Recommended settings for Windows 10 is UEFI with secure boot enabled. But you can’t change the Bios boot to UEFI boot with the build in steps in SCCM. But here is a quick and dirty way to do it semi automatic. You should have an Task sequence Available and not required for your Windows 10 deployment. Thanks to Mike Terrill blog post for the inspiration.
In the guide you are going to use the bios configuration that you have created in this blog post. Remember to configure the Bios for UEFI and secure boot
1. Create a new Custom task sequence and add you boot image.
2. Create a “Apply Operating System Image” step and add a Task sequence variable as shown below. This will do that the step never will run and we can exit the task sequence without error codes.
3. Create a group “Bios Tasks Windows 10”. In my case I will use it to make sure that it is only Pc’s that are target for windows 10 deployment. I can do that because I use a Computer variable to determine if the pc should have Windows 10 or Windows 7.
4. Create a group “HP” with the following conditions to make sure that it is a HP computer:
Select * from Win32_ComputerSystem WHERE Manufacturer like “%HP%”
Select * from Win32_ComputerSystem WHERE Manufacturer like “%Hewlett-Packard%”
5. Create a group “840G1” to apply Bios setting on that model:
Select * From Win32_ComputerSystem WHERE Model LIKE “%840 G1%”
6. Create a “Run Command Line” step to configure the bios settings that you have created
7. Add a “Set Task Sequence Variable” called “Restart WinPE” with the following settings:
Task Sequence Variable: SMSTSPostAction
Value: wpeutil reboot
The last step will reboot the Pc.
Deploy the task sequence to you deployment collect as Available.
Do the following to change the Bios from BIOS boot to UEFI secure boot and install windows 10.
1. PXE boot your Pc
2. Choose “Config BIOS Setting for Windows 10”
3. When the Pc reboot, hit F12 again to PXE boot
4. Choose your Windows 10 deployment