OSD icon indicating copy to clipboard operation
OSD copied to clipboard
verified publisher icon OSDeploy

Powershell 7 for Get-WindowsAutopilotInfo during "SetupComplete" Automation

Open wthrwthr opened this issue 8 months ago • 0 comments

Describe the bug I use the "SetupComplete" method to automatically kick off a bunch of post-OS-deployment tasks, one of which is automatically starting the enrollment of the device into Autopilot.

This has worked very well using Powershell 5.1 and the functions osdcloud-testautopilotprofile and osdcloud-AutopilotRegisterCommand, but we have a new requirement to use FIDO for all privileged activity within our organization. This means we cannot use the App-based passwordless authentication, and must instead use a Yubikey or Passkey.

Passkeys and Yubikey are not supported in Powershell 5.1 because whatever browser it is calling does not have the integration necessary to allow those authentication methods.

I have tested that Get-WindowsAutopilotInfo in Powershell 7 works flawlessly with Passkey/FIDO2.

I am trying to modify our OSDCloud OOBE section to override the osdcloud-AutopilotRegisterCommand to use Powershell 7.

I launch a powershell 7 window directly using:

function osdcloud-AutopilotRegisterCommand {
       [CmdletBinding()]
      	param (
      		[System.String]
      		$Command = 'Get-WindowsAutopilotInfo -Online -GroupTag OSDCloud -Assign'
      	)
      
      	Write-Host -ForegroundColor Cyan 'Launching independent PowerShell 7 window for Autopilot registration...' -NoNewline
      
      	$ps7Path = 'C:\Program Files\PowerShell\7\pwsh.exe'
      	$AutopilotProcess = Start-Process -FilePath $ps7Path -ArgumentList "-NoProfile -Command $Command" -PassThru
      
      	Write-Host -ForegroundColor Green "(Process Id $($AutopilotProcess.Id))"
          Return $AutopilotProcess
      		
}

However, when I do this, the Autopilot Enrollment does not perform interactively, no Edge Window pops up, and when using "verbose" the Get-WindowsAutopilotInfo simply stops running and times out. I have confirmed there is no issue with installing Powershell 7, the Install-Script, and the Get-WindowsAutopilotInfo only has this behavior when starting the process from the SetupComplete method.

I think the issue is originating from how SetupComplete kicks off powershell and uses runtimebroker, but not sure. Again, it works perfectly when I manually open a powershell 7 window at the same stage in the OOBE process and run the exact same commands, but hangs because it seems SetupComplete does not allow the subsequent processes started to perform actions interactively.

Please assist in how I can get this working, so I don't need to a) setup encrypted USBs with an App Registration or b) setup a PXE server.

wthrwthr avatar Apr 08 '25 16:04 wthrwthr