When running the tool, I tend to have a Source and an Output folder, the source containing my binaries and the output to contain my generated. intunewin files which we need to import into Intune to create our application. If you don’t have the Microsoft Win32 Content Prep Tool, you will need to download this from. I will use this as my detection method for successful install of the Win32 app. New-Item -Path "$env:ALLUSERSPROFILE\Microsoft\IntuneManagementExtension\Logs" -Name "RebootProtocol.txt" -ItemType "file" -Value "Hybrid Join Reboot Protocol set"Īfter adding in the registry key, I am creating a txt file called RebootProtocol.txt in the ProgramData\Microsoft\IntuneManagementExtension\Logs folder. New-ItemProperty -Path "$RegPath\shell\open\command" -Name "(Default)" -Value 'c:\temp\Reboot.bat' -PropertyType "String" New-Item -Path "$RegPath\shell\open\command" -Force New-ItemProperty -Path "$RegPath" -Name "URL Protocol" -Value "" -PropertyType "String" New-ItemProperty -Path "$RegPath" -Name "(Default)" -Value "URL:Reboot Protocol" -PropertyType "String" New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null # Creating registry entries if they don't exists The reboot protocol script needs to be execute as SYSTEM or an administrator and hence, when we create the Win32 app in Intune, we will use the SYSTEM context to run the application. Note that you could amend the solution to use a folder location you desire but you will need to amend all the references in the scripts provided. This location will be created when the Toast Notification application is executed. The bat file – Reboot.bat – will be located in the c:\temp folder on the endpoint. The key will execute a restart bat file which is delivered as part of the Toast Notification application. The reboot protocol script sets a registry key in the location HKCR:\rebootnow\shell\open\command. This executes the toast notification to alert the end user that their device is now ‘Enterprise ready’ and they can reboot the device immediately or later.When the second app is executed, a scheduled task is created the triggering being a Windows event ID which relates to the device registration task being completed.The second app contains the toast notification script, along with a scheduled task XML, images and a PowerShell script to set everything up. The first app sets some registry keys which define a reboot protocol, which will be used by the toast notification script.Two Win32 apps are deployed from Intune during Autopilot provisioning.So what does the Hybrid Join Complete Toast Notification do? Here’s a breakdown of the process. The code itself is very much beta, it does the job but it needs refining and smoothing out, but I’m happy to release this. The Windows Autopilot Hybrid Join Complete Toast Notification is the result of playing around to try and achieve this.īefore I get going on how this was created and operates, I have uploaded all the code and files up to my GitHub and it’s all available here. Ideally I wanted something visual to happen on the end user’s device, something which would let them know the device is ready to use. So I decided to take a look at creating something which would assist with this. The problem is, how does the user know this process is complete? Is it going to take 5 minutes? 30? An hour? Or longer? So we can tell the users that the device is almost ready to use, but ideally they should sit back and wait for the registration process to complete on the back end and then they are good to go. So if you’ve implemented your policy to automatically do this, you’ll be bitter disappointed that at this stage it’s not ready to use. If you attempt to load up OneDrive, you’ll be met with the onboarding wizard, where the user has to enter creds authenticate. For example, if you fire up Office or Teams, you’ll be prompted to ‘Allow my organisation to manage my device’ and this will create an Azure AD registered object in Azure AD and we don’t want this. The benefit of using Skip User ESP is that it gets the device to the desktop, however the negative side is that the device really isn’t ready to use. Device/Vendor/MSFT/DMClient/Provider/MS DM Server/FirstSyncStatus/SkipUserStatusPage with a Data Type of Boolean and a Value of True. We can do this by creating a custom profile and the OMA-URI. To get around the amount of time it can take for the backend process to complete, with a registered Azure AD joined and a hybrid joined object to exist in Azure AD we usually implement Skip User ESP. I’ve worked on a few Windows Autopilot hybrid join implementations and the end user experience, when provisioning the device, isn’t as smooth as the Azure AD joined.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |