Latest posts by Kyle Beckman (see all)
- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
In larger organizations, new desktop and laptop computers typically receive a clean operating system (OS) load using some kind of OS deployment solution, such as System Center Configuration Manager (SCCM) or the Microsoft Deployment Toolkit (MDT). This may be because IT doesn’t trust (or want to deal with) the OEM load of software or that IT wants full control of the software load. However, if you have to deal with smaller groups of computers or computers that end users can purchase using corporate funds, reloading the OS may not always be an option. In these scenarios, you can use the Windows Imaging and Configuration Designer (WICD) to configure the device.
In this article, I’ll configure some of the common settings for a corporate-owned device. If you need help with installing WICD, creating a package, and exporting the package, follow the link to our previous coverage.
Upgrading edition to Enterprise ^
One of the big new features in Windows 10 is the ability to upgrade the Windows edition without the need to reload the OS. To upgrade a Windows 10 Professional computer to Enterprise edition, go to Runtime settings, EditionUpgrade, UpgradeEditionWithProductKey and set the text field to a valid Enterprise key.
Upgrading Windows 10 edition with Windows Imaging and Configuration Designer
After a reboot, the Pro system will be converted to Enterprise. Just be aware the process can take several minutes to complete. When the process begins, you’ll get a window that says “Preparing for upgrade” that includes a status percentage. Mine sat at 100% for quite a while, but your mileage may vary depending on the hardware you’re using.
Adding the computer to Active Directory ^
To add a computer to Active Directory, go to Runtime settings, Accounts, Computer Account. Set the following settings:
- Account – A user account in AD that can add the computer to Active Directory. I’ve had the most success using firstname.lastname@example.org as opposed to domain\username.
- Password – The password of that account.
- DomainName – The full DNS name of your Active Directory domain.
- ComputerName – The name of the computer when it is added to AD. You can use the variables %SERIAL% (to set the computer name to the serial number) or %RAND:x% (where “x” is a number 15 or less that sets the computer name to a random name). You can also use an asterisk (*) to set the computer name to a random 8-digit name.
- AccountOU – The full LDAP path to the OU where the computer will be stored in Active Directory. If you leave this field blank, the computer will be stored in Computers. The format you should use is: OU=SubOU,OU=TopOU,DC=subdomain,DC=domain,DC=extension. As an example: OU=workstations,OU=test,DC=corp,DC=contoso,DC=com
Adding a local Admin account ^
If you disable the built-in Administrator account and create a custom local Admin, you can create the local account using WICD. Go to Runtime settings, Accounts, Users. Type the name of the account and click Add. Go to the new UserName section that is created, enter the password of the account, and set the UserGroup to Administrators.
Additional configuration ^
WICD is also capable of adding Wi-Fi networks, certificates, and many of the policies that are available in Group Policy. We covered these settings in our BYOD article, but most of them also apply to corporate-owned devices.
If you’re using WICD for provisioning your corporate-owned devices, we’d love to hear how it is going for you in the comments!