WimBoot & SCCM using iPXE

Introduction

In this post I’ll be going over how to boot SCCM over iPXE using WimBoot, this is a follow-up post to my previous posts:

• iPXE & HTTP(s) Secure Booting
• PXE & HTTP(s) Booting DHCP Options.

What is WimBoot?

WimBoot is a bootloader for Windows Imaging Format (WIM) files, it allows you to boot Windows PE over the network using HTTP(s) instead of TFTP and is signed by Microsoft.

What is SCCM?

SCCM / Microsoft Configuration Manager is a Microsoft product that allows organisations to manage devices, build OS deployments, deploy software, and manage updates.

Why WimBoot as SCCM DPs are PXE Servers?

SCCM is already PXE Bootable, but it uses TFTP to download the boot file, this can be slow especially over Layer 3 networks, WimBoot allows you to boot from HTTP(s) which is much faster and can be deployed standalone without a SCCM DP (Distribution Point).

What is the problem with SCCM Booting via WimBoot?

WimBoot creates a RAM Disk and mounts the WIM file to it, SCCM detects the drive type but as Wimboot mimics a regular drive type SCCM doesn’t detect it is running from a ramdisk and fails to launch the Task Sequence. SCCM boot.wim also doesn’t include the SMS/Data folder required for SCCM to launch the Task Sequence.

How do we fix this?

iPXE Documentation has a good solution for this, injecting the SCCM WIM File by mounting the WIM file and injecting the SMS/Data folder, winpeshl.ini and a bootstrap.vbs file into the WIM file.

But we can also use WimBoot to inject files to System32 in the WIM file to save having to manually inject the files each time the WIM file is updated, by adding a winpeshl.ini file we can run a script to copy the files from System32 to the SMS/Data. SMS Data folder only typically contains two files Variables.dat and TSMBootstrap.ini which we can inject and then move to the correct path.

iPXE Boot Script with WimBoot and Injected Files

Extract a standard SCCM Boot ISO into the WebServer Directory, if using Broadcom’s ipxe.efi file this is the contents at http://[PXEServerIP]:4433/Altiris/iPXE/GetPxeScript.aspx:

#!ipxe

echo Booting SCCM Boot Image
kernel http://[PXEServerIP]:4433/wimboot.x86_64.efi
initrd http://[PXEServerIP]:4433/changeStartOptions.js             changeStartOptions.js
initrd http://[PXEServerIP]:4433/winpeshl.ini                      winpeshl.ini
initrd http://[PXEServerIP]:4433/SMS/Data/TsmBootstrap.ini         TsmBootstrap.ini
initrd http://[PXEServerIP]:4433/SMS/Data/Variables.dat            Variables.dat
initrd http://[PXEServerIP]:4433/Boot/BCD                          BCD
initrd http://[PXEServerIP]:4433/Boot/boot.sdi                     boot.sdi
initrd http://[PXEServerIP]:4433/sources/boot.wim                  boot.wim
boot || goto failed
goto start

Latest signed wimboot file can be downloaded from https://github.com/ipxe/wimboot/releases and placed in the WebServer Directory.

Bootstrap Script to change the boot mode and copy files

This script changes the boot mode to ramdisk(0) and copies the files to the SMS/Data folder.

changeStartOptions.js

var objShell = WSH.CreateObject("Wscript.Shell");
var pattern = /MULTI\(\d+\)DISK\(\d+\)RDISK\(\d+\)PARTITION\(\d+\)/gi;
var startOptions = objShell.RegRead("HKLM\\System\\CurrentControlSet\\Control\\SystemStartOptions");

startOptions = startOptions.replace(pattern, "ramdisk(0)");
objShell.RegWrite("HKLM\\System\\CurrentControlSet\\Control\\SystemStartOptions", startOptions);

var systemdrive = objShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%")
var objFSO = WSH.CreateObject("Scripting.FileSystemObject")
var smspath = systemdrive.concat("\\sms\\data\\")

objFSO.CreateFolder(smspath);
objFSO.CopyFile("TsmBootstrap.ini",smspath);
objFSO.CopyFile("Variables.dat",smspath);

winpeshl.ini

[LaunchApps]
"wscript.exe","changeStartOptions.js"
%SYSTEMDRIVE%\sms\bin\x64\TsBootShell.exe

Be careful using notepad to create this file as it may cause the file to be not recognised you will receive an error:

winpeshl.ini file is present, but no commands were successfully launched.
This could be caused by incorrect formatting or an invalid executable name.
Please consult the documentation for more information.

Conclusion

This might be a bit more complex than injecting the wim file manually but saves re-injecting the files each time the WIM file is updated. Hopefully this post has helped you understand how to boot SCCM over iPXE using WimBoot.

Next time I’ll probably go into more details of using PXE Booting with MAB on NAC Enabled Networks so stay tuned, if you have any questions or feedback please contact me on Twitter or email in the footer of the left sidebar.