Recent content by Phil_C

This works. I deleted the boot.wim from my C:\boot\winpe_10_64 folder. MiniTool downloaded a new one as part of building the USB drive. It boots as it should. You, sir, are a Wiz of a Wiz if ever a Wiz there was!

I understand the SkuSiPolicy.p7b suggestion. Thank you. I do not understand the boot.wim idea. (Sorry -- a lack of knowledge in that department!) Doesn't boot.wim contain the actual program? How could that be adjusted when MiniTool creates the USB? Curious now. (Ignore if this question is...

So I decided to test my bootable USB drives for the first time in several months. They were working perfectly before. Macrium is OK, but MiniTool PW won't boot. It gives me this error screen on both my laptops. Windows and MiniTool are current. I did have to run the Update UEFI on the USB...

We do not, at least for now. Maybe that will change. Hope springs eternal.

I had that blue screen on my older system. Rebuild the boot USB in Macrium, then replace the boot file on the USB. You can use the script there or @garlin's script if it has been fixed. See post #1296.

For those folks having trouble with Macrium boot media, I have managed to get things working on my two systems. Update_UEFI-CA2023.ps1 -BootMedia did not work, although it gave a "success" message. I had to use a short script from elsewhere to copy the boot file. BUT, while Check-UEFI gave a...

I had the same thing when I checked with the new script. The revoked cert was already in the DBX, but the script message said it needed to be revoked. The only way to get rid of the message from the script was to run the reg command. Not a problem, just FYI.

It's pwsh.exe. Under Installed Apps it's 7.5.4.0 10/24/2025.

I also get the Audit Report "Secure Boot is DISABLED" every time, even though everything else looks good.

See post #69. Worked for me.

Let's clarify: Microsoft Windows Production PCA 2011 will be replaced by the new Windows UEFI CA 2023. Microsoft Corporation UEFI CA 2011 will be replaced by the new Microsoft UEFI CA 2023. (This is the 2011 one I am missing and never had.) But what does the (missing) Microsoft Corporation...

My BIOS is always current, as I get automatic notifications for updates. No troubles during Win updates, and I run SFC and DISM after each one. I am booting from Windows UEFI CA 2023, as you can see below. The missing cert is the Microsoft Corporation UEFI CA 2011, for which I do not know the...

Interestingly, my system #1 does not have the Microsoft Corporation UEFI CA 2011, and never has. It is not in the current or the default DB. I have never had a problem.

You already have the Windows 2023 CA and are booting from it. There are three other CAs that will be needed. I would try running the commands posted by @Buddywh in #1153, which should add the missing CAs. I don't know if that also makes the CAs active, as I did my systems in different ways.

If you are referring to the USB boot drive, go to this link: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 Run the commands under the heading "Updating Windows Install Media". This will transfer the 2023 signed bootloader to the USB...