Open Powershell as administrator, and paste following code
$code = (Get-WmiObject -query "select * from SoftwareLicensingService").OA3xOriginalProductKey
slmgr /ipk $code
slmgr /atoAll posts in Windows
Use ExcludeLastKnownGoodUrl to prevent Outlook from using the last known good AutoDiscover URL
HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Autodiscover
DWORD: ExcludeLastKnownGoodUrl
Value: 1
OR
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\x.0\Outlook\Autodiscover
DWORD: ExcludeLastKnownGoodUrl
Value: 1
Download Windows ISO
https://www.microsoft.com/en-us/software-download/windows11
Export Autopilot
Open Powershell as Administrator
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name WindowsAutopilotIntune -MinimumVersion 5.4.0 -Force
Install-Module -Name Microsoft.Graph.Groups -Force
Install-Module -Name Microsoft.Graph.Authentication -Force
Install-Module Microsoft.Graph.Identity.DirectoryManagement -Force
Import-Module -Name WindowsAutopilotIntune -MinimumVersion 5.4
Import-Module -Name Microsoft.Graph.Groups
Import-Module -Name Microsoft.Graph.Authentication
Import-Module -Name Microsoft.Graph.Identity.DirectoryManagementConnect to Entra in Powershell
Connect-MgGraph -Scopes "Device.ReadWrite.All", "DeviceManagementManagedDevices.ReadWrite.All", "DeviceManagementServiceConfig.ReadWrite.All", "Domain.ReadWrite.All", "Group.ReadWrite.All", "GroupMember.ReadWrite.All", "User.Read"Export all autopilot profiles
Connect-MgGraph -Scopes "Device.ReadWrite.All", "DeviceManagementManagedDevices.ReadWrite.All", "DeviceManagementServiceConfig.ReadWrite.All", "Domain.ReadWrite.All", "Group.ReadWrite.All", "GroupMember.ReadWrite.All", "User.Read"
$AutopilotProfile = Get-AutopilotProfile
$targetDirectory = "C:\Autopilot"
$AutopilotProfile | ForEach-Object {
New-Item -ItemType Directory -Path "$targetDirectory\$($_.displayName)"
$_ | ConvertTo-AutopilotConfigurationJSON | Set-Content -Encoding Ascii "$targetDirectory\$($_.displayName)\AutopilotConfigurationFile.json"
}Export drivers
Export-WindowsDriver –Online -Destination C:\DATA\Drivers
Insert data in to iso
Get the info from the original iso file, this one is mounted on your pc.
Dism /get-wiminfo /wimfile:"E:\sources\install.wim"
Create the wim file from the selected version
Dism /export-image /SourceImageFile:"E:\sources\install.wim" /SourceIndex:6 /DestinationImageFile:C:\DATA\WIM\install.wim /Compress:max /CheckIntegrityLets mount the wim file
Dism /mount-wim /wimfile:"C:\DATA\WIM\install.wim" /index:1 /mountdir:C:\DATA\Mount Insert autopiltfile
After WIM is mounted – Copy AutopilotConfigurationFile.json to: %MountDir%\Windows\Provisioning\Autopilot\
Insert drivers
dism /image:C:\DATA\Mount /add-driver /driver:C:\temp\drivers\ /recurseWIM file commit and unmount
Dism /Commit-Image /MountDir:C:\DATA\Mount
Dism /Unmount-Image /MountDir:C:\DATA\Mount /commit Split file size to USB
Dism /Split-Image /ImageFile:"C:\DATA\WIM\install.wim" /SWMFile:"C:\DATA\SWM\install.SWM" /FileSize:3800 Copy SWM files to sources (USB)
Troubelshooting – OOBE Problems
Shift-F10
MDMDiagnosticsTool.exe -area Autopilot;TPM -cab c:\autopilot.cab
Sources
https://www.simsenblog.dk/2022/02/06/bootable-windows-11-incl-autopilot-json-file/
https://learn.microsoft.com/en-us/autopilot/tutorial/existing-devices/setup-autopilot-profile
The problem with azure joined pc’s is that you need a local user if you want to authenticate from a device not in the same tenant.
- Allow remote connections
2. Set the settings as following
3. Add local user –> MMC –> ADD Module (Local users)
Now you can login to the device with the local created user, you can add the user to the group administrators for full control.
Mount ssh shares as drives https://sftptogo.com/blog/how-to-map-sftp-as-a-windows-10-drive/
Filestructure
/bu <– root folder
/bu/database <– databases
/bu/server <– files
## Copy files
$Source = "Z:\bu\"
$Destination = "P:\Backups\Server\pluto01_versio\"
Get-ChildItem $Source -Recurse | ForEach {
$ModifiedDestination = $($_.FullName).Replace("$Source","$Destination")
If ((Test-Path $ModifiedDestination) -eq $False) {
Copy-Item $_.FullName $ModifiedDestination
}
}
## Remove stale files
Get-ChildItem –Path "P:\Backups\Server\pluto01_versio\database" -Recurse | Where-Object {($_.LastWriteTime -lt (Get-Date).AddDays(-30))} | Remove-Item
Get-ChildItem –Path "P:\Backups\Server\pluto01_versio\server" -Recurse | Where-Object {($_.LastWriteTime -lt (Get-Date).AddDays(-30))} | Remove-Item
You can’t set the default browser page from Google chrome with gpo’s. So here is a script that will set the default page from your Google Chrome browser.
#paths for chrome policy keys used in the scripts
$policyexists = Test-Path HKLM:\SOFTWARE\Policies\Google\Chrome
$policyexistshome = Test-Path HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs
$regKeysetup = "HKLM:\SOFTWARE\Policies\Google\Chrome"
$regKeyhome = "HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs"
$url = "https://sint-norbertus.be"
#setup policy dirs in registry if needed and set pwd manager
#else sets them to the correct values if they exist
if ($policyexists -eq $false){
New-Item -path HKLM:\SOFTWARE\Policies\Google
New-Item -path HKLM:\SOFTWARE\Policies\Google\Chrome
New-ItemProperty -path $regKeysetup -Name PasswordManagerEnabled -PropertyType DWord -Value 0
New-ItemProperty -path $regKeysetup -Name RestoreOnStartup -PropertyType Dword -Value 4
New-ItemProperty -path $regKeysetup -Name HomepageLocation -PropertyType String -Value $url
New-ItemProperty -path $regKeysetup -Name HomepageIsNewTabPage -PropertyType DWord -Value 0
}
Else {
Set-ItemProperty -Path $regKeysetup -Name PasswordManagerEnabled -Value 0
Set-ItemProperty -Path $regKeysetup -Name RestoreOnStartup -Value 4
Set-ItemProperty -Path $regKeysetup -Name HomepageLocation -Value $url
Set-ItemProperty -Path $regKeysetup -Name HomepageIsNewTabPage -Value 0
}
#This entry requires a subfolder in the registry
#For more then one page create another new-item and set-item line with the name -2 and the new url
if ($policyexistshome -eq $false){
New-Item -path HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs
New-ItemProperty -path $regKeyhome -Name 1 -PropertyType String -Value $url
}
Else {
Set-ItemProperty -Path $regKeyhome -Name 1 -Value $url
}
Chocolatey is an online ‘community’ where software is made available like apt-get in Linux. This makes it easy to use in script an makes updating software easy. The use off this in combination whit an unattended install makes great partners.
Installing programs becomes as easy as choco install chrome.
We have a script that makes it possible to install programs thrue chocolatey without installing it. The script is a powershell script. The script is called like this powershell.exe -NoProfile -windowstyle hidden -ExecutionPolicy bypass "%ScriptRoot%\Chocolatey\Install.ps1" -verbose -Packages "googlechrome"