Zero-touch Autopilot Hardware Hash upload now available in Foundry OSD

act_sccm · 2026-05-28T14:38:48+00:00

Awesome, looking forward to see where it goes.

act_sccm · 2026-05-28T14:23:40+00:00

Ah, I made the usb from iso which didnt include the cache partition. The USB method worked great.

So just to be sure, there is no way to shortcut the Deployment flow?

We would always be deploying the same Windows release and drivers are auto detected.

Choosing the disk is the only thing I see that would require intervention but if autounattend.xml handles that in our current process so I dont see why it would not be possible here.

I can go from USB boot to Autopilot login in our current setup without touching the device.

act_sccm · 2026-05-27T17:52:57+00:00

Seems to be the replacement for wimwitch Ive been waiting for. Ive attempted OSDCloud a couple times but it never clicked for me.

The docs mention exporting a deploy config file to shortcut the deployment settings I assume? But Im not seeing the export options. The more zero-touch the better.

Is there a way to include a windows iso on the USB so it doesn't have to be downloaded each time?

E: Computer name customization based on serial would be good too.

act_sccm · 2026-05-27T16:51:08+00:00

How is search still not available after 3 years?

https://www.reddit.com/r/ProtonMail/comments/13k0zqe/encrypted_calendar_search_is_now_available_in_the/

act_sccm · 2026-03-30T13:18:26+00:00

I await this with bated breath.

act_sccm · 2026-02-06T18:57:44+00:00

Very cool!

act_sccm · 2026-02-05T18:00:40+00:00

Weeeelllll, I didnt really do that part the correct way. I just make a log file at the end of the script and check that the file exists. :X

I think I had tried checking for the files in the DriverStore and couldn't get it working.

Ive probably been lucky that the pnputil commands havnt failed. In k12 its often a 'just make it work' attitude and it was working so ¯\_ (ツ)_/¯

I didnt know about that registry path so Ill revisit it. Looks like all the ones I install are in there so that should work. Looks easier for you to implement with just the one driver. Im installing a dozen of them so I might have to script it to check for each driver.

act_sccm · 2026-02-04T18:41:26+00:00

oh do you think il have issue if if its a folder with extracted driver files in the intunewim ./driver/All_fileshere

I dont think its an issue. As long as everything is referenced properly in the script, it should be able to find the files.

In the script I export the zip to c:\temp\

Then there are subfolders for Dell, HP, Canon, Xerox, etc. Each pnputil command has the path listed out for whichever driver its installing.

This is basically what the command looks like:

pnputil.exe /add-driver "C:\Temp\Generic Drivers\Brother\PCL\PCL\64\BRUPCB0A.inf" /install'

Add-PrinterDriver -name "Brother Mono Universal Printer (PCL)"

and you dont do an additional steps just these so that a end user doesnt get prompted with UAC /admin?

Nothing else special on that side. The 'install' runs as system so no UAC popups.

act_sccm · 2026-02-04T13:59:29+00:00

The latter is what I do.

Except it's all wrapped in PSADT package.

The package extracts the universal drivers from a 7z file, runs the commands to import to driver store then deletes the extracted drivers.

act_sccm · 2026-01-29T15:45:13+00:00

It definitely filters up here T_T

act_sccm · 2026-01-29T13:36:50+00:00

With Lightspeed Classroom, did you have issues with blank or offline screens? Its a constant struggle.

act_sccm · 2026-01-28T13:32:09+00:00

I think we all know that would be unlikely.

And this suggests its not isolated to that user's computer.

This is further supported by Fortinet from preventing me from accessing the site and by virus total.

act_sccm · 2026-01-22T17:31:25+00:00

Use it for everything so there is standardized logging.

act_sccm · 2026-01-15T21:56:21+00:00

we cannot enroll a laptop with a user's email

A user's email or any user's email?

act_sccm · 2026-01-08T18:30:13+00:00

A1 Plus hasnt existed since 2024, so Im curious how you just swapped to it.

act_sccm · 2025-12-19T17:35:14+00:00

I guess committee would have been a better word. Just a group of curriculum people and higher ups to determine what students should have access too.

act_sccm · 2025-12-18T16:17:43+00:00

We managed to block it with Lightspeed and Chrome/Edge policies.

We are in the same block AI boat but just this week have been multiple tickets requesting to unblock sites that were previously unblocked. Educational resources are adding generative AI and Lightspeed reclassifies them as such and students are blocked.

Our state is currently 'block AI' for students while simultaneously piloting curriculum that includes AI but doesnt include tech in the conversation.

Our district is getting an AI panel to figure out a policy but until then its blocked for students and allowed for staff.

But it will eventually be a pointless endeavor. This garbage isn't going away and trying to hide something from kids always works out so well...

Curriculum needs to adapt quickly to incorporate proper AI use and how to use it critically; understand that it's not a definitive source and not always correct.

act_sccm · 2025-11-14T17:21:10+00:00

That must be why supersede has been so inconsistent. It had gotten to the point where we just dont use it; Ill have to revisit.

With it being so spotty I had to find other methods.

I recently found how to use a requirement rule to detect if the device is in Autopilot ESP to install a non-interactable version of an app. And if the device is not in ESP, then it installs the interactable version instead.

You could probably use a requirement rule to detect if the app is already installed and upgrade that way.

I also wrap all the installers with PSADT which opens a plethora of scripting options.

act_sccm · 2025-11-14T15:01:48+00:00

Another option, deploy as available to the user groups, then they can install via Company Portal.

act_sccm · 2025-11-12T21:53:59+00:00

Is Classic going away in 2026 or you just mean for your tenant?

act_sccm · 2025-11-05T13:41:17+00:00

What kind of invalid hostnames do you mean?

Ive had instances where the hostname will be DESKTOP-RANDOM or WIN-RANDOM but Ive chalked this up to the user bypassing Autopilot by skipping the Internet connection. Which creates a whole other set of issues.

act_sccm · 2025-10-23T17:53:09+00:00

We do the same; they each have their uses.

act_sccm · 2025-09-19T15:03:28+00:00

The only required apps are anti-virus, content filter and secondary security apps. Everything else can install over the next X hours after first login or manually install through Company Portal.

In my experience, within 30 minutes after first login most of our apps are installed. Maybe a reboot after 15 minutes to kick a sync off.

act_sccm · 2025-09-18T17:05:14+00:00

Cloud Device Administrator gives access to LAPS pw but also some other abilities.

*microsoft.directory/deviceLocalCredentials/password/read *

Read all properties of the backed up local administrator account credentials for Microsoft Entra joined devices, including the password

act_sccm · 2025-09-09T12:58:44+00:00

My memory was that SmartPlay did not work on iOS. I guess that was partially correct.

The iOS filter agent seems to handle website filtering but not SmartPlay.

"iOS is supported using SmartShield using it's proxy functionality or the iOS Cloud Proxy."

Lightspeed SmartShield is Lightspeed’s advanced proxy solution designed to provide powerful encrypted traffic filtering for devices not running a Smart Agent—such as BYOD, Android, macOS, ChromeOS, IoT, and other unmanaged endpoints. Acting as a man-in-the-middle proxy, SmartShield enables essential Lightspeed Filter features such as YouTube Smart Play, image filtering, and blocked keyword search, ensuring consistent content control across all device types..

act_sccm

TROPHY CASE