BIOS UEFI Conversion using SCCM Task Sequence

Jonathan LefebvreFebruary 02 20174 Min Read

Contributor of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM consultant, working in the industry for more than 10 years. He developed a strong knowledge of SCCM and MDT to build automated OS deployment solution for clients, managed large and complexe environment, including Point of Sale (POS) related projects.

Jonathan Lefebvre

SCD Collaborators

With the release of SCCM Current branch 1610, one of the interesting new feature is the ability to do a BIOS to UEFI conversion in a task sequence. This would also allow to use Secure Boot with Windows 10 for strengthen security.

In this blog, we’ll explain how to convert BIOS to UEFI with a task sequence on HP computers. This solution can also be applied for Dell and Lenovo computers.

SCCM BIOS UEFI Conversion Prerequisites

Before starting, you need 3 things :

SCCM Current Branch 1610 or higher

[su_box title=”Note” style=”glass” title_color=”#F0F0F0″]If you are not yet on 1610, you can achieve BIOS to UEFI following this procedure from Johan Schrewelius and Jörgen Nilsson.[/su_box]

The computer manufacturer must provide a tool for BIOS configuration
- HP
- Lenovo
- Dell
Package for Bios Configuration Utility and configuration file must be created (procedure included in this post)

Create BIOS and UEFI Configuration File

First, we need to create a configuration file that will be used in our task sequence. A configuration file, is basically a text file that will be used to change an option in the BIOS of the targeted computer. We’ll use an HP computer for our example.

You don’t have to create multiple files for each models, the same BIOS configuration file should apply to all HP models. The only settings included in the BIOS configuration file will be those required to change to UEFI. If needed, additional or model specific BIOS configuration could be apply at a later time in the task sequence.

Here’s an example of a configuration file that will :

Disable legacy boot option (BIOS)
Enable UEFI boot options
Enable Secure Boot

[su_box title=”UEFI.txt” style=”glass” title_color=”#F0F0F0″]BIOSConfig 1.0
Fast Boot
Disable
*Enable
Legacy Boot Options
*Disable
Enable
Legacy Boot Order
<no legacy boot options available>
UEFI Boot Options
Disable
*Enable
UEFI Boot Order
HDD:SATA:1
HDD:USB:1
NETWORK IPV6:EMBEDDED:1
NETWORK IPV4:EMBEDDED:1
Configure Legacy Support and Secure Boot
Legacy Support Enable and Secure Boot Disable
*Legacy Support Disable and Secure Boot Enable
Legacy Support Disable and Secure Boot Disable
Clear Secure Boot keys
*Disable
Enable
Reset Secure Boot keys to factory defaults
*Disable
Enable
Enable MS UEFI CA key
No
*Yes[/su_box]

Package Creation of BIOS Configuration Utility and Configuration

We will now create a standard program that contain all the source file. The content directory must contain the BIOS configuration utility, the configuration file and the password file.

SCCM BIOS UEFI conversion

No program is needed, as we will use Run Command Line in the task sequence

SCCM BIOS UEFI conversion

SCCM BIOS to UEFI Conversion in Task Sequence

We will now create or edit an exiting task sequence to include the step to convert the BIOS to UEFI.

Add a new group before the Install Operating System section

SCCM BIOS UEFI conversion

In the Option tab, set the condition for task sequence variable _SMSTSBootUEFI not equals true. This variable is needed to check if UEFI is already enabled on the group

SCCM BIOS UEFI conversion

You could also add another condition for computer manufacturer or model if you have older PC that don’t support UEFI

SCCM BIOS UEFI conversion

Add a Restart Computer task, in the Option tab, set the validation for task sequence variable _SMSTSInWinPE equals False

SCCM BIOS UEFI conversion

[su_box title=”Bitlocker consideration” style=”glass” box_color=”#000000″ title_color=”#F0F0F0″]

If the drive, before starting the task sequence, as BitLocker enabled, adding a standard Partition Disk for BIOS is required.

The Partition Disk 0 – BIOS can be copied before the Convert BIOS to UEFI.

This is needed because when BitLocker is enabled, the disk cannot be accessed in WinPE. Therefore the Convert BIOS to UEFI task will fail execute the script from _SMSTaskSequence local path.

[/su_box]

Add a Run Command Line to run the HP BIOS config Utility
Command Line : BiosConfigUtility64.exe /setconfig:UEFI.txt /cspwdfile:current.bin
Package : Bios configuration utility with configuration files (Created in previous step)
This must be a Run Command Line and not a program. Program are not allowed to run under WinPE

SCCM BIOS UEFI conversion

Add a Format and Partition Disk task and configure as following :
Disk type : GPT

SCCM BIOS UEFI conversion

- First partition :
  - 500MB
  - Fat32 and Quick format
  - Variable : TSUEFIDrive

SCCM BIOS UEFI conversion

- Second Partition default 100% of remaining space

SCCM BIOS UEFI conversion

Add a Restart computer task. Make sure to select The boot image assigned to this task sequence

SCCM BIOS UEFI conversion

After the restart, the BIOS will be configured with UEFI and Secure boot Only. It will partition and format the disk.

SCCM BIOS UEFI conversion

That’s it, you can now do the same tasks for your other manufacturer. Leave your comments and experience in the comment section bellow.

BIOS BIOS to UEFI HP BIOS config utility OS deployment SCCM 1610 SCCM CB Task Sequence UEFI

Comments (48)

Thomas Deliduka

07.19.2019 AT 01:28 PM

So, I am attempting to do this and I found out a couple of things that made me fail and I found out the hard way through trial and error how to fix it. 1. The BIOS configuration file you mention does NOT work with all HP models. I have an HP ProDesk 400 G1 and I had to create a unique one just for that. I wasted three computers during testing because the settings kept failing. 2. The 500MB partition is not large enough for the latest Microsoft ADK boot image. You get an "Out of Disk space" error when attempting to copy the boot image to the partition after the BIOS -> UEFI conversion. I set mine to 800MB for good measure.

Hide replies

1 0

Carl Meilleur

02.21.2020 AT 12:14 PM

FYI you can have a same config file with different setting name for the UEFI and secureboot, if the setting name doesn't exist it simply won't be applied

0 0

David

05.07.2019 AT 03:23 AM

Hello, Great Post. Maybe someone can help me. I configured the TS as described and the conversion BIOS -> UEFI works. After the conversion the TS will upgrade the TPM 1.2 --> 2.0 and here is where the problem is. I get an error after reboot where the BIOS tell me it can find the UEFI upgrade file... from the logs the files are successfully copied to the HP_TOOLS partition (which I had to MAP with a letter, without a letter I get an error that WMI cannot mount it?)

hp printer error 79

04.03.2019 AT 06:24 AM

nice post

Axsaeed

06.02.2018 AT 03:33 AM

Hey Guys. I am having similar kind of issue here. I have several Dell Latitude computers like Dell Latitude 3490 and 3590. These computers are not booting up with PXE. The first step where it tries to get an IP Address before going into WinPE stage. This is where it is not getting an IP Address. My other Dell latitude Computers 5580 they are booting up just fine with PXE. Would the steps described above help me boot the those laptops with UEFI. because i am a newbie here with SCCM 2012. and i am trying to figure out what could be wrong which is making those laptops not boot up with legacy BIOS. Please let me know if you need more information.

MegsOfRAM

10.19.2018 AT 02:21 PM

@Axsaeed, did you find a solution to the issue with the Latitude 3590?

Jesus Rodriguez

11.08.2018 AT 09:46 PM

Apparently new dell models xx90's have changed the Legacy option used for traditional PXE booting. It's no longer called "Legacy Boot" now its called "Legacy External Devices". I'm trying to figure out how to PXE via UEFI and all I have found out is that the image has to be UEFI compatible and deployed through the UEFI boot. I also enabled the UEFI Network Stack option. I have not been successful yet. If anyone has any input please let me know.

Michael

05.04.2018 AT 04:42 AM

Thanks for this amazing tutorial! I'm new to HP brand and this tool while we always used Lenovo. How can I get this password file "current.bin"? It isn't explained in the document

Tim

04.12.2018 AT 10:37 PM

Hey guys good article. Works perfectly fine with only a C drive but environment requires a D drive also. I added another partition as I normally would in the past (the same as our Legacy BIOS Task Sequence). Its applying the OS to the C (variable OSDisk) and when it restarts to continue the Task Sequence, it cannot boot or find an operating system. Any clues?

Mohammad Faizan

02.26.2018 AT 10:40 AM

Jonathan Very nice crisp and clear article. I am able to build my HP EliteBook 745 machine with UEFI configuration after following your Blog. Thanks a ton mate. 🙂

03.05.2018 AT 12:48 PM

Thanks for the feedback Mohammad! 🙂 Jonathan

Anil Kumar

11.30.2017 AT 09:43 AM

i am running this on a HP 800 g3 and it always fails failed to run data is invalid error 0000000D . Any one tried this model ?

11.30.2017 AT 10:06 AM

sorry guys sorted it out, typo errors

saran

09.08.2017 AT 04:13 AM

Hi All, Can you please share me the recomment UEFI partition. i was able to convert from BIOS to UEFI, but when applying operating system giving Error 0x80004005

Doflamingo

08.04.2017 AT 12:10 AM

Hello All I am facing a unique issue with the PXE boot. I have updated sccm to 1706 and ADK to 1703. We are using IP helpers and as per the wireshark capture, they are configured correctly. Now if i PXE boot an unknown machine, it works fine on both Legacy or UEFI. BUT if i PXE boot a Known machine, it only works in legacy mode. If UEFI mode is selected on the Known client, it throws a BCD error. As per wireshark capture, the known machine in UEFI, does not get the DHCP option 252 and option 243 in the DHCP ACK. But both these options are available if i set that machine back to legacy. This is not model specific as it is occurring on different models and this behavior is the same on different DPs. I am thinking of using this conversion step in the TS as a workaround but if anyone could help me fix this concern, then I would really appreciate it. Thank you

07.26.2017 AT 03:41 PM

Hi again, I managed to resolve it by enabling DHCP options for legacy and UEFI. helpful guide https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Option_003_steps_here

07.26.2017 AT 11:51 AM

Hi Guys, I have options 67 configured on DHCP for efi . This doesn't allow PXe to work without the secure boot is enabled on the laptop in first place. any idea what's the correct step should be taken before configuring the task sequence. if i remove the DHCP options pxe doesn't work thanks

Ranganathan

05.20.2017 AT 04:50 AM

I followed the steps exactly as mentioned above (my environment is 1610 on CM ad Windows 1607 ) and hence leveraged Create a custom task sequence to prepare the hard drive for BIOS to UEFI conversion i followed the exact steps and my hardware is dell and hence used dell CCTK tool to change it from BIOS to UEFI. i also formatted and partitioned the drive and TSUEFI comes as C: on the SMSTS.LOG i get the following CreateNewUEFIBootsystem() failed. 0x80070070. when i go to diskpart and check i see two partitions I Need to know if a reboot is required after converting to UEFI?

05.24.2017 AT 10:40 AM

Hi Ranganathan, take a look at this post that just came out yesterday. Basically, allow more space for the FAT32 partition... http://deploymentresearch.com/Research/Post/631/Error-0x80070070-in-ConfigMgr-OSD-during-BIOS-to-UEFI-step Hope this help! Jonathan

Jesse

04.20.2017 AT 11:39 AM

Just a heads up if you are switching Dell computers to UEFI. I encountered a problem where enabling UEFI would have PXE turned on. This would then cause the computer to put the PXE as the first boot device. Our computers already had PXE enabled in our work environment. I would just change the boot sequence, but the Boot list wouldn't populate in CCTK after enabling UEFI until a reboot was done. This would break the touchless task sequence because of the PXE boot order. There are 2 commands that can solve this problem for you. Optiplex 5040 and newer optiplex computers run this command in the task sequence: "cctk.cmd --uefinwstack=disable" Older optiplex computers such as 7010, 790, etc. have a different command to disable PXE: "cctk.cmd bootorder --bootlisttype=uefi --embnic1=onnopxe" Then at the end of the task sequence you can go back and enable PXE. Hope this helps somebody that was having issues between different models with PXE automatically booting before the hard drive during this conversion. I ran both the commands and just continue on error and have not had any issues any longer.

05.23.2017 AT 09:57 PM

Thanks for sharing! Jonathan

BaardH

04.19.2017 AT 12:54 PM

A bit late to the game, but there's something missing in the "Disk type : GPT" step: You have to check "Make this the boot disk". That might've eliminated some of the problems others have experienced?

04.19.2017 AT 01:02 PM

Hi baardH, I did not check it when I did the post. I shouldn't be required as the next step will set WinPE to boot, which override any partition disk that would be bootable. that partition is temporary, Jonathan

2 0

Terry Lavoie

01.16.2018 AT 10:33 AM

I think he meant the step "Partition Disk 0 - UEFI" step. I had to check the "Make this the boot disk" for it to start working. Before in the smsts.log I was getting "System partition not set" error.

Robert Ferguson

04.25.2017 AT 12:03 PM

And why is that first, temporary partition required? Why all the formats? Why not just go straight to the "Format and Partition Disk" step that has the four volumes for EFI, MSR, Windows, and Recovery?

JagoWu

03.30.2017 AT 10:10 AM

This is working on Dell systems as well. Just replace the HP piece with the Dell CCTK. Nice post!

Erik N

03.23.2017 AT 04:34 AM

I am having a hard time getting this to work. It keeps failing at "Convert BIOS to UEFI" it doesn't matter if I add the extra "Partition Disk 0 - BIOS" before the convert step. If I do add this step however, as you described in the "bitlocker consideration" step, I get the error: Failed to run the action: Convert BIOS to UEFI. The system cannot read from the specified device. (Error: 0000001E; Source: Windows) I used a CMD by pressing F8 to verify if the BIOS Config package is copied properly and it is. I am trying to get this to work on a HP Elitebook 850 G3, so I am using the HP BIOS config utility. Do you have idea where to go from here? Do I maybe need to reconfigure the partitions in the "Partition Disk 0 - BIOS", instead of just copying it as you described?

03.24.2017 AT 08:31 AM

Hi Erik, If you are able to validate that the content is available with the CMD in WinPE, I would to try execute the Bios to UEFI manually from there. You might see the error from the HP tool directly. If you can, copy/paste the command line here. Thanks Jonathan

03.27.2017 AT 06:48 AM

Hi Jonathan, I finally figured it out, sort of... it has to do with the paths in the commandline This does NOT work: BiosConfigUtility64.exe /setconfig:"EnableUEFI.txt" /nspwdfile:"securebios.bin" This does work: BiosConfigUtility64.exe /setconfig:"C:\_SMSTaskSequence\Packages\ZDM00029\EnableUEFI.txt" /nspwdfile:"C:\_SMSTaskSequence\Packages\ZDM00029\securebios.bin" As you can see I need to supply the entire path where the config and password file are located. Do you know if this is by design or that I mis-configured something?

03.28.2017 AT 08:05 AM

Hi Erik, Good news, not sure why it requires you to enter the full path. I did it without the full path. Jonathan

Mohit Bhatia

02.22.2017 AT 05:06 AM

Hi, Thanks for the article. We have followed the same however we are getting error "TS failed with error code 0x80070490error code" on the step Format and Partition Disk. Kindly suggest

03.24.2017 AT 08:36 AM

Hi Mohit, Are you trying with Dell computers? Take a look at the comments below for different ideas about BIOS To UEFI for Dell computers. Jonathan

JAC3D

02.17.2017 AT 01:54 PM

Testing on HP 1040 G3 I have problems at the "Restart to WinPE" step and errors out... "The Operating system reported error 2147942512: There is not enough space on the disk. It never restarts... I replaced "Restart to WinPe" with Command Line "wpeutil.exe reboot" . This does restart the task sequence, but you have to select the Task Sequence again and then everythign works. So... PXE > Select TS > converts BIOS - UEFI > Restarts > PXE > Select TS (AGAIN) > Then installs Windows 10... Any others have to go through this process? Rather select TS once then > converts Bios-UEFI>restart> continues completing the first TS. Any help on streamlining this would be great? So close and appreciate the article😉

02.17.2017 AT 03:15 PM

Hi JAc3d, Have you updated you boot images after the 1610 Upgrade? As stated in other comments this seems to be mandatory. I didn't test prior the update mine, so not a 100% sure about this step. Jonathan

02.17.2017 AT 04:15 PM

Hey Jonathan thanks for replying. I created my boot images after 1610 upgrade. Checked and "BCD-EFI-64.... are in my osdinjection.xml. So assuming I am good. My Boot images age MDT integrated boot images... ummm...

03.31.2017 AT 04:53 AM

Did you ever solved this? I have the same issue with a HP 840 G1 and G2. (Other HP like the 820 G3) doenst have this issue. If I check with dispart I see the the created GPT disk has 0 free space (disk is 500GB)

seb

02.08.2017 AT 12:22 PM

Kevin: for MDT TS (and from WinPE) try to add bios config after the "partition if necessary" step at the beginning of the TS. the "Failed to save environment to (80070057)" is definitively something about the mdt scripts not being able to be copied on the drive (and check that your drive is correctly converted back to MBR and not GPT) If you want to put the bios to uefi configs after the "new Computer only" step I think you'll have to repeat the whole "partition if necessary" group, followed by a "use toolkit package" and "gather" (and UDI wizard after that if you're using it (I do) for your last remark how do you reimage the machine? from windows (software centre?) if so you'll probably need to do the same under the refresh only step (I didn't try that yet). But at this point uefi should already be enabled and therefore skipped right (so that's maybe a completely different problem) I also found (on Dell system, didn't try on HP) that I needed 2 steps, separated by a reboot, to apply the uefi config because when you switch to uefi some settings are not instantly available, and I don't want it to boot on the uefi network stack as it does by default when windows is not yet installed. good luck !🙂

Back
1
2
Next

BIOS UEFI Conversion using SCCM Task Sequence

Table of Content

Share

SCCM BIOS UEFI Conversion Prerequisites

Create BIOS and UEFI Configuration File

Package Creation of BIOS Configuration Utility and Configuration

SCCM BIOS to UEFI Conversion in Task Sequence

Share