The new ADK for MDT 2012 SP1 includes WinPE 4 (Win8 based). It seemed attractive, namely for Powershell (v3) amongst other things. The main concern would be it requires DLP — so you should check.
wmic os get dataexecutionprevention_available
i.e. it may not work on your older machines.
Test the ISO First
I would setup MDT+ADK8 on a test server to simply generate the WinPE4 images. Grab the ISO it generates and give them a whirl on some of your questionable machines, in a VMs, etc.
It’s also best to remove AIK before you install ADK. ADK is a direct upgrade from WAIK. If you’ve still got XP deployments kicking around (shudder), you probably don’t want to to make the jump.
WinPE boots into a command prompt — that’s it
That’s never good.
But, thankfully, there’s an error somewhere. It actually occured when I rebuilt the share (even using “Completely rebuild”)
=== Making sure the deployment share has the latest x86 tools ===
=== Processing LiteTouchPE (x86) boot image ===
Building requested boot image profile.
Determining if any changes have been made in the boot image configuration.
No existing boot image profile found for platform x86 so a new image will be created.
Calculating hashes for requested content.
Changes have been made, boot image will be updated.
Windows PE WIM C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\en-us\winpe.wim will be used.
WIM file mounted.
Set Windows PE system root.
Set Windows PE scratch space.
Deployment Image Servicing and Management tool
Image Version: 6.2.9200.16384
Processing 1 of 1 - Adding package WinPE-HTA-Package~31bf3856ad364e35~x86~~6.2.9200.16384
An error occurred - WinPE-HTA-Package Error: 0x80070005
Access is denied.
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
Exit code = 5
Some rampant googling and re-googling lead me to a few technet threads:
McAfee we meet again
A combination of unruly NTFS permissions and an overzealous McAfee EPO Access Protection [pdf] seem to form the possible causes.
After uninstalling/re-installing ADK in the E:\ drive (the drive where I house the deploy share and other installs), plus disabling EPO’s Access Protection, the rebuilds went off without a hitch.
I also deleted the old WIM/ISO files and did a complete rebuild of the images after the changes.
In hindsight, “Access is denied” should have been a pretty obvious error message.