Windows provisioning packages allow a user to configure a Windows machine - installing applications, for example. They can be used as part of a traditional deployment – as a Systems Deployment Appliance (SDA) post install task as part of a scripted installation or wim or K-Image deployment.
Windows 10 (1703) released in July 2017 improves provisioning packages and now they can do everything a traditional deployment can do. This allows KACE customers to leverage the Systems Management Appliance (SMA) to effectively deploy Windows operating system configuration as an alternative to bare metal deployments, images, etc. used in the past.
The packages can be run in three ways.
Windows Autopilot has the following requirements:
Running a provisioning package reboots the machine immediately and then the package is run before the machine boots. A screenshot is shown below.
The user is given a progress percentage. In this example, the choice was to clean the PC and remove any user data.
Following that, the user gets a screen about installing Windows along with a progress percentage.
Once the process has completed, the login screen is shown as usual. The entire process takes about 20 minutes. In this example, the user would have to log in as a guest because I the choice was to clean the machine without retaining user data -- and without creating a local user account or picking a domain to join. Once logging into the machine, one can confirm that the users folder has been cleaned and all the applications have been removed.
In older versions, the package needed to be signed. This is not the case in Windows 10 version 1703 or later, as there is a Powershell command added to the operating system that makes silent installs of provisioning packages a lot easier.
Deploying an Automated Provisioning Package is extremely simple. To do so, configure a Managed Installation with the following command line (subsituting the proper *.ppkg filename in place of 'Package.ppkg') and attach the ppkg file to the MI:
powershell -Command "Install-ProvisioningPackage 'Package.ppkg' -QuietInstall"
Installing provisioning packages is fairly easy too with the Windows Configuration Designer. For the likes of an MSI or executable - what Microsoft is calling a "classic" Windows app, go to Runtime Settings → Provisioning Commands → Primary Context → Command and add a command to install an application and the installer.
In this example, we are attempting to install Visual Studio 2017 and the SMA Agent.
Within each command, different settings are available, such as restart, continue, or stop on error.
For Windows Store applications and other universal applications, there is the RuntimeSettings → UniversalAppInstall section. For more information see: https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provision-pcs-with-apps
Cleaning the machine removes any installed software and leaves a fresh Windows 10 installation - very much like a new image. The clean option is shown below.
The two options are to remove user data or keep it. The second option removes the need for USMT to persist user data after cleaning the machine. If the option to remove user data is chosen then there is the option to add user accounts. These can be local to the machine, domain or Azure accounts. This is shown below.
It is possible to add user accounts when cleaning the PC is chosen. If user data is cleared and no user accounts are created, the OOBE process will start once the clean has completed.
The following commands can be used after cleaning in order to install the SMA Agent:
Ideally, the SMA Agent should be re-installed after cleaning the device. This allows the device to connect to the SMA server again, and further managed installations can be run to configure the machine. To do this, auto login can be enabled so the commands to open the firewall, start the required services and install the agent are run automatically.
More provisioning commands can be added to remove the auto login and reboot once everything else has completed.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center