Easy way to Extract the HWID | Thrilling Windows Autopilot Deep-dive

Leave a Comment / Windows Autopilot / By

The Problem

In my last project, I found a “future problem” when extracting the Hardware ID (HWID) on company laptops and desktop PCs. In short, the HWID is a prerequisite for Microsoft to add a device in Windows Autopilot, more on that here. Quite simply, they would load the Get-WindowsAutopilotInfo.ps1 Powershell (PS) script onto a USB stick, plug it into the device, run PS as administrator, extract the HWID into a .csv file back on the USB stick, take that back to their PC, upload the .csv file into Windows Autopilot, assign the user and call it day.

I’m a little out of breath… one sec… OK OK, I’m good, let’s continue. If it was remote, they would create/drop the Get-WindowsAutopilotInfo.ps1 script into c:\temp, do it all over again and transfer the .csv back to them.

Extract HWID from Get-WindowsAutopilotInfo script on Windows into Autopilot
Set-ExecutionPolicy Unrestricted | cd c:\temp\ | .\Get-WindowsAutopilotInfo.ps1 -OutputFile c:\temp\whateveryouwant.csv

So what’s the issue?

Well, this method is probably fine if it’s just a handful of devices… but this company had roughly 30-40 devices at present and they were merging with 3 other companies in the near future to bring the total device count around 300. #GLHF

The solution

Recap and what we are working with here so we can come up with some improvements.

  • Plug USB stick in / or transfer PS script to the device
  • Open Administrator Windows PowerShell
  • Set-ExecutionPolicy Unrestricted
  • cd c:\temp / or cd d:\ (Depending on USB drive location)
  • .\Get-WindowsAutopilotInfo.ps1 -OutputFile c:\filename.csv
  • Exit Administrator Windows PowerShell
  • Transfer .csv file / Retrieve .csv file
  • Upload .csv into Windows Autopilot
  • Assign user in Autopilot

Touch count: 9

Time to get on with the solution, followed by explanations and outcomes.

Windows PowerShell Extract HWID with Intune Module into Windows Autopilot
Set-ExecutionPolicy b | Install-Script Get-WindowsAutopilotInfo | Get-WindowsAutopilotInfo.ps1 -Online
  • Plug USB stick in / or transfer PS script to the device
  • Open Administrator Windows PowerShell
  • Set-ExecutionPolicy Unrestricted
  • cd c:\temp / or cd d:\ (Depending on USB drive location)
  • .\Get-WindowsAutopilotInfo.ps1 -OutputFile c:\filename.csv
  • Exit Administrator Windows PowerShell
  • Transfer .csv file / Retrieve .csv file
  • Upload .csv into Windows Autopilot
  • Assign user in Autopilot

Looking good, we’ve knocked off 4 “Touch counts”, but I think we can do better…

Windows PowerShell Extracting the HWID through Microsoft Intune Module
Set-ExecutionPolicy b | Install-Script Get-WindowsAutopilotInfo | Get-WindowsAutopilotInfo.ps1 -Grouptag WIN-AP-ACT -AssignedUser chad@automemate.com -Online
  • Open Administrator Windows PowerShell
  • Set-ExecutionPolicy b
  • Install-Script Get-WindowsAutopilotInfo
  • Get-WindowsAutopilotInfo.ps1 -Grouptag WIN-AP-ACT -AssignedUser chad@automemate.com -Online
  • Exit Administrator Windows PowerShell

Touch count: 5

The break down.

By default, PowerShell restricts scripts from running on your Windows computer, so we have to bypass this to be able to run Get-WindowsAutopilotInfo. I know that the script I’ll be running is safe, so I’ve simplified the script to bypass (b), instead of unrestricted.

Install-Script Get-WindowsAutopilotInfo grabs the script from an online repository and installs it to the local machine. This means that you do HAVE to have an internet connection. Also note, if this is the first time running a PS script on the machine, you will need to install NuGet module and accept all the terms when prompted (These prompt automatically, so no need for additional commands)

Tip: To validate and complete a command faster, hit the ‘tab’ key on your keyboard.

Get-WindowsAutopilotInfo.ps1 is the script we want to run, I want to assign a Grouptag to my device, as I’ve structured all our dynamic device groups for better control (More on this in another post, skip this step if you’re not using Grouptag’s just yet) and I also want to assign it to a user because I know who this device will/does belong too (Skip this step if you don’t want to assign this to a user).

-Online will install/use the Intune Module to connect to your Microsoft Tenancy and import the HWID into Autopilot without manually having to import the .csv file. The device will be stamped with a Zero Touch Deployment ID (ZTDID), which can be used to dynamically group devices together. More on that here.

That’s it! A more simple way of extracting the HWID from your Windows machines.

Troubleshooting

Ah yes, because we all know life goes exactly as planned 🤦

Before we begin, I would like to just say check to make sure you have a stable internet connection. Just in case, again, make sure you have a stable, reliable, internet connection. Alright, let’s get into it!

Authentication error: When connecting to your Microsoft Tenancy, it fails and gives me an authentication error in red.

  • Are you connecting with your administrator account on that tenancy?
  • If you are using your administrator account, have you elevated your account in PIMs Privileged Identity Management) ?

Error: I still get an error when attempting to connect to Microsoft Tenancy and extract the HWID.

  • Is Windows up to date with the latest security and quality updates?
  • If yes, try rolling back Windows updates. Try on a local machine, and if you find success, use update rings in Microsoft Endpoint Manager (MEM) to roll back updates across your entire fleet. Here is a simple guide on rolling back updates.

Error: I noticed that Install-Script is not installing Get-WindowsAutopilotInfo on my local machine.

  • Go back to the old-school way and run the script via a USB stick.

Error: I have no internet connection, how do I extract the Hardware ID with no internet?

  • Go back to the old-school way and run the script via a USB Stick.

Conclusion & Worthy Notes

Thanks for reading! Simplifying this process saved a lot of time and headaches, bringing balance back to the world for the IT Team. We were able to reduce our touch count by 4-5 and proactively assign devices to our users while organising our device groups based on location.

Apologise in advance, I normally don’t tell without showing or providing a guide on how it’s done but will provide it in the future! Post drop updates are on my Twitter @Automemate or consider subscribing.

  • This can be done in out of box experience (OOBE) if it’s a brand new machine. Once you’ve connected to a network, press either fn+shift+F10 or shift+F10 on your keyboard to bring up a cmd terminal. Type ‘PowerShell’ to open PS and you’re good to go!
  • How about extracting multiple HWIDs? Well, you could push a PS script across your managed devices to extract and dump the .csv file to a shared network directory, where you could harvest and merge all .csv files into one and upload them manually into Autopilot.
  • If you’re a Cloud Solution Provider, you are able to import HWIDs through that portal.
  • If your devices are already in Microsoft Intune, you are able to create a deployment profile that populates your devices from Intune, into Autopilot.

Have any feedback or a solution you’d like to share? Comment below.

Leave a Comment

Your email address will not be published. Required fields are marked *