Windows 10 Migration Project (General UEFI Queries)

, , ,

For environments where there several manufacturers the option to use BIOS tools to gather all information may not be possible. We can guesstimate a system will be UEFI Capable based on the PCBios Date Attribute. We will be generous and system with PC Bios date after 1/1/2013
will be UEFI Capable

UEFI Capable Systems
select distinct SMS_R_System.Name, SMS_G_System_PC_BIOS.ReleaseDate, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate > “1/1/2013 12:00:00 AM”

NOTE: There are more specific ways to identify systems that are UEFI capable but that will require
Creating a new WMI namespace. That method described will only work on certain manufacturers like Dell, Lenovo, HP in a future blogpost

UEFI CAPABLE SYSTEM MODELS
select distinct SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate > “1/1/2013 12:00:00 AM”


Non-UEFI Capable Systems

select distinct SMS_R_System.Name, SMS_G_System_PC_BIOS.ReleaseDate, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate > “1/1/2013 12:00:00 AM”

Non-UEFI Capable System Models
select distinct SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate < “1/1/2013 12:00:00 AM”

NOTE: The results from this query will be used later in the WIN 10 task sequence. These models will receive the “Warning: System Not UEFI Capable” step in the task sequence. These are the system models that will not boot UEFI and will receive Windows 10 on a MBR partition

 

ALSO SEE : Windows 10 Migration Project (General Starter Queries)

Windows 10 Migration Project (General Starter Queries)

, , , , , , , ,

For my one of my customers environments the move towards windows 10 will be purely security based.
The key features that will be used are UEFI boot w/ Secure-boot enabled, ELAM, Device Guard, and Credential Guard (explanation of features in future blog post)

When starting any operating system deployment project, it is a good idea to know what systems are in your environment so that you can determine which of these systems need to support the new Windows 10 OS.Some systems may need to be replaced, whereas others might only need a BIOS version update to be UEFI capable
Now that Windows 10 is here, now is the time to standardize on native UEFI as the default boot mode. When making this switch, it is also important to enable Secure Boot at the same time. But, before you can do that, you need to determine what is in your environment.In a previous customers environment there were 15 different manufacturers and 350+ different models. Since this environment has such a high number of manufactures we will not be able to deploy bios tools for all 15. We will
chose to run a brief SQL Query to guesstimate systems capable based on the PC Bios Date.

1. Query to identify system manufacturer and model machines
select SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId

Create collections based on different manufacturers. My previous query resulted in 15 different manufacturers. I will below only provide queries for major vendors. Please note some vendors will have more than 1 name used. For example dell systems us “Dell” Dell Inc” and Dell Computer Corporation” so just use the Like value and %Dell% to obtain all systems from this manufacturer. Other companies you need to use the Like %Hewlett-Packard%” or like %HP%

Some of these collections will be used for deploying BIOS tools against to identify certain key pieces of information for future queries that we will build upon. In a future blog we will cover how to extend hardware inventory to grab newly created WMI namespaces.

2. Dell
select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%Dell%”

3. HP
select distinct SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%Hewlett-Packard%” or SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%HP%”

4. Lenovo
select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%LENOVO%”

5. Transource
select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “Transource”

6. Query SQL for count of System Models
SELECT
Manufacturer0, Model0, Count(Model0) AS ‘Count’
FROM
dbo.v_GS_COMPUTER_SYSTEM
GROUP BY
Manufacturer0,Model0
ORDER BY
Model0

BONUS (Meets Physical SPECS + TPM 1.2 and up

Criteria: 2gb ram, 1ghz processor, 120gb HD, TPM 1.2 (run in SCCM Console)

select SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_SYSTEM.Name, SMS_G_System_TPM.PhysicalPresenceVersionInfo, SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_X86_PC_MEMORY on SMS_G_System_X86_PC_MEMORY.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_PROCESSOR on SMS_G_System_PROCESSOR.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_DISK on SMS_G_System_DISK.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_X86_PC_MEMORY.TotalPhysicalMemory > 2000000 and SMS_G_System_PROCESSOR.MaxClockSpeed > 1000 and SMS_G_System_DISK.Size >= 120000 and SMS_G_System_TPM.PhysicalPresenceVersionInfo >= “1.2”

ALSO SEE : Windows 10 Migration Project (How to start)

Windows 10 Migration Project (How to start)

,

When beginning any migration project it is important to understand the reason behind managements decision. The biggest reasons will be End of Life support for Windows 7 has already ended. The Windows 10 OS has been designed to be the most secure version of the Windows operating system to date, organizations can now take advantage of several new security features and improvements. These enhancements focus on three key areas — threat resistance, information protection, and identity protection and access control- using advanced and now widely available hardware and firmware features. Security enhancements within Windows 10. This is how I would start my migration to windows 10

First we must first identify if our SCCM infrastructure will support deploying, maintaining, and patching Windows 10 systems. Then we will have to second identify systems that are windows 10 ready based on physical features. Finally we will touch on a few of the features such as Device Guard, Credential Guard, Secure boot, ELAM in a future post. (Some features were available in earlier versions of windows, but not as widely implemented as it is expected to be in win 10) We will Focus on what is needed to deploy windows 10 V1607 first.

SCCM Server Req – (1511, and 1607 win 10 versions have different SCCM Min Versions)
Site Server Server 2012 or 2012 R2
SUP Role WSUS 4.0 to patch win 10 systems
ADK 1511 or 1607
SCCM must be on Current Branch (due to SCCM 2012 versions do not support deploying win 10 v1607)

Workstation Req -
 Processor: 1 gigahertz (GHz) or faster processor
 RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit (personally recommend 4gb+)
 Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS (personally recommend 120gb+) Graphics card: DirectX 9 or later with WDDM 1.0 driver Display: 800x600

SCCM Req: https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/supported-configurations

Workstation Req: https://www.microsoft.com/en-us/windows/windows-10-specifications

End of life Support for OS: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

NOTE: If you are in an environment where you do not current meet the server specs for Current Branch you will have to upgrade or perform a side by side migration. I have worked in multiple environments where I have implemented both solutions. In a future blog post I will write how to perform an upgrade and a side by side migration.

 

ALSO SEE : SCCM 2012 R2 SP1 failed upgrade