Windows Configuration Designer

In this epsode, Aubri and Mike take a look at using the Windows Configuration Designer (WCD). They look at installing WCD Using the Widows ADK as well as the Microsoft Store version. Once installed, they explore the interface and discuss the difference between the wizards and the advanced mode. They then create packages, using both methods.

Welcome to ITProTV, I'm your host, Don Pezet. [CROSSTALK] >> You're watching ITProTV. >> Hello, and welcome to another exciting episode here at ITProTV. I'm your host, Aubri Spurgin, and this is the Windows Configuration Designer. In this episode, we're gonna be installing and configuring Windows Configuration Designer, that is, WCD. And Mr Mike Rodrick is here in the studio to guide us along in that endeavor. How's it going, Mike? >> It's going fantastic, Aubri, thanks for having me. Excited as always to be here and, yeah, the good old Windows Configuration Designer. Which is actually a new name, it's a tool that's been around for a little while. It used to be referred to as the windows configuration and image designer, so WCID. And I might have that backwards, it might have been windows imaging and configuration design, WICD. Anyway, it doesn't matter, because it doesn't exist anymore. >> Yeah. >> Right? They took the imaging part out of it all together. We have other tools that we can use to do operating system imaging, this is not the tool for that. What this tool does, now, that it is just the Windows Configuration Designer or WCD, is it creates provisioning packages. And a provisioning package is simply a collection of settings that I can apply in bulk or in mass, right? Rather than apply one setting, and the configure another setting, and then configure another setting. I can create a provisioning package, that contains all the settings that I want to apply and just apply that package, right? And it can go through and it can apply all those different settings. >> Mm-hm. >> And so, in certain environments, this is going to be very beneficial. Microsoft will tell you this is really geared towards small to medium sized businesses, educational facilities things like that where I don’t have the budget or the infrastructure to run some of those higher end imaging platforms, systems center, operations manager, configuration manager, doing windows deployment services, and all of that. This is kind of the, what's a good way to say it? The stepping stone into some of those, right? And that's where Microsoft really sees this as being a valuable tool. So place is where we're configuring devices and I'm not using MDM. We don't have in tune subscriptions, we don't have Azure subscriptions. But I still need to apply configurations to mobile devices. That includes laptops, tablets, phones, HoloLens devices, kiosks, student PCs. Things we've gotta reset settings all the time, things like that. Automating enrollment into MDM. So maybe I am using MDM, or Azure, or a local on premise domain and I just wanna try to automate the enrollment. I want these machines, when I get them in or when a user brings their own device and I want to configure it to work with our enterprise, I can run this provisioning package. And that will join into the domain, add a local admin account, or whatever the case may be. Whatever setting, add the wireless configuration for our enterprise to that device. And instead of having to do that one at a time, cuzI could, right? If Aubri brings in her laptop, I can go in and create a new administrator account. >> Yeah. >> I could join into the wireless network, I could tell her what that information is, what the password is. What the SSID is, or I can just have her double-click on this provisioning package and all of that gets done at once. >> Ooh. >> You like that idea, right? >> Yeah, sounds way better. >> Okay, and so, that's the kind of thing that we're looking at. Accomplishing using Windows configuration designer, also to ensure compliance in security before the device is enrolled. Maybe there are settings that I need to configure before I can allow it to join my active directory domain. There's a regulations, or company requirements, or things like that, and that's another place I cease this tool being utilized. So that's a little bit about what the Windows configuration designer is and where we would see this used or where we might want to implement it. Now, where do we get it? Right, it would be the next step, hey, it sounds like something we could use. >> Yeah. >> How do we start? >> Yeah. >> Well, the first thing is you've got to install it. >> Okay, easy enough, right? [LAUGH] >> Yeah, exactly. It is easy and it's free which is another good thing, we like that, right? >> I love free. >> Free is my favorite price. >> [LAUGH] >> And there's two places you can actually get the Windows Configuration Designer from. You can get it from the Windows Assessment and Deployment Kit. It's a subcomponent of that kit or you can actually go to the Microsoft store and you can download an app. I can't say that in a Microsoft, I was gonna say that phrase about apps in everything. That probably wouldn't go good with Microsoft. >> Maybe not, yeah. >> Yeah, anyway there is an app in the Microsoft store, Windows Configuration Designer. But there's a limitation to that, so that's what I wanna make sure we're aware of at this point. Is the store app, the version of the Windows Configuration Designer that you can download and install from the Microsoft Store only supports Windows 10 as the operating system. You can only install that app on a Windows 10 machine server, nothing, now, Windows 8, nothing like that, just Windows 10. And it only supports English for the language to create those provisioning packages in. So if you need to install the Windows Configuration Designer on another platform. That'd be Windows 8, Windows 7, Server 16, 2012, 2008, anything like that. You're gonna need to use the Windows Assessment and Deployment Kit, or the ADK, to install the configuration designer, not the one from the store. If you need to support other offices and other locales, other languages, you're also gonna need to use the ADK version, not the Windows or the Microsoft Store version. If you install both the one from the ADK and you already have the app installed from the store, the store app will no longer launch. The Windows ADK version will take over and the app version won't work anymore. So you can't run both on the same machine. >> Mh-mm. >> Right, so the Windows ADK, you do have to be careful with the ADK, you have to make sure that you get the right version. Every time we come out with a new release for say Windows 10, we get a new Assessment and Deployment kit. Currently, I'm running 1809, at the time of the shooting of these episodes, 1809 is my Windows 10 flavor. So I had to make sure I went and that I got an assessment kit for that. Free download from Microsoft and I'm not gonna actually install it, we're gonna use the store version. I wanna show you the process. So I'm gonna open up file explorer, I've already downloaded the ADK for 1809, and I did the, I downloaded the entire kit for an offline install, I'll show you what I mean here. And we've double click on kits, Windows 10, ADK, and then I'm gonna double click on the ADKsetup.exe, that's gonna start this process. I want to install the Windows assessment and deployment kit. This is the option I choose earlier, so that we wouldn't have to wait for the actual files to downland and install. Now, that I've downloaded it I could basically install it without an Internet connection, right? Or take it to another machine and install it there. So, we'll click Next, and then you can decide whether or not you wanna submit any data to Microsoft. We'll click next, we do have to agree to the EULA, click Accept, and then here, I get a list of the tools that are part of the ADK. Remember the assessment deployment kit is a toolbox, there's lots of tools in here. Really, all we want is the Windows Configuration Designer or you might not, right? You might want some of these other tools, that's up to you. What I would do simply uncheck all of these other ones, leaving just the configuration designer. And then you would click Install, and you see that's pretty small, little over 46 a little over 46 megabytes there. But I'm gonna cancel this out, because I've got the store version already installed. And remember what I said, if you install the ADK and the one from the Microsoft store, the ADK will take over and the store app will no longer launch. I'm gonna click Cancel on that and we'll click Close And I'm gonna show you the store option. If you onto the Microsoft Store, just do a quick search for Windows Configuration Designer, and you'll see it here. And because I've already installed it it says this product is installed. If this is your first time going out and you haven't installed it yet, you would see the option to get the app. You would download it and install it. All right, so either way you go, we'll now have that Windows Configuration Designer installed. We ready to launch it up and see what happens? >> All right, let's do it. >> Okay, so I'm gonna go to my Start menu. And because it's I just installed it, it shows up under recently added. There's my Windows Configuration Designer. Or I could simply scroll down the the w's and find that Windows Configuration Designer. And we'll launch it, and it does take a minute, especially that first time. So I can give it a second, you'll see that command prompt window open and close, no it didn't get infected, that's part of the process there. And now I can see the tool opens up through the Window's Configuration Designer. The way this works is you end up creating projects, right. So projects are your collections of settings, your package that you're gonna wanna deploy later. You can create as many different projects as you want. You might have a project for your desktops, you might have a different set of configurations, you want to apply it to the laptops. So you have a separate project for that package. You can create multiple projects. It will organize them by default. It creates a sub-folder inside your My Documents to store these projects in. We'll take a look at that in a minute. Just keep in mind, you can only work with one project at a time. So once you open up one project, you have to work with that, close that project, to open up another project. I don't have any projects yet, but that's okay, we're gonna create some. >> All right. >> Or do some. All right, now over here on the left-hand side I have this create option. And you can see here there are a few buttons here that I can click on, and these are wizards. These are my configuration design wizards, and they're gonna walk me through the process of creating a configuration package based on what I choose here, right. There's a provisioned desktop devices, configure common settings for Windows desktop devices. Or provision Windows mobile devices, and so these would be common settings you would apply to mobile devices. I've got HoloLens devices cuz we all have three or four of those laying around. Yeah, they're a few thousand dollars, but that's okay. Provision Surface Hub devices, provision kiosk devices, right. It's common settings that I might want to apply to a kiosk, like locking the interface down so that only one app can run, right. If you think about a kiosk, that machine that sits out in the lobby, and it's supposed to run a map of the building so people can look up Aubri and figure out what office she's in, all right. But that's all it can do. You can't go to the Start menu, you can't launch XL, you can't launch Internet Explorer, anything like that. So those are the kind of settings I would want to apply to a kiosk, and that wizard will walk me through that process. >> What about that advanced one, cuz all the other ones have this wand symbol, but these have a settings gears. >> They're little gears, makes it seem like it's not gonna be nearly as friendly, right. >> Yeah. >> And that's exactly right. The others are wizards, right, that are gonna walk you through the process. The advanced shows you every setting possible that you can do with the Windows Configuration Designer. So if you really wanna truly customize your package, that is the way to go. If you wanna look around and see what settings are available using the Windows Configuration Designer, that would be a good place to start. And then you might find that you end up going back to one of the wizards, or you might use the Advanced Provisioning option and that might be the way you want to go. Do keep in mind if we start a project, and let's just for giggles let's click on Advanced Provisioning first, right. So when you go to Advanced Provisioning, or any of these for that matter, the first thing you're gonna do is you're gonna give it a name. Let's call this one Adv Test, so for Advanced Test. You see the default location, I could definitely change that if I wanted to. And you could apply a description for later on or other admins working with this package. We'll click Next, and then we're gonna which setting to view and configure. And let me zoom in just for a second on here. Maybe if Windows wants to play along, we'll minimize that magnifier. And you can see which settings to view and configure, all Windows editions, all Windows desktop editions, all mobiles editions, IoT Core, Holographic, or common to Windows 10 Team Edition. And let me zoom back out before we go any further there. All that's gonna do is filter down the settings so that you're not looking at lots and lots of settings that maybe don't apply to what it is you're trying to do. Just trying to help you out, right. But if I choose all Windows editions, I will see everything that this WCD can do. If I choose all desktop editions, well it's gonna display settings that are specific to the desktop editions, as well as settings that are, and then I don't know what it says there because the interface is kinda goofed up. But we're gonna leave it on all Windows editions, and I'll go ahead and click Next just so you can see this. And here's an option that's kind of neat, and you only see this when you use this Advanced Option. Import a provisioning package. What this allows me to do is basically build complex provisioning packages based on others. For example, I have a wireless network in our enterprise. I want my desktop devices to connect to that. I also want my laptops and my mobile devices to connect to that. I can create separate packages for each one of those, right, for my desktop devices versus my mobile Windows 10 devices. But both of them are going to use the same WiFi network, they're both going to use the same SSID and the same password. Rather than configure that twice, I could create one package that just contains my wireless settings. Then when I go to create my desktop device's package, I could import that package that has my wireless settings. When I go to create my mobile device package, I could import the package that contains the wireless settings. Make sense? >> Yeah. >> So basically you can create these building blocks, and then make much more complex packages out of them, okay. So that's what this is saying. Do you want to import a provisioning package? And we'll test it out in just a second. For now I'm just gonna say, no, we'll click Finish, and it's going to open up this page where you have a filter at the top to help me view or find a particular setting. I have a search option. And then it doesn't look like there's much there, does it, right? >> No, it doesn't. >> It just says, and if I zoom in real quick because I know that's small, it says runtime settings over there. If I expand that out, we'll see that- >> Wow. >> Yeah, there's a lot. And I'm going to zoom in for a minute. This is going to get a little clunky as I zoom in here, but bear with me. But you'll see things like account management, accounts, browser, certificates. And I won't read the whole list to you, there’s quite a few. But if I expand out accounts and I can see Azure, I can expand out Azure, and I can click on these. And let me zoom back so we can see what’s going on here, right. As I click on these different options, I’ll see the value or the setting, and then the text or whatever that particular setting requires, IP address, SSID, product key, in this case the authority. And it tells me down below a little bit of information about that particular setting, it's kind of neat, right. >> Yeah. >> It's actually pulling from Microsoft Docs and it's filling that information in for us. >> That's cool, I like that. >> It is, and if we go to browser, I don't know, let's find another one, certificates, CA certificates, right. I can come in here and click, and if I go back to certificates. Sometimes, as you can see, they don't pull the right page or it doesn't have a page associated with it maybe, or it could be a slow Internet connection. It might be just taking its time pulling up that page, but I can put the certificate name in here. Let's say hoff.cer, I'll explain that in a little bit. Click Add, right, and it'll add that certificate. Now you'll see I have different options here, right. I've added the certificate and I can add additional certificates. But if I go over here, I can now go, okay, let's get some more details about the certificate. If I'm gonna have this package install the certificate named hoff.cer, I'm gonna need to tell it where that certificate is so it can import it into the package. So now you can see certificate path. I could browse and I could find that certificate and click Open, right? And so now, I could go back and add another certificate or I could modify this particular certificate. So that's just an example of one of the settings, but they all work about the same, right? As you identify what settings you want to configure, it will add additional fields. And you can kinda see the tree that it's building over here, it gives you a list of all of your settings. Because as these packages grow, you might have dozens of settings in here. So going to find a particular setting or trying to figure out what setting is configured out of all of these myriads of settings? Some other admin make the package, I don't know what they configured. So you have this little kind of a tree over here of just the configured settings, all right? Now, at this point, so we've configured one thing, we've got that certificates in there. You know what? Let's use this, we'll use this as our example for importing a certificate or importing a package here in a little bit. Let's go ahead and save this. Now, when you're using the advance, the way you're gonna do this, is you're gonna choose export. You can do a file save, but that's just gonna save the project and the settings, everything you've done so far. But it still hasn't actually created the package, the distributable unit that we can use. What we need to do is create our provisioning package, so you go to Export, Provisioning Package. And then you give it a name, if you want to change that, Advanced Test was our name earlier, that's fine. You can do different version numbers if you're modifying and existing package. And then Owner and Rank has to do with conflicting settings. If you're applying more than one package, which you can do, we talked about combining packages to make one. Maybe I have two or three different packages, maybe one package that was provided by a vendor and one package that my developers created. Well, what if both of them are trying to specify the same setting? Only one of them can end up applying. So we have to have some way of dealing with that conflict and it does it through this hierarchy right here. Let me zoom in for you, right, you can see, going from least to most, or lowest to highest in priority. Microsoft would be the lowest in priority, and then silicone vendor, OEM, system integrator, mobile operator, and IT Admin. So if I had one made by Microsoft and another package made by IT Admin, and they were trying to do the same setting. IT Admin would win, so this list basically is in the right order of precedence or priority, okay? So I might say this is made by me, IT Admin. Now, if you have two packages that are both made by IT Admin or both have the same owner, how do you determine which one would win in a conflict? And that's where your rank comes into play, 0 through 99 higher rank is going to win, right? Let me zoom back out and I'm not worried about a rank, cuz I only have one from IT Admin, so we'll click Next. And then I can also choose to encrypt the package and digitally sign the package. Because your package might include sensitive information. Certificates, passwords, accounts that are used to join Azure subscription information, things like that. We might want to choose to encrypt this package, if we do so, we can do so simply by going to encrypt. And then you would provide a password for that, and let's- >> That definitely seems like a good idea to me. >> Yes, right, cuz otherwise these packages are sitting there in plain text, and anybody can open up the XML files and see the setting you configured, including passwords. >> Yeah. >> So definitely not a good thing, we wanna encrypt it, you can also sign the package. That would just make sure that nobody could modify the package. Without invalidating that signature I would need a certificate that I could use to digitally sign the package. But if your developers or writing packages, or if you're the one writing a package, you get a certificate issued to you, or signing software, and then you would use that to sign it. I'm gonna uncheck that, we'll leave it encrypted though, that's a good idea, right? >> Yeah. >> And we'll click next and it shows me where it's gonna dump that out and I could change it if I want, I click Next. And then build, I get a one chance to kind of review and I'll click build, and it's going to show me an edit. It does give me handy dandy links to those locations, which is nice too, I'll go ahead and click on that. You see that it opens it up and really the package is this one file, right here, right? The ppkg is what I need when I go to the distribut this or install this. The others are the project files, the XML files like the SettingsMetadata is all of the settings that available that we see in the advance editor. The icdproject.xml is just XML file with details about the project itself, version number, things like that, name of the project. And then customizations.xml is the actual settings. We opened this up, let me zoom back out, if we edit this xml file, at our package basically had just a couple of settings. It was importing that certificate and here I can see that there is hoth.cer, right, that we're importing and the path to where that certificate was. So the XML file is what's used to build that package. That's where all of the things that we're inputting are stored in our project until we build that ppkg file. All right, let me go and close that. We now have our package ready to go and now, we would need to distribute that package. And we will come back, I wanna show you a couple more things, we were not gonna make it to actually applying the package yet. We'll do that in our part two, so yes, that means there's gonna be a part two. >> Ooh, a part two, well, it sounds like you said there's more to go for this episode, so what do we got? >> Yeah, before we get into actually applying these packages and seeing how we can distribute them. I did wanna go back and look at those wizards, as well as how we can import one package into another, so let's do that real quick. Back on my screen here, I'm gonna close or click Finish on our first package build. And then I'm gonna close this advanced text, or a test, or a package. You can see the package is listed right here, though. So if I ever wanna get back into that package and make changes, I can simply click on it, right, and launch that again. All right, but let's take a look at one of the wizards now, compare that to the advanced provisioning that we just went through. I'm gonna click on provision desktop devices, starts off the same way, I can see I'm given the option to name my project. And we'll call this one, desktop test and I've got to fix that typo. We could give it a description, change the location, we'll click Finish. And it opens up my new project, but this one's going to look a little bit different than that advance one, right? >> It does. >> See how nice and friendly this is? >> Yeah. >> Right, it's not a long list of things over on the side. I've got big buttons and fields to fill in and descriptions and things like that and it's limited, right? These are just the settings I would be applying to a desktop. So I don't see the stuff that I shouldn't be applying. And that's always nice, especially, when you're first getting started using the configuration designer. So the way this works, so it's the same, you go through and you fill out the appropriate information. For example, if we wanna give our device a new name or rename the device, or maybe this is during the initial deployment. So we don't wanna give it a name, it does give you a neat option here with the name. You can do either, and I'll zoom in for you, you can either do a serial number or a random number. Because if we're gonna use this on multiple devices, I don't want the name to be exactly the same. So percent serial percent is code for use the hardware, generate a random value based on those hardware IDs, and use that. The %RAND:5% just generates a random number, it's not based on any hardware IDs. And the :5 is how many digits you want in that random number. So let's just do the serial for us, Aubri, I'm gonna do %SERIAL% And I'll zoom back out so we can see the rest of this screen. If I had a product key, if I wanna to configure the device for shared use, remove preinstalled software. Really cool option especially with Windows 10 and a lot of that, dare I say bloatware or freeware or demo stuff that kind of comes with it. Do keep in mind, though, that if you use this option, it resets the PC. All right, just like if you went into your settings in Windows 10 and chose reset. It's gonna basically reinstall Windows without all of that extra software. So it will take some time, depending on the speed of your machine. It could take 15 minutes to an hour or more, depending on what you've got. I've tried it in a virtual machine, and it took forever, all right. So do be careful with that option. Let me zoom, and am I zoomed in, no, I'm not, okay. >> [INAUDIBLE] >> So we can go back, and you just click on the next page, do I want to set up Network Settings? Yes let's do, let's say that we want to connect to ITProTV-guest, right? So you can type in the SSID, I can say, okay, this is WPA Personal and the password is 3526006900. If you're ever in town, you can join our guest wireless network. There you have our password. That's fine and I can click Next, right, and if there are any of these I don't plan on using them, I just skip them, right? Some of them like network, you'd wanna turn it off. Cuz if I try to skip that but leave that on, it's gonna say well you've left it turned on, but the fields are blank, so what the heck's going on? You just say no, I don't wanna do wireless networks, turn it off. Account management, let's create a local admin. Notice this one is required, we'll say Aubri, and I'm gonna give you a super strong password there. >> Good. >> If I had applications I wanted to deploy, we could do that. Now these are the Microsoft Store apps or your universal Windows platform apps. So if your developers had created any, you could deploy those here. Add certificates, well, we did that in the advanced one. If I want to see that here, it's the same thing, specify the name, give the path. It's a little more friendly environment, than that advanced one was. But in the end, the same info. And then I can get down to finish. Add certificates, I did click. Let's cancel that. And now you can see I've got green check marks all the way down and I will click Next. Before I do that, I'm sorry, notice there's an option right down here, Switch to advanced editor. Have you ever decided, there's some settings that I know I want to do that this wizard is not showing me? How do I get to those? Switch over to advanced. Keep in mind, if you switch from the wizard to the advanced mode, then you will not be able to go back to the wizard mode. Because the advanced mode contains things that the wizard doesn't know how to display. Once you've switched to advanced, you've turned your project into an advanced mode project, you cannot go back to the simple wizard interface. That's just something to keep in mind. We'll click Next and then there's all my settings. Do I want to protect it? Sure, of course we do. Let's password protect that, rIght? It says, you're ready to create. Now this is a little weird here. We're gonna click Create. It says, you are ready to create the package. Click Create. It says, your package is being built. And then it comes back and says, you are ready to create the package. That's confusing to me. >> It is. >> Is it to you? Okay, so I'm not the only one. >> Have to keep clicking that button. I might think well, wait, if it didn't work then let me create that package again. And it just does it again, right? And that's what it's gonna do. If you look down below, it does have a path. Desktop test created and copied to. So it did create it, this is just a little bit confusing in the way it's stated there. But that's it, we now have that package. If I click on that link, it'll take me over there and I can see that PPKG. All right, I know we're out of time, Aubri is giving me that look. So there is one more thing I want to do. We'll save that for the next part because we want to see how we can import one package into another. And then we wanna see how we can test these packages out and verify that they're actually working. >> All right, this has been installing and configuring WCD, Windows Configuration Designer. Thank you so much Mike for guiding us along in that endeavor, and be sure to come back for that part two. Thank you so much for watching. Signing off for ITProTV, I've been your host Aubri Spurgen. >> And I'm Mike Roderick. >> And we'll see you next time. [MUSIC] >> Thank you for watching ITProTV.