Windows Autopilot – Configure OneDrive from OOBE?!

Windows AutoPilot OneDriveRecently Microsoft introduced Windows Autopilot. This is a feature where you can register your corporate devices and where users can use their internet connection to sign in with their Azure AD credentials. The device is automatically enrolled with MDM like Intune and will receive apps and policies from there. According to Microsoft’s recent blog post and instruction video, a user needs to insert their WiFi password as the device will get the configuration from MDM and is already enrolled, without having the option to change the MDM provider or enroll the device as a personal device. The device really becomes a corporate-owned device. This looks a bit like the Apple Device Enrollment Program. One of the interesting parts of that instruction video, is that it looks like OneDrive can be pre-configured from OOBE as well:

WindowsAutoPilotOneDrive.PNG

I hope that Microsoft will further expand the possibilities of this service. What I would like to see is that the device can cache/download applications and settings from Intune during the factory imaging process. This ensures that applications, policies and settings are pre-loaded on a device and don’t need to be downloaded anymore. This will dramatically decrease network bandwidth and deployment time.

Remove default Windows 10 Apps

WARNING: Removing Windows 10 Apps can make your system unstable. I had issues with my NUC after removing some default applications. Don’t do this in your master Enterprise image! Block apps with AppLocker instead.

Use the following PowerShell command to check which Windows 10 Apps are installed:

Get-AppxPackage | Select Name

Make sure that you get all the packages that you want to delete in one view. For example:

Get-AppxPackage | Where {$_.Name -ilike "Microsoft.ZuneVideo" -or $_.Name -ilike "Microsoft.WindowsCamera"}

To remove those packages, pipe it to Remove-AppxPackage.

Get-AppxPackage | Where {$_.Name -ilike "Microsoft.ZuneVideo" -or $_.Name -ilike "Microsoft.WindowsCamera"} | Remove-AppxPackage

How to Clear a TPM 2.0 chip with SCCM and PowerShell

With TPM 1.2, Microsoft was able to clear the TPM during the SCCM Task Sequence without asking for permission to clear the TPM. With TPM 2.0, SCCM is unable to clear and activate the TPM chip during the deployment. The first time you boot your computer, you need to provide a BitLocker Recovery Key, or the tpm.msc console will tell you that the TPM is ready for use, with reduced functionality.

Continue reading

Screen display flashes or blinks if Device Guard or Credential Guard with Hyper-V has been enabled

When you enable Device Guard or Credential Guard with Hyper-V on your system, your screen will blink every X seconds. This is a really annoying bug and has been fixed by Intel.

Solution:

Upgrade your Intel(R) HD Graphics driver to version 20.19.15.4352.

BSOD when capturing image with SCCM 2012 R2 SP1

I was capturing a new Windows 10 TH2 (1511) image with SCCM 2012 R2 SP1 CU2 when suddenly the capturing process stops and ends with a Blue Screen of Death: “SYSTEM_THREAD_EXCEPTION_NOT_HANDLED”.

Current environment:

SCCM 2012 R2 SP1 CU2 Primary Site
Local Distribution Point
Windows Server 2012 R2 OS
Based on Hyper-V 2008 R2 and 2012 R2.
Windows 10 Template on Hyper-V Server 2008 R2 Cluster with VM Version 1.

Firstly I thought that the boot image was corrupt or not working, so I tried to recreate the image using the following post. Unfortunately, the BSOD comes up with both boot images.

Solution:

Use a Generation 2 VM instead of a Generation 1 VM.