deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 03:13:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1158 from MicrosoftDocs/autopilot

Browse Source 
known issues update
This commit is contained in:
Rebecca Agiewich
2019-09-23 09:40:16 -07:00
committed by GitHub
parent 791181972c 6068b5b5e8
commit 5f131d978d
2 changed files with 321 additions and 315 deletions
Download Patch File Download Diff File Expand all files Collapse all files

632
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -1,315 +1,317 @@
--- ---
title: Windows Autopilot for existing devices title: Windows Autopilot for existing devices
description: Windows Autopilot deployment description: Windows Autopilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus ms.reviewer: mniehaus
manager: laurawi manager: laurawi
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.localizationpriority: medium ms.localizationpriority: medium
ms.sitesec: library ms.sitesec: library
ms.pagetype: deploy ms.pagetype: deploy
audience: itpro audience: itpro
author: greg-lindsay author: greg-lindsay
ms.author: greglin ms.author: greglin
ms.collection: M365-modern-desktop ms.collection: M365-modern-desktop
ms.topic: article ms.topic: article
--- ---
# Windows Autopilot for existing devices # Windows Autopilot for existing devices
**Applies to: Windows 10** **Applies to: Windows 10**
Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away. Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.
This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10 devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using Windows Autopilot. This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10 devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using Windows Autopilot.
>[!NOTE] >[!NOTE]
>Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported. >Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported.
## Prerequisites ## Prerequisites
- System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808) - System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808)
- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later - The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
- Note: Config Mgr 1806 or later is required to [support](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk) the Windows ADK 1809. - Note: Config Mgr 1806 or later is required to [support](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk) the Windows ADK 1809.
- Assigned Microsoft Intune Licenses - Assigned Microsoft Intune Licenses
- Azure Active Directory Premium - Azure Active Directory Premium
- Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image - Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image
- See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Managers built-in **Windows Autopilot existing device** task sequence template.)
## Procedures
## Procedures
### Configure the Enrollment Status Page (optional)
### Configure the Enrollment Status Page (optional)
If desired, you can set up an [enrollment status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) for Autopilot using Intune.
If desired, you can set up an [enrollment status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) for Autopilot using Intune.
To enable and configure the enrollment and status page:
To enable and configure the enrollment and status page:
1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status). 1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users. 2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
See the following examples.
See the following examples.
![enrollment status page](images/esp-config.png)<br><br>
![mdm](images/mdm-config.png) ![enrollment status page](images/esp-config.png)<br><br>
![mdm](images/mdm-config.png)
### Create the JSON file
### Create the JSON file
>[!TIP]
>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). >[!TIP]
>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616).
1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window
2. Enter the following lines to install the necessary modules 1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window
2. Enter the following lines to install the necessary modules
#### Install required modules
#### Install required modules
```powershell
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force ```powershell
Install-Module AzureAD -Force Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module WindowsAutopilotIntune -Force Install-Module AzureAD -Force
``` Install-Module WindowsAutopilotIntune -Force
```
3. Enter the following lines and provide Intune administrative credentials
- In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. 3. Enter the following lines and provide Intune administrative credentials
- In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
```powershell
Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com ```powershell
``` Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com
The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. ```
<br>See the following example: The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
<br>See the following example:
![Azure AD authentication](images/pwd.png)
![Azure AD authentication](images/pwd.png)
If this is the first time youve used the Intune Graph APIs, youll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
- Select **Consent on behalf or your organization** If this is the first time youve used the Intune Graph APIs, youll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
- Click **Accept** - Select **Consent on behalf or your organization**
- Click **Accept**
4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format:
4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format:
#### Retrieve profiles in Autopilot for existing devices JSON format
#### Retrieve profiles in Autopilot for existing devices JSON format
```powershell
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON ```powershell
``` Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
```
See the following sample output: (use the horizontal scroll bar at the bottom to view long lines)
<pre style="overflow-y: visible"> See the following sample output: (use the horizontal scroll bar at the bottom to view long lines)
PS C:\> Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON <pre style="overflow-y: visible">
{ PS C:\> Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
"CloudAssignedTenantId": "1537de22-988c-4e93-b8a5-83890f34a69b", {
"CloudAssignedForcedEnrollment": 1, "CloudAssignedTenantId": "1537de22-988c-4e93-b8a5-83890f34a69b",
"Version": 2049, "CloudAssignedForcedEnrollment": 1,
"Comment_File": "Profile Autopilot Profile", "Version": 2049,
"CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"ForcedEnrollment\":1,\"CloudAssignedTenantDomain\":\"M365x373186.onmicrosoft.com\"}}", "Comment_File": "Profile Autopilot Profile",
"CloudAssignedTenantDomain": "M365x373186.onmicrosoft.com", "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"ForcedEnrollment\":1,\"CloudAssignedTenantDomain\":\"M365x373186.onmicrosoft.com\"}}",
"CloudAssignedDomainJoinMethod": 0, "CloudAssignedTenantDomain": "M365x373186.onmicrosoft.com",
"CloudAssignedOobeConfig": 28, "CloudAssignedDomainJoinMethod": 0,
"ZtdCorrelationId": "7F9E6025-1E13-45F3-BF82-A3E8C5B59EAC" "CloudAssignedOobeConfig": 28,
}</pre> "ZtdCorrelationId": "7F9E6025-1E13-45F3-BF82-A3E8C5B59EAC"
}</pre>
Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed.
Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed.
See the following table for a description of properties used in the JSON file.
See the following table for a description of properties used in the JSON file.
| Property | Description |
|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Property | Description |
| Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. | |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. | | Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. |
| CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com. | | CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. |
| CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 | | CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com. |
| CloudAssignedDomainJoinMethod (number, required) | This property specifies whether the device should join Azure Active Directory or Active Directory (Hybrid Azure AD Join). Values include: Active AD Join = 0, Hybrid Azure AD Join = 1 | | CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
| CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment. <br>0 = not required, 1 = required. | | CloudAssignedDomainJoinMethod (number, required) | This property specifies whether the device should join Azure Active Directory or Active Directory (Hybrid Azure AD Join). Values include: Active AD Join = 0, Hybrid Azure AD Join = 1 |
| ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. | | CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment. <br>0 = not required, 1 = required. |
| CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled. <br> Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}" | | ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. |
| CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. | | CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled. <br> Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}" |
| CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. |
5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string)
5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string)
```powershell
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII ```powershell
``` Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII
**IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI. ```
**IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI.
If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example.
If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example.
![Notepad JSON](images/notepad.png)
![Notepad JSON](images/notepad.png)
After saving the file, move the file to a location suitable as an SCCM package source.
After saving the file, move the file to a location suitable as an SCCM package source.
>[!IMPORTANT]
>Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI. <br><br>**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.<br> >[!IMPORTANT]
>Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI. <br><br>**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.<br>
### Create a package containing the JSON file
### Create a package containing the JSON file
1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages**
2. On the ribbon, click **Create Package** 1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages**
3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:<br> 2. On the ribbon, click **Create Package**
- <u>Name</u>: **Autopilot for existing devices config** 3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:<br>
- Select the **This package contains source files** checkbox - <u>Name</u>: **Autopilot for existing devices config**
- <u>Source folder</u>: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file. - Select the **This package contains source files** checkbox
- Click **OK** and then click **Next**. - <u>Source folder</u>: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file.
- <u>Program Type</u>: **Do not create a program** - Click **OK** and then click **Next**.
4. Click **Next** twice and then click **Close**. - <u>Program Type</u>: **Do not create a program**
4. Click **Next** twice and then click **Close**.
**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Config Mgr package.
**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Config Mgr package.
### Create a target collection
### Create a target collection
>[!NOTE]
>You can also choose to reuse an existing collection >[!NOTE]
>You can also choose to reuse an existing collection
1. Navigate to **\Assets and Compliance\Overview\Device Collections**
2. On the ribbon, click **Create** and then click **Create Device Collection** 1. Navigate to **\Assets and Compliance\Overview\Device Collections**
3. In the **Create Device Collection Wizard** enter the following **General** details: 2. On the ribbon, click **Create** and then click **Create Device Collection**
- <u>Name</u>: **Autopilot for existing devices collection** 3. In the **Create Device Collection Wizard** enter the following **General** details:
- Comment: (optional) - <u>Name</u>: **Autopilot for existing devices collection**
- <u>Limiting collection</u>: Click **Browse** and select **All Systems** - Comment: (optional)
- <u>Limiting collection</u>: Click **Browse** and select **All Systems**
>[!NOTE]
>You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select. >[!NOTE]
>You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select.
4. Click **Next**, then enter the following **Membership Rules** details:
- Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection. 4. Click **Next**, then enter the following **Membership Rules** details:
- For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples. - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection.
- For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples.
![Named resource1](images/pc-01a.png)
![Named resource2](images/pc-01b.png) ![Named resource1](images/pc-01a.png)
![Named resource2](images/pc-01b.png)
5. Continue creating the device collection with the default settings:
- Use incremental updates for this collection: not selected 5. Continue creating the device collection with the default settings:
- Schedule a full update on this collection: default - Use incremental updates for this collection: not selected
- Click **Next** twice and then click **Close** - Schedule a full update on this collection: default
- Click **Next** twice and then click **Close**
### Create an Autopilot for existing devices Task Sequence
### Create an Autopilot for existing devices Task Sequence
>[!TIP]
>The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later. >[!TIP]
>The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later.
1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences**
2. On the Home ribbon, click **Create Task Sequence** 1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences**
3. Select **Install an existing image package** and then click **Next** 2. On the Home ribbon, click **Create Task Sequence**
4. In the Create Task Sequence Wizard enter the following details: 3. Select **Install an existing image package** and then click **Next**
- <u>Task sequence name</u>: **Autopilot for existing devices** 4. In the Create Task Sequence Wizard enter the following details:
- <u>Boot Image</u>: Click **Browse** and select a Windows 10 boot image (1803 or later) - <u>Task sequence name</u>: **Autopilot for existing devices**
- Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later. - <u>Boot Image</u>: Click **Browse** and select a Windows 10 boot image (1803 or later)
- Select the **Partition and format the target computer before installing the operating system** checkbox. - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later.
- Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional. - Select the **Partition and format the target computer before installing the operating system** checkbox.
- <u>Product Key</u> and <u>Server licensing mode</u>: Optionally enter a product key and server licencing mode. - Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional.
- <u>Randomly generate the local administrator password and disable the account on all support platforms (recommended)</u>: Optional. - <u>Product Key</u> and <u>Server licensing mode</u>: Optionally enter a product key and server licensing mode.
- <u>Enable the account and specify the local administrator password</u>: Optional. - <u>Randomly generate the local administrator password and disable the account on all support platforms (recommended)</u>: Optional.
- Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**. - <u>Enable the account and specify the local administrator password</u>: Optional.
- Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
>[!IMPORTANT]
>The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain. >[!IMPORTANT]
>The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain.
5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page.
6. On the State Migration page, enter the following details: 5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page.
- Clear the **Capture user settings and files** checkbox. 6. On the State Migration page, enter the following details:
- Clear the **Capture network settings** checkbox. - Clear the **Capture user settings and files** checkbox.
- Clear the **Capture Microsoft Windows settings** checkbox. - Clear the **Capture network settings** checkbox.
- Click **Next**. - Clear the **Capture Microsoft Windows settings** checkbox.
- Click **Next**.
>[!NOTE]
>The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices. >[!NOTE]
>The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices.
7. On the Include Updates page, choose one of the three available options. This selection is optional.
8. On the Install applications page, add applications if desired. This is optional. 7. On the Include Updates page, choose one of the three available options. This selection is optional.
9. Click **Next**, confirm settings, click **Next** and then click **Close**. 8. On the Install applications page, add applications if desired. This is optional.
10. Right click on the Autopilot for existing devices task sequence and click **Edit**. 9. Click **Next**, confirm settings, click **Next** and then click **Close**.
11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action. 10. Right click on the Autopilot for existing devices task sequence and click **Edit**.
12. Click **Add** then click **New Group**. 11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action.
13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**. 12. Click **Add** then click **New Group**.
14. Click **Add**, point to **General**, then click **Run Command Line**. 13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**.
15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group. 14. Click **Add**, point to **General**, then click **Run Command Line**.
16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**: 15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group.
``` 16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**:
cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c ```
``` cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c
- **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier. ```
- **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier.
17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**.
18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section. 17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**.
19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task. 18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section.
20. Click **Add** and then click **New Group**. 19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task.
21. Change **Name** from **New Group** to **Prepare Device for Autopilot** 20. Click **Add** and then click **New Group**.
22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary. 21. Change **Name** from **New Group** to **Prepare Device for Autopilot**
23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**. 22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary.
24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step: 23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**.
- <u>Automatically build mass storage driver list</u>: **Not selected** 24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step:
- <u>Do not reset activation flag</u>: **Not selected** - <u>Automatically build mass storage driver list</u>: **Not selected**
- <u>Shutdown the computer after running this action</u>: **Optional** - <u>Do not reset activation flag</u>: **Not selected**
- <u>Shutdown the computer after running this action</u>: **Optional**
![Autopilot task sequence](images/ap-ts-1.png)
![Autopilot task sequence](images/ap-ts-1.png)
25. Click **OK** to close the Task Sequence Editor.
25. Click **OK** to close the Task Sequence Editor.
### Deploy Content to Distribution Points
### Deploy Content to Distribution Points
Next, ensure that all content required for the task sequence is deployed to distribution points.
Next, ensure that all content required for the task sequence is deployed to distribution points.
1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**.
2. Click **Next**, **Review the content to distribute** and then click **Next**. 1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**.
3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**. 2. Click **Next**, **Review the content to distribute** and then click **Next**.
4. On the a Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run. 3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**.
5. When you are finished specifying content distribution, click **Next** twice then click **Close**. 4. On the a Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run.
5. When you are finished specifying content distribution, click **Next** twice then click **Close**.
### Deploy the OS with Autopilot Task Sequence
### Deploy the OS with Autopilot Task Sequence
1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**.
2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details: 1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**.
- <u>Task Sequence</u>: **Autopilot for existing devices**. 2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details:
- <u>Collection</u>: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer). - <u>Task Sequence</u>: **Autopilot for existing devices**.
- Click **Next** to specify **Deployment Settings**. - <u>Collection</u>: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer).
- <u>Action</u>: **Install**. - Click **Next** to specify **Deployment Settings**.
- <u>Purpose</u>: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations. - <u>Action</u>: **Install**.
- <u>Make available to the following</u>: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media. - <u>Purpose</u>: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations.
- Click **Next** to specify **Scheduling** details. - <u>Make available to the following</u>: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media.
- <u>Schedule when this deployment will become available</u>: Optional - Click **Next** to specify **Scheduling** details.
- <u>Schedule when this deployment will expire</u>: Optional - <u>Schedule when this deployment will become available</u>: Optional
- Click **Next** to specify **User Experience** details. - <u>Schedule when this deployment will expire</u>: Optional
- <u>Show Task Sequence progress</u>: Selected. - Click **Next** to specify **User Experience** details.
- <u>Software Installation</u>: Not selected. - <u>Show Task Sequence progress</u>: Selected.
- <u>System restart (if required to complete the installation)</u>: Not selected. - <u>Software Installation</u>: Not selected.
- <u>Commit changed at deadline or during a maintenance windows (requires restart)</u>: Optional. - <u>System restart (if required to complete the installation)</u>: Not selected.
- <u>Allow task sequence to be run for client on the Internet</u>: Optional - <u>Commit changed at deadline or during a maintenance windows (requires restart)</u>: Optional.
- Click **Next** to specify **Alerts** details. - <u>Allow task sequence to be run for client on the Internet</u>: Optional
- <u>Create a deployment alert when the threshold is higher than the following</u>: Optional. - Click **Next** to specify **Alerts** details.
- Click **Next** to specify **Distribution Points** details. - <u>Create a deployment alert when the threshold is higher than the following</u>: Optional.
- <u>Deployment options</u>: **Download content locally when needed by the running task sequence**. - Click **Next** to specify **Distribution Points** details.
- <u>When no local distribution point is available use a remote distribution point</u>: Optional. - <u>Deployment options</u>: **Download content locally when needed by the running task sequence**.
- <u>Allow clients to use distribution points from the default site boundary group</u>: Optional. - <u>When no local distribution point is available use a remote distribution point</u>: Optional.
- Click **Next**, confirm settings, click **Next**, and then click **Close**. - <u>Allow clients to use distribution points from the default site boundary group</u>: Optional.
- Click **Next**, confirm settings, click **Next**, and then click **Close**.
### Complete the client installation process
### Complete the client installation process
1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
```
C:\Windows\CCM\SCClient.exe ```
``` C:\Windows\CCM\SCClient.exe
```
2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example:
2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example:
![Named resource2](images/sc.png)
![Named resource2](images/sc1.png) ![Named resource2](images/sc.png)
![Named resource2](images/sc1.png)
The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience.
The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience.
![refresh-1](images/up-1.png)
![refresh-2](images/up-2.png) ![refresh-1](images/up-1.png)
![refresh-3](images/up-3.png) ![refresh-2](images/up-2.png)
![refresh-3](images/up-3.png)
>[!NOTE]
>If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information. >[!NOTE]
>If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information.
### Register the device for Windows Autopilot
### Register the device for Windows Autopilot
Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile).
Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile).
Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices).
Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices).
## Speeding up the deployment process
## Speeding up the deployment process
To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/).

4
windows/deployment/windows-autopilot/known-issues.md
View File

@ -25,6 +25,10 @@ ms.topic: article
<table> <table>
<th>Issue<th>More information <th>Issue<th>More information
<tr><td>Windows Autopilot for existing devices does not work for Windows 10, version 1903.
- You see screens that you've disabled in your Windows Autopilot profile, such as the Windows 10 License Agreement screen. This happens because Windows 10, version 1903 deletes the AutopilotConfigurationFile.json file.
<td>To fix this issue, edit the Configuration Manager task sequence to disable the <b>Prepare Windows for Capture</b> step and add a new <b>Run command line</b> step that runs <b>c:\windows\system32\sysprep\sysprep.exe /oobe /reboot</b>. For more information, see Michael Niehaus' blog entry: <a href="https://oofhours.com/2019/09/19/a-challenge-with-windows-autopilot-for-existing-devices-and-windows-10-1903/">A challenge with Windows Autopilot for existing devices and Windows 10 1903</a>.
<tr><td>The following known issue will be resolved by installing the KB4517211 update, due to be released in late September 2019: <tr><td>The following known issue will be resolved by installing the KB4517211 update, due to be released in late September 2019:
- TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them dont, so that validation will be removed). - TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them dont, so that validation will be removed).