Support for the Windows ADK in Configuration Manager
Applies to: Configuration Manager (current branch)
When you deploy operating systems with Configuration Manager, the Windows Assessment and Deployment Kit (ADK) is a required external dependency. For more information, see the following articles:
-
Important
- Windows PE is a separate installer. Make sure to download both the Windows ADK and the Windows PE add-on for the ADK.
- ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) or newer is required to deploy Windows 10/11 ARM64 operating systems. However, ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) Windows PE boot images have some known issues and need to be updated with the latest cumulative update to work with Configuration Manager. For more information, see Support notes.
Note
ADK 10.1.25398.1 (updated September 2023) isn't currently supported for use with Configuration Manager due to known issues unless the Windows PE boot images are updated with the latest cumulative update (LCU). Previous supported ADK versions can be found at Other ADK downloads. For more information, see Support notes.
Windows ADK versions
The following table lists the versions of the Windows ADK that you can use with different versions of Configuration Manager.
Windows ADK version | ConfigMgr 2211 | ConfigMgr 2303 | ConfigMgr 2309 | ConfigMgr 2403 |
---|---|---|---|---|
ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) |
❌ | ❌ | ❌ | Only with LCU |
ADK for Windows 11, version 22H2 (10.1.22621.1) |
✅ | ✅ | ✅ | ✅ |
ADK for Windows 11, version 21H1 (10.1.22000) |
✅ | ✅ | ✅ | ✅ |
ADK for Windows Server 2022 (10.1.20348) |
✅ | ✅ | ✅ | ✅ |
ADK for Windows 10, version 2004 (10.1.19041) |
✅ | ✅ | ✅ | ✅ |
Key |
---|
✅ = Supported This table only shows Windows ADK supportability in relation to the version of Configuration Manager. Microsoft recommends using the Windows ADK that matches the version of Windows you're deploying. Use the latest Windows ADK version when deploying the latest Windows version. The latest Windows ADK version might support deployment of older OS versions, such as Windows 10. For more information on Windows ADK component supportability, see DISM supported platforms, USMT requirements, and Choose the right ADK for your scenario. |
= Backward compatible This combination isn't tested but should work. We'll document any known issues or caveats. |
❌ = Not supported |
Support notes
ADK 10.1.25398.1 (updated September 2023) Windows PE AMD64 boot images aren't currently supported for use with Configuration Manager due to known issues:
VBScript doesn't work in WinPE.
The Pre-provision BitLocker task doesn't work in WinPE.
Devices with UFS storage, such as the Surface Go 4, don't work in WinPE.
These issues can be fixed by applying the latest Windows Server 23H2 cumulative update to the Windows PE AMD64 boot image found in the ADK 10.1.25398.1 (updated September 2023). Once the latest cumulative update is applied to the Windows PE AMD64 boot image, it can be used with Configuration Manager. Information regarding applying cumulative updates to Windows PE boot images can be found in the article Customize Windows PE boot images.
Note
To enable VBScript support in the ADK 10.1.25398.1 (updated September 2023) Windows PE AMD64 boot image, make sure to add the Scripting/WinPE-Scripting optional component before applying the latest Windows Server 23H2 cumulative update to the Windows PE AMD64 boot image.
The Windows PE ARM64 boot image in the ADK 10.1.25398.1 (updated September 2023) doesn't support either VBScript or BitLocker while in Windows PE, even when the (Scripting/WinPE-Scripting) and (Startup/WinPE-SecureStartup) optional components are added and the latest Windows Server 23H2 cumulative update is applied to the Windows PE ARM64 boot image.
For information on applying the BlackLotus UEFI bootkit vulnerability security updates to boot images from the ADKs before the ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1), see Customize Windows PE boot images. Boot images from the ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) and newer already have the BlackLotus UEFI bootkit vulnerability security update applied to them.
Windows Server builds have the same Windows ADK requirement as the associated Windows client version. For example, Windows Server 2016 is the same build version as Windows 10 LTSB 2016.
If you're deploying both Windows 11 and Windows Server 2022, use the Windows ADK for Windows 11, which is the latest version. If you're deploying Windows Server 2022 and not Windows 11, you can use either Windows ADK for Windows Server 2022 or Windows 11.
The 32-bit versions of Windows PE (WinPE) in the WinPE add-ons for Windows 11 and Windows Server 2022 aren't supported. The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004. For more information, see Download and install the Windows ADK.
Configuration Manager supports the use of older versions of Windows PE as boot images, but you can't customize them in the Configuration Manager console. For more information, see Customize boot images with Configuration Manager.
Known issues
Pre-provisioning BitLocker during task sequence doesn't own TPM
Applies to: Windows ADK for Windows 11 (version 10.1.22000)
When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:
'TakeOwnership' failed (2147942402)
pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Process completed with exit code 2147942402
Failed to run the action: Pre-provision BitLocker. Error -2147024894
To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:
reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f
For more information on this registry key, see Change the TPM owner password.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
În curând: Pe parcursul anului 2024, vom elimina treptat Probleme legate de GitHub ca mecanism de feedback pentru conținut și îl vom înlocui cu un nou sistem de feedback. Pentru mai multe informații, consultați:Trimiteți și vizualizați feedback pentru