A list of all the platforms supported by PXE Everywhere, and the software required to allow PXE Everywhere Central and Responders to be installed or to work.
Please refer to 1E Client 5.2 - Requirements for details of PXE Everywhere Agent client module of the 1E Client.
|Category||PXE Everywhere Central||PXE Everywhere Responder||Notes|
Installing PXE Everywhere Central on domain controllers is not a supported configuration.
A server OS is recommended for PXE Everywhere Responder.
For PXE Everywhere Central:
Boot Image OS
Constraints of Legacy OS
In this documentation, the following are referred to as legacy OS. Below are described some known issues for these OS.
1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.
For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.
Certificate limitations - expired root certificates
Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default, but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.
If this GPO is enabled, then you will see
DisableRootAutoUpdate = 1 (dword) in
Certificate limitations - signing certificates missing
On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below.
Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).
Typical reasons for issues with signing certificate are:
- If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer
- If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below.
The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases, the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature.