deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2icd

Browse Source
This commit is contained in:
jdeckerMS
2017-02-21 11:46:52 -08:00
parent 99ce6212cf 4108f97239
commit 24911562e2
251 changed files with 1241 additions and 14500 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
View File

@ -163,6 +163,9 @@ ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi
```
>[!TIP]
>If you start the PXE boot process, but receive the error that "The boot configuration data for your PC is missing or contains errors" then verify that \\boot directory is installed under the correct TFTP server root directory. In the example used here the name of this directory is TFTPRoot, but your TFTP server might be different.
## PXE boot process summary
The following summarizes the PXE client boot process.

123
windows/deploy/provision-pcs-for-initial-deployment.md
View File

@ -1,123 +0,0 @@
---
title: Provision PCs with common settings (Windows 10)
description: Create a provisioning package to apply common settings to a PC running Windows 10.
ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
keywords: ["runtime provisioning", "provisioning package"]
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# Provision PCs with common settings for initial deployment (simple provisioning)
**Applies to**
- Windows 10
This topic explains how to create and apply a simple provisioning package that contains common enterprise settings to a device running all desktop editions of Windows 10 except Windows 10 Home.
You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
## Advantages
- You can configure new devices without reimaging.
- Works on both mobile and desktop devices.
- No network connectivity required.
- Simple to apply.
[Learn more about the benefits and uses of provisioning packages.](provisioning-packages.md)
## What does simple provisioning do?
In a simple provisioning package, you can configure:
- Device name
- Upgraded product edition
- Wi-Fi network
- Active Directory enrollment
- Local administrator account
Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more. To learn about provisioning packages that include more than the settings in a simple provisioning package, see [Provision PCs with apps and certificates](provision-pcs-with-apps-and-certificates.md).
> [!TIP]
> Use simple provisioning to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
![open advanced editor](images/icd-simple-edit.png)
## Create the provisioning package
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
2. Click **Simple provisioning**.
![ICD start options](images/icdstart-option.png)
3. Name your project and click **Finish**. The screens for simple provisioning will walk you through the following steps.
![ICD simple provisioning](images/icd-simple.png)
4. In the **Set up device** step, enter a unique 15-character name for the device. For help generating a unique name, you can use %SERIAL%, which includes a hardware-specific serial number, or you can use %RAND:x%, which generates random characters of x length.
5. (*Optional*) You can upgrade the following editions of Windows 10 by providing a product key for the edition to upgrade to.
- Pro to Education
- Pro to Enterprise
- Enterprise to Education
6. Click **Set up network**.
7. Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, type, and (if required) password for the wireless network.
8. Click **Enroll into Active Directory**.
9. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (*Optional*) Enter a user name and password to create a local administrator account.
> **Warning**: If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
- Use a least-privileged domain account to join the device to the domain.
- Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
- [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.
10. Click **Finish**.
11. Review your settings in the summary. You can return to previous pages to change your selections. Then, under **Protect your package**, toggle **Yes** or **No** to encrypt the provisioning package. If you select **Yes**, enter a password. This password must be entered to apply the encrypted provisioning package.
12. Click **Create**.
> [!IMPORTANT]
> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
## Learn more
- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
- [NFC-based device provisioning](provisioning-nfc.md)
- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

196
windows/deploy/provision-pcs-with-apps-and-certificates.md
View File

@ -1,196 +0,0 @@
---
title: Provision PCs with apps and certificates (Windows 10)
description: Create a provisioning package to apply settings to a PC running Windows 10.
ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
keywords: ["runtime provisioning", "provisioning package"]
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
**Applies to**
- Windows 10
This topic explains how to create and apply a provisioning package that contains apps and certificates to a device running all desktop editions of Windows 10 except Windows 10 Home. Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
## Advantages
- You can configure new devices without reimaging.
- Works on both mobile and desktop devices.
- No network connectivity required.
- Simple to apply.
[Learn more about the benefits and uses of provisioning packages.](provisioning-packages.md)
## Create the provisioning package
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
2. Click **Advanced provisioning**.
![ICD start options](images/icdstart-option.png)
3. Name your project and click **Next**.
3. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
### Add a desktop app to your package
1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandFiles**.
2. Add all the files required for the app install, including the data files and the installer.
3. Go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandLine** and specify the command line that needs to be executed to install the app. This is a single command line (such as a script, executable, or msi) that triggers a silent install of your CommandFiles. Note that the install must execute silently (without displaying any UI). For MSI installers use, the `msiexec /quiet` option.
> [!NOTE]
> If you are installing more than one app, then use `CommandLine` to invoke the script or batch file that orchestrates installation of the files. For more information, see [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md).
### Add a universal app to your package
Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Windows Store for Business apps that you acquire with [offline licensing](../manage/acquire-apps-windows-store-for-business.md), or third-party apps. This procedure will assume you are distributing apps from the Windows Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**.
2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Windows Store for Business, the package family name is listed in the **Package details** section of the download page.
![details for offline app package](images/uwp-family.png)
3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Windows Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page.
![required frameworks for offline app package](images/uwp-dependencies.png)
5. For **DeviceContextAppLicense**, enter the **LicenseProductID**.
- In Windows Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**.
![generate license for offline app](images/uwp-license.png)
- Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
6. In the **Available customizations** pane, click the **LicenseProductId** that you just added.
7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *<file name>*.**ms-windows-store-license**, and select the license file.
[Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md)
> [!NOTE]
> Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
### Add a certificate to your package
1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**.
2. Enter a **CertificateName** and then click **Add**.
2. Enter the **CertificatePassword**.
3. For **CertificatePath**, browse and select the certificate to be used.
4. Set **ExportCertificate** to **False**.
5. For **KeyLocation**, select **Software only**.
### Add other settings to your package
For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
### Build your package
1. When you are done configuring the provisioning package, on the **File** menu, click **Save**.
2. Read the warning that project files may contain sensitive information, and click **OK**.
> **Important** When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
3. On the **Export** menu, click **Provisioning package**.
1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
10. Set a value for **Package Version**.
> [!TIP]  
> You can make changes to existing packages and change the version number to update previously applied packages.
11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
**Important**  
We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. 
12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
Optionally, you can click **Browse** to change the default output location.
13. Click **Next**.
14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.<p>
If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.<p>
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
- Shared network folder
- SharePoint site
- Removable media (USB/SD)
- Email
- USB tether (mobile only)
- NFC (mobile only)
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
## Learn more
- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
- [NFC-based device provisioning](provisioning-nfc.md)
- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

68
windows/deploy/provisioning-command-line.md
View File

@ -1,68 +0,0 @@
---
title: Windows ICD command-line interface (Windows 10)
description:
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# Windows ICD command-line interface (reference)
**Applies to**
- Windows 10
- Windows 10 Mobile
You can use the Windows Imaging and Configuration Designer (ICD) command-line interface (CLI) to automate the building of provisioning packages and Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows 10 Mobile or Windows 10 IoT Core (IoT Core) images.
- IT pros can use the Windows ICD CLI to require less re-tooling of existing processes. You must run the Windows ICD CLI from a command window with administrator privileges.
- You must use the Windows ICD CLI and edit the customizations.xml sources to create an image and/or provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows ICD CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
## Syntax
```
icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:<path_to_ppkg>
[/StoreFile:<path_to_storefile>] [/MSPackageRoot:<path_to_mspackage_directory>] [/OEMInputXML:<path_to_xml>]
[/ProductName:<product_name>] [/Variables:<name>:<value>] [[+|-]Encrypted] [[+|-]Overwrite] [/?]
```
## Switches and arguments
| Switch | Required? | Arguments |
| --- | --- | --- |
| /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
| /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows ICD, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows ICD.</br></br></br>**Important** If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
| /Variables | No | Specifies a semicolon separated <name> and <value> macro pair. The format for the argument must be <name>=<value>. |
| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows ICD auto-generates the decryption password and includes this information in the output.</br></br></br>Precede with + for encryption or - for no encryption. The default is no encryption. |
| Overwrite | No | Denotes whether to overwrite an existing provisioning package.</br></br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
- [NFC-based device provisioning](provisioning-nfc.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 

322
windows/deploy/provisioning-multivariant.md
View File

@ -1,322 +0,0 @@
---
title: Create a provisioning package with multivariant settings (Windows 10)
description: Create a provisioning package with multivariant settings to customize the provisioned settings.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# Create a provisioning package with multivariant settings
**Applies to**
- Windows 10
- Windows 10 Mobile
Multivariant provisioning packages enable you to create a single provisioning package that can work for multiple locales.
To provision multivariant settings, you must create a provisioning package with defined **Conditions** and **Settings** that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
The following events trigger provisioning on Windows 10 devices:
| Event | Windows 10 Mobile | Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) |
| --- | --- | --- |
| System boot | Supported | Supported |
| Operating system update | Supported | Planned |
| Package installation during device first run experience | Supported | Supported |
| Detection of SIM presence or update | Supported | Not supported |
| Package installation at runtime | Supported | Supported |
| Roaming detected | Supported | Not supported |
## Target, TargetState, Condition, and priorities
Targets describe keying for a variant and must be described or pre-declared before being referenced by the variant.
- You can define multiple **Target** child elements for each **Id** that you need for the customization setting.
- Within a **Target** you can define multiple **TargetState** elements.
- Within a **TargetState** element you can create multiple **Condition** elements.
- A **Condition** element defines the matching type between the condition and the specified value.
The following table shows the conditions supported in Windows 10 provisioning:
>[!NOTE]
>You can use any of these supported conditions when defining your **TargetState**.
| Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
| --- | --- | --- | --- | --- | --- |
| MNC | P0 | Supported | N/A | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
| MCC | P0 | Supported | N/A | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
| SPN | P0 | Supported | N/A | String | Use to target settings based on the Service Provider Name (SPN) value. |
| PNN | P0 | Supported | N/A | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
| GID1 | P0 | Supported | N/A | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
| ICCID | P0 | Supported | N/A | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
| Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). |
| UICC | P0 | Supported | N/A | Enumeration | Use to specify the UICC state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
| UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
| ProcessorType | P1 | Supported | Supported | String | Use to target settings based on the processor type. |
| ProcessorName | P1 | Supported | Supported | String | Use to target settings based on the processor name. |
| AoAc | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the POWER_PLATFORM_ROLE enumeration. |
| Architecture | P1 | Supported | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
| Server | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region. |
| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code. |
| ROMLANG | P1 | Supported | N/A | Digit string | Use to specify the PhoneROMLanguage that's set for DeviceTargeting. This condition is used primarily to detect variants for China. For example, you can use this condition and set the value to "0804". |
The matching types supported in Windows 10 are:
| Matching type | Syntax | Example |
| --- | --- | --- |
| Straight match | Matching type is specified as-is | &lt;Condition Name="ProcessorName" Value="Barton" /&gt; |
| Regex match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
| Numeric range match | Matching type is prefixed by "!Range:" | &lt;Condition Name="MNC" Value="!Range:400, 550" /&gt; |
- When all **Condition** elements are TRUE, **TargetState** is TRUE (**AND** logic).
- If any of the **TargetState** elements is TRUE, **Target** is TRUE (**OR** logic), and **Id** can be used for the setting customization.
You can define more than one **TargetState** within a provisioning package to apply variant settings that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the variant settings are applied, the system assigns a priority to every **TargetState**.
A variant setting that matches a **TargetState** with a lower priority is applied before the variant that matches a **TargetState** with a higher priority. Variant settings that match more than one **TargetState** with equal priority are applied according to the order that each **TargetState** is defined in the provisioning package.
The **TargetState** priority is assigned based on the conditions priority and the priority evaluation rules are as followed:
1. **TargetState** with P0 conditions is higher than **TargetState** without P0 conditions.
2. **TargetState** with P1 conditions is higher than **TargetState** without P0 and P1 conditions.
3. If N₁>N₂>0, the **TargetState** priority with N₁ P0 conditions is higher than the **TargetState** with N₂ P1 conditions.
4. For **TargetState** without P0 conditions, if N₁>N₂>0 **TargetState** with N₁ P1 conditions is higher than the **TargetState** with N₂ P1 conditions.
5. For **TargetState** without P0 and P1 conditions, if N₁>N₂>0 **TargetState** priority with N₁ P2 conditions is higher than the **TargetState** with N₂ P2 conditions.
6. For rules 3, 4, and 5, if N₁=N₂, **TargetState** priorities are considered equal.
## Create a provisioning package with multivariant settings
Follow these steps to create a provisioning package with multivariant capabilities.
1. Build a provisioning package and configure the customizations you need to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
2. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
3. Open the project folder and copy the customizations.xml file.
4. Use an XML or text editor to open the customizations.xml file.
The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The Customizations node contains a Common section, which contains the customization settings.
The following example shows the contents of a sample customizations.xml file.
```XML
<?xml version="1.0" encoding="utf-8"?>
<WindowsCustomizatons>
<PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
<ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
<Name>My Provisioning Package</Name>
<Version>1.0</Version>
<OwnerType>OEM</OwnerType>
<Rank>50</Rank>
</PackageConfig>
<Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
<Customizations>
<Common>
<Policies>
<AllowBrowser>0</AllowBrowser>
<AllowCamera>0</AllowCamera>
<AllowBluetooth>0</AllowBluetooth>
</Policies>
<HotSpot>
<Enabled>0</Enabled>
</HotSpot>
</Common>
</Customizations>
</Settings>
</WindowsCustomizatons>
```
4. Edit the customizations.xml file and create a **Targets** section to describe the conditions that will handle your multivariant settings.
The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
```XML
<?xml version="1.0" encoding="utf-8"?>
<WindowsCustomizatons>
<PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
<ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
<Name>My Provisioning Package</Name>
<Version>1.0</Version>
<OwnerType>OEM</OwnerType>
<Rank>50</Rank>
</PackageConfig>
<Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
<Customizations>
<Common>
<Policies>
<AllowBrowser>0</AllowBrowser>
<AllowCamera>0</AllowCamera>
<AllowBluetooth>0</AllowBluetooth>
</Policies>
<HotSpot>
<Enabled>0</Enabled>
</HotSpot>
</Common>
<Targets>
<Target Id="Unique target identifier for desktop">
<TargetState>
<Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />
<Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" />
</TargetState>
<TargetState>
<Condition Name="ProcessorName" Value="Barton" />
<Condition Name="ProcessorType" Value="Athlon MP" />
</TargetState>
</Target>
<Target Id="Mobile target">
<TargetState>
<Condition Name="MCC" Value="Range:310, 320" />
<Condition Name="MNC" Value="!Range:400, 550" />
</TargetState>
</Target>
</Targets>
</Customizations>
</Settings>
</WindowsCustomizatons>
```
5. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
a. Define a child **TargetRefs** element.
b. Within the **TargetRefs** element, define a **TargetRef** element. You can define multiple **TargetRef** elements for each **Id** that you need to apply to customized settings.
c. Move compliant settings from the **Common** section to the **Variant** section.
If any of the TargetRef elements matches the Target, all settings in the Variant are applied (OR logic).
>[!NOTE]
>You can define multiple Variant sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
```XML
<?xml version="1.0" encoding="utf-8"?>
<WindowsCustomizatons>
<PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
<ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
<Name>My Provisioning Package</Name>
<Version>1.0</Version>
<OwnerType>OEM</OwnerType>
<Rank>50</Rank>
</PackageConfig>
<Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
<Customizations>
<Common>
</Common>
<Targets>
<Target Id="Unique target identifier for desktop">
<TargetState>
<Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />
<Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" />
</TargetState>
<TargetState>
<Condition Name="ProcessorName" Value="Barton" />
<Condition Name="ProcessorType" Value="Athlon MP" />
</TargetState>
</Target>
<Target Id="Mobile target">
<TargetState>
<Condition Name="MCC" Value="Range:310, 320" />
<Condition Name="MNC" Value="!Range:400, 550" />
</TargetState>
</Target>
</Targets>
<Variant>
<TargetRefs>
<TargetRef Id="Unique target identifier for desktop" />
<TargetRef Id="Mobile target" />
</TargetRefs>
<Settings>
<Policies>
<AllowBrowser>1</AllowBrowser>
<AllowCamera>1</AllowCamera>
<AllowBluetooth>1</AllowBluetooth>
</Policies>
<HotSpot>
<Enabled>1</Enabled>
</HotSpot>
</Settings>
</Variant>
</Customizations>
</Settings>
</WindowsCustomizatons>
```
6. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
7. Use the [Windows ICD command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml.
For example:
```
icd.exe /Build-ProvisioningPackage /CustomizationXML:"C:\CustomProject\customizations.xml" /PackagePath:"C:\CustomProject\output.ppkg" /StoreFile:C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\Microsoft-Common-Provisioning.dat"
```
In this example, the **StoreFile** corresponds to the location of the settings store that will be used to create the package for the required Windows edition.
>[!NOTE]
>The provisioning package created during this step will contain the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
- [NFC-based device provisioning](provisioning-nfc.md)
- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
 

153
windows/deploy/provisioning-nfc.md
View File

@ -1,153 +0,0 @@
---
title: NFC-based device provisioning (Windows 10)
description:
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# NFC-based device provisioning
**Applies to**
- Windows 10 Mobile
Near field communication (NFC) enables Windows 10 Mobile Enterprise and Windows 10 Mobile devices to communicate with an NFC tag or another NFC-enabled transmitting device. Enterprises that do bulk provisioning can use NFC-based device provisioning to provide a provisioning package to the device that's being provisioned. NFC provisioning is simple and convenient and it can easily store an entire provisioning package.
The NFC provisioning option enables the administrator to provide a provisioning package during initial device setup or the out-of-box experience (OOBE) phase. Administrators can use the NFC provisioning option to transfer provisioning information to persistent storage by tapping an unprovisioned mobile device to an NFC tag or NFC-enabled device. To use NFC for pre-provisioning a device, you must either prepare your own NFC tags by storing your provisioning package to a tag as described in this section, or build the infrastructure needed to transmit a provisioning package between an NFC-enabled device and a mobile device during OOBE.
## Provisioning OOBE UI
All Windows 10 Mobile Enterprise and Windows 10 Mobile images have the NFC provisioning capability incorporated into the operating system. On devices that support NFC and are running Windows 10 Mobile Enterprise or Windows 10 Mobile, NFC-based device provisioning provides an additional mechanism to provision the device during OOBE.
On all Windows devices, device provisioning during OOBE can be triggered by 5 fast taps on the Windows hardware key, which shows the **Provision this device** screen. In the **Provision this device** screen, select **NFC** for NFC-based provisioning.
![Example of Provision this device screen](images/nfc.png)
If there is an error during NFC provisioning, the device will show a message if any of the following errors occur:
- **NFC initialization error** - This can be caused by any error that occurs before data transfer has started. For example, if the NFC driver isn't enabled or there's an error communicating with the proximity API.
- **Interrupted download or incomplete package transfer** - This error can happen if the peer device is out of range or the transfer is aborted. This error can be caused whenever the device being provisioned fails to receive the provisioning package in time.
- **Incorrect package format** - This error can be caused by any protocol error that the operating system encounters during the data transfer between the devices.
- **NFC is disabled by policy** - Enterprises can use policies to disallow any NFC usage on the managed device. In this case, NFC functionality is not enabled.
## NFC tag
You can use an NFC tag for minimal provisioning and use an NFC-enabled device tag for larger provisioning packages.
The protocol used for NFC-based device provisioning is similar to the one used for NFC provisioning on Windows Embedded 8.1 Handheld, which supported both single-chunk and multi-chunk transfer when the total transfer didn't fit in one NDEP message size. In Windows 10, the provisioning stack contains the following changes:
- **Protocol namespace** - The protocol namespace has changed from Windows.WEH.PreStageProv.Chunk to Windows.ProvPlugins.Chunk.
- **Tag data type** - The tag data type has changed from UTF-8 into binary raw data.
>[!NOTE]
>The NFC tag doesn't go in the secondary device. You can transfer the NFC tag by using a provisioning package from device-to-device using the NFC radio or by re-reading the provisioning package from an NFC tag.
### NFC tag components
NFC tags are suitable for very light applications where minimal provisioning is required. The size of NFC tags that contain provisioning packages is typically 4 KB to 10 KB.
To write to an NFC tag, you will need to use an NFC Writer tool, or you can use the [ProximityDevice class API](https://msdn.microsoft.com/library/windows/apps/windows.networking.proximity.proximitydevice.aspx) to write your own custom tool to transfer your provisioning package file to your NFC tag. The tool must publish a binary message (write) a Chunk data type to your NFC tag.
The following table describes the information that is required when writing to an NFC tag.
| Required field | Description |
| --- | --- |
| **Type** | Windows.ProvPlugins.Chunk<br></br>The receiving device uses this information to understand information in the Data field. |
| **Data** | Tag data with small header in raw binary format that contains a chunk of the provisioning package to be transferred. |
### NFC provisioning helper
The NFC provisioning helper device must split the provisioning package raw content into multiple parts and publish these in order. Each part should follow the following format:
<table><tr><td>**Version**</br>(1 byte)</td><td>**Leading**<br>(1 byte)</td><td>**Order**</br>(1 byte)</td><td>**Total**</br>(1 byte)</td><td>**Chunk payload**</br>(N bytes)</td></tr></table>
For each part:
- **Version** should always be 0x00.
- **Leading byte** should always be 0xFF.
- **Order** represents which message chunk (out of the whole message) the part belongs to. The Order begins with zero (0).
- **Total** represents the total number of chunks to be transferred for the whole message.
- **Chunk payload** represents each of the split parts.
The NFC provisioning helper device must publish the record in a type of Windows.ProvPlugins.Chunk.
**Code example**
The following example shows how to write to an NFC tag. This example assumes that the tag is already in range of the writing device.
```
private async void WriteProvPkgToTag(IStorageFile provPkgFile)
{
var buffer = await FileIO.ReadBufferAsync(provPkgFile);
if (null == buffer)
{
return;
}
var proximityDevice = Windows.Networking.Proximity.ProximityDevice.GetDefault();
if (null == proximityDevice)
{
return;
}
var dataWriter = new DataWriter();
var header = new NfcProvHeader();
header.version = NFC_PROV_MESSAGE_CURRENT_VERSION; // Currently the supported version is 0x00.
header.leading = NFC_PROV_MESSAGE_LEADING_BYTE; // The leading byte should be always 0xFF.
header.index = 0; // Assume we only have 1 chunk.
header.total = 1; // Assume we only have 1 chunk.
// Write the header first and then the raw data of the provisioning package.
dataWriter.WriteBytes(GetBytes(header));
dataWriter.WriteBuffer(buffer);
var chunkPubId = proximityDevice.PublishBinaryMessage(
"Windows:WriteTag.ProvPlugins.Chunk",
dataWriter.DetachBuffer());
}
```
### NFC-enabled device tag components
Provisioning from an NFC-enabled source device allows for larger provisioning packages than can be transferred using an NFC tag. When provisioning from an NFC-enabled device, we recommend that the total file size not exceed 120 KB. Be aware that the larger the NFC file is, the longer it will take to transfer the provisioning file. Depending on your NFC hardware, the transfer time for a 120 KB file will vary between 2.5 seconds and 10 seconds.
To provision from an NFC-enabled source device, use [ProximityDevice class API](https://msdn.microsoft.com/library/windows/apps/windows.networking.proximity.proximitydevice.aspx) to write your own custom tool that transfers your provisioning package in chunks to your target mobile device. The tool must publish binary messages (transmit) a Header message, followed by one or more Chunk messages. The Header specifies the total amount of data that will be transferred to the target device; the Chunks must contain binary raw data formatted provisioning data, as shown in the NFC tag components section.
For detailed information and code samples on how to implement an NFC-enabled device tag, see **ConvertToNfcMessageAsync** in [this GitHub NfcProvisioner Universal Windows app example](https://github.com/Microsoft/Windows-universal-samples/blob/master/Samples/NfcProvisioner/cs/Scenario1.xaml.cs). The sample app shows you how to host the provisioning package on a master device so that you can transfer it to the receiving device.
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
 

222
windows/deploy/provisioning-script-to-install-app.md
View File

@ -1,222 +0,0 @@
---
title: Use a script to install a desktop app in provisioning packages (Windows 10)
description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# Use a script to install a desktop app in provisioning packages
**Applies to**
- Windows 10
- Windows 10 Mobile
This walkthrough describes how to leverage the ability to include scripts in a Windows 10 provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed, however, some care is needed in order to avoid unintended behavior during script execution (see Remarks below).
>**Prerequisite**: [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), version 1511 or higher
>[!NOTE]
>This scenario is only supported for installing applications on Windows 10 for desktop, version 1511 or higher.
## Assemble the application assets
1. On the device where youre authoring the package, place all of your assets in a known location. Each asset must have a unique filename, because all files will be copied to the same temp directory on the device. Its common for many apps to have an installer called install.exe or similar, and there may be name overlap because of that. To fix this, you can use the technique described in the next step to include a complete directory structure that is then expanded into the temp directory on the device. The most common use for this would be to include a subdirectory for each application.
2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages.
## Cab the application assets
1. Create a .DDF file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.
```
;*** MSDN Sample Source Code MakeCAB Directive file example
;
.OPTION EXPLICIT ; Generate errors on variable typos
.set DiskDirectoryTemplate=CDROM ; All cabinets go in a single directory
.Set MaxDiskFileCount=1000; Limit file count per cabinet, so that
; scanning is not too slow
.Set FolderSizeThreshold=200000 ; Aim for ~200K per folder
.Set CompressionType=MSZIP
;** All files are compressed in cabinet files
.Set Cabinet=on
.Set Compress=on
;-------------------------------------------------------------------
;** CabinetNameTemplate = name of cab
;** DiskDirectory1 = output directory where cab will be created
;-------------------------------------------------------------------
.Set CabinetNameTemplate=tt.cab
.Set DiskDirectory1=.
;-------------------------------------------------------------------
; Replace <file> with actual files you want to package
;-------------------------------------------------------------------
<file1>
<file2>
;*** <the end>
```
2. Use makecab to create the cab files.
```
Makecab -f <path to DDF file>
```
## Create the script to install the application
Create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
>[!NOTE]
>All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
>
>The scripts will be run on the device in system context.
### Debugging example
Granular logging is not built in, so the logging must be built into the script itself. Here is an example script that logs Hello World to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you will see in the following examples, its recommended that you log each action that your script performs.
```
set LOGFILE=%SystemDrive%\HelloWorld.log
echo Hello, World >> %LOGFILE%
```
### .exe example
This example script shows how to create a log output file on the system drive, install an app from a .exe installer, and echo the results to the log file.
```
set LOGFILE=%SystemDrive%\Fiddler_install.log
echo Installing Fiddler.exe >> %LOGFILE%
fiddler4setup.exe /S >> %LOGFILE%
echo result: %ERRORLEVEL% >> %LOGFILE%
```
### .msi example
This is the same as the previous installer, but installs the app from an MSI installer. Notice that msiexec is called with the /quiet flag in order to meet the silent requirement of scripts run from within a provisioning package.
```
set LOGFILE=%SystemDrive%\IPOverUsb_install.log
echo Installing IpOverUsbInstaller.msi >> %LOGFILE%
msiexec /i IpOverUsbInstaller.msi /quiet >> %LOGFILE%
echo result: %ERRORLEVEL% >> %LOGFILE%
```
### PowerShell example
This is an example script with logging that shows how to run a powershell script from the provisioning commands setting. Note that the PowerShell script referenced from this example must also be included in the package, and obey the same requirements as all scripts run from within the provisioning package: it must execute silently, with no user interaction.
```
set LOGFILE=%SystemDrive%\my_powershell_script.log
echo Running my_powershell_script.ps1 in system context >> %LOGFILE%
echo Executing "PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1" >> %LOGFILE%
PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1' >> %LOGFILE%
echo result: %ERRORLEVEL% >> %LOGFILE%
```
### Extract from a .CAB example
This example script shows expansion of a .cab from the provisioning commands script, as well as installation of the expanded setup.exe
```
set LOGFILE=%SystemDrive%\install_my_app.log
echo Expanding installer_assets.cab >> %LOGFILE%
expand -r installer_assets.cab -F:* . >> %LOGFILE%
echo result: %ERRORLEVEL% >> %LOGFILE%
echo Installing MyApp >> %LOGFILE%
setup.exe >> %LOGFILE%
echo result: %ERRORLEVEL% >> %LOGFILE%
```
### Calling multiple scripts in the package
You are currently allowed one CommandLine per PPKG. The batch files shown above are orchestrator scripts that manage the installation and calls any other scripts included in the PPKG. The orchestrator script is what should be invoked from the CommandLine specified in the package.
Heres a table describing this relationship, using the PowerShell example from above:
|ICD Setting | Value | Description |
| --- | --- | --- |
| ProvisioningCommands/DeviceContext/CommandLine | cmd /c PowerShell_Example.bat | The command line needed to invoke the orchestrator script. |
| ProvisioningCommands/DeviceContext/CommandFiles | PowerShell_Example.bat | The single orchestrator script referenced by the command line that handles calling into the required installers or performing any other actions such as expanding cab files. This script must do the required logging. |
| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
### Add script to provisioning package
When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Window Imaging and Configuration Designer (Windows ICD).
Using ICD, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to:
```
cmd /c InstallMyApp.bat
```
In ICD, this looks like:
![Command line in Selected customizations](images/icd-script1.png)
You also need to add the relevant assets for that command line including the orchestrator script and any other assets it references such as installers or .cab files.
In ICD, that is done by adding files under the `ProvisioningCommands/DeviceContext/CommandFiles` setting.
![Command files in Selected customizations](images/icd-script2.png)
When you are done, [build the package](provisioning-create-package.md#build-package).
### Remarks
1. No user interaction or console output is supported via ProvisioningCommands. All work needs to be silent. If your script attempts to do any of the following it will cause undefined behavior, and could put the device in an unrecoverable state if executed during setup or the Out of Box Experience:
a. Echo to console
b. Display anything on the screen
c. Prompt the user with a dialog or install wizard
2. When applied at first boot, provisioning runs early in the boot sequence and before a user context has been established; care must be taken to only include installers that can run at this time. Other installers can be provisioned via a management tool.
3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options).
4. The CommandFile assets are deployed on the device to a temporary folder unique to each package.
a. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
b. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the PPKG: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
5. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
6. The runtime provisioning component will attempt to run the scripts from the PPKG at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the Out-of-Box Experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and “please wait” will be displayed on the screen.
>[!NOTE]
>There is a timeout of 30 minutes for the provisioning process at this point. All scripts and installs need to complete within this time.
7. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there is no notification that provisioning or script execution has completed
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
- [NFC-based device provisioning](provisioning-nfc.md)
- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

98
windows/deploy/provisioning-uninstall-package.md
View File

@ -1,98 +0,0 @@
---
title: Settings changed when you uninstall a provisioning package (Windows 10)
description: This topic lists the settings that are reverted when you uninstall a provisioning package.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
localizationpriority: high
---
# Settings changed when you uninstall a provisioning package
**Applies to**
- Windows 10
- Windows 10 Mobile
When you uninstall a provisioning package, only certain settings are revertible. This topic lists the settings that are reverted when you uninstall a provisioning package.
As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
When a provisioning package is uninstalled, some of its settings are reverted, which means the value for the setting is changed to the next available or default value. Not all settings, however, are revertible.
Only settings in the following lists are revertible.
## Registry-based settings
The registry-based settings that are revertible when a provisioning package is uninstalled all fall under these categories, which you can find in the Graphical User Interface of the Windows Imaging and Configuration Designer (Windows ICD).
- [Wi-Fi Sense](https://msdn.microsoft.com/library/windows/hardware/mt219706.aspx)
- [CountryAndRegion](https://msdn.microsoft.com/library/windows/hardware/mt219726.aspx)
- DeviceManagement / PGList/ LogicalProxyName
- UniversalAppInstall / LaunchAppAtLogin
- [Power](https://msdn.microsoft.com/library/windows/hardware/dn953704.aspx)
- [TabletMode](https://msdn.microsoft.com/library/windows/hardware/mt297550.aspx)
- [Maps](https://msdn.microsoft.com/library/windows/hardware/mt131464.aspx)
- [Browser](https://msdn.microsoft.com/library/windows/hardware/mt573151.aspx)
- [DeviceFormFactor](https://msdn.microsoft.com/library/windows/hardware/mt243449.aspx)
- [USBErrorsOEMOverride](https://msdn.microsoft.com/library/windows/hardware/mt769908.aspx)
- [WeakCharger](https://msdn.microsoft.com/library/windows/hardware/mt346401.aspx)
## CSP-based settings
Here is the list of revertible settings based on configuration service providers (CSPs).
[ActiveSync CSP](https://msdn.microsoft.com/library/windows/hardware/dn920017.aspx)
[AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx)
[BrowserFavorite CSP](https://msdn.microsoft.com/library/windows/hardware/dn914758.aspx)
[CertificateStore CSP](https://msdn.microsoft.com/library/windows/hardware/dn920021.aspx)
[ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx)
[RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx)
[CM_CellularEntries CSP](https://msdn.microsoft.com/library/windows/hardware/dn914761.aspx)
[CM_ProxyEntries CSP](https://msdn.microsoft.com/library/windows/hardware/dn914762.aspx)
[CMPolicy CSP](https://msdn.microsoft.com/library/windows/hardware/dn914760.aspx)
[CMPolicyEnterprise CSP](https://msdn.microsoft.com/library/windows/hardware/mt706463.aspx)
[EMAIL2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn904953.aspx)
[EnterpriseAPN CSP](https://msdn.microsoft.com/library/windows/hardware/dn958617.aspx)
[EnterpriseAppManagement CSP](https://msdn.microsoft.com/library/windows/hardware/dn904955.aspx)
[EnterpriseDesktopAppManagement CSP](https://msdn.microsoft.com/library/windows/hardware/dn958620.aspx)
[EnterpriseModernAppManagement CSP](https://msdn.microsoft.com/library/windows/hardware/dn904956.aspx)
[NAP CSP](https://msdn.microsoft.com/library/windows/hardware/dn914767.aspx)
[PassportForWork CSP](https://msdn.microsoft.com/library/windows/hardware/dn987099.aspx)
[Provisioning CSP](https://msdn.microsoft.com/library/windows/hardware/mt203665.aspx)
[PROXY CSP](https://msdn.microsoft.com/library/windows/hardware/dn914770.aspx)
[SecureAssessment CSP](https://msdn.microsoft.com/library/windows/hardware/mt718628.aspx)
[VPN CSP](https://msdn.microsoft.com/library/windows/hardware/dn904978.aspx)
[VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx)
[WiFi CSP](https://msdn.microsoft.com/library/windows/hardware/dn904981.aspx)
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [How provisioning works in Windows 10](provisioning-how-it-works.md)
- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
- [Create a provisioning package](provisioning-create-package.md)
- [Apply a provisioning package](provisioning-apply-package.md)
- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
- [NFC-based device provisioning](provisioning-nfc.md)
- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
 

125
windows/deploy/update-windows-10-images-with-provisioning-packages.md
View File

@ -1,125 +0,0 @@
---
title: Update Windows 10 images with provisioning packages (Windows 10)
description: Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image.
ms.assetid: 3CA345D2-B60A-4860-A3BF-174713C3D3A6
keywords: provisioning, bulk deployment, image
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
author: jdeckerMS
redirect_url: https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages
---
# Update Windows 10 images with provisioning packages
**Applies to**
- Windows 10
- Windows 10 Mobile
Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image.
In Windows 10, you can apply a provisioning package at any time. A provisioning package can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
You can include provisioning packages when you build a Windows image. This way, you can create a single provisioning package that you can add to different hardware-specific images.
You can also put a provisioning package on a USB drive or SD card to apply to off-the-shelf devices. You can even send the provisioning package to someone in email.
Rather than wiping a device and applying a new system image when you need to change configuration, you can reset the device to its original state and then apply a new provisioning package.
For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
## Advantages
- You can configure new devices without reimaging.
- Works on both mobile and desktop devices.
- No network connectivity required.
- Simple for people to apply.
- Ensure compliance and security before a device is enrolled in MDM.
## Create package
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
1. Open Windows ICD (by default, `%windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe`).
2. Choose **New provisioning package**.
3. Name your project, and click **Next**.
4. Choose **Common to all Windows editions** and click **Next**.
5. On **New project**, click **Finish**. The workspace for your package opens.
6. Configure settings. [Learn more about specific settings in provisioning packages.]( https://go.microsoft.com/fwlink/p/?LinkId=615916)
7. On the **File** menu, select **Save.**
8. On the **Export** menu, select **Provisioning package**.
9. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
10. Set a value for **Package Version**.
**Tip**  
You can make changes to existing packages and change the version number to update previously applied packages.
11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
**Important**  
We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. 
12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
Optionally, you can click **Browse** to change the default output location.
13. Click **Next**.
14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.<p>
If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.<p>
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
- Shared network folder
- SharePoint site
- Removable media (USB/SD)
- Email
- USB tether (mobile only)
- NFC (mobile only)
## Add package to image
**To add a provisioning package to Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)**
- Follow the steps in the "To build an image for Windows 10 for desktop editions" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).
**To add a provisioning package to a Windows 10 Mobile image**
- Follow the steps in the "To build an image for Windows 10 Mobile or Windows 10 IoT Core (IoT Core)" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).<p>
The provisioning package is placed in the FFU image and is flashed or sector written to the device. During device setup time, the provisioning engine starts and consumes the packages.
## Learn more
- [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
- [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
- [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
## Related topics
- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)

4
windows/deploy/upgrade-analytics-prepare-your-environment.md
View File

@ -1,4 +0,0 @@
---
title: Upgrade Analytics - Identify important apps (Windows 10)
redirect_url: upgrade-analytics-identify-apps
---

5
windows/deploy/upgrade-analytics-release-notes.md
View File

@ -1,5 +0,0 @@
---
title: Upgrade Analytics release notes (Windows 10)
description: Provides tips and limitations about Upgrade Analytics.
redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements#important-information-about-this-release
---

7
windows/deploy/upgrade-analytics-review-site-discovery.md
View File

@ -1,7 +0,0 @@
---
title: Review site discovery
redirect_url: upgrade-analytics-additional-insights
---

107
windows/deploy/windows-10-poc-sc-config-mgr.md
View File

@ -163,8 +163,8 @@ Topics and procedures in this guide are summarized in the following table. An es
adsiedit.msc
```
6. Right-click **ADSI Edit**, click **Connect to**, select **Default** under **Computer** and then click **OK**.
7. Expand **Default naming context**>**DC=contoso,DC=com**, right-click **CN=System**, point to **New**, and then click **Object**.
6. Right-click **ADSI Edit**, click **Connect to**, select **Default (Domain or server that you logged in to)** under **Computer** and then click **OK**.
7. Expand **Default naming context**>**DC=contoso,DC=com**, and then in the console tree right-click **CN=System**, point to **New**, and then click **Object**.
8. Click **container** and then click **Next**.
9. Next to **Value**, type **System Management**, click **Next**, and then click **Finish**.
10. Right-click **CN=system Management** and then click **Properties**.
@ -194,7 +194,7 @@ Topics and procedures in this guide are summarized in the following table. An es
- **Settings Summary**: Review settings and click **Next**.
- **Prerequisite Check**: No failures should be listed. Ignore any warnings and click **Begin Install**.
>There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored.
>There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment.
Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete.
@ -207,7 +207,7 @@ Topics and procedures in this guide are summarized in the following table. An es
## Download MDOP and install DaRT
1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/en-us/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso) to the C:\VHD directory on the Hyper-V host.
1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/en-us/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1:
@ -292,19 +292,19 @@ This section contains several procedures to support Zero Touch installation with
2. In the System Center Configuration Manager console, in the **Administration** workspace, click **Distribution Points**.
3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**.
4. On the PXE tab, select the following settings:
- Enable PXE support for clients. Click **Yes** in the popup that appears.
- Allow this distribution point to respond to incoming PXE requests
- Enable unknown computer support. Click **OK** in the popup that appears.
- Require a password when computers use PXE
- Password and Confirm password: pass@word1
- Respond to PXE requests on specific network interfaces: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure.
- **Enable PXE support for clients**. Click **Yes** in the popup that appears.
- **Allow this distribution point to respond to incoming PXE requests**
- **Enable unknown computer support**. Click **OK** in the popup that appears.
- **Require a password when computers use PXE**
- **Password** and **Confirm password**: pass@word1
- **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure.
See the following example:
<img src="images/sccm-pxe.png" alt="Config Mgr PXE"/>
5. Click **OK**.
6. Type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
```
cmd /c dir /b C:\RemoteInstall\SMSBoot\x64
@ -340,7 +340,7 @@ This section contains several procedures to support Zero Touch installation with
>You can open C:\Sources\OSD\Branding\contoso.bmp in MSPaint.exe if desired to customize this image.
## Create a boot image for Configuration Manager
### Create a boot image for Configuration Manager
1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then click **Create Boot Image using MDT**.
2. On the Package Source page, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then click **Next**.
@ -357,13 +357,15 @@ This section contains several procedures to support Zero Touch installation with
```
Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
```
>In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
```
STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=2476 TID=4636 GMTDATE=Wed Sep 14 22:11:09.363 2016 ISTR0="Configuration Manager Client Upgrade Package" ISTR1="PS100003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS100003" SMS_DISTRIBUTION_MANAGER 9/14/2016 3:11:09 PM 4636 (0x121C)
```
11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Doublt-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
12. In the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then click the **Data Source** tab.
```
STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=2476 TID=4636 GMTDATE=Wed Sep 14 22:11:09.363 2016 ISTR0="Configuration Manager Client Upgrade Package" ISTR1="PS100003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS100003" SMS_DISTRIBUTION_MANAGER 9/14/2016 3:11:09 PM 4636 (0x121C)
```
11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Double-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
12. Next, in the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then click the **Data Source** tab.
13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and click **OK**.
14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example:
@ -380,7 +382,7 @@ This section contains several procedures to support Zero Touch installation with
>The first two images (*.wim files) are default boot images. The third is the new boot image with DaRT.
## Create a Windows 10 reference image
### Create a Windows 10 reference image
If you have already completed steps in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then you have already created a Windows 10 reference image. In this case, skip to the next procedure in this guide: [Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image). If you have not yet created a Windows 10 reference image, complete the steps in this section.
@ -534,7 +536,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**.
## Add a Windows 10 operating system image
### Add a Windows 10 operating system image
1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
@ -553,11 +555,11 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
6. In the Distribute Content Wizard, click **Next**, click **Add**, click **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar, click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar (be sure there is no space at the end of the location or you will get an error), click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
>If content distribution is not successful, verify that sufficient disk space is available.
## Create a task sequence
### Create a task sequence
>Complete this section slowly. There are a large number of similar settings from which to choose.
@ -567,37 +569,37 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
3. On the General page, type **Windows 10 Enterprise x64** under **Task sequence name:** and then click **Next**.
4. On the Details page, enter the following settings:<BR>
- Join a domain: contoso.com<BR>
- Account: click **Set**<BR>
- User name: contoso\CM_JD<BR>
- Password: pass@word1<BR>
- Confirm password: pass@word1<BR>
- Click **OK**<BR>
- Windows Settings<BR>
- User name: Contoso<BR>
- Organization name: Contoso<BR>
- Product key: \<blank\><BR>
- Administrator Account: Enable the account and specify the local administrator password<BR>
- Password: pass@word1<BR>
- Confirm password: pass@word1<BR>
- Click Next<BR>
4. On the Details page, enter the following settings:
- Join a domain: **contoso.com**
- Account: click **Set**
- User name: **contoso\CM_JD**
- Password: **pass@word1**
- Confirm password: **pass@word1**
- Click **OK**
- Windows Settings
- User name: **Contoso**
- Organization name: **Contoso**
- Product key: \<blank\>
- Administrator Account: **Enable the account and specify the local administrator password**
- Password: **pass@word1**
- Confirm password: **pass@word1**
- Click **Next**
5. On the Capture Settings page, accept the default settings and click **Next**.
6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package and then click **Next**.
6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package, click **OK**, and then click **Next**.
7. On the MDT Package page, select **Create a new Microsoft Deployment Toolkit Files package**, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\MDT\MDT 2013**, and then click **Next**.
7. On the MDT Package page, select **Create a new Microsoft Deployment Toolkit Files package**, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\MDT\MDT** (MDT is repeated here, not a typo), and then click **Next**.
8. On the MDT Details page, next to **Name:** type **MDT 2013** and then click **Next**.
8. On the MDT Details page, next to **Name:** type **MDT** and then click **Next**.
9. On the OS Image page, browse and select the **Windows 10 Enterprise x64** package, and then click **Next**.
9. On the OS Image page, browse and select the **Windows 10 Enterprise x64** package, click **OK**, and then click **Next**.
10. On the Deployment Method page, accept the default settings for **Zero Touch Installation** and click **Next**.
11. On the Client Package page, browse and select the **Microsoft Corporation Configuration Manager Client package** and then click **Next**.
11. On the Client Package page, browse and select the **Microsoft Corporation Configuration Manager Client package**, click **OK**, and then click **Next**.
12. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows 8 10.0.14393.0** package, and then click **Next**.
12. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows 10.0.14393.0** package, click **OK**, and then click **Next**.
13. On the Settings Package page, select **Create a new settings package**, and under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Settings\Windows 10 x64 Settings**, and then click **Next**.
@ -640,7 +642,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
- Click **OK**<BR>.
## Finalize the operating system configuration
### Finalize the operating system configuration
>If you completed all procedures in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then the MDT deployment share is already present on SRV1. In this case, skip the first four steps below and begin with step 5 to edit CustomSettings.ini.
@ -670,7 +672,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
[Settings]
Priority=Default
Properties=OSDMigrateConfigFiles,OSDMigrateMode
[Default]
DoCapture=NO
ComputerBackupLocation=NONE
@ -681,6 +683,14 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
EventService=http://SRV1:9800
ApplyGPOPack=NO
```
>As noted previously, if you wish to migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts:
```
OSDMigrateAdditionalCaptureOptions=/all
```
7. Return to the Configuration Manager console, and in the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears.
8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**.
@ -705,6 +715,8 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
## Deploy Windows 10 using PXE and Configuration Manager
In this first deployment scenario, we will deploy Windows 10 using PXE. This scenario creates a new computer that does not have any migrated users or settings.
1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
```
@ -718,7 +730,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
3. In the Task Sequence Wizard, provide the password: **pass@word1**, and then click **Next**.
4. Before you click Next in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
5. At the command prompt, type **explorer.exe** and review the Windows PE file structure.
@ -745,6 +757,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
- Join the computer to the contoso.com domain
- Install any applications that were specified in the reference image
12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account.
13. Right-click **Start**, click **Run**, type **control appwiz.cpl**, press ENTER, click Turn Windows features on or off, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This is a feature included in the reference image.
@ -927,7 +940,7 @@ vmconnect localhost PC1
- Task sequence comments: **USMT backup only**
4. Click **Next**, and on the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package. Click **OK** and then click **Next** to continue.
5. On the MDT Package page, browse and select the **MDT 2013** package. Click **OK** and then click **Next** to continue.
5. On the MDT Package page, browse and select the **MDT** package. Click **OK** and then click **Next** to continue.
6. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package. Click **OK** and then click **Next** to continue.
7. On the Settings Package page, browse and select the **Windows 10 x64 Settings** package. Click **OK** and then click **Next** to continue.
8. On the Summary page, review the details and then click **Next**.