How to Provision Windows 10 with an Encrypted PPKG

Check out my post on VMware Techzone detailing how to setup a zero touch USB key with OSDBuilder and an encrypted PPKG to fully provision a Windows 10 device.

Share on:

5 thoughts on “How to Provision Windows 10 with an Encrypted PPKG”

    • Hi john – Unfortunately no, this only works when applying locally via USB. If using PXE, you’ll want to use a proper deployment tool such as MDT.

  1. Brooks,

    First off, thank you for the fantastic info here. Learning UEM on the fly and your blog has been amazing!

    Question on the encrypted provisioning package. Is there a way to force the pc name to use the dell asset tag of the computer. I’m able to get the prefix I want using the Registered Owner field. Is this even possible? Thanks in advance!

    • Hey Matt,
      I’ve seen this question a fair number of times and unfortunately, it’s not that easy to do. The unattend.xml only has a couple of options for doing the naming convention: a hardcoded prefix + random numbers or fully random. The WS1 provisioning tool does copy the unattend.xml to c:\windows\panther before sys-prepping so you’d have to build a script that loads it up, modifies the value for the computer name, and then replaces it. It would have to be an app. I just don’t know if it’s copied before or after apps are run. If you are doing Azure AD join, then you can always rename it later after enrollment completes. Stepping back though – is there a significant need to name the computer based on serial? With modern management, I try to encourage things being centered around the user vs how the computer is named.

      • Thanks for your reply! If I figure out a method to make it work I will let you know! Thinking we may just change our naming with this pc refresh.


Leave a Comment