Automating new workstation deployments with Windows Configuration Designer

One of the most time-consuming portions of maintaining IT devices is at the very start -- preparing new workstations for end-users! This is one area where automation and structure make perfect sense. Preferably all devices are set up the same way with the same settings and the same apps. With Level (and Windows Configuration Designer) this initial burden can be greatly simplified, and tons of time can be saved!

The Windows Configuration Designer (WCD) is a free tool to help bootstrap workstation deployments. With it, you can create custom settings, deploy scripts, and create a provisioning file that can be pushed to multiple computers. We're going to use it to prepare computers with the Level agent in order to set the stage for further automation.

Video Walkthrough

The Big Picture

Before we dive in, it'll be helpful to understand how this all works.

With WCD we are going to create a provisioning package, which is a single file with a .ppkg file extension. This file extension is recognized by Windows during the initial out-of-box experience (OOBE) and as soon as the file is seen, Windows leaves the OOBE and runs the provisioning package instead.

In our case, we will create a package that will give the computer a unique name, add a local admin account, join a wireless network, and install the Level agent. Once the .ppkg file is generated we put it on a USB stick so that we can insert that stick into a brand-new computer and watch as the provisioning package takes effect!

The provisioning step takes just a few seconds, which means you can have many new devices prepped for deployment within minutes.

Step 1: Install Microsoft Configuration Designer

The first step is to download and install WCD. You can download it for free from the Microsoft Store, just search for Windows Configuration Designer.

Step 2: Create a New Project

Once you’ve installed WCD, open it and click on “Provision Desktop Devices” to create a new project. You’ll be prompted to enter a name for the project and to choose a location to save it. After you’ve done that, click “Finish” to create the project and start the wizard.

Step 3: Run Through the New Project Wizard

The wizard has 6 steps.

  1. Set up device

    On this page set a useful computer name template. A common practice is to use "CompanyName-%Serial%". This will prepend the company name in front of the service tag or serial number of the device.

     

  2. Set up network

    On this page, a wireless network can be configured. In my experience, the wireless network was not always joined before the step where we will install the Level agent, and turn this feature off.

  3. Account Management

    It's possible to join the domain in this step, but if the devices are not on a network connected to the AD domain then simply set up a local admin account and the domain can be joined via a Level script at a later time.

     

  4. Add applications

    This is the most important step for us. Here is where we are going to add a PowerShell script to the provisioning package that will do most of the heavy lifting. For our purposes, we want to join a wireless network and install the Level agent.


    Below is the PowerShell script that we'll use. This may seem like a lot, but most of the script contains the body of the wireless provisioning file that Windows uses.


    There are 3 items that must be updated. On lines 2 and 3 replace the variables with your wireless SSID and password. One line 81 paste your Level installer command from the Install New Agent button on the Devices page of Level.io.

     
    param(
        [string]$SSID="Put Your SSID Here",
        [string]$PSK="Put Your Wifi Password Here"
    )
    
    #Test to see if folder $TempFolder exists
    $TempFolder = 'C:\temp'
    if (Test-Path -Path $TempFolder) {
        "$TempFolder exists."
    } else {
        "$TempFolder doesn't exist, creating now."
        mkdir $TempFolder
    }
    
    #Log this script.
    Start-Transcript -Append $TempFolder\LevelInstall.txt
    
    #Create a wireless profile file
    $guid = New-Guid
    $HexArray = $ssid.ToCharArray() | foreach-object { [System.String]::Format("{0:X}", [System.Convert]::ToUInt32($_)) }
    $HexSSID = $HexArray -join ""
    @"
    <?xml version="1.0"?>
    <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
        <name>$($SSID)</name>
        <SSIDConfig>
            <SSID>
                <hex>$($HexSSID)</hex>
                <name>$($SSID)</name>
            </SSID>
        </SSIDConfig>
        <connectionType>ESS</connectionType>
        <connectionMode>auto</connectionMode>
        <MSM>
            <security>
                <authEncryption>
                    <authentication>WPA2PSK</authentication>
                    <encryption>AES</encryption>
                    <useOneX>false</useOneX>
                </authEncryption>
                <sharedKey>
                    <keyType>passPhrase</keyType>
                    <protected>false</protected>
                    <keyMaterial>$($PSK)</keyMaterial>
                </sharedKey>
            </security>
        </MSM>
        <MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
            <enableRandomization>false</enableRandomization>
            <randomizationSeed>1451755948</randomizationSeed>
        </MacRandomization>
    </WLANProfile>
    "@ | out-file "$TempFolder\$guid.SSID"
    
    #Import the wireless profile
    netsh wlan add profile filename="$TempFolder\$guid.SSID" user=all
    Start-Sleep -Seconds 5
    
    #Delete the wireless profile file
    remove-item "$TempFolder\$guid.SSID" -Force
    
    #Connect to the new Wifi network
    netsh wlan connect name=$SSID
    
    #Check for connectivity so the Level agent can be downloaded
    $timeout = New-TimeSpan -Minutes 2
    $endTime = (Get-Date).Add($timeout)
    $testSite = "downloads.level.io"
    
    while (!(Test-Connection $testSite)) {
        Start-Sleep -Seconds 5
        if ((Get-Date) -gt $endTime) {
            $connectivity = Test-Connection -TargetName $testSite
            "$connectivity"
            "Timeout exceeded.  Network connectivity not established"
            break
        }
    }
    
    #Paste the Level installer command below this line.  On the Level.io device page click Install New Agent, chose Windows, then copy the installer command from there.
    
    Stop-Transcript
    

    Save this script as a .ps1 file. On the add application page, press the + button to add an application. Give the application a name and in the Installer Path field, browse to the .ps1 script. In the Command Line Arguments field change the field to:

     
    powershell.exe -executionpolicy bypass -file "your_script.ps1"

    Leave all the other settings default and choose Add at the bottom.

    Add the script

  5. Add Certificates
    No changes are required here.

  6. Finish
    Click Create and the package will be generated!

    Create your .ppkg file and copy that to a USB stick

Step 4: Deploying the Provisioning Package

Now simply copy the .ppkg file that was generated to a USB stick. Only that file is required. The .ps1 file you created earlier is embedded inside the .ppkg.

Power up a brand-new computer and it should boot into the OOBE where it prompts for the language to be used. Do not answer any of the OOBE questions, just plug the USB stick in, and watch the magic happen! The provisioning file will be read, the computer will be renamed and rebooted, the admin account will be created, the wireless network will be joined, and Level will be installed!

Now the device will show up in Level and we're ready to start deploying automation scripts to finish up the new workstation deployment.

Never answer OOBE questions again!