WinRE Customization to apply patches, drivers and soon™ language packs
Home Page: https://manima.de/2023/01/modify-winre-patches-drivers-and-cve-2022-41099/
License: MIT License
Hi, I’m @MHimken. Yes. That's it for now. ... If you really want you can visit my blog on https://manima.de
Seems the script only works well on English Windows versions. The output of "ReAgentC.exe /disable" on a German Windows is "REAGENTC.EXE: Vorgang erfolgreich" so "success" does not match and it fails. Would recommend to use the exitcode of the exe ($LASTEXITCODE -eq 0" instead.
I get the following error when running the script:
Copy-Item : Cannot find path 'C:\Windows\System32\Recovery\WinRE.wim' because it does not exist.
At C:\bitlocker-winre-fix.ps1:399 char:5
+ Copy-Item -Path $WinREDefaultLocation -Destination $BackupDirecto ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Windows\System32\Recovery\WinRE.wim:String) [Copy-Item], ItemNotFoun
dException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
Output of reagentc /info
C:\windows\system32>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\WindowsRE
Boot Configuration Data (BCD) identifier: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Recovery image location:
Recovery image index: 0
Custom image location:
Custom image index: 0
REAGENTC.EXE: Operation Successful.
Hi,
Love the script and hoping to use it to update a network's worth of machines with CVE-2022-41099
At present I can't see any quick way to check if a machine already has the update though, without running the script again which checks for backups, disables & re-enables WinRE etc.
I notice on the Microsoft article there's a way to 'Check the WInRE image version' prior to adding an update, which would be useful so that I can just put this in a startup script and know that machines are always patched if the script runs.
Would you consider adding the relevant reagentc / DISM magic to allow for ServicePackBuild to be checked, and only run the script if an update is required? I am sure this would be a valuable addition to many: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#check-the-winre-image-version
First of all, thanks for the nice script :)
Situation:
Windows 10 Home 22H2
As far as I know, the Recovery currently used inside C:\Recovery The first Recovery Partition is not used.
What am I trying to achieve?
Move the Recovery partition to the Unallocated partition between C and D.
Command:
Just running the script.
Log:
<![LOG[Patch-WinRE started at 04/04/2024 15:22:44]LOG]!><time="15:22:44.351944" date="04-04-2024" component="WinREPatchCore" context="" type="1" thread="" file="">
<![LOG[Verifying general prerequisites]LOG]!><time="15:22:44.369446" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[1. Disk must use GPT formatting style]LOG]!><time="15:22:44.371261" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[2. Recovery Partition must exist, unless -CreateWinREDrive is used]LOG]!><time="15:22:44.372900" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[3. There must be a WinRE available online or offline]LOG]!><time="15:22:44.374313" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[4. Multiple writeable partitions on the same disk are not supported]LOG]!><time="15:22:44.375669" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[5. (-CreateWinREDrive) WinRE must exist in in the default location]LOG]!><time="15:22:44.377075" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[Verifying the disk is a GPT formatted disk. BIOS disks are not supported]LOG]!><time="15:22:44.380081" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[Start detection of recovery partition(s)]LOG]!><time="15:22:45.176217" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[Retrieving current WinRE status]LOG]!><time="15:22:45.181281" date="04-04-2024" component="WinREStatus" context="" type="1" thread="" file="">
<![LOG[Recovery Agent is enabled]LOG]!><time="15:22:45.322331" date="04-04-2024" component="WinREStatus" context="" type="1" thread="" file="">
<![LOG[Verify WinRE.wim is available (online or offline)]LOG]!><time="15:22:45.507518" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[Retrieving current WinRE status]LOG]!><time="15:22:45.509529" date="04-04-2024" component="WinREStatus" context="" type="1" thread="" file="">
<![LOG[Recovery Agent is enabled]LOG]!><time="15:22:45.634743" date="04-04-2024" component="WinREStatus" context="" type="1" thread="" file="">
<![LOG[Verifying the potenially discovered partition for eligibility]LOG]!><time="15:22:45.764932" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[The OS partition harbors the recovery partition.]LOG]!><time="15:22:45.859846" date="04-04-2024" component="WinREPrerequisites" context="" type="3" thread="" file="">
<![LOG[Something went wrong during imaging, but the script can not currently handle this situation, please contact me.]LOG]!><time="15:22:45.861845" date="04-04-2024" component="WinREPrerequisites" context="" type="1" thread="" file="">
<![LOG[Prerequisites could not be confirmed, please consult the log]LOG]!><time="15:22:45.863593" date="04-04-2024" component="WinREPatchCore" context="" type="3" thread="" file="">
Bei der Installation tritt folgender Fehler auf
PS C: \temp> powershell. exe - ExecutionPolicy Bypass
-File C: temp\Patch-WinRE.ps1 - PatchFilesGDRDUorLCU 'C: \temp\winre-patch' - RecoveryDriveSizeInGB 1GB
REAGENTC. EXE: Windows RE kann auf einem Volume mit aktivierter BitLocker-Laufwerkverschlüsselung nicht aktiviert werden.
Es ist nicht möglich, einen Index auf ein NULL-Array anzuwenden.
In Ciltemp\Patch-WinRE.ps1:200 Zeichen: 9
+
if ((SEnableRE[0] -notmatch ", *\d+,*") -and SLASTEXITCODE -eq 0)
+ CategoryInfo
: InvalidOperation: (:) [J, RuntimeException
Reagentc gibt Folgendes zurück
PS C:\temp> reagents /info
Konfigurationsinformationen zur Windows-Wiederherstellungsumgebung (WinRE) und zur Systemwiederherstellung:
WinRE-Status:
WinRE-Ort :
Startkonfigurationsdaten-ID:
Ort des Wiederherstellungsimages:
Index des Wiederherstellungsimages:
Ort des benutzerdefinierten Images:
Index des benutzerdefinierten Images: 0
Disabled
00000000-0000-0000-0000-000000000000
REAGENTC. EXE: Vorgang erfolgreich.
Testing the functions on systems that require FIPS algorithms enabled.
Get-FileHash command with MD5 seems to cause issues in the backup function
found this related article to the command failing with FIPS enabled
https://techcommunity.microsoft.com/t5/windows-powershell/using-get-filehash-on-fips-enabled-system/m-p/3295487
Love this script, especially the ability to apply the new smaller SafeOS updates to the image.
The script works fine if I pass it a folder:
.\Patch-WinRE.ps1 -PatchFilesDUorSOS '\\<path>\Deployment\Windows Recovery Environment Safe OS Dynamic Updates\10.0.22621.0\'
But if I pass it a single file, it errors out and never applies the package:
.\Patch-WinRE.ps1 -PatchFilesDUorSOS '\\ad.mafint.org\Deployment\Programs\Windows Recovery Environment Safe OS Dynamic Updates\10.0.22621.0\windows11.0-kb5022609-x64_1f5e0fd80fdd08e541903b0d2d845d5b88bee2b4.cab'
You cannot call a method on a null-valued expression.
At \\<path>\Netlogon\Deploy-WindowsRecoveryEnvironment\Patch-WinRE.ps1:345 char:9
+ $PackagePathKB = $PackagePath.Fullname.split("-")[1]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.