Last updated
#Ensure you have you have updated your ADK directory; https://github.com/systemcenterblog/Blog/blob/master/ConfigMgr/Baselines/CVE-2023-24932/UpdateADK.ps1
#Update these to suit your needs
$WinPE_x64WorkSpace = "C:\WinPE_x64_OSDWorkSpace"
$MountDir = "C:\WinPE_x64_MountDir"
#remove-item $WinPE_x64WorkSpace -Force
#Default ADK Paths
$ADKPath = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit"
$ADKPathPE = "$ADKPath\Windows Preinstallation Environment"
if (Test-Path -Path $ADKPathPE){
Write-Host "Found ADK PE: $ADKPathPE" -ForegroundColor Green
$ADKImage = Get-WindowsImage -ImagePath "$ADKPathPE\amd64\en-us\winpe.wim" -Index 1
}
else {
Write-Host "Did not detect ADK in path $ADKPathPE"
throw
}
if (!(test-path -path "$WinPE_x64WorkSpace")){New-Item -Path $WinPE_x64WorkSpace -ItemType Directory | Out-Null}
if (!(test-path -path "$MountDir")){New-Item -Path $MountDir -ItemType Directory | Out-Null}
#Create OSDCloud Template - This will build x64 template
#remove-item C:\ProgramData\OSDCloud\Templates -force
$OSDCloudTemplateName = 'x64'
if ((Get-OSDCloudTemplateNames) -notcontains "$OSDCloudTemplateName"){
New-OSDCloudTemplate -Name x64
}
#Create the OSDCloud WorkSpace - This will be created based on the template
#This command will mount the winpe.wim file to programdata and apply component cabs. When finished it will copy to directory $WinPE_x64WorkSpace called boot.wim
New-OSDCloudWorkspace -WorkspacePath $WinPE_x64WorkSpace
#Update-OSDCloudWorkspace -WorkspacePath $WinPE_x64WorkSpace
#Create the USBStick - First time
#This will copy the contents of $WinPE_x64WorkSpace to the USB stick. If you followed the UpdateADK.ps1 script the boot stick will be Windows UEFI 2023 CA signed
New-OSDCloudUSB -WorkspacePath $WinPE_x64WorkSpace
#If you need to boot with Windows UEFI 2011 CA signed (before applying the Remediation) change the bootx64.efi file back to the 2011 signed file. The UpdateADK.ps1 backed this file up.
#Assumes D: is your USB drive letter
Copy-Item "$ADKPathPE\amd64\Media\bootmgr.efi.2011" "D:\bootmgr.efi" -Force -Verbose
Copy-Item "$ADKPathPE\amd64\Media\EFI\Boot\bootx64.efi.2011" "D:\EFI\Boot\bootx64.efi" -Force -Verbose
#Add Modules to the finished OSDCloudWorkspace boot.wim if required.
<#
#Mount-WindowsImage -Path $MountDir -ImagePath "$WinPE_ARM64WorkSpace\media\sources\boot.wim" -Index 1 | out-null
Add PS Modules to the Boot Image
write-host "Saving PowerShell Modules to boot.wim" -ForegroundColor Green
Save-Module -Name PowerShellGet -Path "$MountDir\Program Files\WindowsPowerShell\Modules"
Save-Module -Name PackageManagement -Path "$MountDir\Program Files\WindowsPowerShell\Modules"
Save-Module -Name DellBIOSProvider -Path "$MountDir\Program Files\WindowsPowerShell\Modules" -AcceptLicense
Save-Module -name OSD -Path "$MountDir\Program Files\WindowsPowerShell\Modules"
#
#Add Drivers
# Add-WindowsDriver -Path "c:\offline" -Driver "c:\test\drivers" -Recurse
if (Test-Path "$WinPE_x64WorkSpace\Drivers"){
write-host "Adding Drivers from $WinPE_x64WorkSpace\Drivers to boot image" -ForegroundColor Green
Mount-WindowsImage -Path $MountDir -ImagePath "$WinPE_x64WorkSpace\media\sources\boot.wim" -Index 1 | out-null
Add-WindowsDriver -Path $MountDir -Driver "$WinPE_x64WorkSpace\Drivers" -Recurse | out-null #This will be a folder of drivers you collect to add to your WinPE... good luck
Dismount-WindowsImage -Path $MountDir -Save | out-null
write-host "Adding Drivers Complete" -ForegroundColor Green
}
#>
#Update (for if you add drivers or modify your boot.wim file, which you'll do when you want to update the PS Modules)
Update-OSDCloudUSB
#MakeWinPEMedia /UFD C:\WinPE_arm64 P:
#MakeWinPEMedia /UFD C:\WinPe P:
#>
#Ensure you have you have updated your ADK directory; https://github.com/systemcenterblog/Blog/blob/master/ConfigMgr/Baselines/CVE-2023-24932/UpdateADK.ps1
#Update these to suit your needs
$WinPE_x64WorkSpace = "C:\WinPE_x64_OSDWorkSpace"
$MountDir = "C:\WinPE_x64_MountDir"
#remove-item $WinPE_x64WorkSpace -Force
#Default ADK Paths
$ADKPath = "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit"
$ADKPathPE = "$ADKPath\Windows Preinstallation Environment"
if (Test-Path -Path $ADKPathPE){
Write-Host "Found ADK PE: $ADKPathPE" -ForegroundColor Green
$ADKImage = Get-WindowsImage -ImagePath "$ADKPathPE\amd64\en-us\winpe.wim" -Index 1
}
else {
Write-Host "Did not detect ADK in path $ADKPathPE"
throw
}
if (!(test-path -path "$WinPE_x64WorkSpace")){New-Item -Path $WinPE_x64WorkSpace -ItemType Directory | Out-Null}
if (!(test-path -path "$MountDir")){New-Item -Path $MountDir -ItemType Directory | Out-Null}
#Create OSDCloud Template - This will build x64 template
#remove-item C:\ProgramData\OSDCloud\Templates -force
$OSDCloudTemplateName = 'x64'
if ((Get-OSDCloudTemplateNames) -notcontains "$OSDCloudTemplateName"){
New-OSDCloudTemplate -Name x64
}
#Create the OSDCloud WorkSpace - This will be created based on the template
#This command will mount the winpe.wim file to programdata and apply component cabs. When finished it will copy to directory $WinPE_x64WorkSpace called boot.wim
New-OSDCloudWorkspace -WorkspacePath $WinPE_x64WorkSpace
#Update-OSDCloudWorkspace -WorkspacePath $WinPE_x64WorkSpace
#Create the USBStick - First time
#This will copy the contents of $WinPE_x64WorkSpace to the USB stick. If you followed the UpdateADK.ps1 script the boot stick will be Windows UEFI 2023 CA signed
New-OSDCloudUSB -WorkspacePath $WinPE_x64WorkSpace
#If you need to boot with Windows UEFI 2011 CA signed (before applying the Remediation) change the bootx64.efi file back to the 2011 signed file. The UpdateADK.ps1 backed this file up.
#Assumes D: is your USB drive letter
Copy-Item "$ADKPathPE\amd64\Media\bootmgr.efi.2011" "D:\bootmgr.efi" -Force -Verbose
Copy-Item "$ADKPathPE\amd64\Media\EFI\Boot\bootx64.efi.2011" "D:\EFI\Boot\bootx64.efi" -Force -Verbose
#Add Modules to the finished OSDCloudWorkspace boot.wim if required.
<#
#Mount-WindowsImage -Path $MountDir -ImagePath "$WinPE_ARM64WorkSpace\media\sources\boot.wim" -Index 1 | out-null
Add PS Modules to the Boot Image
write-host "Saving PowerShell Modules to boot.wim" -ForegroundColor Green
Save-Module -Name PowerShellGet -Path "$MountDir\Program Files\WindowsPowerShell\Modules"
Save-Module -Name PackageManagement -Path "$MountDir\Program Files\WindowsPowerShell\Modules"
Save-Module -Name DellBIOSProvider -Path "$MountDir\Program Files\WindowsPowerShell\Modules" -AcceptLicense
Save-Module -name OSD -Path "$MountDir\Program Files\WindowsPowerShell\Modules"
#
#Add Drivers
# Add-WindowsDriver -Path "c:\offline" -Driver "c:\test\drivers" -Recurse
if (Test-Path "$WinPE_x64WorkSpace\Drivers"){
write-host "Adding Drivers from $WinPE_x64WorkSpace\Drivers to boot image" -ForegroundColor Green
Mount-WindowsImage -Path $MountDir -ImagePath "$WinPE_x64WorkSpace\media\sources\boot.wim" -Index 1 | out-null
Add-WindowsDriver -Path $MountDir -Driver "$WinPE_x64WorkSpace\Drivers" -Recurse | out-null #This will be a folder of drivers you collect to add to your WinPE... good luck
Dismount-WindowsImage -Path $MountDir -Save | out-null
write-host "Adding Drivers Complete" -ForegroundColor Green
}
#>
#Update (for if you add drivers or modify your boot.wim file, which you'll do when you want to update the PS Modules)
Update-OSDCloudUSB
#MakeWinPEMedia /UFD C:\WinPE_arm64 P:
#MakeWinPEMedia /UFD C:\WinPe P:
#>