Simplified Windows Autopilot Hardware Hash upload from OOBE

MR INTUNE February 04, 2024

The following methods are available to harvest a hardware hash from new and existing windows devices:

  1. Using Windows PowerShell from OOBE (New Devices) or locally (Existing devices) 
  2. Accounts > Access work or school > Export your management logs file
  3. Using Microsoft Configuration Manager (Existing Hybrid devices)

Lets use quickest method using Windows PowerShell from OOBE (New Devices along with Group Tag) to upload the hardware hash directly to Intune:

1. In OOBE Press shift+f10 or sometimes shift+Fn+F10 to load command prompt with administrator rights.

2. Download the script from the below GitHub link or copy from below clipboard:
GitHub Link for the script: (Do change Line5 with your organization name and Line58 your correct GroupTag) http://tinyurl.com/hardwarehashupload 

 3. Run this downloaded script in command prompt with PowerShell:

4. Authenticate using Global admin, Intune admin or any RBAC admin account who has the permission to call Microsoft Intune PowerShell azure application.
    

5. This process can take around 5 minutes and hardware will be added directly to Intune. 

6. Now check the below path to see the new hardware hash added to your tenant: 

**Bonus: You can run the same script locally for existing device hardware hash upload.

Run this script in PowerShell with admin rights: 
# Install WriteAscii. ( Change MR INTUNE with your organization Name in Line5)
Function Confirm-WriteAscii
{
    Install-Script -Name "WriteAscii" -Repository "PSGallery" -Force
    Write-ascii "MR INTUNE" -fore Yellow
}

 

# Install NuGet
    Write-Host "Installing NuGet version 2.8.5.201" -ForegroundColor Red
    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | Out-null
    Write-Host "NuGet version 2.8.5.201 installed." -ForegroundColor Green

 

# Check if "Get-WindowsAutoPilotInfo.ps1" is present in the system. 
Function Confirm-Get_WindowsAutoPilotInfo
{
    # Declare what function is and what it is doing.
    Write-Host "Checking for Get-WindowsAutoPilotInfo.ps1... " -ForegroundColor White

 

    # Path to required script, test if it is present.
    $Scrpt = "C:\Program Files\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1"
    $req_present = Test-Path $Scrpt

 

    # Test if script is present. If it isn't, write so and install.
    If ($req_present -EQ $False)
    {
        Write-Host "Get-WindowsAutoPilotInfo.ps1 not installed. Installing..." -ForegroundColor Red
        Install-Script -Name "Get-WindowsAutoPilotInfo" -Repository "PSGallery" -Force
        Write-Host "Get-WindowsAutoPilotInfo.ps1 is now installed." -ForegroundColor Green
    }
    ElseIF ($req_present -EQ $True)
    {
        Write-Host "Get-WindowsAutoPilotInfo.ps1 is already installed." -ForegroundColor Green
    }

 

}

 


# Get the Hardware ID and enroll the device to AAD/Intune/AutoPilot
Function Get-HardwareID 
{

 

       # Sync the device with AAD/Intune/AutoPilot ( Change group tag according to your choice else leave it blank Line58 )
    Write-Host "Getting hardware identification...`nImport the Hash to Autopilot. `nAssign the device to the AAD Security groups. `nSet Group Tag for the device." -ForegroundColor Yellow
    C:\'Program Files'\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1 -Online -Assign -GroupTag "Standard"

 

    Write-Host "The device has been enrolled to Microsoft EndPoint Manager" -ForegroundColor Green
}

 

Function Confirm-Elevation
{
    # Check for administraitive priviledge.
    Write-Host "Checking if script is running with elevated permissions..." -ForegroundColor White

 

    # If yes, end function call and say script is running with administrative rights. If not, full-stop script and output problem.
    If ( ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") -EQ $True )
    {
        Write-Host "Script is running with administrative permissions!" -ForegroundColor Green
    }
    ElseIf ( ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") -EQ $False )
    {
        Write-Host "Script is not running with administrative rights! Stopping script!"
        Break
    }
}
# Calling the various functions and ending script.  
Confirm-Elevation
Confirm-WriteAscii
Confirm-Get_WindowsAutopilotInfo
Get-HardwareID
MR INTUNE

Posted by MR INTUNE

Mr Intune | All About Microsoft Intune A platform of knowledge and insights about Microsoft Intune, SCCM, and other technologies aims to provide informative and engaging content that helps readers stay up-to-date with the latest trends and innovations.

Post a Comment

0 Comments

Leave a comment