Windows PE

From ArchWiki

Windows PE is a lightweight version of Windows intended to be used for installation of Windows Vista and later versions of Windows, as well as for system maintenance. It runs entirely from memory and can be booted from the network.

Note: Not to be confused with the PE binary executable format.

Windows PE images are normally created in Windows using the Windows ADK. This page describes how customized Windows PE images can be created, and optionally published on the network, using an (Arch) Linux machine. This might be useful if :

  • you need to install Windows from the network, or boot Windows PE from the network for system administration, using an Arch Linux-based server. This may be because you do not have a Windows-based server, or you prefer using a Linux server because of its improved security and configurability, or you are already using a Linux server for other purposes.
  • you need to run a Windows environment to run Win32 programs, you do not have a Windows machine available, and you do not want to use Wine or the programs will not run correctly with Wine.
  • you need to update firmware for which your device manufacturer only provides Windows binaries.
Warning: By downloading the Windows Automated Installation Kit, you may be bound by its license, which prevents you from, among other things, using Windows PE as a general-purpose operating system.

Creating a bootable Windows PE image

Install wimlib.

Obtain a Windows ISO or WAIK image

You need a copy of Windows installation media, in order to extract the boot.wim file that contains the initial copy of Windows PE, along with some boot files. Different versions of Windows contain different versions of Windows PE. For the relationship between Windows versions and Windows PE versions, refer to Wikipedia.

The simplest method is to download the latest Windows 11 ISO.

Tip:
  • For a 32-bit version of Windows PE, download a Windows 10 iso, as Windows 11 has dropped support for 32-bit.
  • For versions prior to Windows 8, you can download the Windows Automated Installation Kit (WAIK) image instead. See [1], [2]
  • It may be possible to use httpfs to avoid downloading the entire image file.
Warning: Make sure to select the correct architecture depending on your target usage: either x86 (32-bit) or x64 (64-bit). Compatibility of 32-bit programs on Windows x64 is generally good, but your mileage may vary.

Prepare a bootable Windows PE ISO

Mount the installation image, e.g.:

# mount --mkdir winimg.iso /media/winimg

Use the mkwinpeimg script provided with wimlib to create a bootable Windows PE ISO :

$ mkwinpeimg --iso --windows-dir=/media/winimg winpe.iso
Note: If using a WAIK image, use --waik-dir instead of --windows-dir.

See mkwinpeimg(1) for more information, including the --overlay option to copy files into the image. You may want to do this to add additional Windows applications that you want to run in Windows PE, or to add any additional drivers that Windows PE needs. Drivers can be loaded using the drvload command within Windows PE.

Unmount the source ISO:

# umount /media/winimg

Prepare a bootable Windows PE USB key for UEFI systems

mkwinpeimg cannot build a bootable UEFI system natively, but the necessary UEFI boot files are included in the Windows installation media and can be used by following the next steps:

Warning: Make sure you selected an appropriate architecture for your Windows ISO image (x86 or x64). This guide has only been tested with x64, i.e. it boots using /efi/boot/bootx64.efi. It is unknown whether a UEFI system would boot a x86 image of Windows this way. Please update this page if you can test.

On a USB key, create a GPT partition table with a single partition of type EFI System, and format the partition to FAT32.

Mount the winpe.iso file created by mkwinpeimg, mount your USB key, and copy everything:

# mount --mkdir winpe.iso /media/winpe
# mount --mkdir /dev/sdX1 /media/usb
# cp -r /media/winpe/* /media/usb/

Finally, mount the original Windows ISO image and copy all boot files in efi:

# mount winimg.iso /media/winimg
# cp -r /media/winimg/efi /media/usb/

You can now umount all ISO and the USB key, your USB key is ready to boot.

Booting Windows PE

After creating a bootable ISO of Windows PE (winpe.iso) as described in the previous section, you may want to boot Windows PE in the following ways:

In virtual machine

Run a virtual machine with winpe.iso attached as a CD-ROM. Be sure to give it adequate memory, definitely more than the size of the ISO, since Windows PE runs from memory. See Category:Hypervisors for a list of available virtualization software.

From USB key

If you have prepared a USB key for UEFI systems according to the guide above, it should just boot. It may take some time to boot (10 to 20 seconds is not uncommon, depending on your USB key) because the loader seems to copy some/all data to RAM.

From CD

Simply burn winpe.iso onto a CD, and you can boot from it.

From Network

This article or section is a candidate for merging with PXE.

Notes: The PXE article already describes most of this stuff, no need for duplication. Just make sure that configuration file is not lost if it is necessary for windows. Besides that everything is dupe. (Discuss in Talk:Windows PE)

Windows PE can be booted from the network using PXELINUX and its MEMDISK module on BIOS systems. For UEFI systems, wimboot and iPXE can be used.

Install syslinux and tftp-hpa.

Copy needed PXELINUX files to the TFTP server root directory.

# rsync -aq /usr/lib/syslinux/bios/ /var/tftpboot/

Put winpe.iso in the TFTP server root directory.

# mv winpe.iso /var/tftpboot

Create a configuration file for PXELINUX similar to the following:

/var/tftpboot/pxelinux.cfg/default
UI         menu.c32
MENU TITLE Network Boot
TIMEOUT    50

LABEL      winpe
MENU LABEL Boot Windows PE from network
KERNEL     /memdisk
INITRD     winpe.iso
APPEND     iso raw

LABEL      localboot
MENU LABEL Boot from local disk
LOCALBOOT  0

Start the TFTP server.

Configure your DHCP server (such as Dhcpd or Dnsmasq) to point to pxelinux.0 as the boot file, with the Linux server's IP address. Beware: if your DHCP server is on a router, it may not be possible to do this without installing custom firmware.

After completing the above steps, you should be able to boot Windows PE from the network.

Note: With the given PXELINUX configuration file, Windows PE will start by default after 5 seconds.
Tip: TFTP is not designed to be used to transfer large files, such as winpe.iso, which may be 118MB or more and take about 30 seconds to load. Performance may be improved by using the gpxelinux.0 bootloader instead of pxelinux.0 and loading winpe.iso using HTTP rather than TFTP.

Installing Windows from Windows PE

Once booted into Windows PE, you can install Windows from an installation media.

The installation media can be a network share (Samba). See Samba for seting up a Samba server on another machine on the LAN. To share the installation image mounted at /media/winimg, add the following share definition to /etc/samba/smb.conf:

/etc/samba/smb.conf
[REMINST]
browsable = true
read only = no
guest ok = yes
path = /media/winimg

Once booted into Windows PE command prompt, run the following command to initialize the network interface, obtain the IP of the Samba server (assuming Windows PE was booted over PXE from a machine that runs the DHCP, TFTP, and Samba server, the server IP will usually be the Gateway IP), mount the share, and launch the GUI setup:

 > wpeinit
 > ipconfig
 > net use I: \\IP.ADDRESS.OF.SAMBA.SERVER\REMINST
 > I:\setup.exe

Tips and tricks

Update Intel Management Engine firmware

You can use Windows PE in order to install updates for firmware such as Intel ME if your hardware manufacturer only provides Windows binaries, and you cannot update via Fwupd.

You will need to download :

  • your manufacturer's Intel ME update tool
  • drivers for the Intel Management Engine.

Store both extracted archives in a folder, e.g.

/vendor_files
  ├── me_driver
  └── update_tool
Note: You might need to use Wine and/or cabextract in order to extract the drivers, according to how they are packaged.

Proceed with #Creating a bootable Windows PE image but make sure to :

  • choose a windows PE version for which your device vendor provides Intel ME drivers, i.e. 32-bit or 64-bit.
  • include the device drivers and update tool with --overlay, e.g. :
$ mkwinpeimg --iso --windows-dir=/media/winimg --overlay=vendor_files winpe.iso

Proceed with #Booting Windows PE, then load the drivers with:

X:\Windows\Systems32>cd \
X:\>drvload me_driver\...\heci.inf

Finally, update the Intel ME firmware by using the update tool.

Tip: You can use the Intel CSME version detection tool to check for vulnerabilities.

Custom Windows PE images

Tools like Hiren's BootCD and others include Windows PE and are around half the size (~2.8GB) of a full Windows ISO. They are often fuller featured boot environments and can include Internet Explorer, which may be helpful to look up bcdedit or bootrec commands to repair Windows boot manager.

Hiren's BootCd is already bootable, it only needs to be extracted to a USB.

dd bs=4M if=./HBCD_PE_x64.iso of=/dev/sdX status=progress && sync

Make sure the USB key uses a GPT partition table as described in #Prepare a bootable Windows PE USB key for UEFI systems.

Troubleshooting

System error 58 has occurred. The specified server cannot perform the requested operation

If you are getting the following error when using the net use command:

System error 58 has occurred.

The specified server cannot perform the requested operation.

1. Make sure you have not accidentally unmounted the /media/winimg directory.

2. Add a map to guest to /etc/samba/smb.conf. Add the following at the top of the file:

/etc/samba/smb.conf
[global]
map to guest = Bad User
...

3. Restart the smbd.service.

4. Specify any username/password in the net use command:

net use I: \\IP.ADDRESS.OF.SAMBA.SERVER\REMINST /user:user pass

This is happening because Windows 10 connects to anonymous shares by checking some username and password to see if it is able to log in, and if so it allows an anonymous connection. Apparently whatever part hides this from the user did not make it into the PE build.

See also