Want to know the easiest and most reliable way to ensure your freshly imaged Configuration Manager clients are enrolling in Co-Management using a device token instead of a user token?
Don’t log in to them until enrollment is complete!
But how are you supposed to know when that might f i n a l l y happen?
While it’s simple enough to check a client’s Entra or Intune status in the console, those fields pretty much never don’t always populate as quickly as one would like, and it’s not a practice that scales particularly well once you start imaging more than a handful of machines at at time.
To make things easier, I’ve created a package you can insert into your task sequences that will make the pending enrollment status of your devices available at a glance on the lock screen:
Once the “DO NOT USE” screens cycle out and your original lock screen wallpaper is back in place, you can hand off the device safe in the knowledge that it’s fully enrolled and ready to go.
How’s it work?
It’s not particularly sophisticated. We’re just using a scheduled task and a handful of restarts to play three-card monte with the lock screen wallpaper. In short, we’re:
- Copying needed files to the local machine
- Preserving the original lock screen wallpaper for later restoration
- Creating a scheduled task to regularly check enrollment status
- Swapping out wallpaper and restarting each time the status changes
- Restoring the original lock screen wallpaper and deleting the scheduled task when complete
To integrate the above into your own task sequence:
- Download the needed files from my Github
- Upload it to Config Manager as a package
- Add a Run Powershell Script step to your task sequence, select your uploaded package and reference copyAndScheduleTask.ps1:
copyAndScheduleTask.ps1 will accept 4 optional parameters:
-log switch
[Default: disabled]
Enables optional logging.
-logpath string
[Default: $env:public\enrollmentStatus\$env:computername.log]
Path and name of optional log.
-repetitionInterval int
[Default: 5]
Number of minutes to wait between each run of the scheduled task.
-stagingDirectory string
[Default: "$env:public\enrollmentStatus"]
Local staging directory for enrollmentStatus.ps1 and lock screen wallpaper.