17 October 2018

PowerShell One-Liners to ensure Dell system is configured for UEFI when imaging

While planning and configuring the Windows 10 upgrades, we had to also include the transition to UEFI from BIOS. I wanted to make sure that when the build team builds new models that they are configured for UEFI when applicable, otherwise the build fails within seconds after it starts.

We use Dell systems, so interacting with the BIOS is simple. The Dell Command | Configure allows for the BIOS to be queried, which is what we need here to verify specific models are set correctly. We do have a few models that are not compatible with UEFI, so those have to be exempted. In looking at Dell Latitude models, anything newer than the E6320 is compatible with UEFI. Granted, there may be other models that we never had that could be compatible.

There are four key settings in the BIOS that determine if a system is compatible with UEFI. Those settings are the Boot List Option, Legacy Option ROMs, UEFI Network Stack, and Secure Boot. I have found the most reliable one of the four to verify compatibility is the UEFI Network Stack. If a system does not have this option, then UEFI is not compatible.

I set this up as four task sequences within a folder called Verify UEFI. The folder performs two WMI queries to make sure it is a Dell machine, and it is not one of the five models we still have in production that are not UEFI compatible. The conditions are set up as shown in the screenshot below.


The first WMI query makes sure the system is a Dell.

  • select * from Win32_ComputerSystem WHERE Manufacturer like "%Dell%"

The second WMI query makes sure the system is not one of the specified models that are not compatible with UEFI.

  • select * from Win32_ComputerSystem WHERE (model != "Latitude E6320") and (model != "Latitude E6410") and (model != "Optiplex 980") and (model != "Optiplex 990") and (model != "Optiplex 9010")
This is the setup in MDT that I have configured

Now that the folder is set up, you will need to create each of the four Run Command Line task sequences. Before doing this, you will need to have Dell Command | Configure installed and loaded into the WinPE environment. You can refer to my blog posting that details how to load this into WinPE. 

Each one of the four tests is a Run Command Line. They will look like the pic below. All you will need to do is to copy the PowerShell one-liner code below and paste it into the command line of each task sequence.

Here is the PowerShell one-liner code for each task sequence:
  • Boot List Option
    • powershell.exe -executionpolicy bypass -command "&{If ((x:\cctk\cctk.exe bootorder --activebootlist) -like '*uefi') {exit 0} else {exit 1}}"
  • Legacy Option ROMs
    • powershell.exe -executionpolicy bypass -command "&{If ((x:\cctk\cctk.exe --legacyorom) -like '*disable') {exit 0} else {exit 1}}"
  • UEFI Network Stack
    • powershell.exe -executionpolicy bypass -command "&{If ((x:\cctk\cctk.exe --uefinwstack) -like '*enable') {exit 0} else {exit 1}}"
  • Secure Boot
    • powershell.exe -executionpolicy bypass -command "&{If ((x:\cctk\cctk.exe --secureboot) -like '*enable') {exit 0} else {exit 1}}"
As you can see, if any of these fail, they will return an error code 1 and then fail the build. 

Related Posts:

  • Application List This script will generate a list of installed applications minus those in the exclusion list text file. I created this script so the help desk could have a concise list of applications that need to be installed post-build. … Read More
  • Windows Updates Reporting Tool My firm uses MDT to build all of our computers. The windows updates are setup as packages so they can be applied to the OS before it is laid down on the PC. MDT will then download any new updates and apply them to the PC af… Read More
  • PowerShell Approved Verb Cheat Sheet Here is a cheat sheet that is a list of all PowerShell approved verbs. You can download cheat sheet from here.  … Read More
  • SCCM Client Installer This PowerShell script will uninstall previous versions of SCCM client, run the CCMClean to make sure all instances of the client are gone off of the machine, and finally install the SCCM client. The script will not complet… Read More
  • MSI Analysis Reporting Tool Here is a tool I have written that generates a report on all of the variables used for each entry during an MSI installation. I wrote this script to make customizing the installation of MSI files much easier and quicker. Th… Read More

2 comments:

  1. There is also a built in cmdlet called "Confirm-SecureBootUEFI" in Win10 that can check to confirm whether UEFI and SecureBoot are enabled.

    ReplyDelete
  2. Latitude e6x20 and Optiplex 990 are actually in a weird spot. They actually do support UEFI, just no UEFI network boot or Secure Boot. I use boot media to bring those up to Windows 10 on UEFI.

    ReplyDelete