# AkosBakos OSDCloud Logic gist function OSDCloudLogic { param ( [Parameter(ParameterSetName = 'Customer', Mandatory = $true)] [string]$Customer ) #================================================ # [PreOS] Update Module #================================================ Write-Host -ForegroundColor Green "Transport Layer Security (TLS) 1.2" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) " -NoNewline Write-Host -ForegroundColor Green "Importing OSD PowerShell Module" Import-Module OSD -Force Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) " -NoNewline Write-Host -ForegroundColor Green "PSCloudScript at functions.osdcloud.com" Invoke-Expression (Invoke-RestMethod -Uri functions.osdcloud.com) #======================================================================= # Download files from KeyVault for Autopilot process #======================================================================= $CertFolder = "$env:Windir\Temp\Certs" if (!(Test-Path -Path $CertFolder)) { New-Item -Path $CertFolder -ItemType Directory -Force | Out-Null } function DownloadFromKeyVault { param ( [Parameter(Mandatory=$true)] [System.String]$Vault, [Parameter(Mandatory=$true)] [System.String]$Customer ) # Install required modules for script execution $Modules = @("Az.Accounts", "Az.KeyVault") foreach ($Module in $Modules) { try { $CurrentModule = Get-InstalledModule -Name $Module -ErrorAction Stop -Verbose:$false if ($CurrentModule -ne $null) { $LatestModuleVersion = (Find-Module -Name $Module -ErrorAction Stop -Verbose:$false).Version if ($LatestModuleVersion -gt $CurrentModule.Version) { $UpdateModuleInvocation = Update-Module -Name $Module -Force -ErrorAction Stop -Confirm:$false -Verbose:$false } } } catch [System.Exception] { try { # Install NuGet package provider $PackageProvider = Install-PackageProvider -Name NuGet -Force -Verbose:$false # Install current missing module Install-Module -Name $Module -Force -ErrorAction Stop -Confirm:$false -Verbose:$false } catch [System.Exception] { Write-Warning -Message "An error occurred while attempting to install $($Module) module. Error message: $($_.Exception.Message)" } } } if (!(Get-AzContext)) { Connect-AzAccount -UseDeviceAuthentication -ErrorAction Stop -Verbose } try { $SecretName = $Customer+'PFXSecret' $PfxName = $Customer+'PFX' Write-Host "VaultName: $Vault" -ForegroundColor Yellow Write-Host "SecretName: $SecretName" -ForegroundColor Yellow Write-Host "PfxName: $PfxName" -ForegroundColor Yellow $PfXPasswordFromKV = Get-AzKeyVaultSecret -VaultName $Vault -Name $SecretName -AsPlainText $PfXPasswordFromKV | Out-File -Append -FilePath $CertFolder\$Customer'PFXSecret'.txt $pfxSecret = Get-AzKeyVaultSecret -VaultName $Vault -Name $PfxName -AsPlainText $certBytes = [Convert]::FromBase64String($pfxSecret) Set-Content -Path $CertFolder\$PfxName.pfx -Value $certBytes -Encoding Byte -Force } catch [System.Exception] { Write-Warning -Message "$($_.Exception.Message)" } } $Vault = "OSDCloudKeyVault" DownloadFromKeyVault -Vault $Vault -Customer $Customer #======================================================================= # [OS] Params and Start-OSDCloud #======================================================================= Write-Host -ForegroundColor Cyan "Set the Global Variables for a Driver Pack name --> none" $Global:MyOSDCloud = @{ DriverPackName = 'none' #ApplyManufacturerDrivers = $false #ApplyCatalogDrivers = $false #ApplyCatalogFirmware = $false } $Params = @{ OSVersion = "Windows 11" OSBuild = "23H2" OSEdition = "Pro" OSLanguage = "de-de" ZTI = $true Firmware = $true } Start-OSDCloud @Params #================================================ # [PostOS] OOBEDeploy Configuration #================================================ Write-DarkGrayHost "Create C:\ProgramData\OSDeploy\OSDeploy.OOBEDeploy.json" $OOBEDeployJson = @' { "Autopilot": { "IsPresent": false }, "RemoveAppx": [ "Microsoft.OutlookForWindows", "MicrosoftCorporationII.QuickAssist", "Clipchamp.Clipchamp", "Microsoft.BingWeather", "Microsoft.BingNews", "Microsoft.GamingApp", "Microsoft.GetHelp", "Microsoft.Getstarted", "Microsoft.Messaging", "Microsoft.MicrosoftOfficeHub", "Microsoft.MicrosoftSolitaireCollection", "Microsoft.MicrosoftStickyNotes", "Microsoft.MSPaint", "Microsoft.People", "Microsoft.PowerAutomateDesktop", "Microsoft.StorePurchaseApp", "Microsoft.Todos", "microsoft.windowscommunicationsapps", "Microsoft.WindowsFeedbackHub", "Microsoft.WindowsMaps", "Microsoft.WindowsSoundRecorder", "Microsoft.Xbox.TCUI", "Microsoft.XboxGameOverlay", "Microsoft.XboxGamingOverlay", "Microsoft.XboxIdentityProvider", "Microsoft.XboxSpeechToTextOverlay", "Microsoft.YourPhone", "Microsoft.ZuneMusic", "Microsoft.ZuneVideo", "Microsoft.BingSearch", "MicrosoftWindows.CrossDevice", "Microsoft.Windows.DevHome", "MSTeams" ], "UpdateDrivers": { "IsPresent": true }, "UpdateWindows": { "IsPresent": true } } '@ If (!(Test-Path "C:\ProgramData\OSDeploy")) { New-Item "C:\ProgramData\OSDeploy" -ItemType Directory -Force | Out-Null } $OOBEDeployJson | Out-File -FilePath "C:\ProgramData\OSDeploy\OSDeploy.OOBEDeploy.json" -Encoding ascii -Force #region Autopilot Tasks #================================================ Write-SectionHeader "[PostOS] Define Autopilot Attributes" #================================================ Write-DarkGrayHost "Define Computername" $Serial = Get-WmiObject Win32_bios | Select-Object -ExpandProperty SerialNumber $lastFourChars = $serial.Substring($serial.Length - 4) #$AssignedComputerName = "NB-2$lastFourChars" $ChassisType = (Get-WmiObject -Query "SELECT * FROM Win32_SystemEnclosure").ChassisTypes $HyperV = Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Microsoft Corporation%' AND Model LIKE '%Virtual Machine%'" $VMware = Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%VMware%' AND Model LIKE '%VMware%'" If ($HyperV -or $VMware) { $HW = "VM" } If ($ChassisType -eq "8" -or` $ChassisType -eq "9" -or` $ChassisType -eq "10" -or` $ChassisType -eq "11" -or` $ChassisType -eq "12" -or` $ChassisType -eq "14" -or` $ChassisType -eq "18" -or` $ChassisType -eq "21" -or` $ChassisType -eq "31") { $HW = "NB" } elseif ($ChassisType -eq "3" -or` $ChassisType -eq "4" -or` $ChassisType -eq "5" -or` $ChassisType -eq "6" -or` $ChassisType -eq "7" -or` $ChassisType -eq "15" -or` $ChassisType -eq "16" -or` $ChassisType -eq "35") { $HW = "PC" } If (!($HW)) { $AssignedComputerName = "RENAME_ME$Serial" } else { $AssignedComputerName = "$HW-2$lastFourChars" } # Device assignment if ($Global:Homburger.TestGroup -eq $true){ Write-DarkGrayHost "Adding device to AZ_COM_TEST_HMB Group" $AddToGroup = "AZ_COM_TST_HMB" } else { Write-DarkGrayHost "Adding device to AZ_COM_PRD_HMB Group" $AddToGroup = "AZ_COM_PRD_HMB" } Write-Host -ForegroundColor Yellow "Computername: $AssignedComputerName" Write-Host -ForegroundColor Yellow "AddToGroup: $AddToGroup" #================================================ Write-SectionHeader "[PostOS] AutopilotOOBE Configuration" #================================================ Write-DarkGrayHost "Create C:\ProgramData\OSDeploy\OSDeploy.AutopilotOOBE.json file" $AutopilotOOBEJson = @" { "AssignedComputerName" : "$AssignedComputerName", "AddToGroup": "$AddToGroup", "Assign": { "IsPresent": true }, "GroupTag": "$GroupTag", "Hidden": [ "AddToGroup", "AssignedUser", "PostAction", "GroupTag", "Assign" ], "PostAction": "Quit", "Run": "NetworkingWireless", "Docs": "https://google.com/", "Title": "Autopilot Manual Register" } "@ If (!(Test-Path "C:\ProgramData\OSDeploy")) { New-Item "C:\ProgramData\OSDeploy" -ItemType Directory -Force | Out-Null } $AutopilotOOBEJson | Out-File -FilePath "C:\ProgramData\OSDeploy\OSDeploy.AutopilotOOBE.json" -Encoding ascii -Force #endregion Write-DarkGrayHost "Downloading Scripts for OOBE and specialize phase" Invoke-RestMethod https://gist.githubusercontent.com/AkosBakos/0f26026d7c5b5ea4dedf8bdf17b2c8f3/raw/AutopilotAzureKeyVault.ps1 | Out-File -FilePath 'C:\Windows\Setup\scripts\autopilot.ps1' -Encoding ascii -Force #region Specialize Tasks #================================================ Write-SectionHeader "[PostOS] SetupComplete CMD Command Line" #================================================ Write-DarkGrayHost "Cleanup SetupComplete Files from OSDCloud Module" Get-ChildItem -Path 'C:\Windows\Setup\Scripts\SetupComplete*' -Recurse | Remove-Item -Force #================================================= Write-SectionHeader "[PostOS] Define Specialize Phase" #================================================= $UnattendXml = @' 1 Start Autopilot Import & Assignment Process PowerShell -ExecutionPolicy Bypass C:\Windows\Setup\scripts\autopilot.ps1 de-CH de-DE de-DE de-CH '@ # Get-OSDGather -Property IsWinPE Block-WinOS if (-NOT (Test-Path 'C:\Windows\Panther')) { New-Item -Path 'C:\Windows\Panther'-ItemType Directory -Force -ErrorAction Stop | Out-Null } $Panther = 'C:\Windows\Panther' $UnattendPath = "$Panther\Unattend.xml" $UnattendXml | Out-File -FilePath $UnattendPath -Encoding utf8 -Width 2000 -Force Write-DarkGrayHost "Use-WindowsUnattend -Path 'C:\' -UnattendPath $UnattendPath" Use-WindowsUnattend -Path 'C:\' -UnattendPath $UnattendPath | Out-Null #================================================ # [PostOS] OOBE CMD Command Line #================================================ Write-Host -ForegroundColor Green "Downloading and creating script for OOBE phase" New-Item -Path "C:\Windows\Setup\Scripts" -ItemType Directory -Force | Out-Null Invoke-RestMethod -Uri 'https://gist.githubusercontent.com/AkosBakos/1cb9f7ffc9385d16b68b257d85b4af4c/raw/SplashScreen.ps1' ` -OutFile 'C:\Windows\Setup\Scripts\Updates-and-Activation.ps1' $OOBEcmdTasks = @' @echo off call :LOG > C:\Windows\Setup\Scripts\oobe.log exit /B :LOG set LOCALAPPDATA=%USERPROFILE%AppDataLocal set PSExecutionPolicyPreference=Unrestricted powershell.exe -Command Get-NetIPAddress powershell.exe -Command Set-ExecutionPolicy Unrestricted -Force powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\Setup\Scripts\Updates-and-Activation.ps1" exit '@ $OOBEcmdTasks | Out-File -FilePath 'C:\Windows\Setup\scripts\oobe.cmd' -Encoding ascii -Force Write-DarkGrayHost "Copying Azure Key vault files" $CertFolder = "C:\OSDCloud\Certs" if (!(Test-Path -Path $CertFolder)) { New-Item -Path $CertFolder -ItemType Directory -Force | Out-Null } Copy-Item $env:Windir\Temp\Certs C:\OSDCloud\ -Recurse -Force #======================================================================= # Dump some variables #======================================================================= $Global:OSDCloud | Out-File C:\OSDCloud\Logs\OSDCloud_Variables.log -Force $Global:OSDCloud.DriverPack | Out-File C:\OSDCloud\Logs\OSDCloud_DriverPack_Variables.log -Force #======================================================================= # Restart-Computer #======================================================================= Write-Host -ForegroundColor Cyan "Restarting in 20 seconds!" Start-Sleep -Seconds 20 # wpeutil reboot }