How can I deploy Windows 8 X64 to the Microsoft Surface Pro using Configuration Manager 2012 SP1

[anyweb 411]

Introduction

 

Now that the Microsoft Surface Pro is available organizations are buying it and re-imaging the default Windows 8 Professional installation with their own corporate install (usually means installing an Enterprise edition of Windows 8). In this post I'll show you how to install Windows 8 X64 Enterprise in UEFI mode, with BitLocker enabled using USB based Standalone media created using Configuration Manager 2012 SP1.

 

 

Note: Use this guide with care, it is provided to assist you with imaging your Surface Pro in an automated way. windows-noob.com will not be held responsible for any problems that may arise as a result of deploying Windows 8 X64 to your Surface Pro using the methods described below.

 

First of all, re-imaging the Surface Pro is not that straight forward given the fact that the device has no external facing network card (RJ-45), however it does however have a USB 3 port so you can connect USB devices and use them accordingly.

 

Secondly, the Surface Pro is UEFI only and 64 Bit so you can only install a 64bit UEFI capable operating system on it.

 

Thirdly, the Surface Pro has only got one USB 3 port, and we are going to use this port to do our imaging, however we want to connect both a USB flash key and a USB network dongle at the same time, as a result we will use a USB 4-port hub to split one USB port into many.

 

Lastly, and more importantly there is no ability in the current Surface Pro firmware to boot over the network, (it's rumored to be available in a later firmware release from Microsoft, no ETA on that however) therefore we'll use USB Standalone media to install our corporate image. (Update, see the note below about PXE boot).

 

For the purpose of this guide i've used some additional hardware listed below:

• USB network dongle model dlink Dub E-100
• 8GB USB key
• USB 4-port hub

So, in the photo below you can see the Surface Pro is connected to a USB 4-port hub, and that hub has a USB key and USB Network dongle attached, that is in turn connected to my Configuration Manager 2012 SP1 Server environment running on HyperV (it's a LAB).

 

 

Update: After writing this guide, Microsoft have released a PXE capable Network adaptor for the Surface Pro available from here. I don't have access to one but if you'd like me to test it, feel free to send one my way.

 

Step 1. Create the task sequence

 

In the System Center 2012 Configuration Manager SP1 console navigate to Software Library, select operating systems and right click on task sequences, select Create Task Sequence

 

 

The Create New Task Sequence wizard appears, choose Install an existing image package

 

 

On the Specify Task Sequence information screen give the task sequence a suitable name like Deploy Windows 8 X64 Enterprise - Surface Pro and choose the X64 boot image (this is very important as it will not boot with the x86 boot image)

 

Note: For UEFI deployments, you must use the boot image matching the architecture of the system being deployed. So for x86 only hardware it must be an x86 boot image and for x64 hardware it must be an x64 boot image. The Surface Pro is X64 hardware therefore you must use a 64 bit boot image.

 

 

for the Install the windows operating system step click on Browse

 

 

and select the Windows 8 Install.wim file (from the sources folder on your Windows 8 media) which has been previously added as an Operating System Image and distributed to your distribution points,

 

 

fill in the product key and change the administrator password so if your deployment fails for any reason and it's not domain joined you'll at least be able to login and troubleshoot. Note that the BitLocker ability is now available and you can select or deselect it if you wish, if you do select it then keep in mind that you may need to extend the Active Directory Schema to support Bitlocker.

 

 

fill in the domain join details in the Configure the Network step and verify your domain join account settings by clicking on verify before continuing

 

 

point to your Configuration Manager Client package in the Install the configuration manager client step

 

 

if you want to migrate users data then make your appropriate choices in the Configure State Migration step

 

 

on the include software updates screen, it's not selected by default so leave it like that

 

 

and then add some applications by clicking on the Yellow starburst and selecting your application, to continue installing applications if one fails, select the appropriate checkbox

 

 

and click next through to completion

 

 

 

Step 2. Import drivers for the Surface Pro into Configuration Manager

 

We need to install drivers for the Surface Pro during installation of Windows 8 otherwise certain functionality won't work (like wireless for example), you could use something like Driver Genius to extract the drivers stored on your Surface Pro before you wipe it or use the drivers that someone else has already extracted, I like using ready made drivers so head on over to this site, and download those drivers and extract them to your Configuration Manager server somewhere like \\sccm\sources\os\drivers\source\W8\Surface

 

Update: Microsoft has released a driver pack for the Surface Pro here.

 

The extracted drivers should look something like this:

 

 

Once done, create a new empty driver package by right clicking on Driver Packages and choose Create Driver Package

 

 

give the package a suitable name like Microsoft Surface Pro - Windows 8 X64 and note that the path is for the driver package itself and not the drivers we extracted above, so keep them separate, in this case use \\sccm\sources\os\drivers\packages\w8\Surface

 

 

Next wee need to import the drivers (into the package), so In the configuration Manager console select Drivers, right click and choose Import driver

 

 

point to the UNC path where you copied the extracted files eg: \\sccm\sources\os\drivers\source\w8\surface

 

 

on the specify the details for the imported driver step click on Categories

 

 

and click create, give the category a name like Microsoft Surface Pro - Windows 8 X64

 

 

so our driver details now looks like this

 

 

on the Add drivers to packages screen select our Microsoft Surface Pro - Windows 8 X64 package

 

 

we will not be adding any drivers to any boot images so click next through that step

 

 

and click next through the wizard and it will start importing the drivers (warning, can take some time....)

 

 

After a (long) while the driver import should complete

 

 

Lastly, don't forget to select the Driver Package and distribute it to your distribution points by right-clicking the driver package and choosing Distribute content.

 

 

 

Step 3. Edit the Task Sequence

 

Now we want to edit the task sequence to change how it applies drivers, so right click on the Task Sequence and choose Edit

 

 

Disable the Apply Device Drivers step by selecting it, clicking on the options tab and selecting disable this step

 

 

once done, click on Add then Drivers then Apply Driver Package like in the screenshot below

 

 

select the Microsoft Surface Pro - Windows 8 X64 driver package by clicking on browse

 

 

then click on the Options tab and click on add condition then query wmi, use the following WMI query

SELECT * FROM Win32_ComputerSystem WHERE Model Like "%Surface with Windows 8 Pro%"
 

 

Tip: If you want to set the DPI (dots per inch) on the Surface Pro display then please see this post.

 

 

Step 4. Create the Task Sequence standalone media

 

Now everything is in place to create the Standalone media, so insert a USB key into your computer running a Configuration Manager console and browse to Task Sequences in the Operating System Deployment section.

 

In the ribbon click on Create Task Sequence media

 

 

when the Select the type of media screen appears, choose Stand-alone media

 

 

on the Specify the media type screen select USB (first option) and select the drive letter corresponding to your USB key

 

 

answer yes to the format prompt

 

 

enter a security password (to ensure that no one accidently wipes a device)

 

 

and click on browse to select our previously created Task Sequence

 

 

next you'll see what packages are on distribution points, select the ones appropriate for your environment (if you forgot to distribute a package exit the wizard and fix that, then start this process again), in the example below i've clicked on Add and added 8 of 8

 

 

next you can add any computer variables or a prestart command, i've covered those elsewhere but for this task sequence i'll add the OSDComputername variable and leave it blank to forcefully prompt for a computername during deployment otherwise we'll get the MININT-xxxxxx name.

 

 

click next at the summary and accept any UAC prompt, it will begin creating the USB media

 

 

and after a while it will complete.

 

 

 

Step 5. Boot from the USB stand-alone media

 

Shutdown the Surface Pro and when it is powered off, make sure the USB 4 port hub with the USB stand-alone media and USB Network dongle is connected, then press and hold the volume down key on the left side of the Surface Pro and press the power button once. If you do the combination correctly, the system will attempt to boot from the USB stand-alone media.

 

Below you can see the boot process (YouTube video with no narration sorry) and I also enter the ComputerName as part of that process, yes you can even see one of our cats, called Trauma in the background.

 

 

Ok once the process kicks off you can sit back and admire the automation via Configuration Manager 2012 SP1, it will install all the drivers included in your Driver Package and join the domain,

 

 

then it will Setup windows and Configuration Manager, reboot and enable BitLocker install your Applications and eventually present you with the login screen.

 

 

Login and you'll see the Surface Pro is installed with Windows 8 X64 Enterprise, it has BitLocker Enabled, it's paritioned for UEFI and it's managed by Configuration Manager 2012 SP1.

 

Now is that cool or what ? oh yeah ! some more screenshots below

 

 

 

 

 

Troubleshooting notes

 

• You can enter the bios/firmware screen by shutting down the OS, then press and hold Volume UP and then press the power button. The bios/firmware screen allows you to enable or disable secure boot amongst other things. Secure Boot is a feature that helps prevent unauthorized firmware, operating systems, or UEFI drivers (also known as Option ROMs) from running at boot time. For further details please see http://technet.microsoft.com/en-us/library/hh824987.aspx

   

• You can bring up the command prompt during the task sequence deployment provided that you've enabled command support in the boot image and press the FN key plus the Settings key (which corresponds to F8)

 

 

Summary

 

Imaging the Surface Pro does present some technical challenges given it's current firmware and lack of a physical RJ-45 network port, and the fact that it is 64 bit hardware in UEFI mode, however it's possible to image the Surface Pro with an UEFI compatible 64bit Operating System using standalone media from Configuration Manager 2012 SP1.

 

Update. PXE boot has become available since the time of writing this guide but only if you use the official network adapter supplied from Microsoft.

[Anthony Mel 0]

Hey once again thank you for this great article. How in the world did Microsoft forget about PXE?

 

Anyway quick question and it's probably dumb but with this setup are their any prompts for user customization before they reach the login screen? Or should I build an answer file and plug it in here so that it goes striaght to the login screen?

[anyweb 411]

i don't see any prompts for user customization you can configure GPO's to hide most of that like so http://www.niallbrady.com/2012/09/24/how-can-i-disable-the-while-we-are-getting-things-ready-animation-for-all-users-in-windows-8/

[Anthony Mel 0]

Did you see a prompt about selecting a wireless network? Or since SCCM connects it to a domain it pulls policy and ignores all the OOBE stuff? Sorry about the noob question about I'm new to this stuff. Leaving Symantec Ghost. While there are lots of steps here I find it much more powerful.

[anyweb 411]

ah, nope, but you need to read this post to fix that

[ryandunt 0]

I was struggling to image the Surface Pro until I found this guide. Worked great, thank you.

I wasn't able to boot to the USB drive using the volume down key and power button. The advanced startup to USB drive didn't work either. But, I was able to run the TSMBAutorun file manually and it worked.

[anyweb 411]

I was struggling to image the Surface Pro until I found this guide. Worked great, thank you.

 

I wasn't able to boot to the USB drive using the volume down key and power button. The advanced startup to USB drive didn't work either. But, I was able to run the TSMBAutorun file manually and it worked.

 

 

 

did you shutdown prior to attempting to boot from USB ? what happened when you did try to boot from USB ?

[ryandunt 0]

 

_{did you shutdown prior to attempting to boot from USB ? what happened when you did try to boot from USB ?}

 

Yes, I made sure to shutdown. I held the volume down key while I pressed the power button and kept the volume down key pressed while it booted up. It seemed to just boot like normal. I also tried letting up on the volume down key after I noticed the USB flashing. But no luck so far. Using the advanced startup option, then booting to the USB drive also didn't work and booted up like normal as well.

 

I'll keep trying it out because from what I've read it shouldn't be difficult.

[anyweb 411]

try booting that usb key on another computer, does it boot ?

[ryandunt 0]

try booting that usb key on another computer, does it boot ?

 

Yes, I am able to boot to the USB on a laptop.

[anyweb 411]

ok did you experiment with secure boot and the other boot options in the firmware screen (bios), to access it, shutdown then press Volume Up while holding the power button

[daov 0]

Hi Anyweb,

 

I'm one of the proprieters of CrashCtrl. Great article. Regarding the link you have to our site, you have a direct link to the download page where the drivers are being hosted. It would be best to link to the blog entry page as we have posted some updates to the driver files along with some info and warnings regarding the use of those drivers. It's fine either way but there is some info that readers of this post should see.

 

Additionally, I am curious regarding the partition table setup. Did you just choose the default setup for UEFI and it created the three partitions? There have been some folks who have mistakenly moved this or that partition and it resulted in a Surface Pro that would not boot properly.

 

In addition, I am curious. Did you attempt to restore from a recovery drive (created prior to installing Enterprise) after this and did it restore your Surface Pro back to factory?

[anyweb 411]

i'll change the link in the article to point there, i just wanted it easy for others to find but i have no problem sending traffic the right way

as regards the partitions, i absolutely let the task sequence do the partitioning and yes it removes the recovery partition, which is a good thing as it frees up 10gb

[anyweb 411]

ok i've changed the link fyi

[daov 0]

Cool, no worries. We discovered an issue with the audio and your readers should see that warning prior to pushing it in their build image for sure.

 

Regarding the recovery drive, I meant if you boot from a recovery drive that is used to restore the surface to factory, does it still work correctly after wiping all partitions? As in, are you still able to put the surface back to factory after removing the partitions?

[Anthony Mel 0]

With today's update did they enable PXE boot in the Surface Pro?

[anyweb 411]

i'm updating it now and will let you know as soon as i do

[anyweb 411]

 

 

Regarding the recovery drive, I meant if you boot from a recovery drive that is used to restore the surface to factory, does it still work correctly after wiping all partitions? As in, are you still able to put the surface back to factory after removing the partitions?

 

I attempted a recovery and it didn't work so I think the answer is no, feel free to test yourself however.

[ryandunt 0]

ok did you experiment with secure boot and the other boot options in the firmware screen (bios), to access it, shutdown then press Volume Up while holding the power button

 

I tried changing the secure boot and secure device options. I also tried using a different type/brand of USB drive. Still no luck booting to the USB drive.

[anyweb 411]

strange, what type of USB drive is it ? what bios version do you have (it's written across the bottom of the screen when you get into the firmware)

 

have you tried any other usb bootable device ?

[ryandunt 0]

strange, what type of USB drive is it ? what bios version do you have (it's written across the bottom of the screen when you get into the firmware)

 

have you tried any other usb bootable device ?

 

I've tried two types of Lexar USB drives. BIOS version 2.15.1226.

[anyweb 411]

have you experimented with any of the firmware options for secure boot, press and hold volume UP and then press the power button.

[ryandunt 0]

have you experimented with any of the firmware options for secure boot, press and hold volume UP and then press the power button.

 

Yes, I tried booting up with all combinations of the boot options being enabled or disabled. We purchased 5 Surface Pros and I am not able to get any of them to boot to USB. At this point it's not a huge deal as I found a workaround. But if they become more popular in our environment I will have to dig into it.

[anyweb 411]

ok are you sure you are doing as follows:

 

• letting the device power off fully via shutdown in windows
• booting from a FAT 32 USB key ? can't boot from NTFS usb keys....

[Jonny K 0]

Yes, I tried booting up with all combinations of the boot options being enabled or disabled. We purchased 5 Surface Pros and I am not able to get any of them to boot to USB. At this point it's not a huge deal as I found a workaround. But if they become more popular in our environment I will have to dig into it.

I to am having issues with getting the computer to boot via usb. The usb will boot on a couple laptops just fine, but when trying to boot from the Surface, it just spins, then boot normally. BIOS version 2.15.1226. Using a Kingston usb drive, that shows up in windows fine, with all the files, and is formatted FAT32. I tried to boot it through the 4 port hub and directly connected. Turned off secure boot, tried turning off TPM, but nothing seems to let it boot through usb. What was the workaround you found for the time being? I am in the process of completely refreshing the OS and will try again.