Summary

Software requirements that must be met in order for PXE Everywhere to be successfully installed and used.

Active Directory requirements

Installation account for PXE Everywhere Central

The account of the user that performs the PXE Everywhere Central installation must meet the following criteria, which can be temporary for installation only:

  • Must be a domain account (a local account cannot be used)
  • Must be assigned to the Full Administrator security role in Configuration Manager
  • Must have local admin rights (that is, the account is a direct or indirect member of the local Administrators group) on the server where you are installing PXE Everywhere Central
  • Must be assigned the sysadmin server role in the SQL Server instance which hosts the Configuration Manager database. This can be temporary during installation.

Installation account for PXE Everywhere Agent and PXE Everywhere Responder

Configuration Manager installs applications in the local system context, which is sufficient for the installation of the PXE Everywhere Agent and PXE Everywhere Responder.

If installed manually, the account used to install it must have local admin rights. That is, the account is a direct or indirect member of the local Administrators group) on the computer you are installing it on.

On this page:

Microsoft ADK files

In addition to the binaries supplied by 1E, PXE Everywhere Agent requires a number of files that are distributed and licensed with the Microsoft Windows Automated Deployment Kit (ADK). The required files are listed in the table opposite, along with the location on the PXE Everywhere Agent that they need to be installed to.


As these files are licensed by Microsoft, 1E are unable to include them in the installation media. However, you can use the 1E Client Deployment Assistant (CDA) to extract the required files from the ADK, create an installer transform and prepare an Application in Configuration Manager that will install the PXE Everywhere Agent with the appropriate settings and the additional Microsoft files.

The Windows Assessment and Deployment Kits (ADK) normally exist on the Configuration Manager CAS or Primary Site server, although they can be downloaded separately from the Microsoft website.

FileDestination Location (relative to TFTPROOT)
boot.sdi\boot.sdi
abortpxe.com\boot\x86\abortpxe.com
bootmgr.exe\boot\x86\bootmgr.exe
pxeboot.com\boot\x86\pxeboot.com
pxeboot.n12\boot\x86\pxeboot.n12
bootmgfw.efi\boot\x86\bootmgfw.efi
\boot\x64\bootmgfw.efi
wgl4_boot.ttf (optional)\boot\fonts\wgl4_boot.ttf

Supported Platforms

A list of all the platforms supported by PXE Everywhere, and the software required to allow PXE Everywhere Central and Responders to be installed or to work.

Please refer to 1E Client 5.2 - Requirements for details of PXE Everywhere Agent client module of the 1E Client.

CategoryPXE Everywhere CentralPXE Everywhere ResponderNotes

Windows OS

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 21H2
  • Windows 11 CB 21H2
  • Windows 10 CB 21H1
  • Windows 10 CB 20H2
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
  1. Will only install on computers running one of these OS.
Installing PXE Everywhere Central on domain controllers is not a supported configuration.

A server OS is recommended for PXE Everywhere Responder.

Web servers

  • IIS 10
Not applicable.

For PXE Everywhere Central:

  1. You must have one of these Web server versions installed.
  2. The installer must be run on the system hosting the Web server as it deploys the PXELite website on it.
  3. Requires the following OS roles and features:

    • Web Server (Web-Server)
    • ASP.NET 4.5 or later ( Web-Asp-Net45 )

Runtime libraries

  • .NET Framework 4.8
  • .NET Framework 4.7.2
  • .NET Framework 4.7
  • .NET Framework 4.6.2

  • Visual C++ 2013 Redistributable

  1. You must have one of these .NET Framework versions installed to install PXE Everywhere Central

  2. PXE Everywhere Responder installer includes the redistributable package for Visual C++ 2013.

Boot Image OS

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 21H2
  • Windows 11 CB 21H2
  • Windows 10 CB 21H1
  • Windows 10 CB 20H2
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
Not applicable.
  1. UpdateBootImage.exe is supported only on these client OS. The Admin Tools feature of the PXE Everywhere Central installer installs a tool named UpdateBootImage.exe that uses the native Configuration Manager API used to generate boot media.

Configuration Manager

  • SCCM CB 2111
  • SCCM CB 2107
  • SCCM CB 2103
  • SCCM CB 2010
  • SCCM CB 2006
  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902

Not applicable.

  1. You can install PXE Everywhere Central on a Configuration Manager site server, or on any other server that has IIS installed and has good connectivity to the Configuration Manager database, ideally equivalent to the connection that the site server has to its database. 

Windows Server roles and features

The following roles, role services and features must be installed/enabled as a minimum on the PXE Everywhere Central server.

The Name column is the reference used in PowerShell commands; and for .NET Framework 4.X features the PowerShell name includes 45 instead of the actual version.

Role or FeatureDisplay NameNameNotes
Web ServerWeb Server (IIS)Web-Server
Web Server Common HTTP FeaturesDefault DocumentWeb-Default-DocIncluded in Web-Server
Directory BrowsingWeb-Dir-BrowsingIncluded in Web-Server
HTTP ErrorsWeb-Http-ErrorsIncluded in Web-Server
Static ContentWeb-Static-ContentIncluded in Web-Server
Web Server Health and DiagnosticsHTTP LoggingWeb-Http-LoggingIncluded in Web-Server
Web Server PerformanceStatic Content CompressionWeb-Stat-CompressionIncluded in Web-Server
Web Server SecurityRequest FilteringWeb-FilteringIncluded in Web-Server
Web Server Application Development.NET Extensibility 4.XWeb-Net-Ext45Included in Web-Asp-Net45
ASP.NET 4.XWeb-Asp-Net45
ISAPI ExtensionsWeb-ISAPI-ExtIncluded in Web-Asp-Net45
ISAPI FiltersWeb-ISAPI-FilterIncluded in Web-Asp-Net45
Web Server Management ToolsIIS Management ConsoleWeb-Mgmt-ConsoleRecommended
.NET Framework 4.X Features.NET Framework 4.XNet-Framework-45-Core
ASP.NET 4.XNet-Framework-45-ASPNETIncluded in Web-Asp-Net45

Firewall Ports

Although a computer with PXE Everywhere Agent installed can also be a PXE client, it cannot be both at the same time.

ComponentPortsProtocolDirectionUsageConfigurable
Central80HTTPInbound

PXE Everywhere Agent communicating with the PXE Everywhere Central web application.

Browser connections to the PXE Everywhere Central website to verify installation. 

Yes, post-installation on the Central server, and during installation of Agents by configuring the URL.

If HTTPS is required, please contact 1E for advice.

Central135 and 445 (initially)WMI-DCOM TCPOutboundPXE Everywhere Central installer requires access to the Configuration Manager Site server, and to the server hosting the SMS Provider role. If there is only one SMS Provider, it is often on the Site server. In each case, TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. No.
Central1433(See usage for protocol) TCPOutbound

PXE Everywhere Central to access to the SQL database role for the selected Configuration Manager Site.

Depends on the Configuration Manager SQL Server instance. The Central installer determines the connection string by querying the Site's SMS Provider.
ConfigMgr Site Server (and SMS Provider)135 and 445 (initially)WMI (DCOM) TCPInboundPXE Everywhere Central installer requires access to the Configuration Manager Site server, and each of the servers hosting the SMS Provider role. If there is only one SMS Provider, it is often on the Site server. In each case, TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. No.
ConfigMgr Site SQL database1433

(See usage for protocol) TCP

Inbound

PXE Everywhere Central to access to the SQL database role for the selected Configuration Manager Site.


Depends on the Configuration Manager SQL Server instance.

Agent

(1E.Client.exe)

80HTTP TCPOutboundPXE Everywhere Agent communicating with the PXE Everywhere Central web application.

Yes, post-installation on the Central server, and during installation of Agents by configuring the URL.

If HTTPS is required, please contact 1E for advice.

Agent

(1E.Client.exe)

2012UDPInbound & outboundElection process inter-communication between PXE Everywhere Agents on a subnet.Yes, during installation of PXE Everywhere Agents using the MODULE.PXEEVERYWHERE.COMMSPORT installer property.

Agent

(1E.Client.exe)

67 or 2067BOOTP UDPInbound

Port 67 is the standard PXE discover port. PXE clients use this port to broadcast PXE discovers on the local subnet. PXE Everywhere Agents listen on this port for PXE discovers that are broadcast on the local subnet.

If PXE Everywhere is configured to support DHCP Snooping, Agents use a custom port (default 2067) to listen for PXE requests, instead of standard port 67.

Only the DHCP Snooping ports are configurable, and must be the same on all Agents and Responders.

Agent

(1E.Client.exe)

68 or 2068BOOTP UDPOutbound

Port 68 is the standard PXE offer port. PXE Everywhere Agent uses this port to respond with offers to PXE discovers on the local subnet.

If PXE Everywhere is configured to support DHCP Snooping, Agents use a custom port (default 2068) instead of the standard port 68.

Only the DHCP Snooping ports are configurable, and must be the same on all Agents and Responders.

Agent

(1E.Client.exe)

69TFTP UDPInboundPort 69 is the standard PXE TFTP port. The PXE client downloads the boot image from the elected PXE Everywhere Agent using TFTP. This port is also used if PXE Everywhere is configured to support DHCP Snooping.No.

Agent

(1E.Client.exe)

4011UDPInbound

Port 4011 is the standard PXE port used by PXE clients to communicate with a PXE Server after the initial discover / offer, to unicast a request for the location of the TFTP boot image file.

This port is not used if PXE Everywhere is configured to support DHCP Snooping.

No.

Responder

(PXEEverywhereResponder.exe)

67BOOTP UDPInbound

Port 67 is the standard PXE discover port. A Responder is only required when DHCP Snooping is enabled, and listens for PXE requests from PXE clients on this port. See note below about DHCP Snooping and DHCP Relays.

No.

Responder

(PXEEverywhereResponder.exe)

68BOOTP UDPOutbound

Port 68 is the standard PXE offer port. A Responder is only required when DHCP Snooping is enabled, and responds to PXE clients with offers unicast on this port. See note below about DHCP Snooping and DHCP Relays.

No.
PXE client67BOOTP UDPOutbound

Port 67 is the standard PXE discover port. PXE clients use this port to broadcast PXE discovers on the local subnet.

If DHCP Snooping is being used these discovers are forwarded to a Responder. See note below about DHCP Snooping and DHCP Relays .

No.
PXE client68BOOTP UDPInbound

Port 68 is the standard PXE offer port. PXE Everywhere Agent broadcasts on this port with an offer in response to PXE discovers on the local subnet.

If DHCP Snooping is being used, then Responders respond with offers on this port. See note below about DHCP Snooping and DHCP Relays .

No.
PXE client69BOOTP UDPOutbound

Port 69 is the standard PXE TFTP port. A PXE client uses TFTP to download the boot image from the elected PXE Everywhere Agent on the local subnet. This port is also used if PXE Everywhere is configured to support DHCP Snooping.

No.
PXE client4011UDPOutbound

Port 4011 is the standard PXE port used by PXE clients to unicast a request to the PXE Everywhere Agent for the location of the TFTP boot image file, after the initial discover/offer.

This port is not used if PXE Everywhere is configured to support DHCP Snooping.

No.
PXE client2067BOOTP UDPOutbound

If PXE Everywhere is configured to support DHCP Snooping, a custom port is used (default 2067) to perform a PXE request after the PXE client has downloaded a boot loader from a Responder.

Only used if DHCP Snooping is being used, and PXE Everywhere has been configured to use this port.

Yes. DhcpPort is configured during installation of Agents.

AltPxeServerPort is manually configured on Responders.

PXE client2068BOOTP UDPInbound

If PXE Everywhere is configured to support DHCP Snooping, a custom port is used (default 2068) to respond to a PXE request after the PXE client has downloaded a boot loader from a Responder.

Only used if DHCP Snooping is being used, and PXE Everywhere has been configured to use this port.

Yes. AltPxeClientPort is manually configured on Responders.

PXE client ports do not need to be configured on the OS firewall because it is the network interface which is doing the communicating. However you may need to configure intervening network firewalls for communication beyond the local subnet.

PXE Everywhere Responders communicate only with PXE clients; they do not communicate with PXE Central, PXE Everywhere Agents, other Responders, or Configuration Manager.

If DHCP Snooping is enabled on networks, then DHCP Relays (IP helpers) must be configured to forward PXE requests (discovers) from client VLANs to specific Responders on port 67 and return the responses (offers) on port 68.

If DHCP Snooping is not enabled, then all PXE-boot traffic is on the local subnet, except for communication between the elected PXE Everywhere Agent and the PXE Everywhere Central server, and DHCP Relays are not required to forward PXE requests.

Ports used by PXE clients to communicate with DHCP servers are not included in the above table. Communication with DHCP servers occurs before a PXE client PXE-boots, and typically use their own DHCP Relays (IP helpers).

Ports used by PXE clients to communicate with ConfigMgr Site systems are not included in the above table. Communication with ConfigMgr occurs only after a PXE client has downloaded the WinPE boot image (referenced in the deployed task sequence) from a local PXE Everywhere Agent, and booted into WinPE to start the Task Sequence.

Ports used by ConfigMgr Administrator workstations to communicate with ConfigMgr Site systems are not included in the above table. ConfigMgr Console extensions for PXE Everywhere Admin Tools use the same ports as ConfigMgr Console.

Antivirus exceptions

PXE Everywhere functionality may be impaired by antivirus programs. Although we generally advise that no malware exclusions are used, it is justifiable in certain cases to isolate specific locations and files used by specific software. The following is a list of exclusions that could be added for PXE Everywhere Local, but before you implement them, make sure they are compatible with existing exclusions.

All PXE Everywhere component installations:

  • %SystemDrive%\ProgramData\1E\PXEEverywhere\*.log & *.lo_

Additional exclusions required on PXE Everywhere Agents:

  • %SystemDrive%\Program Files\1E\Client\Extensibility\PXEEverywhere\CreateBcD.exe
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\boot.sdi
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\Fonts\wgl4_boot.ttf
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\abortpxe.com
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\Bootmgr.exe
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\pxeboot.com
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\pxeboot.exe
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Images\*\*.bcd
  • %SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Images\*\*.wim