Computer Admin
Install Tools
- On admin console, select Provision, Click Setting
- And download and extract zip file (scripts.zip and utility.zip)
Install ADK
- Download and Install ADK with Download and install the Windows ADK | Microsoft Learn
- Windows ADK
- Windows PE add-on for the Windows ADK
Prepare Bundle
ADK File
- Extract utility.zip on your computer with ADK installed and execute adkprep.ps1
Unattend.xml
This is a basic file of unattend.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<Identification>
<JoinWorkgroup>MyWorkgroup</JoinWorkgroup>
</Identification>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<ComputerName>nomPC</ComputerName>
<RegisteredOrganization>MonOrganisation</RegisteredOrganization>
<RegisteredOwner>MonOrganisation</RegisteredOwner>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<TimeZone>Romance Standard Time</TimeZone>
<ProductKey>M7XTQ-FN8P6-TTKYV-9D4CC-J462D</ProductKey>
</component>
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Home_Page>www.google.fr</Home_Page>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Description>EnableAdmin</Description>
<Order>1</Order>
<Path>cmd /c net user Administrator /active:yes</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>UnfilterAdministratorToken</Description>
<Order>2</Order>
<Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>disable user account page</Description>
<Order>3</Order>
<Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>disable async RunOnce</Description>
<Order>4</Order>
<Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer /v AsyncRunOnce /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>fr-fr;040c:0000040c</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
<component name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TapiConfigured>0</TapiConfigured>
<TapiUnattendLocation>
<AreaCode>""</AreaCode>
<CountryOrRegion>1</CountryOrRegion>
<LongDistanceAccess>9</LongDistanceAccess>
<OutsideAccess>9</OutsideAccess>
<PulseOrToneDialing>1</PulseOrToneDialing>
<DisableCallWaiting>""</DisableCallWaiting>
<InternationalCarrierCode>""</InternationalCarrierCode>
<LongDistanceCarrierCode>""</LongDistanceCarrierCode>
<Name>Default</Name>
</TapiUnattendLocation>
</component>
<component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DisableSR>1</DisableSR>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<UserAccounts>
<AdministratorPassword>
<Value>Password1</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
</UserAccounts>
<AutoLogon>
<Enabled>true</Enabled>
<Username>Administrator</Username>
<Domain>.</Domain>
<Password>
<Value>Password1</Value>
<PlainText>true</PlainText>
</Password>
<LogonCount>1</LogonCount>
</AutoLogon>
<Display></Display>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<RegisteredOrganization>MonOrganisation</RegisteredOrganization>
<RegisteredOwner>MonOrganisation</RegisteredOwner>
<TimeZone>Romance Standard Time</TimeZone>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>fr-fr;040c:0000040c</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
</settings>
<cpi:offlineImage cpi:source="" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
Script file
Source : https://help.tanium.com/bundle/ug_provision_cloud/page/provision/ref_advanced.html#restart
# Log file path# Log file path
$logFilePath = "C:\unattend_update_log.txt"
# Function to log messages
function Log-Message {
param (
[string]$message
)
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$logMessage = "$timestamp - $message"
Add-Content -Path $logFilePath -Value $logMessage
}
# Start logging
Log-Message "Script started."
# Obtain all network interfaces with their MAC addresses
$macAddresses = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -ExpandProperty MacAddress
Log-Message "MAC Addresses: $macAddresses"
# Webservice URL for your NAS
$webserviceUrl = "http://nas.wuibaille.fr/webservice/get-computer-info.php"
# Path to the unattend.xml file
$xmlFilePath = "C:\Windows\Panther\unattend.xml"
Log-Message "XML File Path: $xmlFilePath"
$EnvValue= ""
# Ensure the XML file exists before proceeding
if (Test-Path $xmlFilePath) {
Log-Message "unattend.xml file found at $xmlFilePath."
# Load the XML file
[xml]$xmlDoc = Get-Content $xmlFilePath
# Define the namespace manager
$ns = New-Object System.Xml.XmlNamespaceManager($xmlDoc.NameTable)
$ns.AddNamespace("ns", "urn:schemas-microsoft-com:unattend")
# Loop through each MAC address and call the webservice
foreach ($mac in $macAddresses) {
Log-Message "Processing MAC address: $mac"
# Construct the URL with the MAC address as a parameter
$url = $webserviceUrl + "?macaddress=$mac"
# Call the webservice
try {
$response = Invoke-RestMethod -Uri $url
# Check if the response contains the ComputerName
if ($response.Computername) {
Log-Message "Response received from server for MAC ${mac}: Computername = $($response.Computername)"
Log-Message "Response received from server for MAC ${mac}: postype = $($response.postype)"
$EnvValue = $($response.postype)
# Attempt to find and modify the ComputerName element
$computerNameNode = $xmlDoc.SelectSingleNode("//ns:settings[@pass='specialize']/ns:component/ns:ComputerName", $ns)
if ($computerNameNode -ne $null) {
$computerNameNode.InnerText = $response.Computername
# Save the modified XML file
$xmlDoc.Save($xmlFilePath)
Log-Message "The ComputerName in unattend.xml has been updated to $($response.Computername)"
# Change the computer name
Rename-Computer -NewName $response.Computername -Force
Log-Message "Computer renamed to $($response.Computername) and scheduled for a restart."
} else {
Log-Message "No ComputerName element found in XML."
}
} else {
Log-Message "No valid computer found for MAC ${mac}"
}
} catch {
Log-Message "Error contacting webservice for MAC ${mac}: $_"
}
}
} else {
Log-Message "The unattend.xml file does not exist at the specified path."
}
# Define the URL and the destination path
$url = "https://nas.wuibaille.fr/partageMyFile789456123/Tanium/GoogleChromeStandaloneEnterprise64.msi"
$destination = "C:\Windows\Temp\GoogleChromeStandaloneEnterprise64.msi"
# Log the start of the process
Log-Message "Starting download from $url"
# Download the file
try {
Invoke-WebRequest -Uri $url -OutFile $destination
Log-Message "Download successful"
} catch {
Log-Message "Download failed: $_"
exit 1
}
# Log the initiation of installation
Log-Message "Starting installation of $destination"
# Install the MSI package
try {
Start-Process "msiexec.exe" -ArgumentList "/i $destination /quiet /norestart" -Wait -NoNewWindow
Log-Message "Installation successful"
} catch {
Log-Message "Installation failed: $_"
exit 1
}
# Log completion of the script
Log-Message "Script execution completed"
# Set the environment variable POSTYPE persistently for the System
[Environment]::SetEnvironmentVariable("POSTYPE", $EnvValue, [EnvironmentVariableTarget]::Machine)
Log-Message "Script ended."
Tanium Agent
- Download zip file with Tanium client
Wim file (Windows 10.11)
- Use install.wim file directly from ISO
Drivers Zip
Source : https://help.tanium.com/bundle/ug_provision_cloud/page/provision/preparing_content.html
Create Provision
- On provision select “Create OS Bundle”
- Enter Bundle Name and OS and architecture
- Add Wim File
- Add adk File
- Add Unattend file
- Add client installation zip
- Add script zip ou powershell file (customer.ps1)
Create PXE
Warning : A Provision must exist for creating a PXE server
- On provision, select “Create Provision Endpoint”
- Select “Create Satellite”
- Select a device name and click continue
- On client , start get_endpoint_fingerprint.cmd et get mac address
- Report adress mac on Unique Identifier
- Enable PXE feature
- Installation in progress
Deploy a bare metal
Note : Disable secure boot
0 Comments