Forum Discussion

Brass Contributor

Jun 21, 2022

Solved

Truly Remote Wiping and Setup

I'm looking for a way to wipe and re-configure my Win10/11 endpoints without losing remote access afterward. My endpoints are all AAD-joined and Intune (MEM)-managed with remote access through Connec...

Intune

mobile device management (mdm)

NielsScheffers
Jul 14, 2022
I think we all were (incorrectly) assuming you were using Autopilot. At least I was .

The ESP will only start through OOBE with AAD-join or during the Autopilot process (see https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status). That probably explains why you need to sign in before anything happens. With Autopilot, the device configuration is applied before the first sign-in.

Dr_Snooze

Brass Contributor

Jun 23, 2022

Thanks Moe.

So the Enrollment Status Page looks like https://www.ironstoneit.com/hs-fs/hubfs/Enrollment%20status%20page.png?width=900&name=Enrollment%20status%20page.png and yes, it's set up to allow the user to bypass it and go to the desktop.

My frustration is the loss of remote access during the process. If I do a format and clean install, the computer will start at the https://gtrusted.com/uploads/81439/large-81439-37.jpg, then proceed to the Enrollment Status Page after the user first signs in. So remote access is lost until someone either sits down at the machine and installs my remote agent, or sits down at the machine and logs in to get the Intune deployments going. Either way, someone needs to sit down at the machine.

If I initiate a device wipe from Intune, the computer will start with a default https://mcdn.wallpapersafari.com/medium/40/68/Ny5TMh.png, and again, proceed to the desktop after the user first signs in. And again, my remote access is lost until someone sits down at the machine to re-install my remote access agent, or sits down at the machine to log in and get the Intune deployments started. Again, someone has to sit down at the machine either way, which is the step I'm trying to eliminate.

Surely there is a way around this. ?

Moe_Kinani

Bronze Contributor

Jun 24, 2022

Are you pushing the remote tool app from Intune? I use LogMeIn and I can remote after wiping from Intune by installing the app remotely.

Does the remote tool app use unattended agent? I would package it and scope it to the PC. If the app needs user and password to get installed you can use Orca to edit MSI file.

Moe

https://cloudbymoe.com/f/deploy-an-app-that-prompts-for-username-password-using-intune

Dr_Snooze
Brass Contributor
Jun 27, 2022
Yeah, I'm deploying it from Intune, but deployment only happens after someone logs in. How do you install your remoting app remotely if you can't remote?
- NielsScheffers
  Iron Contributor
  Jun 28, 2022
  Just to be sure: you are assigning this app as required to devices, right? It kinda sounds like you're assigning it to a user (which would require a user to sign in).
- Moe_Kinani
  Bronze Contributor
  Jun 27, 2022
  Hi,
  
  I don't have to login, the app get installed before I login (Intune Management Extension). I'm pushing the remote tool using Win32 with Access Code packaged using Orca so the device shows up online and can remote to it.
  
  Moe
Jannik_Reinhard
Iron Contributor
Jun 26, 2022
Hey Dr_Snooze,

I think this does not 100% solve you issue but you can use quick assist bevor the real enrolment start. The only issue here is that someone has to enter the connection code. But as soon as this is done you can do the enrolment remote.

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-remote-assist-autopilot-deployments-with-quick-assist/ba-p/3044512