Bare Metal deployments

You can install and manage BigFix for OS Deployment servers and create profiles for bare metal deployments.

Bare Metal deployments are installations of operating systems to targets that either have no operating system installed, or must be re-installed without preserving any existing data or settings.

A Bare Metal deployment normally requires the use of a PXE server. The targets that PXE boot to these servers see a menu with profiles available for deployment. For this purpose, BigFix Bare Metal Server must be installed on relays in your Endpoint Management environment. The installers can be uploaded to the Bare Metal Server Manager dashboard. You must install the latest version available. After the install process completes, you are ready to create the profiles used for bare metal deployments.

You can create bare metal profiles from the Image Library dashboard. These profiles are then sent and stored on the Bare Metal OS Deployment PXE server. After you upload the profiles, they are ready to be deployed to targets. Any computer that PXE boots and connects to a managed OS Deployment PXE server can select the profile from the binding menu. That profile is deployed, downloading necessary files through the BigFix infrastructure.

  • Before deploying Windows 11, check the system requirements at

  • Linux Bare Metal Deployments are not supported on UEFI targets that have the Secure Boot firmware option enabled. To complete the deployment successfully, you must disable this option on the target and also check that the Direct Boot option is disabled on the Bare Metal Server.
  • Bare Metal deployments on Nutanix virtualization environment are supported only on virtual machines with UEFI firmware.
  • Bare Metal deployments on Hyper-V guests are supported only on virtual machines created as "Generation 2".
  • The PXE boot process of BigFix OSD bare metal server supports BIOS (Legacy) booted computers that are equipped with a PXE-compliant bootrom version 2.1.

You can also deploy bare metal profiles to Windows targets that do not have a connection to a PXE Server by creating a network boot CD, DVD, or USB drive. These targets can boot and connect to the server directly through the boot media. For more information, see Creating Windows Deployment Media.

Bare Metal Deployment behavior of VMware ESXi

You can complete bare metal deployments of VMware ESXi Version 5 and later on BIOS targets. Unlike Windows and Linux targets, when the bare metal deployment completes successfully, VMware targets are automatically powered off. You must power them on manually. The BigFix Client is not installed during the deployment.

Windows Bare Metal Deployments on UEFI targets with the Secure Boot firmware option

If you are completing a Windows Bare Metal deployment on UEFI targets with the Secure Boot option, check the following requirements and limitations:
  • If you did not enable the Windows Direct Boot environment, to complete a PXE boot successfully on UEFI targets, the Secure Boot firmware option must be disabled. For more information about enabling this feature, see Managing Bare Metal OS Deployment Servers
  • For Bare Metal deployments on UEFI targets that have the Secure Boot firmware option enabled, The WinPE Direct Boot feature requires an MDT Bundle 3.9.06 or later created with WinPE 10.
  • When you deploy on a new hardware model, the Direct boot feature adds the model to the driver library (binding grid) only if the WinPE contains the driver for the network card. If the network card driver is missing, the new model is not added to the driver library. To add the new computer model to the list you can choose one of the following options:
    • Complete a PXE boot from the UEFI target of the new model, without enabling the Direct Boot feature, and with the Secure Boot firmware option disabled on the target. You can enable both Secure Boot on the target and select the Direct boot option after the model has been added to the driver library. You must have the Bare Metal Extender component installed on the Bare Metal Server to use this option.


    • By using a BigFix client running on an installed computer of the same hardware model, connected to a BigFix environment.
The drivers must be explicitly bound in the deployment engine binding matrix ("Current Manual Binding" column) in the Driver Bindings.