Woukd you be able to write up a article or post on how to manipulate the UEFI boot order using either the Powershell Provider or CCTK.exe if necessary?
My current problem is that I am unable to figure out how to programmatically set the computer to boot from the hard disk. I see that I can list out the boot order and using my own eyes determine which device the hard drive is -- it is not the same on each computer or even the same on every boot. Sometimes it is UEFI.1 sometimes it is UEFI.3 and the Hard Drive description is always a manufaturer's model number not SATA0 or something reliable. Anyway. I would like to develop a reliable method to tell the computer to boot from each of these... Not in order, I mean for A) boot from USB and if there is no USB stick inserted, fail to boot. for B) boot only from SATA HD -- even if there is a bootable USB stick inserted and if the SATA disk is not bootable, fail.
A) the USB stick that is inserted
B) Only SATA hard disks
The "sequence" value in Powershell Provider seems unpredictable when using UEFI. In Legacy, it clearly can be set to boot from USB, CDROM, HardDisk, PXE -- but those forts of names don't exits programmatically in the UEFI boot order as far as I can tell.
Please note Legacy and UEFI are two modes of booting the computer.Legacy is the usual way of booting and UEFI is a more secure way to boot a system.
You have to note that what devices you see in Legacy boot(such as Hard disk,CD-DVD etc..) are not exactly not available in UEFI boot mode. I mean there is no such 1x1 mapping of devices between Legacy and UEFI.
What devices that exists on the system adhereing to UEFI boot are listed.
While what you state is true, it does not address the need to, on a UEFI configured computer, set the boot order to ensure that the computer will boot from the hard disk on the next boot. It is understood that the procedure is different for UEFI and Legacy, what is the problem is that such a thing exists for Legacy and does not for UEFI. Best practice for Bitlocker is to ensure that the hard disk is the first and only bootable device. How would you do that on a Dell computer configured for UEFI programmatically?
There is no way I can see to programmatically ensure the computer to boots from the SATA disk on the next and subsequent boots.
No way to ensure the computer will not boot from a bootable USB stick. No way to prevent the computer from PXE booting.--programmatically.
You can of course go into the BIOS and disable particular boot devices, but doing this programmatically is unpredictable since the various devices show as UEFI.n devices in unpredictable order and the only method provded by the powershell provider is to use those "short names" like UEFI.1, UEFI.2 for sequence. But the hard disk is not always UEFI.1 - sometimes the NIC IPv4 PXE is UEFI.1, sometimes the disk is UEFI.3 etc. So scripting against that is very challenging. Hence the need to additional guidance.
The “UEFI” boot option, shows the available UEFI boot paths (vs. boot devices in "Legacy" boot option). UEFI boot is not intended to be a device-specific boot, and thus there is no default list of UEFI boot paths.
UEFI boot paths only appear if manually setup or pre-defined boot paths are found.
In F2 setup utility, a user can create a boot path by “Add Boot Option” then entering the “Boot Option Name”, “File System List”, and “File Name” .
Please note that UEFI boot paths are highly dependent upon how the user may have named them.
There is a Whitepaper "UEFI on Dell BizClient platforms" available that can be helpful -
I too have some questions regarding the Boot Sequence options. On an E7450 I am testing out the PS cmdlet and the Bootsequence options. A SUCCESS returns indicating my boot order options have applied, which is good and a Get-ChildItem shows the order as what I wanted. BUT the other devices have not been disabled and I cannot see a way to do so without CCTK. Is this correct? Latest BIOS installed and having same issue on a 9020 and E7470 and E7440. This is strictly for Legacy. UEFI functions as expected so far.
In addition, the bootsequence numbers are different. For the E7450, it is 6-10 rather than 1-5, which is odd.
Also, I see no option anywhere for ForcePXEOnNextBoot.
The scenario for me is that I run a script to import an unknown machine into SCCM/AD, set various BIOS options and then set the PXEOnNextBoot flag to enabled using CCTK. Is that an option in the PS cmdlet?
I am asking for the same reason - to do OS deployments, but have a slightly different need. I need to boot from an inserted USB stick rather than PXE boot. After I manually boot from the USB stick, I have the opportunity to configure the BIOS to our standards, but then I need to reboot to the USB stick to start the OSD process. Once the OSD process begins, I need to make sure the remaining reboots go to the hard disk -- and not the USB stick that will likely still be plugged into the computer.
So my thing is like this.
1. Technician boots to the OS Deployment USB stick
2. Pre-execution hook uses Dell Powershell Provider (and CCTK -- I think not all functions are available in PS Provider) to validate the BIOS settings.
3. If BIOS is not configured correctly - configure it correctly and REBOOT back to this USB stick. -- #3 should "pass" this test on reboot and proceed to #4.
4. Configure MDT database and OSD so that the OSD process begins
5. Early steps in OSD reformats the hard disk as UEFI/GPT, stages the WinPE image onto the Hard Disk and reboots to the hard disk.
My problems are that in step three - how do I ensure the reboot will go back to the USB stick?
In step four, how do I ensure that it WILL NOT bootto the USB stick, but boot from the internal HD?
Bitlocker best practice really would really like to have the boot order locked down to boot from the hard disk only and I can't figure out how to do that either - once I am done booting from the USB stick to start the deployment.
This will be a bit of trial and error on your part I believe.
Why do you need the 3rd reboot? You may be able drop the machine into the MDT DB for OSD deployment directly after BIOS defaults. That's what I do. Boot off USB key, drop in BIOS defaults, import into SCCM DB, sleep the machine for 8 minutes to allow SCCM DB propagation and then reboot with NIC as first boot device (UEFI and Legacy MBR), start/load PXE, initiate task sequence/OSD, during OSD steps in WinPE, load BIOS module again and remove NIC from boot devices as primary, and voila! TPM activation occurs at this time too and then once the post-OOBE phase begins, Enable BitLocker and good to go.
If that doesn't sound doable (I have not used MDT in a while so maybe not), then my guess is that once you apply UEFI/Secure Boot options and restart-computer, it will boot from the USB key as no other valid boot devices would be found (if the machine came with a Win7 OS Partition by default it will not be valid for UEFI booting anyway) and even if the NIC is before the USB key, it would have no PXE/WDS server to hit and will just bump to the next device available?
Additionally, once you apply a bootable GPT/UEFI setup to the HDD and it sets a "Windows Boot Manager" option in the BIOS, that will likely trump any connected USB storage device. But again, you could script another batch of steps with 'if' steps to have it apply certain items only if certain conditions are met.
So having the NIC not disabled as a boot device when setup as UEFI does not necessarily mean the machine is not locked down nor does it mean the NIC is going start booting up and the same goes for the USB key. Every time I have setup a UEFI machine, the USB key is secondary as the Windows partition is primary.
Snowed in at home today so I cannot really test it but will do so when I get a chance but I'm pretty sure it works like that.
Also, regarding NIC booting and UEFI, you can disable the 'UEFI Network Stack' option via the cmdlet and that will stop the workstation from booting from the NIC when in UEFI boot mode. You can additionally set the NIC to not boot via PXE.