Winpe Tool Download

[Melanie Wendelberger]

Thefiles you need to create Windows PE media are included in the Windows Assessment and Deployment Kit (ADK) and Windows PE Add-on. To create Windows PE media, you'll have to install the ADK with the Deployment tools option, and then install the Windows PE add-on.

As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: =2280386. In this post, we include detailed recovery steps for Windows client, servers, and OS's hosted on Hyper-V. The two repair options are as follows:

Recover from WinPE (recommended option)

This option quickly and directly recovers systems and does not require local admin privileges. However, you may need to manually enter the BitLocker recovery key (if BitLocker is used on the device) and then repair impacted systems. If you use a third-party disk encryption solution, please refer to vendor guidance to determine options to recover the drive so that the remediation script can be run from WinPE.

Recover from safe mode

This option may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys. For this option, you must have access to an account with local administrator rights on the device. Use this approach for devices using TPM-only protectors, devices that are not encrypted, or situations where the BitLocker recovery key is unknown. However, if utilizing TPM+PIN BitLocker protectors, the user will either need to enter the PIN if known, or the BitLocker recovery key must be used. If BitLocker is not enabled, then the user will only need to sign in with an account with local administrator rights. If third-party disk encryption solutions are utilized, please work with those vendors to determine options to recover the drive so the remediation script can be run.

Additional considerations

Although the USB option is preferred, some devices may not support USB connections. In such cases, we provide detailed steps below for using the Preboot Execution Environment (PXE) option. If the device cannot connect to a PXE network and USB is not an option, reimaging the device might be a solution.

Prerequisites for using the boot media

The BitLocker recovery key for each BitLocker-enabled impacted device on which the recover media is used may be required. If you are using TPM-only protectors and using the safe boot option, then the recovery key will not be required. If you are using TPM+PIN protectors, then you may need the recovery key if you do not know the PIN for the device.

Using recovery media on Hyper-V virtual machines

The recovery media can be used to remediate impacted Hyper-V virtual machines. To do so, select the option to generate an ISO when creating the recovery media using the steps above. For non-Hyper-V virtual machines, follow instructions provided by your hypervisor vendor to utilize the recovery media.

Using PXE for Recovery

For most customers, the options listed above or following the steps in the KBs linked towards the end of this post will help restore your devices. However, if devices are unable to use the option to recover from USB, for example, because of security policies or port availability, IT admins can use PXE to remediate.

To use this solution, you can use the Windows Imaging Format (WIM) that the Microsoft Recovery Tool creates in an existing PXE environment as long as the impacted devices are on the same subnet as the PXE server. Alternatively, you can either use the PXE server approach outline below. This option works best when the PXE server can be moved subnet to subnet easily for remediation purposes.

The problem is that the user remembers his encryption password so we can get past that point, but he cannot remember the password for either of the 2 windows accounts on the machine - so I need a very specific tool to assist me in this - I will need to boot from my Win PE CD sent to me by Winmagic for their Securedoc product, but once I unlock the drive with his credentials, I need to access this unicorn program that will let me change or blank out the password on at least one account to get back in to the machine, so I can remove the encryption software.

Can you ask the vendor if a utility exists to run from PE to permanently decrypt the OS? If so then do that, then load up a CD/USB with NT Offline password recovery. Enable the admin account and blank the password.

When an encrypted system fails to boot to the Windows operating system, recovery of data becomes the primary goal. Creating a customized Windows Preinstallation Environment (Windows PE) CD or UFD (USB flash drive) provides a bootable recovery tool that can be used for recovery purposes.

IMPORTANT TIP: Before attempting to fix the system, first attempt to authenticate the disk, and copy any needed data off. Attempting to modify the disk could cause irreversible damage to the filesystem so proceed with caution. If the data on the encrypted disk is important, we recommend first making a sector-by-sector, or 1:1 clone of the disk and work off of the copy. Attempt to copy the data off of the disk, rather than decrypt the drive as the first step. When in doubt, contact Symantec Encryption Support for further guidance.

As a best practice, you must create the customized Windows PE for recovery immediately after installing the client software. A customized Windows PE CD or UFD is the only way to recover your data when you cannot start your operating system. The best practice is to create a Windows PE CD or UFD immediately after the recovery tools have been created. A Windows PE CD or UFD stores the recovery tools away from your system and proves to be an important resource for disaster recovery.

Introduction to the Preinstallation Environment for WinPE

The Microsoft Windows Preinstallation Environment (PE) is widely used by IT professionals in Windows environments for installation tasks, deployment, maintenance, troubleshooting, diagnosis, recovery, and so on. For example, use Windows PE to:

A standard Windows PE disk without the PGP tools integrated will not work in situations where the Symantec Drive Encryption is installed on a system and the entire disk is encrypted. For Windows PE to work on a system where Symantec Drive Encryption is installed, the Symantec Drive Encryption driver (also called PGP WDE driver in earlier versions) must be pre-installed and the administrator must have authorized access to the hard disk.

Step 2: Once you are in the correct directory with copype.cmd available, you will run the following command to create a 64-bit WinPE image directory where all applicable files that will be used will be copied to:

Note: Do not attempt to create the "winpe" directory on the C: drive, the command above will create it for you and will fail if it is already there.

This is the basis for the entire WinPE process and will be used to include the PGP tools inside of this image.

The above command has now copied the appropriate image file "winpe.wim" that we will then use to insert all the PGP tools/binaries.

This will be the image file that we will use going forward that will be used to create the WinPE disk to access drives encrypted with PGP.

We've now created the WinPE directory in c:\winpe.

We've now created a WIM file in this directory called "winpe.wim".

We've now created an empty folder called BootWIM under the c:\winpe directory.

Step 1: Insert a USB Drive and make note of the drive letter. It is important you are sure you know the drive letter because the next steps will erase the contents and format the drive.

I'm trying to set up ESET SysRescue on a USB inside a WinPE environment. According to the KB about ESET NOD32 Antivirus (Link: -US/index.html?idh_rescuecd_create_winpe.htm, which includes information about SysRescue), SysRescue runs inside a WinPE environment. However, that is through the installer that comes from NOD32 as far as I can see. I am using the SysRescue Live installer (Link: ) and it seems to install just in a Linux environment on the USB. How do I set up SysRescue to install and run in a WinPE environment without having access to NOD32? NOD32 requires a purchase to download, and where I work, we do not use NOD32, but still use the ESET security solution. Would love help!

So far, I've been able to either use the SysRescue live USB creation tool to create the SysRescue Live linux environment, or create a WinPE environment using the ADK tools, but haven't been able to combine the two....

For anyone working with OSD for more than about 4 minutes, you know that its in the WinPE phase most of the magic happens. For testing and troubleshooting purposes its quite helpful to add some tools to your boot image, so you always have them available without having to download from a web server or file server etc.

CMtrace, which is included by default in ConfigMgr boot images, but not MDT boot images, are useful to read log files.

Note: Even while available for download from the public Microsoft downloads site. CMTrace is not freeware, usage rights are included with the Configuration Manager license. However, I got this note from the product team: One thing we realized is that the tools are on the evaluation ISO, and licensed as such, anyone downloading the evaluation is covered for the duration of the evaluation period.

ServiceUI.exe is useful when you need to interact with a ConfigMgr task sequence in full Windows. Meaning ServiceUI.exe is actually not a tool you need in WinPE, but it's helpful to have it in WinPE, so you can easily copy it to your offline Windows image.

3a8082e126