Windows Autopilot streamlines the setup of new devices, allowing administrators to pre-configure devices for end-users without requiring physical handling. To enroll a device in Autopilot, certain device properties—like the serial number and hardware hash—are required. These can be retrieved using a PowerShell script that leverages Windows Management Instrumentation (WMI).
In this post, I’ll guide you through the process of gathering device properties, both offline and online, for Autopilot registration. This script does not collect a Windows Product ID (PKID), which is expected, as the PKID is not required for registration.
TLS Version Requirement
Before gathering Autopilot information, note that the PowerShell Gallery no longer supports Transport Layer Security (TLS) versions 1.0 and 1.1 as of April 2020. If your system is not using TLS 1.2 or higher, you may encounter an error when accessing the PowerShell Gallery.
To ensure your system uses TLS 1.2, run the following command:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12This command sets the correct security protocol for connecting to the PowerShell Gallery and should prevent any errors related to TLS.
Offline Gathering of Autopilot Properties
To gather Autopilot device information offline, follow these steps:
- Install the PowerShell Script: Use the following command to install the necessary script from the PowerShell Gallery:
Install-Script -Name Get-WindowsAutopilotInfo- Bypass Execution Policy: Set the execution policy to bypass to allow the script to run:
Set-ExecutionPolicy -ExecutionPolicy Bypass- Gather the Device Information: Use the script to collect the hardware hash and serial number, and output the information to a CSV file:
Get-WindowsAutoPilotInfo.ps1 -Output C:\HWID.csv- Upload the Device Information: After the CSV file is created, sign in to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com) with your administrator account and follow these steps:
- Navigate to Devices > Enrollment in the left-hand menu.
- Select Windows from the tabs at the top.
- Click Devices, then select Import and upload the
HWID.csvfile that you created.
- Assign an Autopilot Enrollment Profile: It may take a few minutes for the device to be assigned an Autopilot profile. To check the status:
- Go to the Windows Autopilot devices screen in Endpoint Manager.
- Select your newly imported device.
- Check the Profile status and Assigned profile fields to ensure the enrollment profile has been applied.
Online Gathering of Autopilot Properties
You can also gather Autopilot device information online. This method allows the device to automatically upload its hardware hash to the Microsoft Endpoint Manager console.
- Install the PowerShell Script: Install the script as before:
Install-Script -Name Get-WindowsAutopilotInfo- Bypass Execution Policy: Set the execution policy to bypass:
Set-ExecutionPolicy -ExecutionPolicy Bypass- Gather Device Information Online: Run the script to collect the hardware hash and other properties online:
Get-WindowsAutoPilotInfo.ps1 -Online- Authenticate: After running the script, you will be prompted to enter credentials. You must use an account with Device Administrator access in Endpoint Manager. Once authenticated, the device’s hardware hash will be automatically uploaded to the console.
Conclusion
By using the Get-WindowsAutopilotInfo PowerShell script, you can quickly gather the necessary properties—such as the serial number and hardware hash—needed to register devices with Windows Autopilot. Whether gathering this information offline or online, this process simplifies Autopilot enrollment, allowing you to efficiently configure devices for end-users.
Leave a Reply