Support for the Windows ADK in Configuration Manager
Applies to: Configuration Manager (current branch)
When you deploy operating systems with Configuration Manager, the Windows Assessment and Deployment Kit (ADK) is a required external dependency. For more information, see the following articles:
-
Important
- Windows PE is a separate installer. Make sure to download both the Windows ADK and the Windows PE add-on for the ADK.
- ADK 10.1.26100.1 (May 2024) (10.1.26100.1) or newer is required to deploy Windows ARM64 operating systems on Configuration Manager 2403 or newer.
Windows ADK versions
The following table lists the versions of the Windows ADK that you can use with different versions of Configuration Manager.
Windows ADK version | ConfigMgr 2211 | ConfigMgr 2303 | ConfigMgr 2309 | ConfigMgr 2403 |
---|---|---|---|---|
ADK 10.1.26100.1 (May 2024) (10.1.26100.1) |
❌ | ✅ | ✅ | ✅ |
ADK 10.1.25398.1 (updated September 2023) (10.1.25398.1) |
❌ | ❌ | ❌ | ❌ |
ADK for Windows 11, version 22H2 (10.1.22621.1) |
✅ | ✅ | ✅ | ✅ |
ADK for Windows 11, version 21H1 (10.1.22000) |
✅ | ✅ | ✅ | ✅ |
ADK for Windows Server 2022 (10.1.20348) |
✅ | ✅ | ✅ | ✅ |
ADK for Windows 10, version 2004 (10.1.19041) |
✅ | ✅ | ✅ | ✅ |
Key |
---|
✅ = Supported This table only shows Windows ADK supportability in relation to the version of Configuration Manager. Microsoft recommends using the Windows ADK that matches the version of Windows you're deploying. Use the latest Windows ADK version when deploying the latest Windows version. The latest Windows ADK version might support deployment of older OS versions, such as Windows 10. For more information on Windows ADK component supportability, see DISM supported platforms, USMT requirements, and Choose the right ADK for your scenario. |
= Backward compatible This combination isn't tested but should work. We'll document any known issues or caveats. |
❌ = Not supported |
Support notes
ADK 10.1.25398.1 (updated September 2023) Windows PE boot images aren't supported for use with Configuration Manager due to known issues:
VBScript doesn't work in WinPE.
The Pre-provision BitLocker task doesn't work in WinPE.
Devices with UFS storage, such as the Surface Go 4, don't work in WinPE.
Instead use the ADK 10.1.26100.1 (May 2024) (10.1.26100.1) or newer where these issues are resolved.
For information on applying the BlackLotus UEFI bootkit vulnerability security updates to boot images from the ADKs before the ADK 10.1.26100.1 (May 2024) (10.1.26100.1), see Customize Windows PE boot images. Boot images from the ADK 10.1.26100.1 (May 2024) (10.1.26100.1) and newer already have the BlackLotus UEFI bootkit vulnerability security update applied to them. For this reason, it's recommended to use boot images from the ADK 10.1.26100.1 (May 2024) (10.1.26100.1) or newer.
Windows Server builds have the same Windows ADK requirement as the associated Windows client version. For example, Windows Server 2016 is the same build version as Windows 10 LTSB 2016.
The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004 (10.1.19041). Versions of the WinPE add-on for the ADK after the ADK for Windows 10, version 2004 (10.1.19041) no longer support 32-bit versions of Windows PE (WinPE). For more information, see Download and install the Windows ADK.
Configuration Manager supports the use of older versions of Windows PE as boot images, but you can't customize them in the Configuration Manager console. For more information, see Customize boot images with Configuration Manager.
Known issues
Pre-provisioning BitLocker during task sequence doesn't own TPM
Applies to: Windows ADK for Windows 11 (version 10.1.22000)
When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:
'TakeOwnership' failed (2147942402)
pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Process completed with exit code 2147942402
Failed to run the action: Pre-provision BitLocker. Error -2147024894
To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:
reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f
For more information on this registry key, see Change the TPM owner password.