deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
Brian Lich b21f821649 updating localizationpriority metadata name
2017-07-27 10:43:50 -07:00

8.7 KiB
Raw Blame History

title, description, ms.assetid, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, author, ms.localizationpriority
title description ms.assetid keywords ms.prod ms.mktglfcycl ms.sitesec author ms.localizationpriority
Provision PCs with common settings (Windows 10) Create a provisioning package to apply common settings to a PC running Windows 10. 66D14E97-E116-4218-8924-E2A326C9367E
runtime provisioning
provisioning package
W10 deploy library jdeckerms high

Provision PCs with common settings for initial deployment (desktop wizard)

Applies to

  • Windows 10

This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows 10 except Windows 10 Home.

You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.

Advantages

  • You can configure new devices without reimaging.

  • Works on both mobile and desktop devices.

  • No network connectivity required.

  • Simple to apply.

Learn more about the benefits and uses of provisioning packages.

What does the desktop wizard do?

The desktop wizard helps you configure the following settings in a provisioning package:

  • Set device name
  • Upgrade product edition
  • Configure the device for shared use
  • Remove pre-installed software
  • Configure Wi-Fi network
  • Enroll device in Active Directory or Azure Active Directory
  • Create local administrator account
  • Add applications and certificates

Warning

You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.

Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.

Tip

Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.

open advanced editor

Create the provisioning package

Use the Windows Configuration Designer tool to create a provisioning package. Learn how to install Windows Configuration Designer.

  1. Open Windows Configuration Designer (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).

  2. Click Provision desktop devices.

ICD start options

  1. Name your project and click Finish. The pages for desktop provisioning will walk you through the following steps.

ICD desktop provisioning

Important

When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.

Configure settings

![step one](../images/one.png)![set up device](../images/set-up-device.png)

Enter a name for the device.

(Optional) Select a license file to upgrade Windows 10 to a different edition. [See the permitted upgrades.](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades)

Toggle **Yes** or **No** to **Configure devices for shared use**. This setting optimizes Windows 10 for shared use scenarios. [Learn more about shared PC configuration.](../set-up-shared-or-guest-pc.md)

You can also select to remove pre-installed software from the device. 		![device name, upgrade to enterprise, shared use, remove pre-installed software](../images/set-up-device-details-desktop.png)
![step two](../images/two.png) ![set up network](../images/set-up-network.png)

Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](../images/set-up-network-details-desktop.png)
![step three](../images/three.png) ![account management](../images/account-management.png)

Enable account management if you want to configure settings on this page.

You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

To create a local administrator account, select that option and enter a user name and password.

**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		![join Active Directory, Azure AD, or create a local admin account](../images/account-management-details.png)
![step four](../images/four.png) ![add applications](../images/add-applications.png)

You can install multiple applications, both Classic Windows (Win32) apps and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provision-pcs-with-apps.md). 		![add an application](../images/add-applications-details.png)
![step five](../images/five.png) ![add certificates](../images/add-certificates.png)

To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.		![add a certificate](../images/add-certificates-details.png)
![finish](../images/finish.png)

You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.		![Protect your package](../images/finish-details.png)

After you're done, click Create. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.

Next step: How to apply a provisioning package

Learn more

 

Related topics