In partnership with Dell Configuration Services, VMware Workspace ONE UEM supports creating provisioning packages to install applications and configurations on Dell Windows 10 devices prior to factory shipping.
The following guide outlines TestDrive's Workspace ONE UEM Factory Provisioning process in the ready to use environment, testdrive.awmdm.com.
Before You Begin
You need the following before you begin:
- TestDrive account in testdrive.vmware.com with enabled ready to use Workspace ONE UEM product.
- A VMware Fusion/VMware Workstation Windows 10 Pro VM or a supported Dell machine (contact your Dell Configuration Services representative). This guide is written for a VM with physical machine notes.
- Windows 10 ISO from either MSDN, Microsoft Volume License site or here.
- A USB drive to transfer provisioning package files and the tool to the VM.
- Windows machine must be connected to the Internet.
- Workspace ONE UEM administrator roles*:
- Intelligence & Tenant Administrator at TestDrive - Use for provisioning package management.
- Device Administrator at World Wide Enterprises - Use for device management.
*Due to provisioning functionality design and requisite environment restrictions, two administrator roles need to be utilized in testdrive.awmdm.com.
- Dell Provisioning: VMware Workspace ONE Operational Tutorial
- Dell Provisioning product documentation
Dell Provisioning for VMware Workspace ONE UEM allows both Dell and VMware customers to reduce IT touch and user downtime to virtually zero!
Dell Provisioning for VMware Workspace ONE is enabled through an innovative Windows feature that supports creating provisioning packages (configuration containers for device settings) that lets admins quickly and efficiently configure a device without having to install a new image. VMware Workspace ONE UEM customers can utilize these small PPKG files for capturing desired customizations. Dell Provisioning eliminates the need for customers to send an entire Windows image containing all of their Win32 apps to the factory, Dell.
Dell Provisioning is valuable to enterprises as it allows the device to ship directly from Dell to the user, removing costly distributor, integrator, and IT touch steps. Furthermore, the provisioning package can be reapplied automatically after a factory reset (device wipe) keeping the computer in a production-ready state.
1 - Set up apps
- App setup follows the Workspace ONE UEM console's friendly and familiar internal app management flow.
- Internal apps, uploaded in the console's Apps & Books section, are eligible for export to PPKG.
App setup is the foundation to package (PPKG) creation.
- App deployments are currently supported for device context, not user.
- Apps with MSTs or MSPs will fail to deploy as those additional patches are for SG-specific deployment. Re-package or zip the app with the MST/MSP already included.
2 - Create Configuration File (unattend.xml) and PPKG
This video (5:46 min) shows the entire process, starting with creating the provisioning package to simulating the imaging process to the user working in Windows within Workspace ONE app! Additionally, the following troubleshooting steps are demonstrated in the video: profile troubleshooting, user cert verification via the MMC, and running mdmagent.exe.
Obviously, the linked video is edited. The process takes about between 15-18 minutes real time. Your results will vary, depending on machine resources, PPKG size, handiness with the USB drive, network performance, etc.
- Packages are, simply put, a collection of the Win32 applications with configurations that you require in your machine image.
- PPKG file creation is streamlined by Workspace ONE UEM's innovative Factory Provisioning Service.
- The configuration file (unattend.xml) creation screen contains helpful tool-tips for each available parameter.
- Workspace ONE UEM provides a convenient dashboard listing the provisioning package's configuration file (unattend.xml) and PPKG status and download links.
Dell Factory provisioning requires a pair of files, the PPKG and the unattend.xml. The PPKG contains the image's apps and the unattend.xml instructs the Sysprep process. Workspace ONE UEM contains an innovative UI wizard that guides the admin through creating both the PPKG and the unattend.xml files.
First, name the provisioning package. Description is optional.
Next, select your on-boarding type, Dell Factory Provisioning.
Next, on configurations, you'll set the parameters for the unattend.xml.
Defaults are preset to typical settings. Each parameter contains informative tooltips to help guide you. Click a for details. In the screenshots below, the Remove Windows 10 Consumer Apps tool tip is active.
In testdrive.awmdm.com, the Windows staging and provisioning system settings for Workspace ONE Enrollment are not viewable due to admin role restrictions. We've provided them herein. Use this Windows staging information:
Enrollment Server: https://testdriveds.awmdm.com
Enrollment OG: corp
Staging Account: email@example.com
Staging Account Password: EN;1Uk
Proceed to the applications window. Select the apps needed in your package (PPKG).
TestDrive PPKG Creation Notes:
- Dell Command | Monitor is provided for users with supported Dell hardware. If you attempt to apply a PPKG with Dell Command | Monitor on something other than Dell hardware, e.g., a VM, the PPKG installation will fail.
- Keep the PPKG small for a live demo. For example, Office 365 Pro Plus is a large app (2 GB). Needles to say, because of its size, it's not recommended to put in a PPKG for a live demo.
Click next to proceed to the summary screen. Review your configurations.
Then save and export.
Your completed provisioning package will show up on the dashboard. View its status.
After a few minutes (wait time increases as PPKG size increases), check back in the console for the unattend.xml and PPKG files. You'll need to refresh the page for the PPKG download link to update. When ready, you'll see each available for download.
3 - Image Simulation & Sysprep
Now is the time when the IT admin would send the organization's PPKGs and unattend.xml files to Dell for imaging devices before they ship from the factory. The following section simulates the imaging process in a virtual machine.
(In production, not as simulated herein, your organization must participate in Dell Configuration Services. For more information, see https://www.dell.com/en-us/work/learn/system-configuration.)
The VMware Workspace ONE Provisioning Tool for Windows is a testing tool that's used to simulate what happens at the factory. This tool sets up the VM with the PPKG and runs Sysprep which follows the unattend.xml's parameters. Follow the below link to download the VMware Workspace ONE Provisioning Tool for Windows from My Workspace ONE:
Use a Windows 10 Pro x64 VM. You'll must enable audit mode. To enter audit mode, during Windows setup, when Windows enters the OOBE phase, do one of the following:
- Fusion: SHIFT+FN+CONTROL+F3
- Workstation: CTRL+SHIFT+F3 or CTRL+SHIFT+FN+F3 (on some laptops)
After successfully initiated, the machine will reboot into audit mode. The System Preparation Tool (Sysprep) will be running: ignore it.
Stage the following on the desktop. Here's where you need a USB drive.
- Provisioning Tool ZIP (extracted)
Remove USB drive after copying files.
Run VMwareWS1ProvisioningTool.exe (within the extracted ZIP).
Select the PPKG and unattend.xml.
Apply Full Process and restart.
The tool will display its progress in the side status area.
After restart, the machine will read the unattend.xml configuration, setting the device's system configuration and proceeding through enrollment with Workspace ONE UEM. Depending on your unattend.xml file's parameters, your login experience will vary.
Log in with the user set in step 2. The factory provisioning process will complete on the machine after a few minutes (depends on your machine's hardware resources).
The device's Workspace ONE provisioning will also soon begin to take place. Soon after the desktop loads, you should be presented with Hub authentication. Log in with your user in order to finalize device registration with Workspace ONE UEM (If you don't log in, the device will remain with the staging user.).
After a successful Hub login, before proceeding to Workspace ONE demo, check for the user cert profile on the device, which, among the many other managed profiles, may not have landed on the device yet:
- In the console, check your device's profiles view for the installed user cert profile:
WWE - Windows - User Cert
- On the machine, open MMC, add certificates for user context, and look in the personal store. Verify if your user cert has been installed by Workspace ONE UEM. If it has not, wait. You can run the mdmagent command to sync the machine to console's device services.
Now the device is under Workspace ONE UEM management.
For a deeper demo on your managed device, reference the Windows 10 - Endpoint Management guide.
- Delete your device record.
When you're finished, be sure to delete your device record, as re-enrolling into the old device record may produce undesirable initial results for your demo.
In device details, click more actions > delete device.
- PPKG installation:
- Primary Log: C:\ProgramData\Airwatch\UnifiedAgent\Logs\PPKGFinalSummary.log
- Registry: HKEY_LOCAL_MACHINE\SOFTWARE\AIRWATCHMDM\AppDeploymentAgent
- Sysprep process:
- C:\Windows\System32\Sysprep\Panther\setuperr.log and Setupact.log.
- C:\Windows\Panther\setuperr.log and Setupact.log
- C:\Windows\Panther\Unattendgc\setuperr.log and Setupact.log