Editare

Support for the Windows ADK in Configuration Manager

  • Articol

Applies to: Configuration Manager (current branch)

When you deploy operating systems with Configuration Manager, the Windows Assessment and Deployment Kit (ADK) is a required external dependency. For more information, see the following articles:

  • Infrastructure requirements for OS deployment

  • Download the Windows ADK

    Important

    • Windows PE is a separate installer. Make sure to download both the Windows ADK and the Windows PE add-on for the ADK.
    • ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) or newer is required to deploy Windows 10/11 ARM64 operating systems. However, ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) Windows PE boot images have some known issues and need to be updated with the latest cumulative update to work with Configuration Manager. For more information, see Support notes.

    Note

    ADK 10.1.25398.1 (updated September 2023) isn't currently supported for use with Configuration Manager due to known issues unless the Windows PE boot images are updated with the latest cumulative update (LCU). Previous supported ADK versions can be found at Other ADK downloads. For more information, see Support notes.

Windows ADK versions

The following table lists the versions of the Windows ADK that you can use with different versions of Configuration Manager.

Windows ADK version ConfigMgr 2211 ConfigMgr 2303 ConfigMgr 2309 ConfigMgr 2403
ADK 10.1.25398.1 (updated September 2023)
(10.1.25398.1)		 Only with LCU
ADK for Windows 11, version 22H2
(10.1.22621.1)
ADK for Windows 11, version 21H1
(10.1.22000)
ADK for Windows Server 2022
(10.1.20348)
ADK for Windows 10, version 2004
(10.1.19041)
Key
✅ = Supported
This table only shows Windows ADK supportability in relation to the version of Configuration Manager. Microsoft recommends using the Windows ADK that matches the version of Windows you're deploying. Use the latest Windows ADK version when deploying the latest Windows version. The latest Windows ADK version might support deployment of older OS versions, such as Windows 10. For more information on Windows ADK component supportability, see DISM supported platforms, USMT requirements, and Choose the right ADK for your scenario.
Backwards compatible = Backward compatible
This combination isn't tested but should work. We'll document any known issues or caveats.
❌ = Not supported

Support notes

  • ADK 10.1.25398.1 (updated September 2023) Windows PE AMD64 boot images aren't currently supported for use with Configuration Manager due to known issues:

    • VBScript doesn't work in WinPE.

    • The Pre-provision BitLocker task doesn't work in WinPE.

    • Devices with UFS storage, such as the Surface Go 4, don't work in WinPE.

      These issues can be fixed by applying the latest Windows Server 23H2 cumulative update to the Windows PE AMD64 boot image found in the ADK 10.1.25398.1 (updated September 2023). Once the latest cumulative update is applied to the Windows PE AMD64 boot image, it can be used with Configuration Manager. Information regarding applying cumulative updates to Windows PE boot images can be found in the article Customize Windows PE boot images.

      Note

      To enable VBScript support in the ADK 10.1.25398.1 (updated September 2023) Windows PE AMD64 boot image, make sure to add the Scripting/WinPE-Scripting optional component before applying the latest Windows Server 23H2 cumulative update to the Windows PE AMD64 boot image.

      The Windows PE ARM64 boot image in the ADK 10.1.25398.1 (updated September 2023) doesn't support either VBScript or BitLocker while in Windows PE, even when the (Scripting/WinPE-Scripting) and (Startup/WinPE-SecureStartup) optional components are added and the latest Windows Server 23H2 cumulative update is applied to the Windows PE ARM64 boot image.

  • For information on applying the BlackLotus UEFI bootkit vulnerability security updates to boot images from the ADKs before the ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1), see Customize Windows PE boot images. Boot images from the ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) and newer already have the BlackLotus UEFI bootkit vulnerability security update applied to them.

  • Windows Server builds have the same Windows ADK requirement as the associated Windows client version. For example, Windows Server 2016 is the same build version as Windows 10 LTSB 2016.

  • If you're deploying both Windows 11 and Windows Server 2022, use the Windows ADK for Windows 11, which is the latest version. If you're deploying Windows Server 2022 and not Windows 11, you can use either Windows ADK for Windows Server 2022 or Windows 11.

  • The 32-bit versions of Windows PE (WinPE) in the WinPE add-ons for Windows 11 and Windows Server 2022 aren't supported. The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004. For more information, see Download and install the Windows ADK.

    Configuration Manager supports the use of older versions of Windows PE as boot images, but you can't customize them in the Configuration Manager console. For more information, see Customize boot images with Configuration Manager.

Known issues

Pre-provisioning BitLocker during task sequence doesn't own TPM

Applies to: Windows ADK for Windows 11 (version 10.1.22000)

When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:

'TakeOwnership' failed (2147942402)
pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Process completed with exit code 2147942402
Failed to run the action: Pre-provision BitLocker. Error -2147024894

To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:

reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f

For more information on this registry key, see Change the TPM owner password.

Next steps

Support for Windows 11

Support for Windows 10

Supported OS versions for clients