The following methods are available to harvest a hardware hash from new and existing windows devices:
- Using Windows PowerShell from OOBE (New Devices) or locally (Existing devices)
- Accounts > Access work or school > Export your management logs file
- Using Microsoft Configuration Manager (Existing Hybrid devices)
Lets use quickest method using Windows PowerShell from OOBE (New Devices along with Group Tag) to upload the hardware hash directly to Intune:
1. In OOBE Press shift+f10 or sometimes shift+Fn+F10 to load command prompt with administrator rights.
2. Download the script from the below GitHub link or copy from below clipboard:
GitHub Link for the script: (Do change Line5 with your organization name and Line58 your correct GroupTag) http://tinyurl.com/hardwarehashupload
3. Run this downloaded script in command prompt with PowerShell:
4. Authenticate using Global admin, Intune admin or any RBAC admin account who has the permission to call Microsoft Intune PowerShell azure application.
5. This process can take around 5 minutes and hardware will be added directly to Intune.
6. Now check the below path to see the new hardware hash added to your tenant:
**Bonus: You can run the same script locally for existing device hardware hash upload.
Run this script in PowerShell with admin rights:
# Install WriteAscii. ( Change MR INTUNE with your organization Name in Line5) Function Confirm-WriteAscii { Install-Script -Name "WriteAscii" -Repository "PSGallery" -Force Write-ascii "MR INTUNE" -fore Yellow } # Install NuGet Write-Host "Installing NuGet version 2.8.5.201" -ForegroundColor Red Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | Out-null Write-Host "NuGet version 2.8.5.201 installed." -ForegroundColor Green # Check if "Get-WindowsAutoPilotInfo.ps1" is present in the system. Function Confirm-Get_WindowsAutoPilotInfo { # Declare what function is and what it is doing. Write-Host "Checking for Get-WindowsAutoPilotInfo.ps1... " -ForegroundColor White # Path to required script, test if it is present. $Scrpt = "C:\Program Files\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1" $req_present = Test-Path $Scrpt # Test if script is present. If it isn't, write so and install. If ($req_present -EQ $False) { Write-Host "Get-WindowsAutoPilotInfo.ps1 not installed. Installing..." -ForegroundColor Red Install-Script -Name "Get-WindowsAutoPilotInfo" -Repository "PSGallery" -Force Write-Host "Get-WindowsAutoPilotInfo.ps1 is now installed." -ForegroundColor Green } ElseIF ($req_present -EQ $True) { Write-Host "Get-WindowsAutoPilotInfo.ps1 is already installed." -ForegroundColor Green } } # Get the Hardware ID and enroll the device to AAD/Intune/AutoPilot Function Get-HardwareID { # Sync the device with AAD/Intune/AutoPilot ( Change group tag according to your choice else leave it blank Line58 ) Write-Host "Getting hardware identification...`nImport the Hash to Autopilot. `nAssign the device to the AAD Security groups. `nSet Group Tag for the device." -ForegroundColor Yellow C:\'Program Files'\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1 -Online -Assign -GroupTag "Standard" Write-Host "The device has been enrolled to Microsoft EndPoint Manager" -ForegroundColor Green } Function Confirm-Elevation { # Check for administraitive priviledge. Write-Host "Checking if script is running with elevated permissions..." -ForegroundColor White # If yes, end function call and say script is running with administrative rights. If not, full-stop script and output problem. If ( ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") -EQ $True ) { Write-Host "Script is running with administrative permissions!" -ForegroundColor Green } ElseIf ( ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") -EQ $False ) { Write-Host "Script is not running with administrative rights! Stopping script!" Break } } # Calling the various functions and ending script. Confirm-Elevation Confirm-WriteAscii Confirm-Get_WindowsAutopilotInfo Get-HardwareID
0 Comments
Leave a comment