Home
Microsoft

Upgrade Windows 7 using Windows Autopilot in Configuration Manager

Last year at Microsoft Ignite 2017, we announced Windows Autopilot. This solution provides a way for organizations to ship fresh, untouched Windows 10 devices directly to the end user and define the provisioning flow the user goes through to get a secure, productive Windows 10 device. First, the OEM registers purchased devices with the Windows Autopilot service, so you can assign the necessary Windows Autopilot profile. This profile defines the Out of Box Experience (OOBE) for that device. 

It is also possible to register your existing Windows 10 devices with the Windows Autopilot service so that if a device ever needs to be reset, or re-provisioned to a new user, the device will go through the same experience as new devices. ;For more information, see Adding devices to Windows Autopilot and the rest of our Windows Autopilot documentation.

In the year since we announced Windows Autopilot, we have received feedback from many customers who have Windows 7 estates running on modern hardware and want to re-provision those devices with Windows 10 using the Windows Autopilot experience. ;Unfortunately, the hardware hash necessary to pre-register an existing device with Windows Autopilot did not exist on Windows 10 prior to Windows 10, version 1703. This led to many people developing creative and often manual solutions to first reimage a device, then collect the hash to register the device with Windows Autopilot.

To address this, at Microsoft Ignite 2018, we announced Windows Autopilot for existing devices and other capabilities. Windows Autopilot for existing devices allows you to reimage and provision a Windows 7 device for Windows Autopilot user-driven mode using a single System Center Configuration Manager (current branch) task sequence.

You can test this scenario now using Configuration Manager 1806 or later and Windows 10 Insider Preview Build 17758 or later.

In this post, I will take you through the steps to:

  1. Retrieve a Windows Autopilot profile from Microsoft Intune.
  2. Convert the profile to the correct configuration file format.
  3. Configure a Windows Autopilot for existing devices task sequence in Configuration Manager.

Create the Windows Autopilot for existing devices JSON file

  1. On an Internet-connected Windows PC or Server open an administrative PowerShell command window.
  2. Enter the following commands to install the necessary modules:

    Install-Module AzureAD
    Install-module WindowsAutopilotIntune
    1_install-module.png
  3. Accept any prompts to complete the module installations.
  4. Now log into Intune with administrator credentials using the following command:

    Connect-AutopilotIntune
    2_connect-intune.png
    3_intunedom.png
  5. The next command will retrieve all the Windows Autopilot profiles associated with your Intune tenant.

    Get-AutopilotProfile
    4_get-profile.png
  6. As these profiles are not usable for the Windows Autopilot for existing devices scenario, we must convert the profiles into the necessary JSON format using the following commands:

    Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
    5_get-JSON.png
  7. As you can see, each profile is encapsulated within parentheses {}. The configuration file can only contain one file so select the required profile, including the opening and closing bracket, as shown below.

    6_each-profile-JSON.png
  8. Now copy the highlighted profile and paste into a Notepad window.

    7_profile-example.png
  9. Save this file as AutopilotConfigurationFile.json using ANSI encoding to a location suitable as a Configuration Manager package source. (Unicode and UTF-8 files will not work.)

    8_save-profile.png

NOTE: Multiple JSON profile files can be used, but each must be named AutopilotConfigurationFile.json when applied to Windows for OOBE to follow the Windows Autopilot experience.

Create a package containing the Windows Autopilot for existing devices JSON file

  1. Navigate to \Software Library\Overview\Application Management\Packages in the Configuration Manager console.
  2. Click Create Package.
  3. On the Create Package and Program Wizard enter the following details:
    • Package
      • Name: Windows Autopilot for existing devices Config
      • This package contains source files: YES
      • Click Browse.
      • Specify a UNC path containing the Windows Autopilot for existing devices JSON file and click OK.

        9_set-path.png
  4. Click Next.
  5. On the Create Package and Program Wizard enter the following details:
    • Program Type: Do not create a program

      10_select-program.png
  6. Click Next.
  7. On the Summary page, click Next.
  8. Finish the wizard by clicking Close.

Create a Windows Autopilot for existing devices Task Sequence

  1. Staying within the Configuration Manager admin console navigate to \Software Library\Overview\Operating Systems\Task Sequences.
  2. Click Create Task Sequence.
  3. Select Install an existing image package and click Next.

    11_create-ts.png
  4. On the Create Task Sequence Wizard enter the following details:
    • Task Sequence Information
      • Task sequence name: Windows Autopilot for existing devices
      • Boot Image: Boot image (x64)
        (or any other Windows 10, version 1809 boot image)

        12_ts-info.png
  5. Click Next.
  6. On the Install Windows page enter the following configuration:
    • Image Package: Windows 10 1809
    • Image Index: Enterprise, Education or Professional
    • Partition and format the target computer before installing the operating system: YES
    • Configure task sequence for use with Bitlocker: OPTIONAL
    • Product Key: OPTIONAL
    • Randomly generate the local administrator password and disable the account on all support platforms (recommended): OPTIONAL
    • Enable the account and specify the local administrator password: OPTIONAL

      13_install-windows.png
  7. On the Configure Network ensure that Join a workgroup is selected.

    Note: The Windows Autopilot for existing devices task sequence will run the Prepare Windows for capture action, which calls the System Preparation Tool (sysprep), and which will fail if the target machine is joined to a domain. Do not specify a domain!

    14_configure-network.png
  8. Click Next.
  9. Click Next again for Install Configuration Manager.
  10. Deselect all State Migration options.

    15_configure-state-migration.png

    Note: The Windows Autopilot for existing devices task sequence will result in an Azure Active Directory Domain Joined device. Data backup should leverage OneDrive for Business known folder move to ensure the user’s data is backed up before the Windows 10 upgrade.
  11. The configuration on the Include Updates page shown below is optional. Alternatively, you can leverage Offline Image Servicing in Configuration Manager to ensure the image is up to date with the latest Windows 10 quality update.

    16_include-updates.png
  12. Similarly, you can specify applications to install as part of the task sequence, as shown below. To provide a consistent experience for users receiving new hardware and those refreshing their existing PC using Windows Autopilot for existing devices; however, it is recommended to mirror the signature image approach and have all applications and configuration applied from Intune or Configuration Manager co-management.

    17_install-apps.png
  13. Review the Summary and click Next.

    18_progress.png
  14. Review the Completion to ensure there are no issues and click Close.

    19_success.png

Customize the Windows Autopilot for existing devices task sequence

  1. Right click on Windows Autopilot for existing devices in \Software Library\Overview\Operating Systems\Task Sequences and click Edit.
  2. In the Task Sequence Editor select Apply Windows Settings.

    20_existing-ts-01.png
  3. Click Add -> New Group.

    21_existing-ts-02.png
  4. Select the new group called New Group.
  5. Rename this new group to Windows Autopilot for existing devices Config.

    22_existing-ts-03.png
  6. Click Add -> General -> Run Command Line.

    23_existing-ts-04.png

    Note: Ensure that the Run Command Line step is nested under the Windows Autopilot for existing devices Windows Autopilot Config group and is placed after the Remove Windows Autopilot Directory step.

    24_existing-ts-05.png
  7. Select the Run Command Line step
  8. Change the Name to Apply Windows Autopilot configuration file.
  9. Paste the following command line into Command line:

    cmd.exe /c xcopy AutopilotConfigurationFile.json
    %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c
    25_existing-ts-06.png

    Note: Ensure that AutopilotConfigurationFile.json is the name of the JSON file present in the Windows Autopilot for existing devices Config package created earlier.
  10. Select Package and click Browse.
  11. Select the Windows Autopilot for existing devices Config package created earlier and click OK.

    26_existing-ts-07.png
  12. Select the Setup Windows and Configuration Manager
  13. Click Add -> New Group
  14. Select the new group called New Group.
  15. Change Name to Prepare Device for Autopilot.
  16. Use the Move Down button to place the Prepare Device for Autopilot group as the very last step in the task sequence.

    27_existing-ts-08.png
  17. Click Add -> Images -> Prepare ConfigMgr Client for Capture.

    28_existing-ts-09.png
    Note: Ensure that the Prepare ConfigMgr Client for Capture step is nested under the Prepare Device for Autopilot group.

  18. Click Add -> Images -> Prepare Windows for Capture and apply the following:
    • Automatically build mass storage driver list: NO
    • Do not reset activation flag: NO
    • Shutdown the computer after running this action: OPTIONAL

      29_existing-ts-10.png

Note: Some customers wish to have the Windows Autopilot for existing devices task sequence refresh the PC and take the user through Windows Autopilot User-driven mode in one distinct sequence. In this scenario, the PC will reboot once imaged and re-sealed and immediately begin the OOBE.

Other customers may wish to collect hardware and refresh before delivering to a new user. In this case, you may select the Shutdown the computer after running this action to prevent OOBE from beginning immediately after the task sequence completes.

The task sequence is now ready to deploy to your Windows 7 machines, remembering to distribute the content!

We’ll continue to blog about the latest Windows Autopilot capabilities and our documentation will be soon be updated to reflect the new scenarios enabled with the release of Windows 10, version 1809.

5 Comments
Frequent Visitor

Hello Rob,

after running the TaskSequence and booting through OOBE, the System is AzrueAD registered with Status "Managed By MDM/ConfigMgr Agent".
Is it possible to Change the TS to uninstall ConfiMgr Agent, because our Environment Needs to be MDM only managed?

Thanks for Reply,

Peter

Occasional Contributor

Peter Kopper,

 

I asked a similar question on StackOverflow

 

Co-Management seems to happen anytime the SCCM Client gets installed (task "Setup Windows and ConfigMgr").  I found this was the case, even if the SCCM client was uninstalled prior to performing the OOBE reset. The secret is to stop your task sequence before the SCCM Client is needed.

 

Microsoft

Peter / Nathan,

 

The prepare client for capture step actually removes the SCCM client prior to the sysprep stage running.

 

There is a slight bug with the logic that makes a machine report co-managed to Intune via MDM even if SCCM isn't installed. This is fixed in the recent hotfix rollup for 1806.

 

But even without this fix you should see that the client isn't actually co-managed because SCCM was removed.

 

Another option is to follow Mike Niehaus' new blog which has steps on how to provision Autopilot for existing devices much faster - assuming you don't install software or configure the device. https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-d...

 

Rob

 

Frequent Visitor

Thanks Rob for your Answer.

I found the link you have postet and it works very fine.

 

Peter

Frequent Visitor

i receive error:

 

oobeidps something went wrong?

is the user beeing specified via SCCM primary user association? The error occurs before having the possibility so enter user account (for Azure AD Premium license verification and so on) 

 

Thanks.

 

BR,

 

ckuever