Installing the Client Software as Part of an Image
Updated: December 17, 2012
Applies To: Windows Intune December 2012 Release
You can deploy the Windows Intune client software to computers as part of an unattended system image deployment. In this case, the computer is automatically enrolled in Windows Intune when the system image is installed.
The following terms are used in these instructions:
An installation master computer on which the administrator captures the system image. This computer cannot be enrolled in Windows Intune.
The computer to enroll in Windows Intune.
You must perform the following tasks to auto-enroll computers in Windows Intune by using a system image:
Copy the following files to the
folder on the reference computer:
Enrollment Package program file
. For information about how to download the Enrollment Package, see Downloading the Windows Intune Client Software.
- Enrollment Package program file Windows_Intune_Setup.exe . For information about how to download the Enrollment Package, see Downloading the Windows Intune Client Software.
Prepare the system image on the reference computer. This step invokes the following actions on the targeted computer at the completion of Windows Setup:
The WindowsIntuneEnrollPending registry value is created under the HKEY_LOCAL_MACHINE\Software\Microsoft\Onlinemanagement\Deployment registry key.
Windows_Intune_Setup.exe is invoked by using the /PrepareEnroll command-line argument.
Capture the system image of the reference computer.
Deploy the system image to the targeted client computer.
When the targeted computer restarts at the completion of Windows Setup, the WindowsIntuneEnrollPending registry key is created. The enrollment package checks whether the computer is enrolled. If the computer is enrolled, no further action is taken. If the computer is not enrolled, the enrollment package creates a Windows Intune Automatic Enrollment Task .
When the Windows Intune Automatic Enrollment Task runs at the next scheduled time, it checks the existence of the WindowsIntuneEnrollPending registry value, and it tries to enroll the targeted computer in Windows Intune. If the enrollment fails for any reason, the enrollment is retried the next time the task runs. The retries continue for a period of one month: After one month, the effort is abandoned.
The Windows Intune Automatic Enrollment Task, the WindowsIntuneEnrollPending registry value, and the account certificate are deleted from the targeted computer when the enrollment is successful or abandoned.
Example that uses Windows Setup tools
You can use the Windows OEM Preinstallation Kit (Windows OPK) or Windows Automated Installation Kit (Windows AIK) to capture an unattended system image that will be deployed on targeted computer. For more information about how to use these tools, see Deployment Tools Supported Platforms.
Steps to perform on the reference computer
If you use Windows Setup (Windows Setup Technical Reference) to capture an unattended system image that will be deployed on targeted computers, you can create the WindowsIntuneEnrollPending registry entry by adding the following command to the SetupComplete.cmd script:
%windir%\system32\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Onlinemanagement\Deployment /v WindowsIntuneEnrollPending /t REG_DWORD /d 1
Add the following command to setupcomplete.cmd to run the enrollment package with the /PrepareEnroll command-line argument:
The SetupComplete.cmd script enables Windows Setup to make modifications to the system before a user logs on. The /PrepareEnroll command-line argument prepares a targeted computer to be automatically enrolled in Windows Intune after Windows Setup finishes.
Note The commands in the SetupComplete.cmd file run by using local system credentials.
Put SetupComplete.cmd in the %Windir%\Setup\Scripts folder on the reference computer. Alternatively, you can put SetupComplete.cmd on the targeted computer, as described in step 2 of Steps to perform on the targeted computer.
Steps to perform on the targeted computer
Create a temporary folder that contains a $$\Setup\Scripts folder structure.
If the enrollment package has not already been copied to the base image, copy the SetupComplete.cmd file, with commands to add the registry key and invoke the /PrepareEnroll command-line argument to this folder.
Note You can alternatively use this step to copy the enrollment package to the targeted computer. In that case, verify that the path to the enrollment package .exe file that is specified in Setupcomplete.cmd contains the appropriate file location under %Windir%\Setup .
Run the Windows Setup Setup.exe program file together with the /m:temp_folder parameter.
In this case, temp_folder can be any file location. The /m option instructs Windows Setup to copy alternative files from an alternate location.
For example, if you create a G:\Temp\SetupFiles\$$\Setup\Scripts\SetupComplete.cmd scripts file, you should use the following command to run Windows Setup:
After the steps are completed, the following occurs on the targeted computer:
After Windows is installed, but before the logon screen appears, Windows Setup searches for the
file in the
folder. If an alternate file location is provided, Windows Setup searches for
in the alternate location.
A Windows Intune Automatic Enrollment Task is created in the image that starts the enrollment package that is stored in the %Systemdrive%\Windows_Intune_Setup folder.