Last year, we highlighted (and addressed) a very specific challenge facing IT administrators preparing to migrate to Windows 10. While most organizations want to take advantage of the security features such as Secure Boot, Device Guard and Credential Guard in Windows 10, these features require UEFI firmware and the majority of Windows 7 devices today, while equipped with UEFI firmware, are configured to run BIOS emulation mode. We needed a way to automate the conversion in a single Configuration Manager OS Deployment Task Sequence, so it was all taken care of at the time Windows 10 gets deployed.
Most hardware vendors provide tools to automate configuration of the firmware settings, including switching from BIOS emulation to UEFI, but they are not straightforward. Even within a single vendor’s portfolio, variations in settings between models and BIOS versions mean you need to do your homework to determine the right commands to execute and also the order in which they should be executed.
But configuring the firmware is only the first step – at the same time, you have to change the disk partition system from Master Boot Record (MBR) to GUID Partition Table (GPT). When we investigated this last year, the only supported method of converting from MBR to GPT was to repartition the disk (which means you lose all your data and apps, which you then have to put back to avoid grumpy users). Even if you did this, the deployment would fail if you started the OSD Task Sequence in BIOS mode with an MBR disk and switched to UEFI with a GPT disk.
The 1E BIOS to UEFI solution that was released with 1E Nomad 6.1 last year addressed all these issues. It first abstracted the various firmware configuration commands for the most common vendors (Dell, HP, and Lenovo) through a very simple properties page in a Task Sequence step. Simply select the options you want to be enabled, and we do the work behind the scenes to execute the correct tool with the correct options in the correct order at runtime. It then used some clever engineering to enable the Task Sequence that was started in BIOS mode to continue to execute after the firmware changes were made and the disk re-partitioned.
That was last year. Since then, Microsoft has introduced two new features that make the process simpler.
- In Configuration Manager Current Branch 1606, they introduced a method through which the Task Sequence can be restarted in UEFI with a GPT disk.
- In Windows 10 Creators Update, they introduced the MBR2GPT tool that enables a non-destructive conversion of the disk from MBR to GPT, enabling for the first time a supported method to use the in-place upgrade process to migrate to Windows 10 and switch from BIOS to UEFI at the same time.
To learn about incorporating these features into an OS Deployment Task Sequence, read more here.
For a much more detailed explanation of the MBR2GPT tool and how to use it, check out the following series of blogs by 1E’s Mike Terrill.
BIOS to UEFI Made Easier with Windows 10 Creators Update.
Getting Started With MBR2GPT
Using MBR2GPT with Configuration Manager OSD
What you’ll notice from the Microsoft instructions is the step…
“Add a step to start the OEM tool that will convert the firmware from BIOS to UEFI. This will typically be a Run Command Line task sequence step with a command line to start the OEM tool.”
The 1E BIOS to UEFI OEM tool is the only way to do this in a single step that takes into account variations in vendors (Dell, HP, and Lenovo) and models. We’ve done the homework and automated the configuration that, to date, we have validated on 18 Dell models, 19 HP models, and 21 Lenovo models and continue to add models as we work with more customers. It comes with a wizard to download the required vendor tools and create the package that is used by the step.
In v1.3 we’ve added support for BIOS admin passwords (enabling you to automate the changes when a BIOS admin password has been set) and has additional options for enabling and activating TPM and Virtualization settings required to support the Windows 10 virtualization-based security features. We’re all about making it easy for you so you can get on with migrating to Windows 10 instead of re-engineering the wheel.
