Fun with PXE, redux.

You may recall that I’m serving up not only Windows Deployment Services capture and deploy but also Acronis recovery media over PXE.

Well, now I’m also serving up Windows Defender Offline. When chosen from the PXE boot menu, it boots into Windows PE, automagically launches Defender, updates the definitions, and runs a full scan.  And then sits there and waits for you to see the results and hit reboot.

Here’s what I did.  This assumes you have Windows Deployment Services and the Windows Automated Installation Kit.

  1. Download Windows Defender Offline for your architecture.
  2. Run the tool to create an ISO (“to burn to CD/DVD later”).
  3. Mount the ISO with Virtual CloneDrive (or similar product).
  4. Fish boot.wim out of /sources on the virtual CD drive.
  5. Create a directory to mount the wim into if one doesn’t already exist.
  6. Mount boot.wim into that directory. Dism /Mount-Wim /WimFile:C:\temp\boot.wim /MountDir:C:\temp\wim /Index:1
  7. If you have a directory full of drivers for your environment, you can pre-emptively add them with: Dism /Image:C:\temp\wim /Add-Driver /Driver:c:\drivers /Recurse /ForceUnsigned. (If not, cross your fingers and carry on with the next step.)
  8. Copy mpam-fex64.exe (or similarly named file for x86)  into the top level of the wim from the top level of your virtual CD drive.
  9. Save and unmount the wim.  Dism /Unmount-Wim /MountDir:C:\temp\wim /Commit
  10. Upload the new wim to your WDS server and add it as a boot option.

I’ve also rewritten a lot of my batch scripts to be PowerShell, but I think that’s a post for another day.

Leave a Comment

Filed under Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *