MDT UberBug06 – Having two recovery partitions is more secure

Getting some questions lately about recovery partitions in MDT LiteTouch, and yes, they are broken too.

ZTIDiskPart.wsf will automatically create hidden System partitions when you install the OS, this is typically 499MB and is at the start of the disk. In addition, MDT can also create a “Recovery” partition for the WinRE recovery system.

There are several things that are broken about this model, and I have filed several bugs against MDT to have these fixed.

However in MDT 2013 we can see that things have changed, someone noticed that there is an extra “recovery” partition on uEFI machines! Why is that?

Turns out that even tough MDT already creates a Recovery partition on uEFI scenarios, MDT 2013 Update 1 added a 2nd recovery partition, that is never used, and is not marked as “Hidden” for uEFI, so it’s quite confusing.

Additionally, I dislike the use of modifying the primary partition scheme and making the main partition 99%.

My fix is to convert the client.xml task sequence template back to the old MDT 2013 style:

from this:

<defaultVarList>
  <variable name="OSDDiskIndex" property="DiskIndex">0</variable>
  <variable name="OSDPartitions0Type" property="Partitions0Type">Primary</variable>
  <variable name="OSDPartitions0FileSystem" property="Partitions0FileSystem">NTFS</variable>
  <variable name="OSDPartitions0Bootable" property="Partitions0Bootable">True</variable>
  <variable name="OSDPartitions0QuickFormat" property="Partitions0QuickFormat">True</variable>
  <variable name="OSDPartitions0VolumeName" property="Partitions0VolumeName">OSDisk</variable>
  <variable name="OSDPartitions0Size" property="Partitions0Size">99</variable>
  <variable name="OSDPartitions0SizeUnits" property="Partitions0SizeUnits">%</variable>
  <variable name="OSDPartitions0VolumeLetterVariable" property="Partitions0VolumeLetterVariable">OSDisk</variable>
  <variable name="OSDPartitions1Type" property="Partitions1Type">Primary</variable>
  <variable name="OSDPartitions1FileSystem" property="Partitions1FileSystem">NTFS</variable>
  <variable name="OSDPartitions1Bootable" property="Partitions1Bootable">False</variable>
  <variable name="OSDPartitions1QuickFormat" property="Partitions1QuickFormat">True</variable>
  <variable name="OSDPartitions1VolumeName" property="Partitions1VolumeName">Recovery</variable>
  <variable name="OSDPartitions1Size" property="Partitions1Size">100</variable>
  <variable name="OSDPartitions1SizeUnits" property="Partitions1SizeUnits">%</variable> 
  <variable name="OSDPartitions1VolumeLetterVariable" property="Partitions1VolumeLetterVariable"></variable>
  <variable name="OSDDiskPartitions1Type" property="OSDDiskPartitions1Type">Recovery</variable>
  <variable name="OSDPartitions" property="Partitions">2</variable>     
  <variable name="OSDPartitionStyle" property="PartitionStyle">MBR</variable>
</defaultVarList>

Back to the MDT 2013 style:

<defaultVarList>
  <variable name="OSDDiskIndex" property="DiskIndex">0</variable>
  <variable name="OSDPartitions0Type" property="Partitions0Type">Primary</variable>
  <variable name="OSDPartitions0FileSystem" property="Partitions0FileSystem">NTFS</variable>
  <variable name="OSDPartitions0Bootable" property="Partitions0Bootable">True</variable>
  <variable name="OSDPartitions0QuickFormat" property="Partitions0QuickFormat">True</variable>
  <variable name="OSDPartitions0VolumeName" property="Partitions0VolumeName">OSDisk</variable>
  <variable name="OSDPartitions0Size" property="Partitions0Size">100</variable>
  <variable name="OSDPartitions0SizeUnits" property="Partitions0SizeUnits">%</variable>
  <variable name="OSDPartitions0VolumeLetterVariable" property="Partitions0VolumeLetterVariable">OSDisk</variable>
  <variable name="OSDPartitions" property="Partitions">1</variable>
  <variable name="OSDPartitionStyle" property="PartitionStyle">MBR</variable>
</defaultVarList>

I have yet to file a bug on this issue on connect, as the connect web site is broken again today.

-k

Advertisements

5 thoughts on “MDT UberBug06 – Having two recovery partitions is more secure

  1. Keith,
    I have submitted the Bug with the proper issue https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/1691196
    Make sure you click on the Details to show the full submission.

    This can be resolved by modifying ZTIDiskpart.wsf to use a larger partition without modifying the Task Sequence.

    Also, I would not recommend using ZTIWinRE.wim. See https://winpeguy.wordpress.com/2015/07/09/winre-eli5-mdt-ztiwinre-wsf-and-step-add-windows-recovery-winre/
    Windows 8.1 and Windows 10 automatically handle the move of WinRE.wim without any scripts or modifications, just make sure the WinRE.wim you want to use is in your Base Image at Windows\System32\Recovery\WinRE.wim.

  2. Pingback: MDT 2013 Update 1 Release Notes and Known Issues - Microsoft Deployment Toolkit Team Blog - Site Home - TechNet Blogs

  3. Pingback: MDT 2013 Update 1 Release Notes and Known Issues | Ward Vissers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s