I am working on getting a good process for PXE Boot on computers with UEFI. I am using Configuration Manager and my PXE Boot is based on workstations Distribution Point computers. These are running Windows 10 and use the PXE Redirector as part of the distribution point role. I have the PXE Boot working in the following scenarios:
1.) brand new computer that is not previously joined to AD or listed in SCCM that just has the OEM image installed on the hard drive - in this scenario the computer is detected as UNKNOWN COMPUTER and directed to task sequences associated with UNKNOWN COMPUTER
2.) computer previously joined to AD or listed in SCCM. Booted by means of a USB boot media and the hard drive cleaned using DISKPART - in this scenario the computer can be targeted by task sequences specifically intended for the particular computer. This is important because I am using dynamic application assignments that are assigned to specific users based on group membership and computer membership in device collections is based on user affinity. This process works great but it relies heavily on the user being in the right AD group and the computer existing in Config Manager and affinity being established.
While option 2 provides a workable method, I need a simpler way to deal with the requirement of clearing the partition. Is there a flag that is set in the PXE process that looks for the UEFI state of the drive that can be conditionally overruled? I would like a way to administratively indicate that if a computer is a member of a specific OSD related collection that the drive protection can be voided and PXE Boot can proceed. I want to keep the protection in place in all other circumstances to avoid the possibility of users accidentally PXE booting into the Config Manager Task Sequence media.
My goal is to make imaging and reimaging as simple as possible for my Helpdesk technicians. I don't want them to be worrying about how to get the computers into PXE boot, but rather I am more concerned with them focusing on customer service. I have built my task sequences to automatically deploy all the software for any role across the company using a single task sequence. It can deploy up to 99 different dynamic apps and 99 different dynamic packages based on the AD group membership of the user. This has been a huge help at increasing quality deployments to users. Now if I can only get the last mile of PXE booting resolved so my Helpdesk technicians can boot to the network and the only thing they have to do is select the single task sequence, then things will be very good.
Let me know if you have any thoughts on how I can avoid the need to DISKPART as part of reimaging. I really appreciate the insight.