Category Archives: Windows 8

Deploy UEFI and Legacy BIOS PC using a custom WinPE

My customer has implemented a custom procedure to build Windows 7/8 machines.

Instead of using MDT or SCCM he uses a custom portal that starts a custom WinPE full of custom code/script.

Now that we need to build Surface 2 Pro devices using the corporate image, we are facing the following challenges:

  • Use a x64 version of WinPE instead the x86 version (on a UEFI device like Surface you can run only x64 operating systems)
  • Find an automatic procedure to know if the bios is legacy or UEFI native
  • Modify the diskpart script in order to fit the different bios requirements

We used WinPE 5.0 x64 from the last Windows AIK Link. This WinPE can apply both x86 and x64 images and run on native UEFI BIOS machines like Surface 2 Pro as well than Legacy BIOS devices.

The second challenge was to find out a procedure to know if we are booting from a UEFI or Legacy BIOS device.

MDT implements a built-in logic to understand the BIOS type. It was not so easy to transport/translate this logic into my custom WinPE so I found two alternatives:

  • Add Powershell feature to WinPE and try the Get-SecureBootUEFI cmdlet Link
  • Use the GetFirmwareEnvironmentVariable function from a C++ program Link

I tried the first one but it seems that the WinPE Powershell feature is only a subset of cmdlet so I was not able to use the Get-SecureBootUEFI cmdlet.

The second one needs to build a .exe that implement the function but fortunately I found this Link

I was able to use the .exe file to discover if a system is booting from UEFI or Legacy BIOS. Link

The code written by Richard Mueller is very simple:

/* Compile this with cl.exe from MS SDK, e.g. ‘cl efidetect.cpp’, that is all. */
/* IBM(c) 2011 EPL license http://www.eclipse.org/legal/epl-v10.html */

#include <windows.h>
#include <stdio.h>

int main(int argc, char* argv[])
{
GetFirmwareEnvironmentVariableA(“”,”{00000000-0000-0000-0000-000000000000}”,NULL,0);
if (GetLastError() == ERROR_INVALID_FUNCTION)
{
// This.. is.. LEGACY BIOOOOOOOOS….
printf(“Legacy”);
return 1;
}
else
{
printf(“UEFI”);
return 0;
}
return 0;

The last point was about change the diskpart behaviour.

If the .exe is returning “Legacy” I will call diskpart with a .txt file that create the classic partitions for Legacy BIOS systems.

If the .exe is returning “UEFI” I will call diskpart with a .txt file that create the correct partitions for UEFI BIOS devices. Link

Use Windows Store in an Enterprise Environment

Windows 8.x introduces a new kind of applications named “Modern”

These kind of applications are packaged as .appx files and are published using the Microsoft Windows Store.

I created a personal FAQ based on my experience with enterprise customers that are interested in using Windows 8.

As you will see, the Windows Store actually is very “consumer” and not really “enterprise”

NOTE: The following informations are updated to Janurary 2014

Q: It’s mandatory to have a Microsoft Account to install and update the modern apps published in the Windows Store?

A: Yes, the only apps that you can update without having a Microsoft Account are the Windows 8 embedded Modern apps (Mail, Calendar, People, Video…)

Q: Can I create a large number of Microsoft Accounts using a script or some service provided by Microsoft

A: No

Q: Can I federate my enterprise directory with the Windows Store in order to avoid the need of a Microsoft Account and provide a single sign-on experience?

A: No

Q: If I develop my own Modern Application I need to publish it on the Windows Store?

A: No, you can distribute it using SCCM, Intune or other products due the fact that you own the .appx file

Q: Can I distribute a Modern Application that is placed in the public store to my users?

A: You can publish a “deep link” that is a sort of web link to the Windows Store page where the user can install the application. It’s not possible to retrieve the .appx file of a Modern App published in Windows Store and it’s not possible to push the installation of a Modern App published in the Windows Store

Q: Can I update a Modern Application that is placed in the public store to my users?

A: No, you can only publish the deep link to the updated version of the app but it’s the user that must open the store and click “update”

Q: It’s possible to buy a large number of Modern Apps from the Windows Store?

A: Actually it’s not possible to buy Modern Applications in bulk. Every single application needs to be bought by the user using a credit card associated with the Microsoft Account

Q: I bought a Modern Application from the Windows Store for a user that is leaving the company. Can I reassign the App?

A: No, the license is chained with the Microsoft Account and you cannot trasfert it

Q: Can I disable the access to the store?

A: Yes using Group policies

Q: Can I prevent users to install some kind of applications from the store?

A: Using App Locker you can prevent the installation of a given set/type of applications