Support for the Windows ADK in Configuration Manager
Applies to: Configuration Manager (current branch)
When you deploy operating systems with Configuration Manager, the Windows Assessment and Deployment Kit (ADK) is a required external dependency. For more information, see the following articles:
Windows PE is a separate installer. Make sure to download both the Windows ADK and the Windows PE add-on for the ADK.
Windows ADK versions
The following table lists the versions of the Windows ADK that you can use with different versions of Configuration Manager.
|Windows ADK version||ConfigMgr 2006||ConfigMgr 2010||ConfigMgr 2103||ConfigMgr 2107|
|Windows Server 2022
|Windows 10, version 2004
|Windows 10, version 1903
| = Supported
This table only shows Windows ADK supportability in relation to the version of Configuration Manager. Microsoft recommends using the Windows ADK that matches the version of Windows you're deploying. Use the latest Windows ADK version when deploying the latest Windows version. The latest Windows ADK version may support deployment of older OS versions, such as Windows 8.1. For more information on Windows ADK component supportability, see DISM supported platforms and USMT requirements.
| = Backward compatible
This combination isn't tested but should work. We'll document any known issues or caveats.
|= Not supported|
Configuration Manager only supports x86 and amd64 components of the Windows ADK. It doesn't currently support ARM or ARM64 components.
Windows Server builds have the same Windows ADK requirement as the associated Windows client version. For example, Windows Server 2016 is the same build version as Windows 10 LTSB 2016.
If you're deploying both Windows 11 and Windows Server 2022, use the Windows ADK for Windows 11, which is the latest version. If you're deploying Windows Server 2022 and not Windows 11, you can use either Windows ADK for Windows Server 2022 or Windows 11.
Pre-provisioning BitLocker during task sequence doesn't own TPM
Applies to: Windows ADK for Windows 11
When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:
'TakeOwnership' failed (2147942402) pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002 Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured The system cannot find the file specified. (Error: 80070002; Source: Windows) Process completed with exit code 2147942402 Failed to run the action: Pre-provision BitLocker. Error -2147024894
To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:
reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f
For more information on this registry key, see Change the TPM owner password.