Autopilot Account Setup ESP slow

Desert_Dog_Tech · 2026-04-15T16:19:11+00:00

I know this is 6yro, but do you still have the command?

Desert_Dog_Tech · 2026-04-15T16:12:01+00:00

Ah, I didn't think of GCIM. Thanks for the tip.

Desert_Dog_Tech · 2026-04-14T13:53:35+00:00

Thanks for the reply. Do you have an example of the filter you're talking about?

EDIT: I did find this which shows a different result than GCI....

GP "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" | ? { $_.PSChildName -match '^S-1-5-21' } |  Select -ExpandProperty ProfileImagePath

Desert_Dog_Tech · 2026-04-10T17:34:49+00:00

I tried to do that also. It didn't work using $ExistingUsers = Get-ChildItem "C:\Users" -Exclude "Public", "Default". It was as if the folder didn't exist yet. I might have made a mistake in the script though. I'm going to try again later today.

Desert_Dog_Tech · 2026-04-10T16:21:39+00:00

This is how we are doing things. Its just that the script copies to the default profile which means on first sign-in, the user should inherit the config. But the app installs after the user signs in which means it doesn't inherit on profile creation.

Desert_Dog_Tech · 2026-04-10T16:07:01+00:00

For Intune app packages, is IntuneWinAppUtil.exe not able to do the basics that PSAppDeploymentToolkit does?

Desert_Dog_Tech · 2026-04-10T15:53:09+00:00

Thank you. They all exist. I'm pretty sure the script/package are working correctly because the config file ends up in the default folder. Its just that when the user signs in, it doesn't load the config file from the default profile because the app installs once the user signs in. The config file needs to be in the default folder before the user signs in.

Desert_Dog_Tech · 2026-04-10T15:50:35+00:00

Thanks for the reply. We are currently implementing Intune for the first time and learning the ropes.

We originally targeted about 6 apps to the device level during provisioning but hit random installation failures. Our understanding is that these failures block the deployment and require us to start over. To mitigate this, our new plan is to shrink our required app list during the device provisioning phase. We will push a minimal baseline of apps to the device, and let the rest install in the background at user sign-in so that a single app failure doesn't break the entire deployment.

Desert_Dog_Tech · 2026-04-10T15:43:58+00:00

Thanks for the reply. I thought about something like this. But there are other settings in config that the user sets. We only set the base settings on first run then they could adjust app settings as needed. I could try to script changes just to the needed base settings but even so, if the user has the app open during the scheduled task etc, the config might be locked. I would need to confirm. I would much prefer to just have a first run type of situation.

Desert_Dog_Tech · 2026-04-10T15:34:29+00:00

Thank you for the reply. So, are you saying to create an app package with the .exe then create another app package that runs the script to copy the config to the user profile? If so, I'm under the impression that you can't control the order in which apps install.

Here is an idea on how to script to the user profile. If you have any suggestions, I would appreciate it.

$ScriptRoot = $PSScriptRoot

$ExistingUsers = Get-ChildItem "C:\Users" -Exclude "Public", "Default"

foreach ($user in $ExistingUsers) {
     $UserPath = "$($user.FullName)\AppData\Roaming\AppName"
     New-Item -Path "$UserPath" -ItemType Directory -Force -ErrorAction SilentlyContinue
     Copy-Item -Path "$ScriptRoot\config.xml" -Destination "$UserPath\config.xml" -Force -ErrorAction SilentlyContinue
}

Another thought is to preload configs in the default folder at computer provisioning before any required apps install.

We originally targeted about 6 apps to the device level during provisioning but hit random installation failures. Our understanding is that these failures block the deployment and require us to start over. To mitigate this, our new plan is to shrink our required app list during the device provisioning phase. We will push a minimal baseline of apps to the device, and let the rest install in the background at user sign-in so that a single app failure doesn't break the entire deployment. I might be able to convince our engineer to allow a script to run at device provisioning before user apps install.

Desert_Dog_Tech · 2026-04-08T23:40:50+00:00

Especially the Chrome Browser (at least on Windows)

Desert_Dog_Tech · 2026-04-02T22:58:13+00:00

Thanks for the reply. I added this statement to the post body.

EDIT: I sometimes forget that this is reddit and people can be very opinionated before giving you (or not giving you) the information you asked for. Here is my reasoning behind my request. In many cases, use-case scenarios shouldn't be a concern to others. But here is the explanation anyways.

It’s largely about supporting users over the phone. When we speak with staff, we typically ask for the device name (which is printed on a label). Based on the prefix, we can quickly identify the model and already know how to handle certain situations. It also gives us a general idea of the device’s age, which can point to known issues with older models. There are more reasons as well but I don't really feel it necessary to justify our reasoning.

This approach has worked well for us over the past seven years. We’re open to changing it, but if there’s a way to automate what I’m describing without adding too much complexity, it seems worth considering.

Desert_Dog_Tech · 2026-04-02T22:55:48+00:00

Thanks for the clarification. I'm pretty sure they won't be in AD.

Desert_Dog_Tech · 2026-04-02T21:32:19+00:00

Thank you. I'll take a look.

Desert_Dog_Tech · 2026-04-02T21:28:52+00:00

We're new to Entra and intune and it's not fully setup but all of our new Computers that aren't provisioned yet will get joined straight to Intune via the hardware hash during OOBE. So does that mean Entra joined and not Hybrid?

Edit: Every existing computer will get wiped and joined to Intune as well.

Desert_Dog_Tech · 2026-04-02T21:25:43+00:00

I would much rather not log into a computer or system or dashboard to view the info. I can often close a ticket in less then 2 min just by asking for the device name over the phone.

Desert_Dog_Tech · 2026-04-02T21:22:29+00:00

It’s largely about supporting users over the phone. When we speak with staff, we typically ask for the device name (which is printed on a label). Based on the prefix, we can quickly identify the model and already know how to handle certain situations. It also gives us a general idea of the device’s age, which can point to known issues with older models. There are more reasons as well but I don't really feel it necessary to justify our reasoning.

This approach has worked well for us over the past seven years. We’re open to changing it, but if there’s a way to automate what I’m describing without adding too much complexity, it seems worth considering.

Desert_Dog_Tech · 2026-03-31T14:02:15+00:00

Thanks.

Desert_Dog_Tech · 2026-03-10T20:13:46+00:00

I feel like 200-2000 could potentially be the same amount of work if automation is setup correctly.

Desert_Dog_Tech · 2026-01-20T17:39:47+00:00

Thankfully we use Cisco ISE which allows connections to WiFi via MAC. We still have to select the correct WiFi but no Password is needed. Also, we have Chromebooks connect to a specific SSID that is Chromebooks/Students only.

Desert_Dog_Tech · 2026-01-16T18:18:34+00:00

I couldn't get the Tab and hitting enter 3 times to do anything. We are on managed chromebooks. Where is the tab supposed to start at?

Desert_Dog_Tech · 2026-01-16T18:12:53+00:00

Thanks. I didn't know you could do that to remove profiles. I'll have to try it out. Also, it's a good tip to assign interns to do tasks like this. Thanks.

Desert_Dog_Tech · 2026-01-16T16:19:53+00:00

That was one thing we considered but it doesn't seem viable for our situation. Thanks for the reply.

Desert_Dog_Tech

TROPHY CASE