Windows 11

Get ready (and get MDT ready) to deploy Windows 11 22H2

While many are still sticking with Windows 10, those that have already made the leap to Windows 11 or plan to start investing heavily in devices with 12th generation Intel processors will want to take a serious look at Windows 11 22H2. If you don’t know what’s new in this release, check out the summary. And if you don’t know why 12th generation CPUs matter, check out this post for a description of Intel’s Thread Director and why that matters.

We’ve been through this Windows as a Service drill enough times to know what we need to look for to support this new release:

  • A new ADK release. Yes, there is one, and it has one significant change that aligns with a significant change already present in Windows 11: No more 32-bit x86 support. That means the ADK no longer includes a 32-bit x86 version of Windows PE. (It also doesn’t include a 32-bit ARM version any more either, not that anyone ever had any use for a 32-bit ARM version anyway.) There is at least still 32-bit versions of utilities like USMT, so you can make a migration from 32-bit to 64-bit, but otherwise 32-bit Windows is dead. (If you really, really need it, you can keep running Windows 10.)
  • New versions of the Group Policy ADMX templates. The 22H2 version of these are available on the Microsoft download center, or you can scrape the files out of a Windows 11 22H2 (build 22621) installation; the files are in C:\Windows\PolicyDefinitions. (There’s also a spreadsheet describing the changes in 22H2, although that spreadsheet is really hard to use because it flags anything that changes — if someone tweaks the name or description of an existing policy, it’s flagged. So identifying “real” changes can be challenging.)
  • New security baselines. The 22H2 version of this is available via the Microsoft-Security-Baselines blog.
  • Support declarations from your favorite products, especially VPN, firewall, anti-virus/anti-malware, systems management, and similar apps. These are likely to trickle in over the coming months.
  • New VLSC/ media.

Initial results with the new ADK for 22H2 were somewhat problematic; Johan posted his results on his blog. There are two issues that need to be fixed.

Issue #1: No more x86

When MDT was released, it assumed that the ADK would always have both x86 and x64 versions of Windows PE and related tools. But since Windows 11 eliminated the x86 (32-bit) editions, the ADK also removed those bits. When MDT goes to look for those, it crashes when you access the “Windows PE” tab of the deployment share settings:

It will at least tell you what it doesn’t like: the “x86\WinPE_OCs” folder doesn’t exist for Windows PE. OK, let’s create that folder with a PowerShell one-liner:

MkDir "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs"

That’s enough to make it happy, just having that empty folder. Obviously it won’t be able to generate an x86 boot image, so make sure the “x86” platform is unchecked:

Next, we should be able to generate a new x64 boot image by updating the deployment share. No issues there:

Issue #2: Random script errors

Next, can we boot into the Lite Touch x64 boot image and get through the deployment wizard? The initial boot looks mostly fine (just some image background oddities):

But then we get an error:

Fortunately, Johan also has a pointer to a fix for that, a simple edit to the Unattend_PE_x64.xml file to tweak a registry setting in the generated Windows PE boot image. With that in place, the errors go away and everything works fine.

Categories: Windows 11

Tagged as: , ,