Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Truly Remote Wiping and Setup

%3CLINGO-SUB%20id%3D%22lingo-sub-3535734%22%20slang%3D%22en-US%22%3ETruly%20Remote%20Wiping%20and%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3535734%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20looking%20for%20a%20way%20to%20wipe%20and%20re-configure%20my%20Win10%2F11%20endpoints%20without%20losing%20remote%20access%20afterward.%20My%20endpoints%20are%20all%20AAD-joined%20and%20Intune%20(MEM)-managed%20with%20remote%20access%20through%20ConnectWise%20Control.%20Yet%20for%20all%20that%2C%20I'm%20unable%20to%20complete%20a%20device%20wipe%20and%20reconfigure%20remotely.%20When%20I%20wipe%2C%20I%20choose%20the%20%22keep%20enrollment%20state%20and%20associated%20user%20acct%22%20option%2C%20but%20the%20device%20is%20incommunicado%20until%20someone%20does%20something%20on%20the%20box%20itself.%20This%20%22someone%22%20is%20usually%20me%20and%20%22something%22%20usually%20involves%20driving%20an%20hour%20into%20the%20office%20to%20do%20the%20something.%20I%20feel%20like%20truly%20remote%20mgmt%20should%20be%20possible%2C%20but%20I%20can't%20seem%20to%20get%20there.%20I've%20tried%20deploying%20the%20agent%20through%20Intune%2C%20deploying%20a%20PS%20script%20through%20Intune%2C%20etc.%2C%20but%20Intune%20won't%20work%20until%20someone%20actually%20logs%20into%20the%20refreshed%20device%20for%20the%20first%20time.%20Advice%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EPS%3A%20We%20are%20a%20cloud-only%20shop.%20There%20is%20no%20server%20in%20the%20office.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3535734%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3541088%22%20slang%3D%22en-US%22%3ERe%3A%20Truly%20Remote%20Wiping%20and%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3541088%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EFew%20questions%3A%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20when%20you%20go%20there%2C%20do%20you%20see%20the%20device%20waiting%20for%20user%20to%20sign%20in%3F%3CBR%20%2F%3E%3CBR%20%2F%3EDo%20you%20have%20Enrollment%20Status%20Page%20enabled%3F%20This%20might%20be%20the%20problem%2C%20Enrollment%20Status%20Page%20restricts%20users%20from%20accessing%20the%20desktop%20until%20all%20their%20apps%20and%20settings%20are%20installed.%3CBR%20%2F%3E%3CBR%20%2F%3EMoe%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3544656%22%20slang%3D%22en-US%22%3ERe%3A%20Truly%20Remote%20Wiping%20and%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3544656%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Moe.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20Enrollment%20Status%20Page%20looks%20like%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.ironstoneit.com%2Fhs-fs%2Fhubfs%2FEnrollment%2520status%2520page.png%3Fwidth%3D900%26amp%3Bname%3DEnrollment%2520status%2520page.png%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ethis%3C%2FA%3E%20and%20yes%2C%20it's%20set%20up%20to%20allow%20the%20user%20to%20bypass%20it%20and%20go%20to%20the%20desktop.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20frustration%20is%20the%20loss%20of%20remote%20access%20during%20the%20process.%20If%20I%20do%20a%20format%20and%20clean%20install%2C%20the%20computer%20will%20start%20at%20the%20%3CA%20href%3D%22https%3A%2F%2Fgtrusted.com%2Fuploads%2F81439%2Flarge-81439-37.jpg%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EOut-Of-Box-Experience%3C%2FA%3E%2C%20then%20proceed%20to%20the%20Enrollment%20Status%20Page%26nbsp%3B%3CEM%3Eafter%3C%2FEM%3E%20the%20user%20first%20signs%20in.%20So%20remote%20access%20is%20lost%20until%20someone%20either%20sits%20down%20at%20the%20machine%20and%20installs%20my%20remote%20agent%2C%20or%20sits%20down%20at%20the%20machine%20and%20logs%20in%20to%20get%20the%20Intune%20deployments%20going.%20Either%20way%2C%20someone%20needs%20to%20sit%20down%20at%20the%20machine.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20initiate%20a%20device%20wipe%20from%20Intune%2C%20the%20computer%20will%20start%20with%20a%20default%20%3CA%20href%3D%22https%3A%2F%2Fmcdn.wallpapersafari.com%2Fmedium%2F40%2F68%2FNy5TMh.png%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EWindows%20sign%20in%20screen%3C%2FA%3E%2C%20and%20again%2C%20proceed%20to%20the%20desktop%20%3CEM%3Eafter%3C%2FEM%3E%20the%20user%20first%20signs%20in.%20And%20again%2C%20my%20remote%20access%20is%20lost%20until%20someone%20sits%20down%20at%20the%20machine%20to%20re-install%20my%20remote%20access%20agent%2C%20or%20sits%20down%20at%20the%20machine%20to%20log%20in%20and%20get%20the%20Intune%20deployments%20started.%20Again%2C%20someone%20has%20to%20sit%20down%20at%20the%20machine%20either%20way%2C%20which%20is%20the%20step%20I'm%20trying%20to%20eliminate.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESurely%20there%20is%20a%20way%20around%20this.%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3549866%22%20slang%3D%22en-US%22%3ERe%3A%20Truly%20Remote%20Wiping%20and%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3549866%22%20slang%3D%22en-US%22%3EAre%20you%20pushing%20the%20remote%20tool%20app%20from%20Intune%3F%20I%20use%20LogMeIn%20and%20I%20can%20remote%20after%20wiping%20from%20Intune%20by%20installing%20the%20app%20remotely.%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20the%20remote%20tool%20app%20use%20unattended%20agent%3F%20I%20would%20package%20it%20and%20scope%20it%20to%20the%20PC.%20If%20the%20app%20needs%20user%20and%20password%20to%20get%20installed%20you%20can%20use%20Orca%20to%20edit%20MSI%20file.%3CBR%20%2F%3E%3CBR%20%2F%3EMoe%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcloudbymoe.com%2Ff%2Fdeploy-an-app-that-prompts-for-username-password-using-intune%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcloudbymoe.com%2Ff%2Fdeploy-an-app-that-prompts-for-username-password-using-intune%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3551225%22%20slang%3D%22en-US%22%3ERe%3A%20Truly%20Remote%20Wiping%20and%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3551225%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1197916%22%20target%3D%22_blank%22%3E%40Dr_Snooze%3C%2FA%3E%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20think%20this%20does%20not%20100%25%20solve%20you%20issue%20but%20you%20can%20use%20quick%20assist%20bevor%20the%20real%20enrolment%20start.%20The%20only%20issue%20here%20is%20that%20someone%20has%20to%20enter%20the%20connection%20code.%20But%20as%20soon%20as%20this%20is%20done%20you%20can%20do%20the%20enrolment%20remote.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fcore-infrastructure-and-security%2Fhow-to-remote-assist-autopilot-deployments-with-quick-assist%2Fba-p%2F3044512%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fcore-infrastructure-and-security%2Fhow-to-remote-assist-autopilot-deployments-with-quick-assist%2Fba-p%2F3044512%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

I'm looking for a way to wipe and re-configure my Win10/11 endpoints without losing remote access afterward. My endpoints are all AAD-joined and Intune (MEM)-managed with remote access through ConnectWise Control. Yet for all that, I'm unable to complete a device wipe and reconfigure remotely. When I wipe, I choose the "keep enrollment state and associated user acct" option, but the device is incommunicado until someone does something on the box itself. This "someone" is usually me and "something" usually involves driving an hour into the office to do the something. I feel like truly remote mgmt should be possible, but I can't seem to get there. I've tried deploying the agent through Intune, deploying a PS script through Intune, etc., but Intune won't work until someone actually logs into the refreshed device for the first time. Advice? 

PS: We are a cloud-only shop. There is no server in the office. 

4 Replies
Hi,

Few questions:

So when you go there, do you see the device waiting for user to sign in?

Do you have Enrollment Status Page enabled? This might be the problem, Enrollment Status Page restricts users from accessing the desktop until all their apps and settings are installed.

Moe


Thanks Moe.

 

So the Enrollment Status Page looks like this and yes, it's set up to allow the user to bypass it and go to the desktop. 

 

My frustration is the loss of remote access during the process. If I do a format and clean install, the computer will start at the Out-Of-Box-Experience, then proceed to the Enrollment Status Page after the user first signs in. So remote access is lost until someone either sits down at the machine and installs my remote agent, or sits down at the machine and logs in to get the Intune deployments going. Either way, someone needs to sit down at the machine. 

 

If I initiate a device wipe from Intune, the computer will start with a default Windows sign in screen, and again, proceed to the desktop after the user first signs in. And again, my remote access is lost until someone sits down at the machine to re-install my remote access agent, or sits down at the machine to log in and get the Intune deployments started. Again, someone has to sit down at the machine either way, which is the step I'm trying to eliminate. 

 

Surely there is a way around this. ?

Are you pushing the remote tool app from Intune? I use LogMeIn and I can remote after wiping from Intune by installing the app remotely.

Does the remote tool app use unattended agent? I would package it and scope it to the PC. If the app needs user and password to get installed you can use Orca to edit MSI file.

Moe

https://cloudbymoe.com/f/deploy-an-app-that-prompts-for-username-password-using-intune

Hey @Dr_Snooze,

I think this does not 100% solve you issue but you can use quick assist bevor the real enrolment start. The only issue here is that someone has to enter the connection code. But as soon as this is done you can do the enrolment remote.

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-remote-assist-autopil...