Getting the hardware hash for a new laptop or desktop typically involves several steps. You’d need to open PowerShell, set the execution policy, install the get-windowsautopilot script, respond to prompts, and enter your credentials to upload it to your system. In this guide, I’ll demonstrate how to streamline this process to minimize the number of steps required.
App Registration:
To streamline the process and avoid repeatedly entering credentials, it’s essential to register an app in Azure. Follow these steps:
- Navigate to “App Registrations.”(Entra)
- Select “New Registration.”
- Enter “Autopilot Registration” as the name and click “Register.”
- Go to “API Permissions” and select “Add a permission.”
- Choose “Microsoft Graph” and then “Application permissions.”
- Look for “DeviceManagementServiceConfig.ReadWrite.All,” select the checkbox, and click “Add Permissions.”
- Grant admin consent for your domain.
- Under “Certificates & secrets,” create a new client secret with a preferred duration.
- Copy the secret value securely.
- Save the “Application (client) ID” and “Directory (tenant) ID.”
Creating the Scripts:
Now that we have registered an application for authentication, we can create two script files that will simplify the process. You can store these scripts on a USB drive for easy access. Copy the following contents into two separate files named autopilot.cmd and autopilot.ps1:
autopilot.cmd:
powershell.exe -executionpolicy bypass -file .\autopilot.ps1
autopilot.ps1:
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Confirm:$false -Force:$true Install-Script get-windowsautopilotinfo -Confirm:$false -Force:$true get-windowsautopilotinfo -Online -TenantId xxxx -AppId xxxx -AppSecret xxxx shutdown.exe /s /t 30Running the autopilot.cmd
When your device reaches the first OOBE (Out Of Box Experience) screen, follow these steps:
- Press Shift-F10 to open a command prompt.
- Navigate to your USB drive (e.g., enter “E:”).
- Execute the script by entering “autopilot.cmd.”
The autopilot.ps1 script will then proceed to install necessary components, retrieve the hardware hash, connect to your tenant using the registered app details, and upload the hardware hash. After completion, the system will shut down, and your device will be ready for Autopilot installation.
Adding a Group Tag
If you’re utilizing Group tags for deployment profiles, you can modify the autopilot.ps1 script on your USB drive as follows:
powershell script :
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Confirm:$false -Force:$true
Install-Script get-windowsautopilotinfo -Confirm:$false -Force:$true
get-windowsautopilotinfo -Online -TenantId xxxx -AppId xxxx -AppSecret xxxx
-GroupTag Desktop
shutdown.exe /s /t 30Simply add the “-GroupTag” parameter followed by your desired tag (e.g., “Desktop”).
