Automate Recovery Partition | KB5034441 Fix
Table of Contents
INTRO
Recently I was preparing a Windows Server 2022 build for a client and ran into some Windows Update errors. As it turns out there is a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE which KB5034441 aims to patch. Server 2022 is based off of Windows 10 21H2 core and also Windows 10 21H2 and 22H2 are affected as well.
The update fails to install if the winre.wim image can’t be expanded enough to install the update. At least in the case of MDT, by default Windows uses the last 1% of the drive after the System and Windows partitions are created for the Recovery partition. So if you installed Windows to a relatively small drive you will probably run into KB5034441 not installing. So let’s fix that.
LOCATE WINRE.WIM
Run the command reagentc /info to verify where your Windows Recovery Environment image is, more info here.
C:\Windows\system32>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
Boot Configuration Data (BCD) identifier: fb41ccc1-d451-11ee-91bf-c792959b2d94
Recovery image location:
Recovery image index: 0
Custom image location:
Custom image index: 0
REAGENTC.EXE: Operation Successful.As you can see above in my output, the Windows Recovery Environment image is located on my Recovery partition, which is partition 4. If it’s different for you, account for that in the following script or you might have a bad day.
SCRIPT
powershell.exe -noninteractive -command "reagentc /disable; echo 'sel volume c' 'shrink minimum=250' 'sel part 4' 'delete partition override' 'create partition primary' 'format quick fs=ntfs label=Recovery' 'set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac' 'gpt attributes=0x8000000000000001' | diskpart.exe"; reagentc /enableThe script above will start off with reagentc /disable which will move the winre.wim image from the protected Recovery partition to C:\Windows\System32\Recovery\Winre.wim. This is a hidden and protected operating system file.
Then the script sends a series of commands to diskpart.exe to remove the Recovery partition, shrink the Windows partition, then remake the Recovery partition and then use the reagentc /enable command to move C:\Windows\System32\Recovery\Winre.wim to the newly created Recovery partition that should be larger now to apply the update.
I have tested on my own and it works, and I did this because I know there will be many computers out in the wild with the same issue and now I can deploy a fix through ConnectWise Automate or other RMM solution so I don’t have to manually do this. Future improvements would be logic to target the Recovery partition based on type or label rather than searching for the partition number beforehand.
CONCLUSION
That’s a fix! Run Windows Update and watch KB5034441 go away. I had fun doing this and learned something new which I will need to implement into my GitHub repositories for my AutoUnattend.xml files for Windows 10.
My name is Dex Sandel, author at WinReflection, a blog which aims to help others on various IT and Christian related subjects. DON’T TREAD ON ME! The best is yet to come, and nothing can stop what’s coming!
You all have a greater destiny in Christ, should you choose to ‘follow’ Him, not just believe. Many of you feel lost, without drive, and lack a greater purpose in your life causing depression, sadness, anxiety, and loneliness. Working your 9-5 job isn’t your primary purpose. So, then what is? That’s for you to discover, but hopefully I can provide some new unlocks along your path.
What will ‘you’ do, and what will your destiny be?
John 3:16: For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.
Leave a Reply
Want to join the discussion?Feel free to contribute!