Category filter
How to enroll Windows devices using provisioning package files?
What is a Windows provisioning package (ppkg)?
Windows provisioning is the best way to configure end-user devices without imaging. Using Windows provisioning, administrators can quickly and seamlessly set up the configurations and settings required for the enrollment process, and deploy the configurations to bulk devices.
A provisioning package file (.ppkg) is a container for a collection of configuration settings. It can be created using a Windows 10/11 device, which can later be used for the bulk enrollment of Windows devices without any user intervention.
Benefits of enrolling devices using a provisioning package
- One-time setup – It is a one-time setup where end-users have to power on the device, get connected to the network and install the ppkg file to enroll in Hexnode UEM.
- Bulk enrollment of devices – It allows large-scale roll-out of corporate-owned devices.
Before you begin
Ensure you have configured the enrollment settings under Enroll > Platform-Specific > Windows > Windows PCs & Tablets on the Hexnode portal.
Create a ppkg file using Windows Configuration Designer
Create a Project
- Download and Install Windows Configuration Designer on a Windows 10/11 device.
- Open Windows Configuration Designer.
- Click on File and choose New project.
- Provide the project details.
- Name: Provide a suitable name to identify the project.
- Project folder: Choose the destination path for the file to be saved.
- Description: Provide a suitable description regarding the package.
- Select project workflow as Provisioning package and click on Next.
- Choose the type of Windows edition and click on Next.
- You can import an existing provisional package to your project or click on Finish to create your project.
Customize the provisioning package
Once the project is created, you can select the desired customizations from Available customizations.
- Expand Runtime settings and choose Workplace.
- Click on Enrollments.
- Provide your User Principal Name (UPN) and click on Add.
- On the left navigation page, click on the UPN and provide the following details for the enrollment process.
- AuthPolicy: Select On-Premise.
- DiscoveryServiceFullUrl: Provide the complete URL for the discovery service (https://yourportal.hexnodemdm.com/enroll/).
- EnrollmentServiceFullUrl: Provide the complete URL here (https://yourportal.hexnodemdm.com/windowsenroll/).
- PolicyServiceFullUrl: Provide the complete URL here (https://yourportal.hexnodemdm.com/windowsenroll/).
- Secret: Provide the secret key for the Windows enrollment here.
- For Open Enrollment, you can get the secret key from your Hexnode UEM console by going to Enroll > Settings > Authentication Modes > Open Enrollment. Click on the unhide icon to view and note the Default Password.
- For Authenticated Enrollment, the password of the corresponding user should be provided as the secret key.
- Save the project once you add all the settings (File > Save).
Build the provisioning package
Once you have customized the provisioning package,
- Click on Export and select Provisioning package.
- Provide the following details and click on Next.
- Name: This field will be pre-filled with the Project Name. However, you can change this name to a required one.
- Version (in Major.Minor format): This field represents the default package version. You can change the current version by specifying a new value. (Optional)
- Owner: Choose the package owner type here.
- Rank (between 0-99): Choose a package rank between 0-99. The default rank is 0.
- You can select the required security type if the package contains sensitive data that cannot be compromised.
- Encrypt package: Select the option to encrypt the package. An encryption password will have to be provided.
- Sign package: If you are signing the package, you must provide a valid certificate.
- Provide the destination path to save the package and click on Next.
- Click on Build to build the package.
- If your build is successful, the package name, along with the project and output locations will be displayed.
- Click on Finish.
Apply the provisioning package to the devices
Once the ppkg file is created, you can use this file to enroll Windows devices without any user intervention.
- On a Windows PC/Tablet, navigate to Settings > Accounts > Access work or school > Add or remove a provisioning package and click on Add a package.
- From the removable media that contains the ppkg file, select the package to install.
- The device gets enrolled in Hexnode UEM.