Create a provisioning bundle

  • Article
  • vi minutes to read

Applies to

  • Windows ten
  • Windows 11

Yous can use Windows Configuration Designer to create a provisioning parcel (.ppkg) that contains customization settings, and so apply the provisioning package to a device running Windows client.

Learn how to install Windows Configuration Designer.

Tip

We recommend creating a local admin account when yous develop and examination your provisioning parcel. Nosotros as well recommend using a least privileged domain user account to join devices to the Active Directory domain.

Commencement a new projection

  1. Open up Windows Configuration Designer: From either the Start carte or Showtime menu search, type Windows Configuration Designer, and then select the Windows Configuration Designer shortcut.

  2. Select your desired pick on the Showtime page, which offers multiple options for creating a provisioning parcel, as shown in the post-obit epitome:

    Configuration Designer wizards.

    • The following magician options provide a simple interface for configuring common settings for desktop and kiosk devices:

      • Instructions for the desktop wizard
      • Instructions for the kiosk wizard
      • Instructions for HoloLens wizard
      • Instructions for Surface Hub magician

      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings bachelor in the desktop and kiosk devices, see What yous can configure using Configuration Designer wizards.

    • The Advanced provisioning selection opens a new project with all the runtime settings available. (The residue of this procedure uses advanced provisioning.)

      Tip

      You can start a project in the elementary wizard editor so switch the project to the advanced editor.

      Switch to advanced editor.

  3. Enter a name for your project, and and so select Side by side.

  4. Select the settings you lot want to configure, based on the type of device, and then select Next. The post-obit table describes the options.

    Windows edition Settings available for customization Provisioning packet can apply to
    All Windows editions Common settings All Windows client devices
    All Windows desktop editions Common settings and settings specific to desktop devices All Windows client desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education)
    Windows x IoT Core Common settings and settings specific to Windows ten IoT Core All Windows 10 IoT Cadre devices
    Windows ten Holographic Mutual settings and settings specific to Windows x Holographic Microsoft HoloLens
    Mutual to Windows 10 Squad edition Mutual settings and settings specific to Windows 10 Team Microsoft Surface Hub

  5. On the Import a provisioning bundle (optional) page, you can select Cease to create your project, or scan to and select an existing provisioning packet to import to your project, and then select Stop.

    Tip

    Import a provisioning parcel can make it easier to create dissimilar provisioning packages that all have sure settings in common. For instance, you could create a provisioning package that includes the settings for your organization's network. Then, import that packet into other packages that you create and then you don't take to reconfigure those common settings repeatedly.

  6. In the Available customizations pane, y'all tin now configure settings for the packet.

Configure settings

For an advanced provisioning project, Windows Configuration Designer opens the Available customizations pane. The example in the following image is based on All Windows desktop editions settings.

What the ICD interface looks like.

The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To acquire more about CSPs, run across Introduction to configuration service providers (CSPs) for Information technology pros.

The process for configuring settings is similar for all settings. The post-obit table shows an instance.

  1. Expand a category:

    In Windows Configuration Designer, expand the Certificates category.

  2. Select a setting:

    In Windows Configuration Designer, select ClientCertificates.

  3. Enter a value for the setting. Select Add if the push is displayed:

    In Windows Configuration Designer, enter a name for the certificate.

  4. Some settings, such equally this example, require boosted information. In Available customizations, select the value you simply created, and more than settings are displayed:

    In Windows Configuration Designer, additional settings for client certificate are available.

  5. When the setting is configured, it is displayed in the Selected customizations pane:

    In Windows Configuration Designer, the selected customizations pane shows your settings.

For details on each specific setting, run across Windows Provisioning settings reference. The reference article for a setting is also displayed in Windows Configuration Designer when you lot select the setting, as shown in the following image.

Windows Configuration Designer opens the reference topic when you select a setting.

Build bundle

  1. After you're done configuring your customizations, select Consign, and then select Provisioning Package.

    Export on top bar.

  2. In the Describe the provisioning package window, enter the following data, then select Adjacent:

    • Name - This field is pre-populated with the projection name. You tin change this value past entering a different proper name in the Name field.
    • Version (in Major.Minor format - Optional. You can change the default package version by specifying a new value in the Version field.
    • Owner - Select It Admin. For more data, meet Precedence for provisioning packages.
    • Rank (between 0-99) - Optional. Y'all can select a value between 0 and 99, inclusive. The default package rank is 0.

  3. In the Select security details for the provisioning package window, you tin select to encrypt and/or sign a provisioning packet with a selected certificate, and then select Next. Both selections are optional:

    • Encrypt package - If yous select this option, an autogenerated password will be shown on the screen.

    • Sign bundle - If y'all select this pick, you must select a valid certificate to use for signing the packet. You can specify the certificate by selecting Select and choosing the document you desire to utilize to sign the package.

      Annotation

      Yous should only configure provisioning packet security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An Information technology administrator tin set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.

      If a provisioning package is signed by a trusted provisioner, it can exist installed on a device without a prompt for user consent. In lodge to enable trusted provider certificates, you must set the TrustedProvisioners setting prior to installing the trusted provisioning packet. This is the only way to install a package without user consent. To provide additional security, you lot tin can also prepare RequireProvisioningPackageSignature, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.

  4. In the Select where to save the provisioning package window, specify the output location where you want the provisioning package to go one time it'southward built, and and then select Adjacent. By default, Windows Configuration Designer uses the projection folder every bit the output location.

  5. In the Build the provisioning packet window, select Build. The provisioning bundle doesn't accept long to build. The projection information is displayed in the build page and the progress bar indicates the build condition.

    If yous need to cancel the build, select Cancel. This cancels the current build process, closes the wizard, and takes y'all dorsum to the Customizations page.

  6. If your build fails, an mistake message volition appear that includes a link to the project folder. You can scan the logs to make up one's mind what caused the error. Once you fix the issue, effort edifice the package once more.

    If your build is successful, the name of the provisioning bundle, output directory, and project directory will be shown.

    If you cull, you can build the provisioning bundle again and pick a different path for the output package. To do this, select Back to modify the output package name and path, and then select Adjacent to first another build.

  7. When you are done, select Finish to shut the sorcerer and become back to the Customizations folio.

Next step: How to apply a provisioning parcel

Learn more

  • How to bulk-enroll devices with On-bounds Mobile Device Management in Microsoft Endpoint Configuration Director
  • Provisioning packages for Windows client
  • How provisioning works in Windows client
  • Install Windows Configuration Designer
  • Apply a provisioning bundle
  • Settings changed when you uninstall a provisioning package
  • Provision PCs with common settings for initial deployment (elementary provisioning)
  • Apply a script to install a desktop app in provisioning packages
  • PowerShell cmdlets for provisioning Windows client (reference)
  • Windows Configuration Designer command-line interface (reference)
  • Create a provisioning package with multivariant settings