Unsolved Create Bootable Windows 10 Enterprise usb without disable secure boot

---

We have received a bunch of new workstation where we need to install Windows 10 Enterprise.
Some months ago i did it for one but in order to install Windows 10 enterprise with a Custom Image Captured i needed to disable secure boot.
Just to understand is possible or there is any tool to create a bootable USB with Windows 10 Enterprise without disabling that feature? if necessary also starting from an not customized wim file?

Windows Media Creations tools works till Windows 10 Pro?.....

@giovanni-baldi,

As far as I know and can verify that the Media Creation Tool is the way to go even for Windows 10 Pro. I have not verified it but it is the recommended version. I recommend that you download the latest tool from Microsoft.

Let's see what others have tried!

I've just tried with the media creation tools but it works if you want to install

• Windows 10 Home

• Windows 10 Professional

• Windows Educational

And if i use the other product ie Rufus to make it work i need to disable secure boot

@giovanni-baldi,

Ah, I thought you were asking about Windows 10 Professional, not enterprise. I'll have to do some research on it.

No Unfortunately we are forced to Install Windows 1o Enterprise. I would like to prepare a golden image with Windows 1o Enterprise tio install via USB but i start to think it will be impossible to do it without disabling secure boot

At the Moment i found a solution to create the an usb bootable Image using the original ISO of Winsdows 10. Basically i have prepared the usb using diskpart utility and copy all the files of the ISO:

• Diskpart (Run from a CMD prompt)

• List Disk

• Select Disk # (Where # is the number of your USB disk)

• Clean (removes any partitions on the USB disk, including any hidden sectors)

*Create Partition Primary (Creates a new primary partition with default parameters)

• Select Partition 1 (Focus on the newly created partition)

• Active (Sets the selected partition to an active valid system partition state)

• Format FS=fat32 quick (Formats the partition with the FAT32 file system. FAT32 is

• list itemAssign (Assigns the USB drive a drive letter)

then

Copy all the files from the Windows 10 isO to the USB Stick.

In the post i fount he reccomended to format Fat32 instead of NTFS so that it can load under the secure boot UEFI BIOS, and if it's true i cannot create the custom image because the Install.wim file will become too big for an usb stick formatted with fat32

@giovanni-baldi,

I saw that on the RUFUS github page... If you're willing to do the footwork, you may be able to powershell this issue through using a WinPE with a script.

You need to digitally sign the USB install to do what you want. Can you powershell it

Hi Giovanni,

I'm not sure if this is something you're still looking for or not, but the main issue like you stated above is that UEFI doesn't have drivers natively to read NTFS, and the custom wim image is too big to put on a fat32 partition. To overcome this you can use a USB drive that shows up as a fixed disk (WD passport drives for example), and then setup 2 partitions, the first one a fat32 partition with winPE and a second NTFS partition with your custom image. You then boot into the PE environment and have it apply the custom image from the NTFS partition since PE has the NTFS drivers needed to read the second partition.

Here's a link to a blog post that goes over the details on how to setup your drive:
https://www.petri.com/install-windows-8-1-surface-pro-create-usb-mdt

If you use the free Microsoft Deployment Toolkit (MDT) it will generate the PE environment for you as well as making it much easier to manage any changes you want to apply after imaging to the system (I highly suggest using MDT if you are doing a lot of imaging).

Doing it this way will allow you to utilize your custom image while leaving secure boot on.