How to Automatically Provision Win10 AutoPilot Devices – Part 1

Scenario

You have an autopilot demonstration environment running of Hyper-V. Considering the environment dynamics, you need to automate the VM provisioning. Manual approach is no longer feasible – “when you do something more that 2 times the same way, it is time to automate …”

Solution

  • Prepare a golden image you can use to clone new VM.
  • From the Hype-V host start VM provisioning, upload Autopilot data to Intune and invoke remote wipe of the new clone to prepare it for Autopilot OOBE experience

Prepare golden image

In this post you will do the following

  1. Install a new win 10 Virtual machine
  2. Prepare the image
  3. Create unattend.xml file and create golden image disk
  • Install a new win 10 Virtual machine

I will not spend time on this topic. Simply install a win10 image (Pro or Enterprise), preferably last version. In this demo I use Win 10 Enterprise 1809. 

  • Prepare the image

Our image will need to have the following capabilities.

  • Allows remote management with PowerShell – winRM
  • Have the Get-WindowsAutopilotInfo script installed. This is required to get the HWID information for Intune Autopilot  
  • Has psexec.exe for local executing scripts as system. MDM wipe can be executed only as system
  • Has scripts for initiating MDM wipe (reset pc)

Steps:

  • Open Settings->Network & Internet -> Change connection properties
  • Make sure Network Profile is set to Private
  • Close the settings window
  • Open command prompt as administrator
  • Enter winrm quickconfig
  • Answer yes to the make these changes questions
  • Close the cmd window
  • Open PowerShell as administrator
  • Run the following commands and answer Y when asked to continue

Now let’s move to creating the scripts. We need one script to extract the Autopilot hardware id information and a couple of scripts to initiate the wipe

  • Open PowerShell ISE as admin
  • Create the following script and save it as c:\powershell\get-AP-Info.ps1
  • Run the script in ISE. You will have an output like this
  • Create the following scripts in an editor that allow you to save file in UTF-8 encoding. In my case I used notepad++ on the host. Those scripts will run the wipe as System
  • First script c:\powershell\startwipe.bat
  • 2nd Script c:\powershell\start-command.bat
  • Next, we have the PS script that do the wipe. Save it in c:\powershell\wipe.ps1

Now with the image reference host prepared we can move on to creating an unattend.xml file to be used during sysprep

Note : the below steps will be executed on the Hyper-V host:

  • Make sure you have Windows System Image Manager installed. If you don’t, just install windows ADK
  • Use the unattend.xml from this location https://github.com/gabim101/gabim-intune-automation/blob/master/unattend.xml  and save it as unattend.xml
  • In Windows System Image Manager click File->Open Answer File
  • Select the newly created unatted.xml and open
  • In Answer File expand 7 oobe system till you get to the admin password
  • Replace the password with something you will remember
  • Save the unattend.xml file

Move back to the golden VM.

  • Copy the unattend.xml file to c:\windows\system32\sysprep
  • If you don’t have permissions use an intermediary location and cmd as admin

We are now prepared to run sysprep on golden VM

Before that, let’s sum-up what we’ve done so far

  • Enabled winrm
  • Installed scripts to get AP info and to remotely run device wipe
  • Created unatted.xml file and copied to c:\windows\system32\sysprep

You can now run sysprep in an admin cmd window :

Leave the machine in off state. We will continue form this point in a later post

Note: If you get an error, it might be related to the fact that device is pending reboot for updates. Reboot with updates and try again