<# .SYNOPSIS OSDCloud Logic secret gist .DESCRIPTION osdcloudlogic.homburger.osdcloud.ch .NOTES Version: 0.1 Creation Date: 25.10.2024 Author: Akos Bakos Company: SmartCon GmbH Contact: akos.bakos@smartcon.ch Copyright (c) 2024 SmartCon GmbH HISTORY: Date By Comments ---------- --- ---------------------------------------------------------- 25.10.2024 Akos Bakos Script created 17.12.2024 Akos Bakos Added MSCatalog Module 26.01.2025 Akos Bakos Added $Global:MyOSDCloud variables for HPIA 02.02.2025 Akos Bakos Remove SetupComplete Tasks #> if (-NOT (Test-Path 'X:\OSDCloud\Logs')) { New-Item -Path 'X:\OSDCloud\Logs' -ItemType Directory -Force -ErrorAction Stop | Out-Null } #Transport Layer Security (TLS) 1.2 Write-Host -ForegroundColor Green "Transport Layer Security (TLS) 1.2" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 #[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials $Transcript = "$((Get-Date).ToString('yyyy-MM-dd-HHmmss'))-Start-OSDCloudLogic.log" Start-Transcript -Path (Join-Path "X:\OSDCloud\Logs" $Transcript) -ErrorAction Ignore | Out-Null #================================================ Write-Host -ForegroundColor DarkGray "=========================================================================" Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) " -NoNewline Write-Host -ForegroundColor Cyan "[PreOS] Update Module" #================================================ # Write-Host -ForegroundColor Green "Updating OSD PowerShell Module" # Install-Module OSD -Force Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) " -NoNewline Write-Host -ForegroundColor Green "Importing OSD PowerShell Module" Import-Module OSD -Force Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) " -NoNewline Write-Host -ForegroundColor Green "PSCloudScript at functions.osdcloud.com" Invoke-Expression (Invoke-RestMethod -Uri functions.osdcloud.com) #region Helper Functions function Write-DarkGrayDate { [CmdletBinding()] param ( [Parameter(Position=0)] [System.String] $Message ) if ($Message) { Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) $Message" } else { Write-Host -ForegroundColor DarkGray "$((Get-Date).ToString('yyyy-MM-dd-HHmmss')) " -NoNewline } } function Write-DarkGrayHost { [CmdletBinding()] param ( [Parameter(Mandatory=$true, Position=0)] [System.String] $Message ) Write-Host -ForegroundColor DarkGray $Message } function Write-DarkGrayLine { [CmdletBinding()] param () Write-Host -ForegroundColor DarkGray "=========================================================================" } function Write-SectionHeader { [CmdletBinding()] param ( [Parameter(Mandatory=$true, Position=0)] [System.String] $Message ) Write-DarkGrayLine Write-DarkGrayDate Write-Host -ForegroundColor Cyan $Message } function Write-SectionSuccess { [CmdletBinding()] param ( [Parameter(Position=0)] [System.String] $Message = 'Success!' ) Write-DarkGrayDate Write-Host -ForegroundColor Green $Message } #endregion #region PreOS Tasks #======================================================================= Write-SectionHeader "[PreOS] Define OSDCloud Global And Customer Parameters" #======================================================================= $Global:Homburger = $null $Global:Homburger = [ordered]@{ Development = [bool]$false TestGroup = [bool]$false } Write-SectionHeader "Homburger variables" Write-Host ($Global:Homburger | Out-String) $Global:MyOSDCloud = [ordered]@{ MSCatalogFirmware = [bool]$true HPBIOSUpdate = [bool]$true #IsOnBattery = [bool]$false } Write-SectionHeader "MyOSDCloud variables" Write-Host ($Global:MyOSDCloud | Out-String) if ($Global:OSDCloud.ApplyCatalogFirmware -eq $true) { #======================================================================= Write-SectionHeader "[PreOS] Prepare Firmware Tasks" #======================================================================= #Register-PSRepository -Default -Verbose osdcloud-TrustPSGallery -Verbose #Set-PSRepository -Name PSGallery -InstallationPolicy Trusted -Verbose osdcloud-InstallPowerShellModule -Name 'MSCatalog' #Install-Module -Name MSCatalog -Force -Verbose -SkipPublisherCheck -AllowClobber -Repository PSGallery } #endregion #region OS Tasks #======================================================================= Write-SectionHeader "[OS] Params and Start-OSDCloud" #======================================================================= $Params = @{ OSVersion = "Windows 11" OSBuild = "23H2" OSEdition = "Pro" OSLanguage = "en-us" OSLicense = "Retail" ZTI = $true Firmware = $true } Write-Host ($Params | Out-String) Start-OSDCloud @Params #endregion #region Autopilot Tasks #================================================ Write-SectionHeader "[PostOS] Define Autopilot Attributes" #================================================ Write-DarkGrayHost "Define Computername" $Serial = Get-WmiObject Win32_bios | Select-Object -ExpandProperty SerialNumber $lastFourChars = $serial.Substring($serial.Length - 4) #$AssignedComputerName = "NB-2$lastFourChars" $ChassisType = (Get-WmiObject -Query "SELECT * FROM Win32_SystemEnclosure").ChassisTypes $HyperV = Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Microsoft Corporation%' AND Model LIKE '%Virtual Machine%'" $VMware = Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%VMware%' AND Model LIKE '%VMware%'" If ($HyperV -or $VMware) { $HW = "VM" } If ($ChassisType -eq "8" -or` $ChassisType -eq "9" -or` $ChassisType -eq "10" -or` $ChassisType -eq "11" -or` $ChassisType -eq "12" -or` $ChassisType -eq "14" -or` $ChassisType -eq "18" -or` $ChassisType -eq "21" -or` $ChassisType -eq "31") { $HW = "NB" } elseif ($ChassisType -eq "3" -or` $ChassisType -eq "4" -or` $ChassisType -eq "5" -or` $ChassisType -eq "6" -or` $ChassisType -eq "7" -or` $ChassisType -eq "15" -or` $ChassisType -eq "16" -or` $ChassisType -eq "35") { $HW = "PC" } If (!($HW)) { $AssignedComputerName = "RENAME_ME$Serial" } else { $AssignedComputerName = "$HW-2$lastFourChars" } # Device assignment if ($Global:Homburger.TestGroup -eq $true){ Write-DarkGrayHost "Adding device to AZ_COM_TEST_HMB Group" $AddToGroup = "AZ_COM_TST_HMB" } else { Write-DarkGrayHost "Adding device to AZ_COM_PRD_HMB Group" $AddToGroup = "AZ_COM_PRD_HMB" } Write-Host -ForegroundColor Yellow "Computername: $AssignedComputerName" Write-Host -ForegroundColor Yellow "AddToGroup: $AddToGroup" #================================================ Write-SectionHeader "[PostOS] AutopilotOOBE Configuration" #================================================ Write-DarkGrayHost "Create C:\ProgramData\OSDeploy\OSDeploy.AutopilotOOBE.json file" $AutopilotOOBEJson = @" { "AssignedComputerName" : "$AssignedComputerName", "AddToGroup": "$AddToGroup", "Assign": { "IsPresent": true }, "GroupTag": "$GroupTag", "Hidden": [ "AddToGroup", "AssignedUser", "PostAction", "GroupTag", "Assign" ], "PostAction": "Quit", "Run": "NetworkingWireless", "Docs": "https://google.com/", "Title": "Autopilot Manual Register" } "@ If (!(Test-Path "C:\ProgramData\OSDeploy")) { New-Item "C:\ProgramData\OSDeploy" -ItemType Directory -Force | Out-Null } $AutopilotOOBEJson | Out-File -FilePath "C:\ProgramData\OSDeploy\OSDeploy.AutopilotOOBE.json" -Encoding ascii -Force #endregion #region Specialize Tasks #================================================ Write-SectionHeader "[PostOS] SetupComplete CMD Command Line" #================================================ Write-DarkGrayHost "Cleanup SetupComplete Files from OSDCloud Module" Get-ChildItem -Path 'C:\Windows\Setup\Scripts\SetupComplete*' -Recurse | Remove-Item -Force #================================================= Write-SectionHeader "[PostOS] Define Specialize Phase" #================================================= $UnattendXml = @' 1 Start Autopilot Import & Assignment Process PowerShell -ExecutionPolicy Bypass C:\Windows\Setup\scripts\autopilot.ps1 de-CH de-DE de-DE de-CH '@ # Get-OSDGather -Property IsWinPE Block-WinOS if (-NOT (Test-Path 'C:\Windows\Panther')) { New-Item -Path 'C:\Windows\Panther'-ItemType Directory -Force -ErrorAction Stop | Out-Null } $Panther = 'C:\Windows\Panther' $UnattendPath = "$Panther\Unattend.xml" $UnattendXml | Out-File -FilePath $UnattendPath -Encoding utf8 -Width 2000 -Force Write-DarkGrayHost "Use-WindowsUnattend -Path 'C:\' -UnattendPath $UnattendPath" Use-WindowsUnattend -Path 'C:\' -UnattendPath $UnattendPath | Out-Null #endregion #region OOBE Tasks #================================================ Write-SectionHeader "[PostOS] OOBE CMD Command Line" #================================================ Write-DarkGrayHost "Downloading Scripts for OOBE and specialize phase" Invoke-RestMethod http://autopilot.homburger.osdcloud.ch | Out-File -FilePath 'C:\Windows\Setup\scripts\autopilot.ps1' -Encoding ascii -Force Invoke-RestMethod http://oobedeploy.homburger.osdcloud.ch | Out-File -FilePath 'C:\Windows\Setup\scripts\oobe.ps1' -Encoding ascii -Force Invoke-RestMethod http://cleanup.homburger.osdcloud.ch | Out-File -FilePath 'C:\Windows\Setup\scripts\cleanup.ps1' -Encoding ascii -Force Invoke-RestMethod http://osdgather.homburger.osdcloud.ch | Out-File -FilePath 'C:\Windows\Setup\scripts\osdgather.ps1' -Encoding ascii -Force $OOBEcmdTasks = @' @echo off REM Wait for Network 10 seconds REM ping 127.0.0.1 -n 10 -w 1 >NUL 2>&1 REM Execute OOBE Tasks start /wait powershell.exe -NoL -ExecutionPolicy Bypass -F C:\Windows\Setup\Scripts\oobe.ps1 REM Execute OSD Gather Script start /wait powershell.exe -NoL -ExecutionPolicy Bypass -F C:\Windows\Setup\Scripts\osdgather.ps1 REM Execute Cleanup Script start /wait powershell.exe -NoL -ExecutionPolicy Bypass -F C:\Windows\Setup\Scripts\cleanup.ps1 REM Below a PS session for debug and testing in system context, # when not needed REM start /wait powershell.exe -NoL -ExecutionPolicy Bypass exit '@ $OOBEcmdTasks | Out-File -FilePath 'C:\Windows\Setup\scripts\oobe.cmd' -Encoding ascii -Force Write-DarkGrayHost "Copying PFX file" Copy-Item X:\OSDCloud\Config\Scripts C:\OSDCloud\ -Recurse -Force #endregion Write-DarkGrayHost "Disabling Shift F10 in OOBE for security Reasons" $Tagpath = "C:\Windows\Setup\Scripts\DisableCMDRequest.TAG" New-Item -ItemType file -Force -Path $Tagpath | Out-Null Write-DarkGrayHost "Shift F10 disabled now!" #region Development if ($Global:Homburger.Development -eq $true){ #================================================ Write-SectionHeader "[WINPE] DEVELOPMENT - Activate some debugging features" #================================================ Write-DarkGrayHost "Enabling Shift+F10 in OOBE for security Reasons" $Tagpath = "C:\Windows\Setup\Scripts\DisableCMDRequest.TAG" Remove-Item -Force -Path $Tagpath | Out-Null Write-DarkGrayHost "Shift F10 enabled now!" Write-DarkGrayHost "Disable Cursor Suppression" #cmd.exe /c reg load HKLM\Offline c:\windows\system32\config\software & cmd.exe /c REG ADD "HKLM\Offline\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableCursorSuppression /t REG_DWORD /d 0 /f & cmd.exe /c reg unload HKLM\Offline Invoke-Exe cmd.exe -Arguments "/c reg load HKLM\Offline c:\windows\system32\config\software" | Out-Null New-ItemProperty -Path HKLM:\Offline\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableCursorSuppression -Value 0 -Force | Out-Null #Invoke-Exe cmd.exe -Arguments "/c REG ADD 'HKLM\Offline\Microsoft\Windows\CurrentVersion\Policies\System' /v EnableCursorSuppression /t REG_DWORD /d 0 /f " Invoke-Exe cmd.exe -Arguments "/c reg unload HKLM\Offline" | Out-Null } #endregion #======================================================================= Write-SectionHeader "Moving OSDCloud Logs to IntuneManagementExtension\Logs\OSD" #======================================================================= if (-NOT (Test-Path 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\OSD')) { New-Item -Path 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\OSD' -ItemType Directory -Force -ErrorAction Stop | Out-Null } Get-ChildItem -Path X:\OSDCloud\Logs\ | Copy-Item -Destination 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\OSD' -Force if ($Global:Homburger.Development -eq $false){ Write-DarkGrayHost "Restarting in 20 seconds!" Start-Sleep -Seconds 20 wpeutil reboot Stop-Transcript | Out-Null } else { Write-DarkGrayHost "Development Mode - No reboot!" Stop-Transcript | Out-Null }