# Customize Boot Image - PowerShell The Adaptiva CreateOneSiteBoot PowerShell script, CreateOneSiteBoot.ps1, creates a boot image that includes the Adaptiva OneSite OneSiteDownloader utility. The script supports three scenarios: 1. Creating a brand-new boot image based on out-of-the-box Microsoft ConfigMgr boot WIMs. 2. Creating a new boot image based on your current boot WIM. 3. Updating your current boot WIM by mounting it, adding an updated OneSiteDownloader file, and unmounting it. [Download the script](https://adaptiva.com/hubfs/Docs/CreateOneSiteBoot_Script.zip) ## Prerequisites You must run this script on the Primary site server in order to access specific files and folders. This script must be run on Windows Server 2012 or later. This script stores the customized WIM file, which functions as the boot image source, in the following location: `\\\SMS_\OSD\boot\OneSiteBoot\\OneSiteBoot.wim` unless you use the `-UpdateBootImagePath` switch. You must perform any additional configuration, such as drivers or pre-start commands, separately from the available parameters. If using special characters in a certificate or boot-image password, enclose the password in single quotes in the command line, example: `-CertPassword 'secretpassword'` ## Parameters | Parameter | Description | | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Required** | | | `-bootImgArch` | The desired OS architecture for the boot image, either "x64" or "x86". | | `-OneSiteSource` | The path to the folder containing OneSiteDownloader.exe or OneSiteDownloader64.exe. | | **Optional** | | | `-BootImageID` | The package ID of the boot image you want to copy that the new boot image is based on. Adaptiva creates a new boot image from it without changing the original. | | `-CertPassword` | The password used for the exported PKI certificate. Must be used with the `-CertPath` parameter. | | `-CertPath` | The full path to the exported PKI certificate (.pfx file) to be used for the boot image. Must be used with the `-CertPassword` parameter. | | `-DP` | FQDN of the desired Distribution Point that the script copies the boot image to during script processing. The default value is the `-SiteServer` parameter. | | `-MediaMode` | Dynamic or SiteBased. The default value is Dynamic. If there is only a single primary site, use SiteBased. | | `-MP` | FQDN of the desired Management Point that the script references for script processing. The default value is the `-SiteServer` parameter. | | `-Password` | The password associated with the boot image. If specified, requires a password to use the boot media. Does not apply if you use the `-CertPath` parameter. | | `-SiteServer` | FQDN of the ConfigMgr Primary Site Server. The default value is the name of the computer the script is being run on. | | `-UpdateBootImagePath` | The full, fixed path to the boot image's WIM file. The script mounts the image, copies in a new version of OneSiteDownloader, unmounts the image, and updates the distribution point. Must be used with the `-BootImageID` parameter. Note: There will be two WIM files; use the WIM file without the package ID in the file name. See an example below. | | `-UserDeviceAffinity` | AdministratorApproval, AutoApproval, or DoNotAllow. The default value is DoNotAllow. | | `-YearstoExpire` | The number of years before the self-signed certificate expires. The default is 2 years. | If you're using the `UpdateBootImagePath` parameter, use the WIM file without the package ID in the file name, as highlighted below: ## Switches | Switch | Description | | ----------------- | ----------------------------------------------- | | `-CMDSupport` | If specified, enables command prompt support. | | `-UnknownSupport` | If specified, enables unknown computer support. | ## Examples ### Create a Boot Image Creates a new x64 OneSite boot image with the self-signed certificate set to expire after 5 years, allowing command-line support, unknown computer support, and Media mode is set to SiteBased (recommended when a single primary site exists). ``` CreateOneSiteBoot.ps1 -bootImgArch x64 -OneSiteSource "C:\AdaptivaOneSiteSource" -SiteServer FQDNofSiteServer.domain.com -DP FQDNofDP.domain.com -MP FQDNofMP.domain.com -MediaMode SiteBased -YearstoExpire 5 -CMDSupport -UnknownSupport ``` ### Copy a Boot Image Creates a new x64 OneSite boot image based on your current boot image with the self-signed certificate set to expire after 5 years, allowing command-line support, unknown computer support, and Media mode is set to SiteBased (recommended when a single primary site exists). ``` CreateOneSiteBoot.ps1 -bootImgArch x64 -OneSiteSource "C:\AdaptivaOneSiteSource" -BootImageID "PackageIDofCurrentBootImage" -SiteServer FQDNofSiteServer.domain.com -DP FQDNofDP.domain.com -MP FQDNofMP.domain.com -MediaMode SiteBased -YearstoExpire 5 -CMDSupport -UnknownSupport ``` ### Update a Boot Image Updates your current OneSite boot image with a newer version of OneSiteDownloader. The script mounts your current boot image, copies the new version of OneSiteDownloader, unmounts the image, and updates distribution points. ``` CreateOneSiteBoot.ps1 -bootImgArch x64 -OneSiteSource "C:\AdaptivaOneSiteSource" -UpdateBootImagePath "C:\BootImage\BootImage.WIM" -BootImageID "PRI0001A" ``` ### Password Protect a Boot Image Creates a new x64 OneSite boot image with password protection enabled, command support enabled, unknown computer support enabled, and a self-signed certificate set to expire after 5 years, and the site server, DP, and MP are on the same server. ``` CreateOneSiteBoot.ps1 -bootImgArch x64 -OneSiteSource "C:\AdaptivaOneSiteSource" -Password 'secretpassword' -CMDSupport -UnknownSupport -YearstoExpire 5 ``` ### Use a PKI Certificate with a Boot Image Creates an x86 OneSite boot image with PKI certificate and unknown computer support enabled. ``` CreateOneSiteBoot.ps1 -bootImgArch x86 -OneSiteSource "C:\AdaptivaOneSiteSource" -CertPath C:\Certificate.pfx -CertPassword 'certificatepassword' -UnknownSupport ``` ## Task Sequence Variable and Logging When Windows PE loads, it places OneSiteDownloader.exe in `X:\OneSite\\OneSiteDownloader.exe`. When specifying the task sequence variable `SMSTSDownloadProgram`, set the value to: `%systemdrive%\OneSite\%processor_architecture%\OneSiteDownloader.exe` The script creates a log in the directory where you run it. If a log file already exists there, the script deletes it.