Deploy Boot Camp via SCCM

chrisbju
New Contributor III

I read on some forum post that i have to create an SCCM Prestage CD that applies the prestage to a FAT32 partition and capture the image using winclone. Problem is, winclone gives me an error on unsupported format.

Has anyone got this up and running and kind to share how they achieved this?

11 REPLIES 11

burdett
Contributor

Have you looked at this JAMF Nation post? https://jamfnation.jamfsoftware.com/discussion.html?id=10858

franton
Valued Contributor II

As I stated in the other article, don't even bother. Dragons lie that way, and frankly it's not worth the pain involved.

Josh_Smith
Contributor III

We use SCCM to PXE boot and image Parallels VMs, which works great.

I haven't tried bootcamp, and I wouldn't consider it at this point. The primary reason that I am aware of to use bootcamp instead of a VM is for graphics intensive applications on Windows...if that is the case then I would get them a Windows desktop.

chrisbju
New Contributor III

Thanks for the input guys. Think i am going for a sysprepped image. I didn't think of PXE booting in Parallels, i will definitly test that out.

Look
Valued Contributor III

Here is the process that works for us, it creates a fairly large pkg to be deployed and we are using deploy studio so your actual final deployment will differ slightly.

For this to work your boot WIM must have valid ethernet drivers for any models of mac you want to image, you can tell if this is so because SCCM created USB and CD boot media will get an IP address, if this does not happen don't even start till you have resolved this.

Create an SCCM task sequence that does NOT have any partitioning,

Prestage the task sequence and remove all additional content when prompted (it will download as needed anyway and may be out of date if you change any of it), really all you want is the primary image WIM and the boot WIM. This will result in a prestage WIM file

Create a FAT32 partition on a Mac.

Boot to a SCCM USB boot key (you can create these from SCCM as well) and use something like GIMAGEX to apply the prestage WIM to the partition. You might find you need to format the drive to NTFS using DISKPART and it is useful to assign it C: and label it WINDOWS or similar at the same time.

Reboot into OS X (do not let it boot to Windows!).

Use Winclone to do the following.
-Shrink the volume.
-Capture the volume to an image.
-Make the image self extracting.

Copy the BCD from /boot/BCD on the original partition and replace the BCD on the top level of the image with it (the original will be ~16k, the one in the image you will replace will be ~30k).

This should result in a winclone file that can be applied using a variety of methods, like I said we do it using Deploy Studio, if it is all working correctly yu should get the following.

The other part of the puzzle is getting the boot camp drivers in during post image, using the files from the new boot camp 5.xx packages you can cover most models of Mac with just a couple of tasks and queries. This can take a bit of playing around as some of the drivers like Ethernet and USB need to be extracted out for Win PE and most others can be installed just by running the bootcamp installer itself.

This system works resaonably well for us, however we are almost exclusively leased machines so there are very few machines over 3 years old. It did however take two people about 2 weeks of messing about to get it all running smoothly!

lawrence_stegal
New Contributor III

Quick question Look, is your SCCM Prestage System working with new systems like Airs and Retinas? Can you connected with Two Canoes recently? Russell is doing some cool stuff with possible SCCM booting. Can you share some documentation or email me? Need to update our process for Win 10 and would rather have organizations who has done it and can share ideas. Anything will be appreciated...

Look
Valued Contributor III

Not as documented there, it potentially could but the storage on new devices and the requirement/preference for EFI booting makes it dificult, mainly because the EFI boot function from Winclone always acts as though there is a full version of Windows there when SCCM prestage requires it to RAM boot WinPE.
I have a system for imaging Windows 10 that I worked out with some help from Two Canoes but it is still rather a hack and it requires manually booting from SCCM boot media so it's a two visit solution for each machine.
I am secretly hoping Two Canoes is working on a system where you can feed it SCCM boot media with a predetermined task sequence and it will create a deployable solution, But I would settle for detection and support of EFI booting WinPE volumes.

franton
Valued Contributor II

I'll list some of the issues you are going to have with Windows Deployment Services / SCCM on OS X.

1) Unless you're prepared to hack up a pxelinux image deployable through other means, network imaging direct from SCCM is out.
2) As far as i'm aware, SCCM 2012 still doesn't deal with CoreStorage volumes so any Mac that has that and/or FileVault 2 enabled means it's partitioning scheme doesn't work.
3) The EFI booting is a pain. I've had a look at the TwoCanoes script for it's EFI work and it relies on a full Windows installation being present as it copies a lot of files in a couple folders direct to the Mac's EFI partition.
4) There's still a potential incompatibility between the supported EFI versions on Mac vs Windows. This needs testing as my enterprise bootcamp experience only goes up to Windows 8.
5) System Integrity Protection actually causes issues when Winclone tries to make Windows EFI bootable. It also stops any bless commands to target the new partition working. That is unless you do all this work in a NetInstall / Recovery environment where SIP doesn't apply. Any attempts via Self Service or in a NetBoot environment will fail unless SIP has been manually disabled first.

The net effect is for partitioning and deployment of Windows to Macs, you're gonna have to rely on Mac based tools to do it.

Or we've finally hit the point where it's easier and cheaper to buy a commodity PC instead of a Mac, should a user require it.

lawrence_stegal
New Contributor III

Will do some tinkering but again as others have said,dragons lie down some of these roads.

I am thinking that in an imaging system where we NetBoot, OOBE with PowerShell config and updates may be an option. The last SCCM take over. We are looking for flexibility in our environment since we do see switchers and property management can be a nightmare if you go to a commodity PC.

Now I have been toying with using a VMDK and leveraging SCCM in a development phase may help. But then again I may be chasing a rabbit hole.

We have been working with Russell and it may be worth your time to ask him to let you assist in some WinClone stuff he is developing. New stuff in the last few weeks. Again may be a rabbit hole, but may be the light you and I are looking for.

If you get bored and want to drop me a note Lawrence.stegall@killeenisd.org. I know it will help me in some issues I am facing. Thanks for the assist.

lawrence_stegal
New Contributor III

The boot media is pretty standard on the efi's right? I have VERY limited access to our production SCCM environment.

Look
Valued Contributor III

As @franton said there are a number of issues and @lawrence.stegall there are indeed plenty of dragons!
We hit most of these issues.

1) Unless you're prepared to hack up a pxelinux image deployable through other means, network imaging direct from SCCM is out.
- Indeed we ended up using SCCM boot media which while it works is annoying, it did however mean the complete image came directly out of SCCM which was nice from a platform consistency point of view.

2) As far as i'm aware, SCCM 2012 still doesn't deal with CoreStorage volumes so any Mac that has that and/or FileVault 2 enabled means it's partitioning scheme doesn't work.
- You can however slice off a FAT32 partition before enabling it and it does work, of course you still need to move it to NTFS, we accomplished this with a BAT script placed on the target partition that SCCM looked for and ran to convert to NTFS, from memory this was because the partition had to have been created in OS X to work correctly. You can enable FV on a OS X partition afterwards and Windows still works, in fact you can even Bitlocker the Windows partition as well (my laptop is configured thus).

3) The EFI booting is a pain. I've had a look at the TwoCanoes script for it's EFI work and it relies on a full Windows installation being present as it copies a lot of files in a couple folders direct to the Mac's EFI partition.
- Further to that if you just try and use the partition as it is created SCCM can't image to it either because it has MBR information and defaults to none EFI boot and it all falls over. I ended up scripting removing the MBR information, which almost certainly constitutes a dragon in Lawrence's lingo 🙂 Two Canoes assisted here. But once that was done SCCM was able to image successfully, but yes not using Prestage or Winclone as Winclone currently expects a full version of windows.

4) There's still a potential incompatibility between the supported EFI versions on Mac vs Windows. This needs testing as my enterprise bootcamp experience only goes up to Windows 8.
- To be honest we haven't had any issues with this across a range of hardware, basically if we get it USB booting it usually works.

5) System Integrity Protection actually causes issues when Winclone tries to make Windows EFI bootable. It also stops any bless commands to target the new partition working. That is unless you do all this work in a NetInstall / Recovery environment where SIP doesn't apply. Any attempts via Self Service or in a NetBoot environment will fail unless SIP has been manually disabled first.
- SIP is indeed a massive pain in the proverbial! We just had techs manually disable this during their visit on dualboot machines, SCCM simply can't set the boot parameters corectly with SIP protecting the EFI partiton.
- I did add rEFInd to the USB boot media as it has an SIP toggle function which was useful, however it did require the SIP information to have already been populated to the NVRAM to work, which it isn't directly after a PRAM reset for example.

I think but I am not 100% certain that we have the bootcamp network drivers in SCCM so they get included in the boot media, but not certain on that.

I also had a crack at trying out some kind of PXE image to boot directly but my knowledge in this area wasn't really sufficient to crack it on the time frame available, would be pretty keen if someone has a good step by step guide on how to put enough files in the EFI partition or an additional partition to PXE boot a Mac, that would be nice!