Scary disclaimer right up front. This process is completely/definitely/unequivocally unsupported by Microsoft anyone. I offer no guarantees that this will work for you and I will not be held responsible if you break your ConfigMgr environment. Use at your own risk. Create the boot images from a workstation.

Welcome to the Wild West 🙂

By following this guide, you will be able to create a Windows PE boot image that includes support for connecting to a WPA-PSK wireless network.

This would be useful in circumstances where you want to be able to image computers that do not include an ethernet port. In the case of pre-staged media (vendor image), this makes it an easier experience for the end user as there are less things that need to be plugged in.

It could also help reduce costs as you won’t require a USB dongle or an expensive USB dock with an ethernet port to complete the imaging process.

Prerequisites

• 7-Zip
• Windows 10 Pro or Enterprise ISOs (Version 1703, 32-bit and 64-bit)
• Computer connected to your Wi-Fi Network with a Pre-Shared Key.
  • This Wi-Fi network needs to be active to connect to and then save the network information.
  • The Wi-Fi network must be pre-shared key only. I’m not aware of a way to get other security types to work.
• Wi-Fi drivers imported to the ConfigMgr Driver Database
• Working Directory Template (Download Link)
  • This includes CreateBootWim.bat file to simplify the boot.wim creation.
  • You should be able to place this folder anywhere. I will refer to the root of this folder as WORKINGDIR.

Part 1 – Windows Recovery Environment (WinRE)

WinRE contains the WinPE-WiFi package that’s not available in any version of the Windows ADK (Thanks to segura for finding this out: link). Using the WinRE wim as a template allows for us to get a working Wi-Fi boot image.

How to get the WinRE WIM file

You will want to do this for both x86 and amd64 ISOs. 

This is the easiest way I’ve found to do this:

• Mount the Windows 10 1703 Media (Double-click the ISO file in Windows 10)
• Navigate to “I:\sources\” (Where I: is the mounted Windows 10 ISO file)
• Open install.wim as an archive using 7-Zip
• Within the archive browse to: Windows\System32\Recovery\
• Copy Winre.wim to:
  • WORKINGDIR\x86 folder for 32-bit Windows Media
  • WORKINGDIR\amd64 folder for 64-bit Windows Media

Fixing netsh in the WinRE WIM

Although Microsoft includes the WinPE-WiFi package in WinRE, netsh has been broken in versions after 1511 (Thank you Paul, creator of MustangPE for finding out how to fix this: link and link)

In order to fix it, there are a set of DLL files that need to be copied to the System32 folder in the boot.wim and a set of registry changes.

You will need to collect a set of DLL files from the install.wim\Windows\System32 folder to the WORKINGDIR\x86\dll from 32-bit Windows 10, and WORKINGDIR\amd64\dll from 64-bit Windows 10. Once in this folder, they will be copied to the boot.wim by the script:

authfwcfg.dll
fwcfg.dll
hnetmon.dll
nshhttp.dll
nshipsec.dll
p2pnetsh.dll
p2p.dll
rpcnsh.dll
whhelper.dll
mdmregistration.dll
dmcmnutils.dll
wwancfg.dll
wwapi.dll
wcmapi.dll
rmclient.dll
peerdistsh.dll
clbcatq.dll
rastls.dll
eapprovp.dll
raschap.dll

On a 64-bit Windows 10 system, some of these files are missing from the SysWOW64 folder. This is why I recommend browsing to the System32 folder on the corresponding OS architecture’s install.wim.

In additional to the DLL files, these registry entries need to be added to the SOFTWARE hive (This is done in the CreateBootWIM.bat file, listed here for reference):

REG LOAD HKLM\WINPE "WORKINGDIR\mount\Windows\System32\config\SOFTWARE"

REG ADD HKLM\WINPE\Microsoft\NetSh /v authfwcfg /t REG_SZ /d authfwcfg.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v dot3cfg /t REG_SZ /d dot3cfg.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v fwcfg /t REG_SZ /d fwcfg.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v hnetmon /t REG_SZ /d hnetmon.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v nettrace /t REG_SZ /d nettrace.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v nshhttp /t REG_SZ /d nshhttp.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v nshipsec /t REG_SZ /d nshipsec.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v p2pnetsh /t REG_SZ /d p2pnetsh.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v peerdistsh /t REG_SZ /d peerdistsh.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v rpc /t REG_SZ /d rpcnsh.dll /f
REG ADD HKLM\WINPE\Microsoft\NetSh /v whhelper /t REG_SZ /d whhelper.dll /f

REG UNLOAD HKLM\WINPE

ConfigMgr Import Problem

WinRE does not import into ConfigMgr by default unless the read-only flag is removed from the winpeshl.ini file (This is done in the CreateBootWIM.bat file, put it here for reference):

attrib -R "WORKINGDIR\mount\Windows\System32\winpeshl.ini

Fix Background

Part 2 – Capturing Your Wireless Profile

Export your Wireless Profile

netsh commands:

netsh wlan show profiles
netsh wlan export profile "network-name" key=clear folder=WORKINGDIR

Rename the saved file to Wi-Fi.xml (or modify wi-fi.cmd to point to your xml file name).

Wi-Fi.cmd

net start wlansvc
wpeinit
wpeutil waitfornetwork
netsh wlan add profile filename="%~dp0wi-fi.xml" user=all

Fun fact – without the ‘wpeinit’ right after the ‘net start wlansvc’, the netsh command will fail to run. The ‘wpeutil waitfornetwork’ command ensures that a network adapter is in a ready state to obtain an IP address.

Store Wi-Fi.xml and Wi-Fi.cmd in their own folder on a network share.

Part 3 – winpeshl.ini

I’m not going to explain how the boot process in Windows PE works (because Mietek Rogala has already done it: link).

The gist is that we will need to modify the winpeshl.ini file in the ConfigMgr install directory in order to start the Wireless LAN service before TSBootShell.exe.

Since ConfigMgr overwrites the winpeshl.ini file when preparing the boot image, you can’t make these changes as part of any custom offline servicing using DISM. So we must modify ConfigMgr’s winpeshl.ini templates for any of this to work. There’s no ill effects to doing this (other than a slightly longer WinPE boot if the wi-fi.cmd file exists). On boot images when the wi-fi.cmd file doesn’t exist the step will just get skipped and it will still launch the TSBootShell.exe.

I have included the templates for the winpeshl.ini files in the Working Directory Template:

• WORKINGDIR\x86\winpeshl.ini needs to be copied to
  • CONFIGMGRINSTALLDIR\OSD\i386\bin
• WORKINGDIR\amd64\winpeshl.ini needs to be copied to
  • CONFIGMGRINSTALLDIR\OSD\amd64\bin

x86 winpeshl.ini file

[LaunchApps]
%SYSTEMDRIVE%\sms\PKG\SMS10000\Wi-Fi.cmd
%SYSTEMDRIVE%\sms\bin\i386\TsBootShell.exe

x64 winpeshl.ini file

[LaunchApps]
%SYSTEMDRIVE%\sms\PKG\SMS10000\Wi-Fi.cmd
%SYSTEMDRIVE%\sms\bin\amd64\TsBootShell.exe

Part 4 – Create the boot.wim

Run ‘CreateBootWIM.bat’ as Administrator.

The script will copy the winre.wim to a new boot.wim file, mount boot.wim, copy the missing dll files, modify the SOFTWARE registry hive, attrib the winpeshl.ini file.

Once the script is complete, you can take the boot.wim and copy it to your boot image source directory.

Part 5 – Import boot.wim into ConfigMgr

Use your standard methods for importing a boot wim. Go HERE if you need more clarification.

Part 6 – ConfigMgr Boot Image Properties

Once the boot image has been imported into ConfigMgr, modify the following:

• Drivers
  • Add required wireless and other required WinPE drivers
• Customization
  • Enable Command Support
  • Windows PE Scratch Space: 128MB
• Data Source
  • Probably don’t need to deploy this to a PXE point, unless this is replacing your regular boot images.
• Optional Components
  • Add Microsoft .NET (WinPE-Dot3Svc)

Part 7 – Create (or Update) A Package with the Unattend.xml File

You already have an unattend.xml right?

Use the unattend.xml

Part 8 – Task Sequence Modifications