deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/deploy/provisioning-create-package.md
Brian Lich 0667e1e1fe Revert "reverting changes" 
This reverts commit ecd000f39a712dab62dcc117494c8be802a18637.
2017-01-25 14:45:35 -08:00

12 KiB
Raw Blame History

title, description, ms.prod, ms.mktglfcycl, ms.sitesec, author, localizationpriority
title description ms.prod ms.mktglfcycl ms.sitesec author localizationpriority
Create a provisioning package (Windows 10) With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. w10 deploy library jdeckerMS high

Create a provisioning package for Windows 10

Applies to

  • Windows 10
  • Windows 10 Mobile

You use Windows Imaging and Configuration Designer (ICD) to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10.

Learn how to install Windows ICD.

Start a new project

  1. Open Windows ICD:

    • From either the Start screen or Start menu search, type 'Imaging and Configuration Designer' and click on the Windows ICD shortcut,

    or

    • Navigate to C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 (on an x64 computer) or C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe (on an x86 computer), and then double-click ICD.exe.

  2. Select your desired option on the Start page, which offers three options for creating a provisioning package, as shown in the following image:

    Simple provisioning or provision school devices or advanced provisioning

    • The Simple provisioning and Provision school devices options provide wizard-style walkthroughs for creating a provisioning package based on a set of common settings.
    • The Advanced provisioning option opens a new project with all Runtime settings available.

    Tip

    You can start a project in the simple editor and then switch the project to the advanced editor.

    Switch to advanced editor

  3. Enter a name for your project, and then click Next.

  4. Select the settings you want to configure, based on the type of device, and then click Next. The following table describes the options.

    Windows edition Settings available for customization Provisioning package can apply to
    All Windows editions Common settings All Windows 10 devices
    All Windows desktop editions Common settings and settings specific to desktop devices All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education)
    All Windows mobile editions Common settings and settings specific to mobile devices All Windows 10 Mobile devices
    Windows 10 IoT Core Common settings and settings specific to Windows 10 IoT Core All Windows 10 IoT Core devices
    Windows 10 Holographic Common settings and settings specific to Windows 10 Holographic Microsoft HoloLens
    Common to Windows 10 Team edition Common settings and settings specific to Windows 10 Team Microsoft Surface Hub

  5. On the Import a provisioning package (optional) page, you can click Finish to create your project, or browse to and select an existing provisioning packge to import to your project, and then click Finish.

Tip

Import a provisioning package can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.

After you click Finish, Windows ICD will open the appropriate walkthrough page if you selected Simple provisioning or Provision school devices, or the Available customizations pane if you selected Advanced provisioning. The remainder of this topic will explain the Advanced provisioning scenario.

Configure settings

For an advanced provisioning project, Windows ICD opens the Available customizations pane. The example in the following image is based on All Windows desktop editions settings.

What the ICD interface looks like

The settings in Windows ICD are based on Windows 10 configuration service providers (CSPs). To learn more about CSPs, see Introduction to configuration service providers (CSPs) for IT pros.

The process for configuring settings is similar for all settings. The following table shows an example.

![step one](images/one.png)
Expand a category.		![Expand Certificates category](images/icd-step1.png)
![step two](images/two.png)
Select a setting.		![Select ClientCertificates](images/icd-step2.png)
![step three](images/three.png)
Enter a value for the setting. Click **Add** if the button is displayed.		![Enter a name for the certificate](images/icd-step3.png)
![step four](images/four.png)
Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and additional settings are displayed.		![Additional settings for client certificate](images/icd-step4.png)
![step five](images/five.png)
When the setting is configured, it is displayed in the **Selected customizations** pane.		![Selected customizations pane](images/icd-step5.png)

For details on each specific setting, see Windows Provisioning settings reference. The reference topic for a setting is also displayed in Windows ICD when you select the setting, as shown in the following image.

Windows ICD opens the reference topic when you select a setting

Build package

  1. After you're done configuring your customizations, click Export and select Provisioning Package.

    Export on top bar

  2. In the Describe the provisioning package window, enter the following information, and then click Next:

    • Name - This field is pre-populated with the project name. You can change this value by entering a different name in the Name field.
    • Version (in Major.Minor format - - Optional. You can change the default package version by specifying a new value in the Version field.
    • Owner - Select IT Admin. For more information, see Precedence for provisioning packages.
    • Rank (between 0-99) - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.

  3. In the Select security details for the provisioning package window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click Next after you make your selections.

    • Encrypt package - If you select this option, an auto-generated password will be shown on the screen.
    • Sign package - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking Select and choosing the certificate you want to use to sign the package.

    Note

    You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.

    If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the TrustedProvisioners setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set RequireProvisioningPackageSignature, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.

  4. In the Select where to save the provisioning package window, specify the output location where you want the provisioning package to go once it's built, and then click Next. By default, Windows ICD uses the project folder as the output location.

  5. In the Build the provisioning package window, click Build. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.

    If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page.

  6. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.

    If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click Back to change the output package name and path, and then click Next to start another build.

  7. When you are done, click Finish to close the wizard and go back to the Customizations page.

Next step: How to apply a provisioning package

Learn more

Related topics