Connect to a Wireless network during Setup? To allow Azure Join via Provisioning Package (PPKG)

Hello everyone, first time poster here.

I have found NTLite to be an amazing antidote to our current imaging/deployment issues. I have successfully customised Win10 Enterprise to remove some components and features, configured Unattended settings and Post-setup app installs/script runs. I have also configured a Provisioning Package using Windows Config Designer to rename the device to a corporate naming format and then join AzureAD using a bulk enrollment token.

All of this works perfectly and the fresh installation at the end is perfect for our RMM tool to take over and complete the final configuration and setup.

This current process relies on the device being connected to the internet via ethernet so that the Azure join can happen at the appropriate time.

Whilst not technically an NTLite query or issue, my question to the forum is whether it is possible to have the installation connect to a pre-set/pre-defined wifi network so that this would be a completely wire-free deployment (except for the charger of course!)

Has anyone come across a similar situation or may know of any way to achieve the aim?

PS - I see that the Windows Config Designer has the option to join a Wireless Network and if you disable that, a message comes up that you MUST then have an ethernet connection.

Would this be the setting that would work?
If the pre-configured wireless network was not available but an ethernet cable was plugged in instead, would that still work?

Thanks in advance, and I look forward to the replies here to see if this can work.
 
Thanks garlin for the reply. I came across this article earlier but thought that was geared more towards having a Wireless network profile added "after" the installation phase so that an end user could login and begin using the device in production.

It wasn't immediately obvious whether this method will add the WiFi profile during that first boot where Windows shows the black loading screen (first boot) like "Getting ready..." etc.

I will try the method in the linked forum post and see if this works in the way I hope it will. I will reply once my testing is complete.

Thanks again for the reply/direction!
 
Post-Setup commands are executed before the first user logon. If you need WiFi access earlier, add the same commands to autounattend's specialize pass. For now, NTLite doesn't support adding specialize commands but it's under consideration.
 
Post-Setup commands are executed before the first user logon. If you need WiFi access earlier, add the same commands to autounattend's specialize pass. For now, NTLite doesn't support adding specialize commands but it's under consideration.

Thanks for the clarification garlin

I tried to add the commands into the Post-Setup (SetupComplete.CMD) and whilst it successfully connects to the WiFi network at the first ever logon screen, it doesn't connect during the pre-boot phase (where I believe the Azure-Join is trying to run.)

I am now trying to follow your 2nd suggestion of adding the details to the autounattend.xml, but I cannot find the right area within my autounattend.xml to add this.

Would you please help me with my code?

I guess I need to add the commands below, but not sure how to structure the code itself in XML format, and where to place the code itself. I don't currently have a specialize section in the autounattend...

Command 1 to add the profile:
Code:
netsh wlan add profile filename="%WINDIR%"\Setup\Files\WiFiNetworkName.xml user=all

Command 2 to initiate connection automatically:
Code:
netsh wlan set profileparameter name=WiFiProfileName connectionmode=auto

My current Autounattend.xml is attached

Thanks again
 

Attachments

  • autounattend.xml
    4.8 KB
Before sharing the updated autounattend.xml, I have to explain how specialize, OOBE and Post-Setup work.

When Windows detects $OEM$ folder on the install media, it copies the files right before Post-Setup tasks are run. Post-Setup has the benefit of having $OEM$ files copied into place. Specialize pass executes before that point, and no files are copied unless you specify them.

The problem is where to hide the WiFi profile? I decided the Default User's temp folder is a relatively safe and unobtrusive spot. This way we don't need to know the USB or CD's drive letter.

1. Mount the image in NTLite.
2. As Administrator, copy WiFiNetworkName.xml to the Default User's home folder. For example:
Code:
copy WiFiNetworkName.xml G:\NTLite\NLTmpMnt01\Users\Default\AppData\Local\Temp
3. Copy the new autounattend.xml to the root of the ISO folder.

Here's the specialize commands:
Code:
        <settings pass="specialize">
                <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                        <RunSynchronous>
                                <RunSynchronousCommand wcm:action="add">
                                        <Order>1</Order>
                                        <Path>netsh wlan add profile filename="C:\Users\Default\AppData\Local\Temp\WiFiNetworkName.xml" user=all</Path>
                                        <Description>WLAN add profile</Description>
                                </RunSynchronousCommand>
                                <RunSynchronousCommand wcm:action="add">
                                        <Order>2</Order>
                                        <Path>netsh wlan set profileparameter name=WiFiProfileName connectionmode=auto</Path>
                                        <Description>WLAN enable</Description>
                                </RunSynchronousCommand>
                        </RunSynchronous>
                </component>
        </settings>
 

Attachments

  • autounattend.xml
    5.6 KB
Before sharing the updated autounattend.xml, I have to explain how specialize, OOBE and Post-Setup work.

When Windows detects $OEM$ folder on the install media, it copies the files right before Post-Setup tasks are run. Post-Setup has the benefit of having $OEM$ files copied into place. Specialize pass executes before that point, and no files are copied unless you specify them.

The problem is where to hide the WiFi profile? I decided the Default User's temp folder is a relatively safe and unobtrusive spot. This way we don't need to know the USB or CD's drive letter.

1. Mount the image in NTLite.
2. As Administrator, copy WiFiNetworkName.xml to the Default User's home folder. For example:
Code:
copy WiFiNetworkName.xml G:\NTLite\NLTmpMnt01\Users\Default\AppData\Local\Temp
3. Copy the new autounattend.xml to the root of the ISO folder.

Here's the specialize commands:
Code:
        <settings pass="specialize">
                <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                        <RunSynchronous>
                                <RunSynchronousCommand wcm:action="add">
                                        <Order>1</Order>
                                        <Path>netsh wlan add profile filename="C:\Users\Default\AppData\Local\Temp\WiFiNetworkName.xml" user=all</Path>
                                        <Description>WLAN add profile</Description>
                                </RunSynchronousCommand>
                                <RunSynchronousCommand wcm:action="add">
                                        <Order>2</Order>
                                        <Path>netsh wlan set profileparameter name=WiFiProfileName connectionmode=auto</Path>
                                        <Description>WLAN enable</Description>
                                </RunSynchronousCommand>
                        </RunSynchronous>
                </component>
        </settings>

Thank you so much for this garlin

I was able to create a Provisioning Package that uses ETHERNET and joins Azure using a BPRT (Bulk enrollment token) and fed this into NTLite.

Coupling this with your assistance in creating a suitable autounattend.xml which joins a specified Wi-Fi network at the "earlier" stage, works perfectly. This allows our admins to build machines with an Ethernet OR Wi-Fi connection to faciliitate the automatic Azure-join during post install booting.

It may be a very niche use-case but I hope this may help others who have the need to AD/Azure-join devices (particularly laptops/Tablets) in an automated scenario so that at first boot the device is essentially ready for an end user to begin using right away.

Thanks again!
 
Trying to get this setup for me too...
Fo some reason I can only login with a local user. So there is no login box for a school account.
Am I missing something? I also cant add a school or microsoft account in the accounts.
When I add an account I enter the lusrmgr
(I put the pkkg in comment for the moment as I use a device that is already enrolled in it. That part to inject the pkkg works btw)
 

Attachments

  • autounattend.xml
    6.4 KB
You have autologon enabled for the Administrators account, which then installs a PPKG. Why isn't the PPKG simply added as a normal update?
Then you would get the chance to specify the AAD logon during the normal OOBE workflow.
 
I also did that. But in my despiration I was trying everything!
So I will do try that now:
I think I found why I could only work with local accounts. I had to delete all account info in the OOBE system part.
In fact if also the package can be installed normally. Nothing needs to be in there.
Also the wifi part works. Reinstalling and enrolling in Intune now takes 10 min instead of hours in the old way.
THANKS SO MUCH Garlin and DeployMentAddict
 
So just to share for other.
Those wanting to install there Win 11 and prepare it just to login to AzureAD - Intune - Entra whatever. Create the ppkg for enrollment.
Add it as an update in NTL. Then you can also add the Wifi of where you are configuring this so the result is that you only need to login with the school/work/microsoft account in the end.
My biggest mistake was making the local accounts, after that there was no screen to login of even make a school account. (however now I have no local account, so I guess I should add one somehow.
 

Attachments

  • autounattend CLEANED AND WORKING.xml
    4.9 KB
So just to share for other.
Those wanting to install there Win 11 and prepare it just to login to AzureAD - Intune - Entra whatever. Create the ppkg for enrollment.
Add it as an update in NTL. Then you can also add the Wifi of where you are configuring this so the result is that you only need to login with the school/work/microsoft account in the end.
My biggest mistake was making the local accounts, after that there was no screen to login of even make a school account. (however now I have no local account, so I guess I should add one somehow.
Hmmm, I am not sure what happens here because somehow this is not what I experienced. I have unattend.xml create the local admin account and add the PPKG in NTLite to join Entra via bulk enrolment tokens, and both steps succeed without errors.

Maybe because I let the built-in Administrator account disabled and created another local account called "Admin"?
 
Back
Top