deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

CI Update

Browse Source
This commit is contained in:
VSC-Service-Account
2019-06-04 22:13:57 +00:00
parent 13bd3bfe64
commit 858476cf2f
1820 changed files with 28427 additions and 28190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
windows/configuration/provisioning-packages/provisioning-create-package.md
View File

@ -1,6 +1,6 @@
---
title: Create a provisioning package (Windows 10)
description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@ -18,8 +18,8 @@ manager: dansimp
**Applies to**
- Windows 10
- Windows 10 Mobile
- Windows 10
- Windows 10 Mobile
You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile.
@ -31,44 +31,46 @@ You use Windows Configuration Designer to create a provisioning package (.ppkg)
## Start a new project
1. Open Windows Configuration Designer:
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
or
- If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
or
- If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
![Configuration Designer wizards](../images/icd-create-options-1703.png)
- The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizardS](provisioning-packages.md#configuration-designer-wizards).
- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
- [Instructions for HoloLens wizard](https://technet.microsoft.com/itpro/hololens/hololens-provisioning)
- [Instructions for Surface Hub wizard](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub)
- The **Advanced provisioning** option opens a new project with all **Runtime settings** available. *The rest of this procedure uses advanced provisioning.*
>[!TIP]
> You can start a project in the simple wizard editor and then switch the project to the advanced editor.
>
> ![Switch to advanced editor](../images/icd-switch.png)
3. Enter a name for your project, and then click **Next**.
4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options.
| Windows edition | Settings available for customization | Provisioning package can apply to |
| --- | --- | --- |
| All Windows editions | Common settings | All Windows 10 devices |
| All Windows desktop editions | Common settings and settings specific to desktop devices | All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) |
| All Windows mobile editions | Common settings and settings specific to mobile devices | All Windows 10 Mobile devices |
| Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices |
| Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](https://technet.microsoft.com/itpro/hololens/hololens-provisioning) |
| Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) |
| Windows edition | Settings available for customization | Provisioning package can apply to |
|-----------------------------------|-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
| All Windows editions | Common settings | All Windows 10 devices |
| All Windows desktop editions | Common settings and settings specific to desktop devices | All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) |
| All Windows mobile editions | Common settings and settings specific to mobile devices | All Windows 10 Mobile devices |
| Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices |
| Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](https://technet.microsoft.com/itpro/hololens/hololens-provisioning) |
| Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) |
5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning packge to import to your project, and then click **Finish**.
>[!TIP]
@ -90,11 +92,11 @@ The settings in Windows Configuration Designer are based on Windows 10 configura
The process for configuring settings is similar for all settings. The following table shows an example.
<table>
<tr><td>![step one](../images/one.png)</br>Expand a category.</td><td>![Expand Certificates category](../images/icd-step1.png)</td></tr>
<tr><td>![step two](../images/two.png)</br>Select a setting.</td><td>![Select ClientCertificates](../images/icd-step2.png)</td></tr>
<tr><td>![step three](../images/three.png)</br>Enter a value for the setting. Click **Add** if the button is displayed.</td><td>![Enter a name for the certificate](../images/icd-step3.png)</td></tr>
<tr><td>![step four](../images/four.png)</br>Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and additional settings are displayed.</td><td>![Additional settings for client certificate](../images/icd-step4.png)</td></tr>
<tr><td>![step five](../images/five.png)</br>When the setting is configured, it is displayed in the **Selected customizations** pane.</td><td>![Selected customizations pane](../images/icd-step5.png)</td></tr>
<tr><td><img src="../images/one.png" alt="step one"/></br>Expand a category.</td><td><img src="../images/icd-step1.png" alt="Expand Certificates category"/></td></tr>
<tr><td><img src="../images/two.png" alt="step two"/></br>Select a setting.</td><td><img src="../images/icd-step2.png" alt="Select ClientCertificates"/></td></tr>
<tr><td><img src="../images/three.png" alt="step three"/></br>Enter a value for the setting. Click <strong>Add</strong> if the button is displayed.</td><td><img src="../images/icd-step3.png" alt="Enter a name for the certificate"/></td></tr>
<tr><td><img src="../images/four.png" alt="step four"/></br>Some settings, such as this example, require additional information. In <strong>Available customizations</strong>, select the value you just created, and additional settings are displayed.</td><td><img src="../images/icd-step4.png" alt="Additional settings for client certificate"/></td></tr>
<tr><td><img src="../images/five.png" alt="step five"/></br>When the setting is configured, it is displayed in the <strong>Selected customizations</strong> pane.</td><td><img src="../images/icd-step5.png" alt="Selected customizations pane"/></td></tr>
</table>
For details on each specific setting, see [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx). The reference topic for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image.
@ -107,22 +109,22 @@ For details on each specific setting, see [Windows Provisioning settings referen
1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**.
![Export on top bar](../images/icd-export-menu.png)
2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**:
- **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
- **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field.
- **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
- **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections.
- **Encrypt package** - If you select this option, an auto-generated password will be shown on the screen.
- **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
- **Encrypt package** - If you select this option, an auto-generated password will be shown on the screen.
- **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
>[!NOTE]
>You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
>
>If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
>[!NOTE]
>You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
>
>If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows Configuration Designer uses the project folder as the output location.