Forum Discussion
Autopilot and OEM
Hi,
One of those sysadmins expected to do all things in SME environment so tend to dip in and out of subjects as needed, hence the request for advice below.
Currently have 250+ laptops which are currently MS Endpoint managed hybrid joined, but we are now at a point where we wish to re-set the devices from Endpoint and rebuild as AADJ devices using AutoPilot. All laptops have been bought with Win 10 Pro OEM and we previously ran a PS script to remove bloatware before adding to domain and registering in Intune.
As part of the Autopilot build I want a clean Windows bloatware free base build, and then to deploy all apps via Endpoint. All user have an Windows 10/11 Enterprise E3 licence.
1. Can a bloat free build easily be done with an OEM image or is it better to purchase a single VLK licence and can I still use the OEM licence?
2. What rights do the Win 10/11 Ent E3 allow me to do if anything.
Thanks
- Not sure about the licensing part though.. but normally when you download a image
https://www.microsoft.com/en-us/software-download
And install the device with it you are good to go. When you have a valid win 10 pro license, you could enroll the device with autopilot and normally you will have a nice boat free installation.
And when you have a e3 license, the pro license would be upgraded to enterprise so you could use some additional enterprise security features. (device guard/credential guard )
6 Replies
Hi JWwork ,
as you mention in your question is that you prefer a clean OEM image. You ask e.g. HP for new laptops with a clean image but you have to pay for it
for current device you can reset them to default. Purchase all store apps in store for business and setup the connector and set all those applications as uninstall. Create some win32 apps for the other applications like the virusscanner. Setup a enrollment status page and you have a clean image after autopilot.
you can also download the windows 10 media creation toolkit create a clean Windows 10 image and reinstall your devices.If your device is already activated with a Windows 10/11 license you can select I don’t have a serial in the installation and Microsoft will recognize the serial key and activated it automatically after the installation.
The Windows 10/11 enterprise E3 needs a valid Windows 10/11 pro license to upgrade to enterprise.
kind regards,
René
And, to put my two cents in, you can always read the OEM product key from BIOS and activate your vanilla Windows with it. In my opinion that's always 'cleaner' than just using a VLK.
It's done in a few PowerShell lines, for example like I did here: https://gist.github.com/NielsS79/4b76082ea0eda0264bfbd0f435c0306f
Edit: I accidently replied to your post, Mr_Helaas... meant to reply to JWwork, of course.
- Not sure about the licensing part though.. but normally when you download a image
https://www.microsoft.com/en-us/software-download
And install the device with it you are good to go. When you have a valid win 10 pro license, you could enroll the device with autopilot and normally you will have a nice boat free installation.
And when you have a e3 license, the pro license would be upgraded to enterprise so you could use some additional enterprise security features. (device guard/credential guard )Hi All,
Thanks for your reply. In the end, as the devices were already hybrid joined to Endpoint I tried the Fresh Start Option, Removed the device from On-Prem AD, synced to Endpoint and after going through the Autopilot stuff it was bloat free so, licences using the OEM and had applied the Enterprise licence, so unless there are any downsides to this way it looks like it will do the job.
ThanksAs Rudy_Ooms_MVP already mentioned that's what Fresh Start does. The only downside is that this approach doesn't work for new devices, because they won't go through the same process.
