Using MBR2GPT with Configuration Manager OSD

devices-windows-10-creators-update-banner

[Update 4/5/2017] This post was based on the MBR2GPT that was released with the Windows Insider build 15007. There are a few things that have changed since then – the /silent switch has been replaced with the /convert switch. Also, it is highly recommended to run MBR2GPT from WinPE 1703 (this is required for earlier versions of Windows 10 – 1507, 1511, 1610). Look out for a new post on using this tool with Configuration Manager (including how to use it with BitLocker systems).

In my previous post, Getting Started with MBR2GPT, I showed a first look at the MBR to GPT conversion utility that is going to be released with the upcoming Windows 10 Creators Update. In this post, I am going to show how it can be integrated with a Configuration Manager OSD Task Sequence. In this test, I reset my test machine back to Legacy BIOS and disabled Secure Boot. Next, I installed build 15002 of the Windows 10 Enterprise Insider Preview, joined it to my test domain and installed the Configuration Manager 1610 client.

Starting off simple, the goal was to see if I could run MBR2GPT in a simple Task Sequence and automate what I did manually in the previous post. The first thing I did was add MBR2GPT.EXE to my 1E BIOS to UEFI OEM Toolkit Package – since I need to change the BIOS settings, it made sense to just add it to this package. The next step was to create a custom, simple Task Sequence – one that I can later just copy into a Windows 10 In-place Upgrade Task Sequence. The end result looks like this:

001-using-mbr2gpt

For the Options on this Group, I put the following Conditions:

002-using-mbr2gpt

I only want to run this on a Dell, HP or Lenovo that is currently running Legacy BIOS (no need to run it if the system is already UEFI).

The next step is to run MBR2GPT. This is the same command that I ran manually, but I added the /silent switch so that it would run without prompting for input:

003-using-mbr2gpt

Next, I run my 1E BIOS to UEFI OEM step (available to 1E Nomad customers) to configure the necessary BIOS settings. In this case I want to enable Secure Boot as well. The nice thing about this step is that conditions can be added so there can be multiple configuration – for example, one with Secure Boot and maybe one without Secure Boot (for systems that might have conflicts with Secure Boot because of bad video card drivers).

004-using-mbr2gpt

The last thing to do is reboot after running both of these steps in order for the configurations to take effect.

005-using-mbr2gpt

Running this Task Sequence on my test system yielded the following in the smsts.log where we can see that MBR2GPT ran successfully:

006-using-mbr2gpt

Adding this into an in-place upgrade Task Sequence might look something like this:

007-using-mbr2gpt

Keep in mind that this is only part of the Windows Insider release right now and should not be used in production, but initial tests seem to show promising results. Also, there are still some blockers for being able to use in-place upgrade like I mentioned in the previous post. Have a plan on how you plan on handling applications that need to be uninstalled, upgraded and replaced. In other words, just because you can do in-place upgrade, do you still want that old version of Office on your shiny new Windows 10 OS? In addition, Windows 10 content is going to have a massive impact to your network. Not just the Feature Updates, but the Quality Updates (i.e. security patches) are likely to have the biggest impact (especially if you have to patch multiple versions of Windows 10). Look into using a peer to peer solution (like 1E Nomad) sooner rather than later. Lastly, chances are, you are going to have to support multiple deployment methods in your environment – make sure the tools (and vendor) you choose is capable of handling all of them seamlessly (don’t settle for cheap knock offs – you get what you pay for and can open up your network to unwanted security vulnerabilities). Baremetal for new computers and break/fix, hardware refresh/replacement, wipe-and-load, and in-place upgrade.

Originally posted on https://miketerrill.net/

14 thoughts on “Using MBR2GPT with Configuration Manager OSD

  1. Pingback: Getting Started with MBR2GPT | Mike's Tech Blog

  2. How well does MBR2GPT work if the drive is encrypted with bitlocker? Can we just disable bitlocker or would we need to fully decrypt the system before converting?

      • Using the switches that I published in the blog did not work – it returns an error: Cannot find room for the EFI system partition. There is a map switch that might come into play later. I would imagine that they are looking at the BitLocker scenario…

      • So maybe it wasn’t BitLocker that caused the failure. I was testing it on 1607 and it doesn’t seem to work with or without BitLocker. Time to install build 15002 and test BitLocker.

      • Update: I was able to get it partially working with BitLocker on 15002. I say partially because I needed to do some things with reagentc in order to re-enable BitLocker so this looks really promising. 🙂

  3. Pingback: Using MBR2GPT with Configuration Manager OSD | Skatterbrainz Blog

  4. Oh now I realized that “REAgentC” is a CMD Utility…;-)
    Can you explain which commands you used and the order together with MBR2GPT?

    • I did a few things, but still need to do some more testing. I am also waiting to see if they address it in a future Windows Insider Build before spending too much time on it.

  5. Hi Mike,

    I got confirmation from MS that this tool works on 1511 and 1607 only when run in WinPE. You have to download the creators update ADK (10.1.150121.1000) and install this ADK on your primary SCCM server. Then you can add the boot image from this ADK (I wasn’t able to add the boot image from this ADK when I still had the 1511 or 1607 ADK installed) into SCCM. You can then do a restart in winpe at the very end of your upgrade sequence and run the MBR2GT commands:

    MBR2GPT.Exe /silent /logs:%_SMSTSLogPath%

    I’m doing this at the moment with a run command line step. If you don’t specify this: /logs:%_SMSTSLogPath% then the logs will get stored by default in %WINDIR%, but since it’s in WINPE that means it will go to X:\Windows\System32 and get deleted on reboot.

    Then I’m running the Dell BIOS CCTK commands to flip to UEFI (while still in winpe) and then reboot and voila!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s