Provisioning With Tanium

Table of Contents

Computer Admin

Install Tools

On admin console, select Provision, Click Setting

And download and extract zip file (scripts.zip and utility.zip)

Install ADK

Download and Install ADK with Download and install the Windows ADK | Microsoft Learn
- Windows ADK
- Windows PE add-on for the Windows ADK

Prepare Bundle

ADK File

Extract utility.zip on your computer with ADK installed and execute adkprep.ps1

Unattend.xml

This is a basic file of unattend.xml

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="generalize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
            <Identification>
                <JoinWorkgroup>MyWorkgroup</JoinWorkgroup>
            </Identification>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
            <ComputerName>nomPC</ComputerName>
            <RegisteredOrganization>MonOrganisation</RegisteredOrganization>
            <RegisteredOwner>MonOrganisation</RegisteredOwner>
            <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
            <TimeZone>Romance Standard Time</TimeZone>
            <ProductKey>M7XTQ-FN8P6-TTKYV-9D4CC-J462D</ProductKey>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Home_Page>www.google.fr</Home_Page>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>EnableAdmin</Description>
                    <Order>1</Order>
                    <Path>cmd /c net user Administrator /active:yes</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Description>UnfilterAdministratorToken</Description>
                    <Order>2</Order>
                    <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Description>disable user account page</Description>
                    <Order>3</Order>
                    <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Description>disable async RunOnce</Description>
                    <Order>4</Order>
                    <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer /v AsyncRunOnce /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>fr-fr;040c:0000040c</InputLocale>
            <SystemLocale>en-us</SystemLocale>
            <UILanguage>en-us</UILanguage>
            <UserLocale>en-us</UserLocale>
        </component>
        <component name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <TapiConfigured>0</TapiConfigured>
            <TapiUnattendLocation>
                <AreaCode>""</AreaCode>
                <CountryOrRegion>1</CountryOrRegion>
                <LongDistanceAccess>9</LongDistanceAccess>
                <OutsideAccess>9</OutsideAccess>
                <PulseOrToneDialing>1</PulseOrToneDialing>
                <DisableCallWaiting>""</DisableCallWaiting>
                <InternationalCarrierCode>""</InternationalCarrierCode>
                <LongDistanceCarrierCode>""</LongDistanceCarrierCode>
                <Name>Default</Name>
            </TapiUnattendLocation>
        </component>
        <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DisableSR>1</DisableSR>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
            <UserAccounts>
                <AdministratorPassword>
                    <Value>Password1</Value>
                    <PlainText>true</PlainText>
                </AdministratorPassword>
            </UserAccounts>
            <AutoLogon>
                <Enabled>true</Enabled>
                <Username>Administrator</Username>
                <Domain>.</Domain>
                <Password>
                    <Value>Password1</Value>
                    <PlainText>true</PlainText>
                </Password>
                <LogonCount>1</LogonCount>
            </AutoLogon>
            <Display></Display>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                <SkipUserOOBE>true</SkipUserOOBE>
            </OOBE>
            <RegisteredOrganization>MonOrganisation</RegisteredOrganization>
            <RegisteredOwner>MonOrganisation</RegisteredOwner>
            <TimeZone>Romance Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>fr-fr;040c:0000040c</InputLocale>
            <SystemLocale>en-us</SystemLocale>
            <UILanguage>en-us</UILanguage>
            <UserLocale>en-us</UserLocale>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

Script file

Source : https://help.tanium.com/bundle/ug_provision_cloud/page/provision/ref_advanced.html#restart

# Log file path# Log file path
$logFilePath = "C:\unattend_update_log.txt"

# Function to log messages
function Log-Message {
    param (
        [string]$message
    )
    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    $logMessage = "$timestamp - $message"
    Add-Content -Path $logFilePath -Value $logMessage
}

# Start logging
Log-Message "Script started."

# Obtain all network interfaces with their MAC addresses
$macAddresses = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -ExpandProperty MacAddress
Log-Message "MAC Addresses: $macAddresses"

# Webservice URL for your NAS
$webserviceUrl = "http://nas.wuibaille.fr/webservice/get-computer-info.php"

# Path to the unattend.xml file
$xmlFilePath = "C:\Windows\Panther\unattend.xml"
Log-Message "XML File Path: $xmlFilePath"

$EnvValue= ""

# Ensure the XML file exists before proceeding
if (Test-Path $xmlFilePath) {
    Log-Message "unattend.xml file found at $xmlFilePath."

    # Load the XML file
    [xml]$xmlDoc = Get-Content $xmlFilePath

    # Define the namespace manager
    $ns = New-Object System.Xml.XmlNamespaceManager($xmlDoc.NameTable)
    $ns.AddNamespace("ns", "urn:schemas-microsoft-com:unattend")

    # Loop through each MAC address and call the webservice
    foreach ($mac in $macAddresses) {
        Log-Message "Processing MAC address: $mac"

        # Construct the URL with the MAC address as a parameter
        $url = $webserviceUrl + "?macaddress=$mac"

        # Call the webservice
        try {
            $response = Invoke-RestMethod -Uri $url
            # Check if the response contains the ComputerName
            if ($response.Computername) {
                Log-Message "Response received from server for MAC ${mac}: Computername = $($response.Computername)"
				Log-Message "Response received from server for MAC ${mac}: postype = $($response.postype)"
				$EnvValue = $($response.postype)

                # Attempt to find and modify the ComputerName element
                $computerNameNode = $xmlDoc.SelectSingleNode("//ns:settings[@pass='specialize']/ns:component/ns:ComputerName", $ns)
                if ($computerNameNode -ne $null) {
                    $computerNameNode.InnerText = $response.Computername
                    # Save the modified XML file
                    $xmlDoc.Save($xmlFilePath)
                    Log-Message "The ComputerName in unattend.xml has been updated to $($response.Computername)"
                    
                    # Change the computer name
                    Rename-Computer -NewName $response.Computername -Force
                    Log-Message "Computer renamed to $($response.Computername) and scheduled for a restart."

                } else {
                    Log-Message "No ComputerName element found in XML."
                }
            } else {
                Log-Message "No valid computer found for MAC ${mac}"
            }
        } catch {
            Log-Message "Error contacting webservice for MAC ${mac}: $_"
        }
    }
} else {
    Log-Message "The unattend.xml file does not exist at the specified path."
}

# Define the URL and the destination path
$url = "https://nas.wuibaille.fr/partageMyFile789456123/Tanium/GoogleChromeStandaloneEnterprise64.msi"
$destination = "C:\Windows\Temp\GoogleChromeStandaloneEnterprise64.msi"

# Log the start of the process
Log-Message "Starting download from $url"

# Download the file
try {
    Invoke-WebRequest -Uri $url -OutFile $destination
    Log-Message "Download successful"
} catch {
    Log-Message "Download failed: $_"
    exit 1
}

# Log the initiation of installation
Log-Message "Starting installation of $destination"

# Install the MSI package
try {
    Start-Process "msiexec.exe" -ArgumentList "/i $destination /quiet /norestart" -Wait -NoNewWindow
    Log-Message "Installation successful"
} catch {
    Log-Message "Installation failed: $_"
    exit 1
}

# Log completion of the script
Log-Message "Script execution completed"

# Set the environment variable POSTYPE persistently for the System
[Environment]::SetEnvironmentVariable("POSTYPE", $EnvValue, [EnvironmentVariableTarget]::Machine)

Log-Message "Script ended."