/build/static/layout/Breadcrumb_cap_w.png

Deploy Windows 11 with the SDA

Here again your favorite Random Dude,


Hope everything have been going good for everyone. As it is well known Windows 11 is out there and everyone wants it, but there are some bigger changes that we need to keep in mind.

System firmware: UEFI, Secure Boot capable

TPM:           Trusted Platform Module (TPM) version 2.0. <-- pretty important

Storage          64 GB 

Windows 11 requirements


Secure boot is still not supported for PXE but you can use this workaround in the mean time. Now that we have cover our basis lets get on going.

1. KBE, KACE still haven't released documentation that Windows 11 is Officially supported, I tried to create a KBE with the newer Windows 11 ADK but it didn't work, so I went ahead and tested with my latest 8.2 2004 KBE and it worked like a charm. Here we have the KB on how to create the KBE.

2. Upload your Windows 11 media with the 8.2 Media Manager (KB how to upload the ISO )

3. You may need a new/modified Partitioning task, see this post. Is awesome!

3a. Additionally, on that post you can find a way to bypass the compatibility checks for TPM and Secure boot 

4. As Windows 11 is not really supported by the SDA, in the Answer file wizard you need to define the version that you are going to install. See example

wDUM1zFm2VEdwAAAABJRU5ErkJggg==

5. Add the new task(s) created on step 3 and just deploy just Scripted install as expected

6. I confirmed that the Windows 10 Debloater works for Windows 11, so you can give it a try 

6a. You may still need to remove the following packages manually to get it working, they were giving me a hard time

Microsoft.OnedriveSync

MicrosoftTeams

5319275a.WhatsappDesktop

7. The KACE Sysprep tool does work! Just be sure to run the updated one (as of today 4.1.1.3), download here the 4.1.1.1 and then just do the upgrade when prompted. Protip, ignore that it refers to it as "Windows 10". 

vnX+H8B5P1Tk9b+caQAAAAASUVORK5CYII=

8. Disable the "Real-Time protection"

8fZq0GXpBl9gAAAAAASUVORK5CYII=

9. Execute the sysprep as administrator

10. Boot to your SDA and capture C: only as usual

11. After the image is captured, you can use the [DISK] Create/Apply BIOS/UEFI Partitions task and you are ready to go


I hope this helps someone. If you have any questions or comments put them down there.


See you in my next post!


Comments

  • fantastic post, im glad to have some resources to look at when we get to our upgrade phase - LeftEyeTlc 1 month ago
  • Few comments on your excellent post
    1. Using the 8.2 Media Manager I and others on the team were able to successfully create a KBE using the new Windows 10 ADK, the only issue is that it thinks it is PE 10 because, well Microsoft. Seriously, it installs in Windows Kits\10 which is part of our check. That will be fixed in the next release. All you need to do is change the "Name" field to say PE11 and it is all good. If you had issues, maybe check your Media Manager log in %temp% of the machine used to build it. Also be aware that the footer in KBE will say PE 10 (2009), again Microsoft chose to use 10 as the major version and have 2009 in the build registry entry for some reason. Working on that as well.
    2. More informational than anything else, but you can also put your ISO on client drop and use the Source Media Import in the appliance UI.
    3, Definitely need that change for scripted installs, unless one wants to add all the partitioning stuff into the configuration (answer) file, which I have tested and works.
    6a. I definitely had to remove "Microsoft.OnedriveSync" before sysprep worked, I'll add that to sysprep executor. If you can grab the log on the other ones for move detail on app name, I can add those as well.
    7. Sysprep Creator has been depricated as the tool is now built into the UI and provides a link to download sysprep executor from the appliance. This also allows up to update the tool and the appliance downloads it during the nightly update check. If you could remove that link it would be appreciated.
    8. It is so frustrating that this must be done manually. Sysprep Executor does run a powershell script in a loop to try and turn it off, but since some change back in win10 it is not consistent at all. Wish there was a better way to automate that process. - cserrins 1 month ago
  • Not sure if this is helpful for people or not, but I've managed to get Windows 11 going following just about everything RandomITDude said. I used the 2004 KBE on a UEFI-USB bootable thumb drive. Here is a list of things that we've historically removed via powershell. (not using the debloater)

    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.Getstarted_10.2.41172.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.MicrosoftOfficeHub_18.2104.12721.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.People_2020.901.1724.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName microsoft.windowscommunicationsapps_16005.12827.20400.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.WindowsFeedbackHub_2021.427.1821.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.ZuneMusic_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.ZuneVideo_2019.21012.10511.0_neutral_~_8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe
    Remove-AppxProvisionedPackage -Online -PackageName Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe

    Remove-AppxPackage Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe
    Remove-AppxPackage MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe

    One thing that DIDN'T work is the built in "Apply UEFI Partitions" section. We run:
    bcdboot C:\windows /s s: /f UEFI
    but use "Create UEFI partitons" in the pre-installation tasks.

    Hope this helps. - scdavissmith 3 weeks ago
    • Try using the built in [DISK] tasks instead. - cserrins 3 weeks ago
  • Didn't work for us got an error
    Windows could not format a partition on disk 0. the target disk, partition or volume does not support the specified operation. the error occurred while preparing the partition selected for install error code 0x80300024 - binuani 3 weeks ago
    • If you are running a scripted install and using the built in [DISK] tasks, you must make a modification to the pre on and remove the create partition MSR line. - cserrins 3 weeks ago
      • That worked! thank you very much!! - binuani 3 weeks ago
  • Able to PXE boot the machine using the USB and the Scripted installation starts, but I get "This PC doesn't meet the minimum requirements...." from Windows 11 setup even though I know this model (Optiplex 3080) does support it. Suggestions? - gochjj 2 weeks ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ