BIOS to UEFI - The Easy Way: MBR2GPT

Monday, 11 June 2018 17:08

BIOS to UEFI - The Easy Way: MBR2GPT

Written by Anton Romanyuk

font size decrease font size increase font size
Print
Email

Rate this item

(3 votes)

This article is the first blog post in a series I'll write over the coming days that will provide a comprehensive overview that explains how you can automate the process of transitioning from BIOS to UEFI during "wipe-and-load" OS deployment scenario. To be able to migrate from BIOS to UEFI effectively you need to understand how to configure firmware settings, such as secure boot, legacy support, and TPM device configuration, as well as how to use the MBR2GPT tool. Unfortunately, though it seems like a relatively straightforward process when using Microsoft Deployment Toolkit, based on questions I received as well as threads posted on TechNet over the past few weeks, there is still some confusion around this in the Windows technical community. Converting a device to UEFI comes with quite a few benefits including the ability to make full use of Windows 10 modern security features, so I thought it would be worth taking a few minutes to share my approach to dealing with BIOS to UEFI conversions.

Before Windows 10, version 1703 came out, converting a device to UEFI using MDT during a "wipe-and-load" scenario in MDT required you to go to each PC and reconfigure the firmware by hand prior to running the task sequence. Alternatively, by using your Microsoft Deployment Toolkit task sequence, you could make use of the IsUEFI property to determine whether a machine started in UEFI mode. Then, you could use the task sequence to apply firmware settings and then perform a hard reboot if a computer started in legacy mode (in which case the IsUEFI property is set to FALSE) ensuring that firmware settings come into effect but also discarding all TS progress in the process.

While this approach worked well in smaller environments, it quickly became a cumbersome task when deploying 10+k clients that were initially shipped with Windows 7 as it required manual intervention from IT technicians. However, everything changed with the release of Windows 10, version 1703, also known as the Windows 10 Creators Update. (Note: I am fully aware that with System Center Configuration Manager (ConfigMgr) you could fully automate the conversion to UEFI in the enterprise before that.)

Windows 10, version 1703, included many enhancements over the previous release in the areas of application compatibility, device support, power management, security, and reliability. You can see a detailed list of the changes in the What’s new for IT pros in the Windows 10 Creators Update blog post. One of the improvements highlighted in the article is the MBR2GPT.EXE tool that automates the process to moving from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style on UEFI-enabled hardware. By using this tool in your MDT task sequences in conjunction with the OEM tools that configure the firmware to boot in UEFI mode, you can significantly simplify the process of transitioning from legacy to UEFI configuration.

The following describes the procedure that worked for me ever since the introduction of the MBR2GPT tool to prepare systems for the BIOS to UEFI conversion:

Edit your task sequence and create a new task sequence group (I typically place it before the steps to install the operating system) and add actions to start the OEM tools that will set firmware settings required for running systems in UEFI mode. By applying these settings each time you deploy your machines, you can ensure firmware configuration compliance (I'll talk about automating firmware configuration in the upcoming blog posts).
Create a new Run Command Line task sequence step in the Post-Install phase (before the Restart Computer step) to start the MBR2GPT tool. Use following command line: cmd.exe /c mbr2gpt.exe /convert
On the Options tab, add a new task sequence variable as a condition where IsUEFI is not equal to TRUE. This prevents the MBR2GPT tool from running when a computer is already in UEFI mode.

To sum it up: when using these steps on systems still running in Legacy mode, MDT will apply firmware settings using OEM tools, format and partition the hard drive in MBR mode, apply the OS image, create the boot configuration data (BCD) store. Then, by running the MBR2GPT tool, Microsoft Deployment Toolkit will repartition the disk to create an EFI system partition (ESP), install UEFI boot files, apply GPT metadata and layout information and finally update BCD store before initiating the first reboot after which Windows 10 will boot in the UEFI mode.

Are there any caveats with this approach? Yes. Sort of. Depending on firmware configuration (i.e., if TPM is not present and enabled), you may not be able to utilize the pre-provision BitLocker task sequence step prior to OS deployment meaning that files are not being encrypted on the fly, and therefore, encryption times are much longer. I am currently investigating options to stage the Windows Pre-installation Environment (WinPE), so that the TS can apply firmware settings, restart, and then continue the execution after BIOS to UEFI switch negating the need to re-start the task sequence all over (similarly to how BIOS to UEFI conversion is being done in ConfigMgr).

Finally, here is a breakdown of the associated log files which are essential for figuring out what went wrong if one or more partitions did not translate correctly):

diagerr.xml
diagwrn.xml
setupact.log
setuperr.log

Location: %WINDIR%

Read 20427 times Last modified on Monday, 11 June 2018 17:27

Published in OS Deployment

Anton Romanyuk

Latest from Anton Romanyuk

More in this category: « Force LAPS Password Reset during MDT OSD Configuring HP BIOS Using MDT »