Windows 10 UEFI and Fast Startup



  • Hello, I’ve got a Windows 10 golden image for UEFI all configured and up and running. It works magically!

    But, I’m running into an issue where after setting the boot order to PXE first, I’ll deploy my shiny image and when it runs through configuring the machine Windows will revert the boot order to put Windows Boot Manager first. I don’t want that at all since it means the box won’t PXE boot on it’s own anymore. Any idea how to stop windows from screwing around with boot order?

    I’ve maybe figured that Fast Startup “feature” is the culprit responsible, and am currently re-capturing my image with a sysprep stage 4 specialize command of “powercfg /H off” to disable hibernate (and disable Fast Startup by association), so I’ll find out in a moment whether this idea worked or not, but I’m not very hopeful as the OS reboots a few times during device installation portion of OOBE and I’m thinking the specialize steps may not take effect before these reboots. Guess I’ll see in a bit…

    Is Windows 10 One touch imaging for UEFI possible now, given the OS’s propensity to make these arbitrary boot order changes? It worked great under 7, and I’m thinking 10 under legacy/mbr works fine as well, but MBR’s not an option for us anymore due to Bitlocker/TPM 2.0



  • We noticed the same thing, looks like in the “specialize” phase Windows setup adds itself as the first entry. I didn’t see any option in the unattend.xml file to disable or alter this, and we didn’t want to use a Dell utility since we have other hardware, so we put this in the custom script we have running at the end of the “specialize” phase:

    bcdedit /set {fwbootmgr} displayorder {bootmgr} /addlast
    

    This moves the active Windows boot manager (which was just added and is referenced by {bootmgr}) to the end of the list. The {fwbootmgr} apparently references the system UEFI firmware. If you have more boot options you want in a specific order, you might be better off trying to move the PXE boot option to the top. Also, since you mentioned Bitlocker, I’ve seen posts indicating that you need to have the Windows Boot Manager first if you’re using Bitlocker, so you might not be able to do this anyway.

    Since Windows setup will just keep adding more boot managers to the UEFI list every time you image (when it goes through setup), we also added this block to our script to remove old entries:

    for /F "tokens=2 delims={}" %%i in ('bcdedit.exe /enum {fwbootmgr}') do (
        if "%%i" NEQ "fwbootmgr" (
            if "%%i" NEQ "bootmgr" (
                echo Checking %%i for old Windows boot manager...
                bcdedit.exe /enum {%%i} | find /C "Windows Boot Manager" >nul
                if errorlevel 1 (
                    echo Not old Windows UEFI boot manager.
                    bcdedit.exe /enum {%%i} | find "description"
                ) else (
                    echo Found Windows UEFI boot manager from previous installation, removing...
                    bcdedit.exe /enum {%%i}
                    bcdedit.exe /delete {%%i}
                )
            )
        )
    )
    

    This will enumerate the UEFI boot list for Windows boot managers excluding the active one, and remove them, so you don’t keep adding an entry every time you image the computer. I would recommend testing this first if you’re going to use it, I have only tested it a couple times :)



  • @Florent
    Hi,
    Solution for Dell workstations : Dell Command Configure

    Script : https://www.dell.com/community/Enterprise-Client/Dell-Command-Configure-bootorder/td-p/5075223



  • Hi,
    Same problem here (on Dell computers).
    I set PXE first order in BIOS (UEFI) but after deploy Windows 10 , Windows boot manager go ahead …
    Very hassle because we used to clone our classroom on night when nobody is there.

    Only solution what i found is to set Wake on lan option to boot on “LAN With PXE” . And shutdown computer and launch deploy task


  • Moderator

    @malos said in Windows 10 UEFI and Fast Startup:

    Any idea how to stop windows from screwing around with boot order?

    The snark in me wants to say, yeah switch to linux…

    I can see that with uefi firmware windows may have an avenue to change the boot order especially if bitlocker is enabled windows needs to be sure that the bitlocker check code is run at startup… And too, bitlocker will get cranky if you mess with the boot order after its set. I’ve seen bitlocker get cranky if you change firmware settings, update the firmware or even a windows patch will force a revalidation.

    While this isn’t a solution for your environment, we require the tech to be in front of a system when starting the imaging process so we have all of the systems configured to boot right to the hard drive. Then when a tech goes to image a machine he/she presses F12 at startup to pxe boot into FOG.
    Disabling fast startup is a requirement for the golden image because if fast startup is enabled I’ve seen FOG image cloning issues since the disk is never really closed when in fast startup suspend is enabled.



  • @Malos Have you tried changing this in the BIOS? You should be able to do this in the BIOS easily, Windows does not really modify anything in the BIOS unless you make a script specific to your BIOS. I honestly would just remove the Windows Boot Manager. Making the hard-drive first boot priority in the end should resolve it, while having PXE as second boot option.


 

606
Online

5.4k
Users

12.6k
Topics

118.6k
Posts