Create Windows PE Recovery Media

Windows Server 2025 disaster recovery no longer uses a floppy-based PXE emulator. Modern servers provide PXE network boot through UEFI firmware and integrated network adapters. When network boot is unavailable, administrators boot the same recovery environment from a USB drive, a mounted ISO, or optical media. In both cases, the boot environment is a customized Windows Preinstallation Environment (WinPE) image built with the Windows Assessment and Deployment Kit (ADK).

WinPE is a lightweight, bootable Windows environment that provides a command shell, PowerShell, and the Windows driver model — enough to partition disks, apply images, restore backups, repair boot files, and run vendor recovery agents — without requiring a full OS installation on the target server.

A base WinPE image built from the ADK contains only the minimum components needed to boot. For enterprise disaster recovery, the image must be customized before it is deployed. The customization process uses DISM to mount the WinPE WIM, inject drivers and optional packages, and then commit the changes before exporting to a bootable format.

Common additions to a recovery WinPE image:

• Storage and network drivers — RAID controllers, NVMe, SAS, Fibre Channel HBAs, and vendor-specific network adapter drivers, so the recovery environment can see all disks and network interfaces on production servers
• PowerShell — the scripting engine and its dependencies, enabling recovery automation scripts to run within WinPE
• DISM components — for applying WIM images and servicing OS volumes from within the recovery environment
• Backup and bare-metal recovery agents — vendor-supplied clients that connect to backup repositories and restore data
• Diagnostic utilities — memory testers, disk health tools, and hardware diagnostics
• Recovery scripts — automation specific to the organization's backup platform, disk layout conventions, and recovery runbook
• Certificates — PKI certificates required to authenticate to secure network shares or backup repositories

The following steps outline the process for creating a customized WinPE USB drive or ISO using the ADK Deployment and Imaging Tools Environment. Run all commands as Administrator.

1. Install the Windows ADK and the WinPE add-on from the Microsoft website onto a dedicated build workstation. The WinPE add-on is a separate download from the ADK itself and must be installed after the ADK.
2. Open the Deployment and Imaging Tools Environment from the Start menu under Windows Kits. This sets the correct environment variables for the ADK tools.
3. Copy the WinPE files to a working directory:
   
   

   copype amd64 C:\WinPE_amd64

   
   This creates the working directory structure with the base WinPE WIM and the media folder layout needed for bootable media.
4. Mount the WinPE image for customization:
   
   

   DISM /Mount-Image /ImageFile:"C:\WinPE_amd64\media\sources\boot.wim" /index:1 /MountDir:"C:\WinPE_amd64\mount"

5. Inject storage and network drivers:
   
   

   DISM /Image:"C:\WinPE_amd64\mount" /Add-Driver /Driver:"C:\Drivers\StorageController" /Recurse

   
   The /Recurse switch includes all driver INF files in subdirectories. Repeat for network adapter and any other hardware-specific drivers required for production servers.
6. Add optional components such as PowerShell:
   
   

   DISM /Image:"C:\WinPE_amd64\mount" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-PowerShell.cab"

   
   PowerShell dependencies (WinPE-WMI, WinPE-NetFX, WinPE-Scripting) must be added before WinPE-PowerShell. Add them in the order listed in the Microsoft documentation.
7. Copy recovery scripts and agent executables into the mounted image if they need to be available offline:
   
   

   xcopy C:\RecoveryScripts\* "C:\WinPE_amd64\mount\Windows\System32\" /E

8. Commit the changes and unmount the image:
   
   

   DISM /Unmount-Image /MountDir:"C:\WinPE_amd64\mount" /Commit

9. Create the bootable USB drive or ISO:
   
   

   MakeWinPEMedia /UFD C:\WinPE_amd64 D:

   
   The USB drive at D: must be formatted as FAT32 for UEFI boot compatibility. To create an ISO for virtual mounting:
   
   

   MakeWinPEMedia /ISO C:\WinPE_amd64 C:\WinPE_amd64\WinPE_Recovery.iso

The same customized WinPE image can be delivered through multiple methods. Maintaining at least two delivery paths is recommended — a recovery design that depends entirely on PXE infrastructure fails when the network itself is part of the disaster.

UEFI PXE Boot

When the server supports network boot, enable UEFI PXE boot in the server firmware. The server broadcasts a DHCP request, receives PXE server information, and downloads the customized WinPE boot image over the network. Microsoft Configuration Manager supports PXE-initiated deployment using customized boot images and task sequences, with its native PXE responder removing the WDS dependency.

WDS can PXE-boot a server into a custom boot image. The end-to-end WDS workflow that uses boot.wim directly from Windows Server installation media is blocked for releases after Windows Server 2022. A custom WinPE image added to WDS through the WDS console is the supported approach.

USB Flash Drive

A bootable USB drive does not depend on DHCP, DNS, switching, or a PXE service. It is the most reliable fallback for servers at a physical location. Create the drive using MakeWinPEMedia /UFD as shown above. The drive is reusable across any server whose firmware supports UEFI USB boot.

ISO via Remote Management Controller

For servers in datacenters or remote locations where physical access is restricted, export the WinPE image as an ISO and mount it virtually through the server's out-of-band management hardware:

• Dell iDRAC — Virtual Media → Connect Virtual Media → Map CD/DVD
• HPE iLO — Virtual Media → CD/DVD-ROM → Local ISO file
• Lenovo XCC — Remote Control → Virtual Media → Mount ISO

The server boots from the virtually mounted ISO as if it were a physical disc, enabling bare-metal recovery without physical presence at the server.

ISO via Hypervisor

For virtual machines, mount the WinPE ISO through the hypervisor console:

• Hyper-V — VM Settings → DVD Drive → Image file (.iso)
• VMware — Edit Settings → CD/DVD Drive → Use ISO image file
• Azure — Run Command or Custom Script Extension can deliver recovery tooling without ISO mounting

After the server boots into WinPE, the recovery environment provides full access to the server's storage and network interfaces. A typical bare-metal recovery sequence from WinPE:

1. Load any additional storage or network drivers not already in the WinPE image using DISM /Add-Driver or drvload.exe
2. Connect to the network backup share or cloud repository
3. Partition and format the target disk using DiskPart or PowerShell
4. Apply the Windows Server image or restore the bare-metal backup using DISM or the backup vendor's restore agent
5. Reconstruct the boot environment using BCDBoot
6. Reboot from the restored OS and verify service availability

WinPE also supports running PowerShell scripts that automate the entire recovery sequence, connecting to network resources, selecting the appropriate backup image, and applying it without manual intervention — valuable for environments that require consistent, auditable recovery procedures.

WinPE recovery media must be treated as a living operational asset, not a one-time creation:

• Update the WinPE image with current ADK servicing packages on a regular schedule
• Refresh drivers whenever production server hardware is upgraded or replaced
• Test UEFI and Secure Boot compatibility after server firmware updates
• Verify that backup agent executables and PKI certificates remain current
• Test USB and ISO boot on representative hardware in an isolated environment
• Store copies of recovery media in more than one physical location, including at least one copy that is offline or not reachable from the production network