Running provisioning package (ppkg) to enroll to Microsoft Azure AD (Entra ID)

[nssijt]

Hi all, is there any updated method or ways it can be less painful to run a provisioning package (ppkg) in a more automated way with fogproject?

I had wrote a simple batch file: powershell.exe Install-ProvisioningPackage -ForceInstall -PackagePath \demo.ppkg -QuietInstall

As I have tried putting the batch file together with the ppkg -> zip it -> deploy via fog's snap-in pack. It doesn't seems to be running.

Anyone has a more brilliant idea to share so that I can learn from all of you?

[mastacontrola]

I might suggest maybe output to a logfile on the root of your C: drive. This will at least potentially give you more information. I don't know how ppkg works, but if the thing is not able to be installed via the System user, this may also be a problem.

Basically in your logging I'd suggestin having "starting" "about to run" "ran" "complete" kind of messages:

Something like:

print "Starting Snapin operation" > 'c:\snapin_run_troubleshooting.log'

print "About to run command: powershell.exe Install-ProvisioningPackage -ForceInstall -PackagePath \demo.ppkg -QuietInstall" >> 'c:\snapin_run_troubleshooting.log"

powershell.exe Install-ProvisioningPackage -ForceInstall -PackagePath \demo.ppkg -QuietInstall >> 'c:\snapin_run_troubleshooting.log' # This allows the command to send its output to the log as well

print "Command should have ran please validate" >> 'c:\snapin_run_troubleshooting.log"

print "Snapin operation complete" >> 'c:\snapin_run_troubleshooting.log'

[darksidemilk]

I would suggest using powershell directly. i.e. I just tested this with success.

• So make the snapin with the 'powershell' template
• Adjust 'Snapin run with argument' to -ExecutionPolicy Bypass -NoProfile -command "('
• Upload the ppkg file as the snapin file.
• Set the snapin arguments to this
  • ').trim() | sv -name ppkg; Install-ProvisioningPackage -PackagePath `"C:\program files (x86)\FOG\tmp\$ppkg`" -ForceInstall -QuietInstall;"

What this does:

• Fog service will download the ppkg file to C:\program files (x86)\FOG\tmp\file.ppkg
• Fog service will run powershell.exe with a command derived from the arguments
  • Takes the name of the ppkg file, encased in (' file.ppkg ') trims it, and sends it to set-variable through the pipeline, uses the sv alias for a shorter string
  • Then runs Install-ProvisioningPackage with the full path to the downloaded package in force and silent mode.

I just tested this, ran it and then ran Get-ProvisioningPackage and the package was listed as installed. If it doesn't work we can look at adding more logging to it.

Other options for this specific use case would be to use group policy for enforcing enrollment into Azure/Entra AD.

[nssijt]

Wonderful and thank you both Tom and JJ Fuller for your detailed guidance. I am really appreciative of that. Let me get to my test environment to do a test and I shall get back if what JJ Fuller has suggested works.

Thanks again for both of your recommendation which I had been trying for several weeks without a single success with fog snap-in. I shall get back soon.

[nssijt]

Sorry I wasn't able to test it out as yet as I found that the issue is because of the initial provsioning package that I wasn't able to removed

Not sure why, once i run the ppkg once, it cannot be removed for me to run another ppkg or the similar ppkg

I shall test and get back if JJ Fuller's script works on another machine probably after 12 Sep as it is crunch time for me this period