You have already seen how using provisioning packages as part of your dynamic provisioning of Windows 11 can simplify your deployment processes.
The Windows Configuration Designer tool can be installed from the Microsoft Store as an app, which allows it to be regularly updated. Alternatively, you can install the Windows Configuration Designer tool as part of Windows ADK.
The WCD interface is simple, and common tasks are offered using the available wizards, which can be used to create a provisioning package that can be used in the following environments:
- Provision desktop devices Provides the typical settings for Windows 11 desktop devices.
- Provision Windows mobile devices Provides the typical settings for Windows 11 mobile devices.
- Provision HoloLens devices Provides the typical settings for Windows 11 Holographic devices, such as HoloLens headsets.
- Provision Surface Hub devices Provides the typical settings for Surface Hub devices.
- Provision kiosk devices Provides the typical settings for a device running a single app.
- Advanced provisioning Enables you to view and configure all available settings. Choose this option if you are unsure which specific package type to use.
Most provisioning packages will be aimed at provisioning Windows 11 desktop devices and will use the advanced configuration option because this allows the greatest customization.
Provisioning packages offer administrators a quick and simplified mechanism to configure devices securely. Once created, the settings within a .ppkg file can be viewed using the WCD and edited using the built-in wizards or the advanced editor. When provisioning packages that need to be deployed to remote devices, they can be protected using encryption and signed.
Several usage scenarios for provisioning packages are shown in Table 1-3.
TABLE 1-3 Usage Scenarios for Provisioning Packages
| Scenario | Phase | Description |
| New devices with Windows 11 need to have apps deployed to the devices. | New device | Provisioning packages can be used to deploy apps to devices. |
| Existing Windows 11 Pro devices need to be upgraded to Windows 11 Enterprise. | Upgrade | Provisioning packages can be used to change the Windows edition by deploying product keys or licenses using the Edition Upgrade settings. |
| You must update device drivers on Windows 11 devices. | Maintain | Provisioning packages can be used to deploy device drivers to devices. |
When using provisioning packages, you might need to troubleshoot them if devices are not configured as expected.
There are several areas on which you can focus your attention when troubleshooting provisioning packages, as follows:
- Configuration errors and missing customizations
- Expired Azure AD Token
- Export errors, including encryption and signing issues
- User issues
- Advanced troubleshooting
If you have deployed the .ppkg file to multiple devices, and they have all failed to process the required changes, then you should first inspect the provisioning package. Locate the project file (with the .icdproj file extension) and open it using the WCD. You should then inspect the settings and confirm that they match your expectations and the design specification or change the documentation for the provisioning package.
If you use the configuration wizard to configure automatic enrollment into Azure AD, you should ensure that the bulk token embedded inside the provisioning package has not expired. By default, this token is set to expire one month after creation, though you can manually set the token expiry date to 180 days after the creation date. If the package is used after the Bulk AAD Token has expired, the package will fail to install. You must edit the package, apply for a new Bulk AAD Token, and re-export the package.
After verifying the customization settings are correct, you should export the package again. Increment the version number to avoid confusion with the package’s previous version. Packages with the same versioning number will not be applied to the same target device twice.
If issues are suspected with either the encryption or signing of the package, you can export without these enhancements and redeploy to your test machine to determine whether the issue remains.
For users, devices can be configured by placing the provisioning package on a USB drive and inserting it during the initial OOBE setup phase. Windows Setup should automatically recognize the drive and ask the user if they want to install the provisioning package. If the package is not recognized, check that the file is in the root directory of the USB drive.
You can use the Windows Performance Recorder to perform advanced troubleshooting for provisioning packages on user devices. The Windows Performance Recorder in the Windows Assessment and Deployment Kit (Windows ADK) offers advanced Event Tracing for Windows. The system events recorded by this tool can be analyzed using Windows Performance Analyzer, available from the Windows ADK or Microsoft Store.
Leave a Reply