![]() Once we create the registration, we will create a client secret and then include that secret and the app registration’s Client ID in a PowerShell script. The app registration will be granted enough permission to upload hashes to Intune. Creating the App Registrationīefore creating the script and adding it to the provisioning package we need to create an App Registration in Azure Active Directory. Provisioning packages are highly portable and can be run from both the full Windows OS and from the out-of-box experience. We will include the script in a provisioning package and use that ppkg to upload a device’s hardware hash. The script will authenticate to Graph using the Microsoft Authentication Library PowerShell module and an Azure app registration. The script will then connect to Microsoft Graph to upload the hash to Microsoft Endpoint Manager. We will use a PowerShell script to gather a device’s serial number and hardware hash. In future posts I will share my solution for managing hardware hashes, group tags, primary users, and deleting and re-adding hashes if needed. Today we are going to deal with the first part of that – collecting the hash. If all those things were possible it could make a potentially unwieldy process much more practical.Ĭollecting and managing AutoPilot hashes can be a painful process. What if we could run that script silently? What if we could send a package to a user, have them copy it to a USB drive, and then plug it into a computer they bought at their local big-box store? What if our support teams could gather those hashes by simply plugging in external media? It’s effective for testing, but not effective at scale. Running the PowerShell script from a command prompt isn’t overly difficult, but it is time consuming. The script can be run from the full OS or during OOBE by pressing shift+F10 and launching a command prompt. The hash can be uploaded to your tenant by an OEM, your hardware vendor, or by running a script. If we want to use a deployment profile or use Windows Autopilot pre-provisioning mode, a device’s hardware hash must be uploaded ahead of time. While user-driven AutoPilot can be performed without having a record of the device in our environment, having the hash pre-populated is essential in some scenarios. However, if you have ever had to manually collect AutoPilot hashes from a new Windows device, you should understand how cumbersome the process can be. ![]() So what? Why would I want to run a script during OOBE? How can this solve any problems I am having?Īt first glance, this may sound like a solution that’s looking for a problem. By combining these two features – running automatically (or nearly automatically) and executing scripts – we can silently launch a PowerShell script that runs from within Windows before a user ever completes the Out-of-box experience. One of the most powerful tasks a provisioning pack can perform is to run scripts. They apply settings to a device that were added to the package when it was created. Provisioning packs can be run almost completely silently during the Windows out-of-box experience. I am going to focus on two specific features of Provisioning Packages. In other words, how can we solve a common problem using the tools that we already have in our environment? This post is about exploring the art of the possible. In fact, it’s not even directly about OS deployment. This post isn’t meant to be a treatise on replacing imaging workloads with provisioning packages. When Windows 10 was first released, ppkg files had a lot of fanfare but never really gained much traction in enterprise environments. They allow us to provision a PC without bare metal re-imaging and require minimal infrastructure. I truly believe that provisioning packages are often overlooked. If you are reading this article because of this post, I hope that I haven’t oversold myself. ![]() It feels like a bold claim – especially given the face that Provisioning Packages (which are saved as ppkg files) have been around for a while but don’t really get used in most environments. Hello, and welcome back! If you follow me on Twitter, you may have seen the above tweet before. Wait until you see what I'm working on next.- Sean Bulger March 23, 2022 Provisioning packs are one of the most underrated tools in OS deployment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |