “drivers” folder.

Run the Script

At this point all you need to do is run the “injectDrivers.bat” script and it will generate two additional files in the “injectDrivers” folder, “winpe_amd64.wim” and “winpe_x86.wim”. Upon completing the injection a log file will be displayed and, at this point, the driver injecting is done.

Linking to Altiris

Once the WIM images have been modified we need to configure Altiris to use these files.

First, copy the respective files to the Altiris “express” share in the appropriate folders:

copy /Y “C:\injectDrivers\ winpe_x86.wim” “\\[AltirisServer]\express\WAIK\Tools\PETools\x86\winpe.wim”

copy /Y “C:\injectDrivers\ winpe_amd64.wim” “\\[AltirisServer]\express\WAIK\Tools\PETools\amd64\winpe.wim”

At this point you can create a boot disk using the “Boot Disk Creator” and be able to boot from a CD or USB disk. However, in order to boot from PXE using the new boot images we’ll need to do some more configuring.

Second, open up the “PXE Configuration Utility” and delete the “Boot Menu Option” called “WinPE Managed”. If the “In use by DS” column contains “Yes” you will be unable to delete the boot option. If this is the case, close the utility and go through all of the jobs and change all Automation tasks that reference “WinPE Managed” to “Default Automation (Auto-select)”. Then reopen the “PXE Configuration Utility” and if you didn’t miss any jobs there should no longer be a “Yes” in that column at which point you can delete it.

Another simple way to be able to delete the old PXE option is to export all of your current jobs to a .bin file and delete all the jobs. After recreating the PXE boot option you will be able to import the same .bin file to restore the jobs.

Note: It is possible to create a new boot option without deleting the old first but that would open up the possibility of mass confusion, stress, pain and anguish.

Third, create a new Boot Menu Option by clicking “New…” on the right hand side of the utility. Name it “WinPE Managed” to maintain consistency in the environment. Select “WinPE” in the first column. Check only the “x86” and “amd64” boxes in the second column (ie uncheck “ia64”) as the ia64 is only for the Itanium line of processors that are seldom if ever used in desktop machines. In the third column “Boot Disk Creator” should be selected. Click on “Create Boot Image…”

·         Click “Next >”, “Next >”, “Next >”

·         ensure your Altiris server’s IP is correct then click “Next >”

·         (Workgroup=Hostname of the Altiris Server, User Credentials=local imaging user credentials) “Next >”

·         Copy the “Path” and then delete it, select the O: drive from the Drive field and then paste the value back into the “Path” field. This is necessary if there will ever be a machine that has more than three drives and/or partitions, (e.g. Computer HDD has three partitions and a DVD drive it takes up C: D: E: and F: drives thus the express share will fail to mount to the F: drive if it’s not changed. The O: drive should be safe.)

·         Ensure the checkbox “Create an entry in the LMHOSTS…” is selected and the “IP address” is correct, Click “Next >”

·         “Next >”, “Next >”, “Next >”, “Next >”

At this point, Altiris will build the PXE files for “x86” and “amd64” in most cases there is a significant wait time associated. It actually does some of the similar actions that the script does but it adds the Altiris specific files and DAgent to the image as well. When it is done, click “Finish” and “Ok”.

Fourth, Switch to the “DS” tab and select “WinPE Managed” for the “Default boot option:” and the “Boot option for unknown computer:”.

Lastly, Click “Save” and when it’s done updating “OK” and you’re ready to test out the Configuration.

 

Script Explained

Just for informational purposes I will now explain what the script does. The process of injecting the drivers include coping a fresh copy of the WinPE.wim image to the injectDrivers folder. Because there are different WIM images for 64 bit and 32 bit I rename the file to reflect the architecture difference, thus “winpe_amd64.wim” and “winpe_x86”.

copy /Y "C:\Program Files\Windows AIK\Tools\PETools\x86\WINPE.WIM" “C:\injectDrivers\winpe_ x86.wim”

Next I use the “dism” command to mount the WIM file to the “mount” folder so that we can access the contents of the WIM image:

dism /mount-wim /wimfile: C:\injectDrivers\winpe_x86.wim /index:1 /mountdir: C:\injectDrivers\mount

Next there are certain “packages” that need to be added in order for scripting and other administrative operations to be possible in the “Automation” environment. Again we use the “dism” command to add these packages:

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-hta.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-hta_en-us.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-legacysetup.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-legacysetup_en-us.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-mdac.cab" >> C:\injectDrivers\injectDrivers.log

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-mdac_en-us.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-pppoe.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-pppoe_en-us.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-scripting.cab" >> C:\injectDrivers\injectDrivers.log

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-scripting_en-us.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-wmi.cab"

dism /image:C:\injectDrivers\mount /add-package /packagepath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-wmi_en-us.cab"

Please note that these packages are architecture specific and that if you were to be creating a 64 bit boot image that you need to replace “x86” with “amd64”. The batch script I’ve made addresses this issue but it is very important.

Next we need to inject the needed drivers into the WIM image. This is a little more simple because it will inject all drivers that it can use and will ignore the rest and therefore we don’t need to sift through all of the drivers to manually verify or sort them into their respective architecture. All we need to do is point it to the “drivers” folder and pass it the “recurse” option.

dism /image:C:\injectDrivers\mount /add-driver /driver:C:\injectDrivers\drivers /recurse /ForceUnsigned

Lastly, we need to commit the changes and unmount the WIM image:

dism /unmount-wim /mountdir:C:\injectDrivers\mount /commit

At this point the winpe_x86.wim file is ready to be copied over to the Altiris server. The script automates this whole process and contains all of the logic to go through it twice, once for 32 bit and then again for 64 bit. The full script entire is displayed below:

 

@echo off
set root=C:\injectDrivers
set mount=%root%\mount

echo -----------Build WinPE Wim Files----------- > %root%\injectDrivers.log

:X86
set arch=x86
set i=0

:BUILD
echo ---------------------- %arch% ---------------------- >> %root%\injectDrivers.log
set petools=C:\Program Files\Windows AIK\Tools\PETools\%arch%
echo "Copying Fresh %arch% Wim File..."
copy /Y "%petools%\WINPE.WIM" %root%\winpe_%arch%.wim >> %root%\injectDrivers.log
echo "Mounting Wim File..."
dism /mount-wim /wimfile:%root%\winpe_%arch%.wim /index:1 /mountdir:%mount% >> %root%\injectDrivers.log

echo "Adding HTA Package..."
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-hta.cab" >> %root%\injectDrivers.log
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-hta_en-us.cab" >> %root%\injectDrivers.log

echo "Adding Legacy Setup Package..."
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-legacysetup.cab" >> %root%\injectDrivers.log
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-legacysetup_en-us.cab" >> %root%\injectDrivers.log

echo "Adding MDAC Package..."
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-mdac.cab" >> %root%\injectDrivers.log
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-mdac_en-us.cab" >> %root%\injectDrivers.log

echo "Adding PPPOE Package..."
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-pppoe.cab" >> %root%\injectDrivers.log
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-pppoe_en-us.cab" >> %root%\injectDrivers.log

echo "Adding Scripting Package..."
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-scripting.cab" >> %root%\injectDrivers.log
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-scripting_en-us.cab" >> %root%\injectDrivers.log

rem echo "Adding Setup Package..."
rem dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-setup.cab" >> %root%\injectDrivers.log
rem dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-setup_en-us.cab" >> %root%\injectDrivers.log

rem echo "Adding Setup Client Package..."
rem dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-setup-client.cab" >> %root%\injectDrivers.log
rem dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-setup-client_en-us.cab" >> %root%\injectDrivers.log

rem echo "Adding Setup Server Package..."
rem dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-setup-server.cab" >> %root%\injectDrivers.log
rem dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-setup-server_en-us.cab" >> %root%\injectDrivers.log

echo "Adding WMI Package..."
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\winpe-wmi.cab" >> %root%\injectDrivers.log
dism /image:%mount% /add-package /packagepath:"%petools%\WinPE_FPs\en-us\winpe-wmi_en-us.cab" >> %root%\injectDrivers.log

echo "Injecting Drivers..."
dism /image:%mount% /add-driver /driver:%root%\drivers /recurse /ForceUnsigned >> %root%\injectDrivers.log
echo "Unmounting Wim File..."
dism /unmount-wim /mountdir:%mount% /commit >> %root%\injectDrivers.log

if %i%==0 goto AMD64
if %i%==1 goto END

:AMD64
set arch=amd64
set i=1
goto BUILD

:END

start notepad %root%\injectDrivers.log &

Site proided by EverTech Consulting