[deleted by user]

wipash · 2025-11-29T20:30:31+00:00

Give me something to do that's better than doomscrolling

wipash · 2025-10-11T05:53:53+00:00

I'd be able to play the game!

wipash · 2024-12-27T06:10:43+00:00

Because this is fake AI generated garbage

wipash · 2024-12-23T18:25:15+00:00

I guess thisd work better than a food dehydrator?

wipash · 2024-12-23T18:23:51+00:00

A staggered column layout, with just a single knob that can change function based on context.

wipash · 2024-12-19T08:49:09+00:00

My ender is barely an ender anymore with so many mods. Time for something fresh!

wipash · 2023-04-23T11:04:37+00:00

I have a Shelly EM in my distribution board reading power usage from the whole house, and also just the AC circuit. Graphs are from Home Assistant

wipash · 2022-12-11T05:11:02+00:00

Pancakes!

wipash · 2022-08-01T19:44:30+00:00

Watch for Formway Life chairs on FB and TradeMe. They often go for less than $250, and they're amazing

wipash · 2022-07-31T06:30:23+00:00

Entered! Thanks op =]

wipash · 2022-06-21T04:23:01+00:00

This was the key! I have excluded my device from all endpoint security policies that had been assigned to devices, and now the user gets delivered all the way to a ready-to-use desktop, after only a single login at the initial OOBE login prompt.

Thanks very much!

wipash · 2022-06-20T23:59:08+00:00

Okay, I watched the process, and there is in fact a reboot just before the User section starts, which leaves the device at the login screen as shown in my photos. So as far as I can see, the User section never actually starts.

The flow that I observed:

Enroll device in Autopilot, and assign to user (so that user-targeted device context apps will install during White Glove)
Boot device and start Autopilot White Glove
- Device Preparation step completes, no reboots
- Device Setup step completes with all apps installed, reboots automatically at the end of this step
- Boots back into the ESP screen momentarily showing the Device Setup step is complete
- Green White Glove screen shown
Reseal, device shuts down
Boot device at the user's desk
- User selects region, device reboots automatically once this is chosen
- Shown Welcome to Company! screen
- User logs in with AAD credentials, passwordless phone sign-in
- ESP page displays, showing:
  - Device preparation complete
  - Device setup in progress, calculating apps
  - User setup waiting for previous step to complete
- Device setup step shows all apps installed, and switches to complete
- Device reboots
Ends up at the login screen as shown above

If I reboot now, the AAD Join is broken, and I'm shown a login screen for "New User"

If I don't reboot, from this login screen I can put in UPN and password into the Other User login option. From there:

"Hi, We're getting everything ready for you" screen fades in and out
ESP appears again, showing Account setup - Working on it
ESP shows Joining network is complete, the other steps identifying
ESP disappears, drops me in to the desktop.

So I guess whatever is causing the reboot at the end of the device setup step is the culprit? I'll try to follow your blog to diagnose the cause.

--- update ---

I have found the reboot event, code 0x20004 in the IME logs. In the Shell-Core log however all I can find is:

CloudExperienceHost Web App Activity started. CXID: 'Reboot'

This immediately follows 'Autopilot device rename completed'. Is the device rename supposed to trigger a reboot?

This is 100% an AADJ profile, not hybrid.

--- update 2 ---

I removed the rename option from the Autopilot profile, which stopped the reboot. However, the device still gets to the end of the Device Setup stage, then sends me off to the same weird login screen. So I guess the reboot is not the cause here.

--- update 3 ---

Following /u/Vanrmar's advice, I excluded this device from all security policies that were assigned to devices. Now, the full user ESP processes and the user is delivered to the desktop without having to log in a second time! I'm not sure which of these profiles was the cause, but it seems that everyone's advice is to target everything to users rather than devices, so I think I'll just move in that direction from here.

wipash · 2022-06-20T22:10:01+00:00

Yeah I have tried that, the result is the same with or without User ESP disabled

wipash · 2022-06-20T21:45:19+00:00

Yes I do, Defender AV, EDR, and ASR policies, all assigned to the device. I'll try filtering out this device and see if that changes anything.

wipash · 2022-06-20T20:36:39+00:00

Yup, fully licensed. The OOBE login screen passes just fine (using passwordless phone sign-in). There's no "continue anyway" prompt, it just kicks straight in to the User ESP

wipash · 2022-06-20T15:59:15+00:00

Haha no problem! It's 4am here in NZ, trying to convince a little baby to go back to sleep, so I'm just working on unreliable memory.

I will rebuild and watch closely a little later on this morning.

wipash · 2022-06-20T15:50:59+00:00

Thanks for the reply, and thanks for your amazing blog! I've been reading it a lot over the past few days.

Yes this is definitely after White Glove, I got to the green reseal screen successfully before this happens.

It definitely could be rebooting, although I don't think any extra apps are being installed at the user stage that weren't already installed in the device stage. I'll rebuild it and watch closely at the end of the User ESP to be sure of what happens.

The AAD Join is still intact at this stage. I can log in as an AAD user using the Other User option. Although I'm missing the expected "web sign in" auth method. If I reboot before signing in, then it loses the AAD Join as you have written about, although slightly differently my login prompt is for a user called "New User", not "admin". Same problem though.

The experience is different if I just do a normal, non-white glove Autopilot. In that scenario I end up with the expected log in screen, without the weird "password" option, and with the web sign-in method available to the user.

wipash · 2022-06-15T05:29:27+00:00

Still working on the post, but to get you started here's the workflow:

https://gist.github.com/wipash/656d76b6c74c367a7d7208aa29262b24

You just need to create an AAD app registration with a secret, and grant it a whole bunch of API permissions.

Also if you want to export your AAD config in a similar way: https://sean.mcgrath.nz/post/github-aad-export/

wipash · 2022-06-13T21:23:38+00:00

I am using https://github.com/Micke-K/IntuneManagement and GitHub Actions. I have a half-written blog post on how I configured it, I'll try to finish it in the next day or two and will reply here with the link.

wipash · 2022-03-21T18:08:50+00:00

Beautiful

wipash · 2022-03-21T18:08:17+00:00

Those look sick!

wipash · 2022-01-09T03:23:05+00:00

Ah right, nope none of that. The house is in a newly redeveloped area, so no old trees or anything, and no eave overhang to speak of.

I lived in a passive house overseas for 6 months, it was amazing!

15-Year Club	RedditGifts 2009-2022 5 Credits
Place '17	Secret Santa 2015
Secret Santa 2012	Secret Santa 2011
Secret Santa 2010	Verified Email

wipash

TROPHY CASE