Just booted up to the USB i created with no issues on the first try. This is gonna be a good one. You guys are killing it! Applying Image 25%.. this is sooooo dope!
Just wanted to say - you are all absolute bloody legends! Faced this exact same problem from so many different angles! Now I have some new tools to play with next week!
Great work Guys! I was watching the UA-cam demo video, reviewing the material on Ben's site and I do have 2 questions. You talked about this momentarily about using your own custom image. First question. Do you put the custom .wim file(s) in the "image" folder as you alluded to in the UA-cam video? Second question. Can I drop more than 1 .wim file in the "images" folder? How would the tool determine which image to apply in DISM? I hope these questions don't sound stupid.
Hi All... Awesome video but I'm trying to follow along but at 10:23 in the video you connect to msgraph and refer to a previous video on how. I'm a little lost with that step. How can I incorporate this easily into this build process?
Hi guys, great content you’re putting on here ! I’m wondering if there are possibilities to do a white glove zero touch deployment with the intune usb creator. So, let’s say i have the hardware hashes uploaded to intune and i’ve assigned a user to the device. Is it then possible to use the usb creator tool to configure it in such way that it auto selects the white glove enrollment at first boot?
If the hardware hash is already uploaded and you've assigned the "whiteglove" policy to the device you don't need to do anything else. Using this tool simply loads a clean build of windows 10 onto your device. The autopilot policy would then take over. -- Ben
I have been using this fabulous solution for 1 year for all Azure Joined devices. And thank you for making this brilliant solution 🤘👍. Is there a way to build a custom .wim with all apps and joined it to Intune/Azure AD after the USB prosses?
hello guys, thank you for yours video and yours tool. i've a question: if i have two or multiple pc model, how can i do to install the video for the particular model? for example i have at the momento two model (dell precision and surface laptop), and i've create on the folder "driver" two subfolder with the model name, but if i load the tool, it load all driver on folder. thank you
A good bit of scripting, but seems like a hugely complicated method to me when Microsoft give you the tools you need to do this. Just build an autounattend.xml using system image manager and put it in the root of the standard installation media. That will handle the disk partition, locale's and license keys. Then just add c:\Windows\Provisioning\Autopilot\folder and AutopilotConfigurationFile.json file into the install.wim image from the same media using DSIM. That will handle the OOBE and autopilot enrollment.
Could you deploy this via WDS perhaps? Instead of using the USB method, currently we have WDS without MDT as a base function for imaging devices where we've had issues with enrolling them in Intune.
Thanks for this, actually using it next week to reimage hybrid machines to pure AAD. Not sure why, but I've had trouble getting the USB to boot on older devices. It worked on an Optiplex 3050 but not a 3020. I've managed to work around it by using MakeWinPEMedia /UFD C:\WinPE_amd64 P: and then deleting the files on the WinPE partition and copying back the ones from the module. Does MakeWinPEMedia do anything special to the partitions that the module doesn't? Stumped me for a while today, but I have a working Key and I've duplicated it many times using PassMark ImageUSB. Just sorting out the enrol targeted devices stuff now.
Working through some enrollment issues with Intune right now and this looks like a solid fix. I am trying to understand where you are getting the contents in the Win10-PE directory. I have installed WinPE both ways and I can see that the AMD64 and x86 directories have a similar set of objects that your WinPE directory has but not exactly the same. It would be incredibly useful for links to those resources. Thank you!
@@Powers_Hell I actually went to your blog and followed the steps there. I got the Pre-Req steps completed, and I have been able to boot to the USB, but then when I go to reboot I run into Invalid Partition has after Windows tries to start up the OOBE. Using an Enterprise Eval ISO. Couldn't find the full featured ISO on the source you mentioned in the video. Is it part of any VS Subscription?
So if I understand correctly, the main reason you're pulling down the AutoPilot JSON file is to cover a scenario where you have not uploaded the AutoPilot identifier to Azure on forehand and assigned an AutoPilot profile? Because normally if you've uploaded the identifier already that step should not be needed as the Windows OOBE will just phone home to MS and pull the appropriate profile at runtime, even on reimage and re-enrolls, since the identifier doesn't change unless you do specific hardware changes. This makes everything more dynamic + prevents enrollments of systems that have not been preprovisioned and are therefore potentially unknown, which you might not want in your environment.
If the device has not had its hardware hash enrolled, this solution provides us a very reliable way of "bootstrapping" a device into Autopilot enrollment. If you then have your environment set up correctly, will register the device permanently as an Autopilot device, so that this solution doesn't need to be used again. Reliable, Dynamic and Over-Engineered 🤓
The offline autopilot was created to update your existing devices to AAD. You're saying that the identifier is already known but in so many cases this isn't the case. One use case is going from Windows 7 to Windows 10 AAD joined using autopilot without first upgrading to Windows 10 because you actually need to be ON windows 10 to be able to extract the identifier. My use case is different our blanket order still doesn't include a clean image and/or a way to get the identifier from the vendor (whether it be HP, Lenovo, etc...) so we image it with a clean Windows and at first we shift-f10 run the script from a USB, edit the .csv with the GroupTag and then upload it. After that we've used a script (also from Ben I think) to upload it to straight to Intune and atm we changed it to the official script from Michael Niehaus with the "-online" parameter that I modified a little bit to give us an Out-Grid to select the GroupTag. So for me this is something I will be testing out soon! It creates the USB stick and you just select the autopilot profile the only thing you need to supply is a clean Win10 ISO. One last thing, I don't think it was mention but you need to make a little change to your autopilot profile configuration and check the "Convert all targeted devices to Autopilot" otherwise the devices won't show up in the autopilot devices list. I haven't checked but I hope I will still be able to set the GroupTag because I have many dynamic group depending on it. I don't use the ZTDId.
@@Powers_Hell Hi Ben, thanks for creating such great content! Can you please elaborate on the above "If you then have your environment set up correctly" - by correctly do you mean that the autopilot deployment profile should be assigned to a dynamic AAD group which includes all devices with a "ZTDID"?
Can this be ran on one machine to create multiple usb boot devices to image multiple machines? Or does this have to be created on the machine being imaged?
is it somehow possible to use an install.esd for this application ? cause the download from the windows 10 download assisstent is somehow every time a esd file
Both. They each serve a purpose. You use the UBS media to “reimage” the device and prep for provisioning. Then use Autopilot to complete the provisioning.
Interesting method, One of my methods: for bare metal deployments... Dell offers a tool "Dell OS Recovery's Tool" that will download the OS and driver's directly from Dell... The other part of the solution I guess to branded it to your environment would be WCD One day if I ever get invited to the show , I can make a Demo, and hopefully fail so I'll be part of the team day 1 😅 ---hey I got the beard ... In case you didn't have SCCM nor Autopilot...
Nope, the json method is created so you don't need the hash. For example to go from Windows 7 to Windows 10 autopilotjoined. And to get the hash you need to be on Windows 10.
You can’t be serious right? There are numerous server based options for imaging machines. The whole point of this it to use USB and NOT have to rely on a server.
Hey, thanks for this. I would like to know if it's possible to have intune prompt you for username/ password when executing the usb each time so I can actually share this with my team and not share my username/ password or worse case scenario a usb stick gets lost and that includes our info.
I’m not sure what you’re attempting to do but I would suggest using OneDrive or SharePoint to share data since it includes options to restrict who can open the data that you send to them.
@@IntuneTraining I guess I'm trying to ask if it's safe to share the device provisioning code after entering my azure details for the usb, so if I share the usb bootable device with my team, will they have access to see my password to azure? Sorry but I'm new to this and this is my side project.
Hi Static fl, our understanding is that, so long as you have Windows 10 E3/E5 licence assigned to the user, and you asre using windows 10 Pro any media will upgrade to Ent, the obvious exception is that if you have the Windows 10 E3/E5 education SKU's it will uplift to the EDU SKU.
@@IntuneTraining We figured it out, ended up using a MAK key with the alternative of using KMS and outward face it when needed during times of extended off-prem work. USB script seems to work great.
Hey guys, can you maybe do a video on how to add a local administrator account to a specific device using configuration profiles? I do not want regular users to be promoted to administrators, but they should be able to use a local admin on their device only.
Just booted up to the USB i created with no issues on the first try. This is gonna be a good one. You guys are killing it! Applying Image 25%.. this is sooooo dope!
Done.. worked marvelously.
Just wanted to say - you are all absolute bloody legends! Faced this exact same problem from so many different angles! Now I have some new tools to play with next week!
LOL@Ben "Steve will have to help me out since it has been awhile since I did this manually" Love that quote :)
Great work Guys! I was watching the UA-cam demo video, reviewing the material on Ben's site and I do have 2 questions. You talked about this momentarily about using your own custom image. First question. Do you put the custom .wim file(s) in the "image" folder as you alluded to in the UA-cam video? Second question. Can I drop more than 1 .wim file in the "images" folder? How would the tool determine which image to apply in DISM? I hope these questions don't sound stupid.
Amazing! Thank you guys so much for covering this!
Hi All... Awesome video but I'm trying to follow along but at 10:23 in the video you connect to msgraph and refer to a previous video on how. I'm a little lost with that step. How can I incorporate this easily into this build process?
Hi guys, great content you’re putting on here !
I’m wondering if there are possibilities to do a white glove zero touch deployment with the intune usb creator.
So, let’s say i have the hardware hashes uploaded to intune and i’ve assigned a user to the device.
Is it then possible to use the usb creator tool to configure it in such way that it auto selects the white glove enrollment at first boot?
If the hardware hash is already uploaded and you've assigned the "whiteglove" policy to the device you don't need to do anything else. Using this tool simply loads a clean build of windows 10 onto your device. The autopilot policy would then take over.
-- Ben
I have been using this fabulous solution for 1 year for all Azure Joined devices. And thank you for making this brilliant solution 🤘👍. Is there a way to build a custom .wim with all apps and joined it to Intune/Azure AD after the USB prosses?
hello guys, thank you for yours video and yours tool. i've a question: if i have two or multiple pc model, how can i do to install the video for the particular model? for example i have at the momento two model (dell precision and surface laptop), and i've create on the folder "driver" two subfolder with the model name, but if i load the tool, it load all driver on folder. thank you
A good bit of scripting, but seems like a hugely complicated method to me when Microsoft give you the tools you need to do this. Just build an autounattend.xml using system image manager and put it in the root of the standard installation media. That will handle the disk partition, locale's and license keys. Then just add c:\Windows\Provisioning\Autopilot\folder and AutopilotConfigurationFile.json file into the install.wim image from the same media using DSIM. That will handle the OOBE and autopilot enrollment.
This is nice :)
So at 3:00 I am assuming the hard drive is blank/empty.
Could you deploy this via WDS perhaps? Instead of using the USB method, currently we have WDS without MDT as a base function for imaging devices where we've had issues with enrolling them in Intune.
15:50 recommended USB size is?
Thanks for this, actually using it next week to reimage hybrid machines to pure AAD. Not sure why, but I've had trouble getting the USB to boot on older devices. It worked on an Optiplex 3050 but not a 3020. I've managed to work around it by using MakeWinPEMedia /UFD C:\WinPE_amd64 P: and then deleting the files on the WinPE partition and copying back the ones from the module. Does MakeWinPEMedia do anything special to the partitions that the module doesn't? Stumped me for a while today, but I have a working Key and I've duplicated it many times using PassMark ImageUSB. Just sorting out the enrol targeted devices stuff now.
Working any better on newer versions?
Working through some enrollment issues with Intune right now and this looks like a solid fix.
I am trying to understand where you are getting the contents in the Win10-PE directory.
I have installed WinPE both ways and I can see that the AMD64 and x86 directories have a similar set of objects that your WinPE directory has but not exactly the same. It would be incredibly useful for links to those resources.
Thank you!
Check out the GitHub repository - I've provided the exact winPE media that I've tested and use for this demo.
@@Powers_Hell I actually went to your blog and followed the steps there.
I got the Pre-Req steps completed, and I have been able to boot to the USB, but then when I go to reboot I run into Invalid Partition has after Windows tries to start up the OOBE.
Using an Enterprise Eval ISO. Couldn't find the full featured ISO on the source you mentioned in the video. Is it part of any VS Subscription?
So if I understand correctly, the main reason you're pulling down the AutoPilot JSON file is to cover a scenario where you have not uploaded the AutoPilot identifier to Azure on forehand and assigned an AutoPilot profile? Because normally if you've uploaded the identifier already that step should not be needed as the Windows OOBE will just phone home to MS and pull the appropriate profile at runtime, even on reimage and re-enrolls, since the identifier doesn't change unless you do specific hardware changes.
This makes everything more dynamic + prevents enrollments of systems that have not been preprovisioned and are therefore potentially unknown, which you might not want in your environment.
If the device has not had its hardware hash enrolled, this solution provides us a very reliable way of "bootstrapping" a device into Autopilot enrollment.
If you then have your environment set up correctly, will register the device permanently as an Autopilot device, so that this solution doesn't need to be used again. Reliable, Dynamic and Over-Engineered 🤓
The offline autopilot was created to update your existing devices to AAD. You're saying that the identifier is already known but in so many cases this isn't the case. One use case is going from Windows 7 to Windows 10 AAD joined using autopilot without first upgrading to Windows 10 because you actually need to be ON windows 10 to be able to extract the identifier.
My use case is different our blanket order still doesn't include a clean image and/or a way to get the identifier from the vendor (whether it be HP, Lenovo, etc...) so we image it with a clean Windows and at first we shift-f10 run the script from a USB, edit the .csv with the GroupTag and then upload it. After that we've used a script (also from Ben I think) to upload it to straight to Intune and atm we changed it to the official script from Michael Niehaus with the "-online" parameter that I modified a little bit to give us an Out-Grid to select the GroupTag.
So for me this is something I will be testing out soon! It creates the USB stick and you just select the autopilot profile the only thing you need to supply is a clean Win10 ISO.
One last thing, I don't think it was mention but you need to make a little change to your autopilot profile configuration and check the "Convert all targeted devices to Autopilot" otherwise the devices won't show up in the autopilot devices list.
I haven't checked but I hope I will still be able to set the GroupTag because I have many dynamic group depending on it. I don't use the ZTDId.
@@Powers_Hell Thanks for the video and module first of all! Can you elaborate on "If you then have your environment set up correctly" for me please?
@@Powers_Hell Hi Ben, thanks for creating such great content! Can you please elaborate on the above "If you then have your environment set up correctly" - by correctly do you mean that the autopilot deployment profile should be assigned to a dynamic AAD group which includes all devices with a "ZTDID"?
@@nicklasjersing1978 make a little change to your autopilot profile configuration and check the "Convert all targeted devices to Autopilot"
Can you guys please post a video about MDT task sequence for autopilot? Thank you
I need this too
Can this be ran on one machine to create multiple usb boot devices to image multiple machines? Or does this have to be created on the machine being imaged?
You run this on a single machine to create as many USBs as you want. Then you run the USBs on any machines you want to build.
is it somehow possible to use an install.esd for this application ? cause the download from the windows 10 download assisstent is somehow every time a esd file
Guys, just want to ask is it better to do it the autopilot way or the USB provisioning media way?
Both. They each serve a purpose. You use the UBS media to “reimage” the device and prep for provisioning. Then use Autopilot to complete the provisioning.
@@IntuneTraining thanks, I got the picture now. 👍👍 also thank you for replying on old videos as well 🤣
When using -imagePath, I get an error saying parameter cannot be found .
Interesting method,
One of my methods: for bare metal deployments... Dell offers a tool "Dell OS Recovery's Tool" that will download the OS and driver's directly from Dell...
The other part of the solution I guess to branded it to your environment would be WCD
One day if I ever get invited to the show , I can make a Demo, and hopefully fail so I'll be part of the team day 1 😅 ---hey I got the beard ...
In case you didn't have SCCM nor Autopilot...
Hey Ben... Do you still need to get the hash for the machine and import into InTune?
Nope, the json method is created so you don't need the hash. For example to go from Windows 7 to Windows 10 autopilotjoined. And to get the hash you need to be on Windows 10.
Did you have to convert install.esd to .wim before you compressed the win10 image? My iso shows install.esd
You may need to get another ISO to start.
@@IntuneTraining got it, i redownload another iso with .wim. Where can i inject the switch to reuse the usb for 50 machine deployment?
@@suzetterosario6931 when you use the USB, it'll ask you if you want to use it again without wiping.
@@IntuneTraining awesome! thank you guys. i love your contents.
is there a way in wich you dont have to do it from a usb stick but from a server?
You can’t be serious right? There are numerous server based options for imaging machines. The whole point of this it to use USB and NOT have to rely on a server.
Hey, thanks for this. I would like to know if it's possible to have intune prompt you for username/ password when executing the usb each time so I can actually share this with my team and not share my username/ password or worse case scenario a usb stick gets lost and that includes our info.
I’m not sure what you’re attempting to do but I would suggest using OneDrive or SharePoint to share data since it includes options to restrict who can open the data that you send to them.
@@IntuneTraining I guess I'm trying to ask if it's safe to share the device provisioning code after entering my azure details for the usb, so if I share the usb bootable device with my team, will they have access to see my password to azure? Sorry but I'm new to this and this is my side project.
What version of Win10 iso are you installing that activates the OS digital license on a enterprise scale? (Retail / Volume). Need a non kms solution.
Hi Static fl, our understanding is that, so long as you have Windows 10 E3/E5 licence assigned to the user, and you asre using windows 10 Pro any media will upgrade to Ent, the obvious exception is that if you have the Windows 10 E3/E5 education SKU's it will uplift to the EDU SKU.
@@IntuneTraining We figured it out, ended up using a MAK key with the alternative of using KMS and outward face it when needed during times of extended off-prem work. USB script seems to work great.
I like this but not sure why using this over SCCM. I feel like people change only because it feels fresh/new trendy thing to do.
When you don't have SCCM, you need alternatives. This is an alternative. That's all. Just a tool in the toolbox.
Hey guys,
can you maybe do a video on how to add a local administrator account to a specific device using configuration profiles? I do not want regular users to be promoted to administrators, but they should be able to use a local admin on their device only.
I believe the guy from the troubleshooting video before this one has a blog post about how to do this.
Does this video also mean this is a virtue signaling sign that SCCM is dying?
USB size requirements keep going up. uuugh.....