TUTORIAL: Easily setup DFE unsecured devices using a script


This article is for you if

  • You are trying to setup DFE unsecured devices for student home learning and need to do this on mass
  • You want to easily setup multiple DFE unsecured Windows devices for student home use and don’t have time to do this process over and over and require a quicker method

Issue / Fault definition

  • The DFE are now issuing unsecured Windows devices to schools and these are then having to be configured via the schools IT Support teams. Sometimes in in batches of >100 devices at a time.

Known Fixes / Solutions

  • A good solution would be to setup a custom MDT installation and bundle in all the required software and then image the machines, however if time does not permit this or if there are not enough devices to warrant this a script which can be ran from USB is a good alternative.
@echo off
REM ---- COVID Laptop Setup Script V5 ----

echo ---- Get device serial number
set torun=wmic bios get serialnumber /format:value
for /f "tokens=2 delims==" %%a in ('%torun%') do set serial=%%a

echo ---- Change computer Hostname to the site initials + device serial number removing any spaces
set /p site=Site initials (Example - SRU):
set "hostname=%site%-%SERIAL%"

REM Remove any spaces
set hostname=%hostname: =%
cmd /c "wmic computersystem where name='%computername%' call rename name='%hostname%'"

echo ---- Gather PC Specs and output to a text file
systeminfo | findstr /c:"OS Name"
systeminfo | findstr /c:"OS Version"
systeminfo | findstr /c:"System Manufacturer"
systeminfo | findstr /c:"System Model"
systeminfo | findstr /c:"System type"
systeminfo | findstr /c:"Total Physical Memory"
echo Serial Number = %SERIAL%
) >> "%~dp0%hostname%.txt"

echo ---- Add Wifi profile
netsh wlan add profile filename="%~dp0WiFi.xml" user=all

echo ---- Detecting Internet connection
echo ---- Waiting for Internet connection
timeout 5
ping -n 1 | find "TTL=" || goto :DetectPing
echo ---- Internet connection detected proceeding with script

echo ---- Get accurate time by setting a time server ntp address
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"0.uk.pool.ntp.org 1.uk.pool.ntp.org 2.uk.pool.ntp.org 3.uk.pool.ntp.org"
net start w32time

echo ----- Create a standard student user
net user Student /ADD /ACTIVE:YES

echo ---- Set the student user to auto login
reg import "%~dp0User_Autologon.reg"

echo ---- Add an Office 365 shortcut to all users desktops
copy "%~dp0Office 365.url" %public%\Desktop

REM Check if we are installing office i.e. the presence of an Office folder and skip if not found
IF NOT EXIST "%~dp0Office" GOTO Skip_Office
echo ----- Uninstall any Click to run Office
msiexec.exe /uninstall {90160000-008C-0000-1000-0000000FF1CE} /q
msiexec.exe /uninstall {90160000-008C-0409-1000-0000000FF1CE} /q
msiexec.exe /uninstall {90160000-007E-0000-1000-0000000FF1CE} /q
echo ----- Please uninstall 365 Click to run manually from control panel
rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl
echo ---- Install Office
"%~dp0Office\setup.exe" /adminfile "%~dp0Office\adminfile.msp"

echo ---- Activate Officevprior to filtering
cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /act

echo ---- Install Edge
msiexec /i "%~dp0Edge.msi"

echo ---- Install remote management
msiexec /i "%~dp0RMM.msi"

echo ---- Install filtering
msiexec /i "%~dp0Filtering.msi"

echo ---- Please test the filtering is working by visiting bbc.co.uk (allowed) and 888.com (blocked)
cmd /C start microsoft-edge:http://www.bbc.co.uk
cmd /C start microsoft-edge:http://www.888.com

echo ---- Rebooting the device so the Student user Windows 10 setup can be ran and filtering checked as the Student user
shutdown /r /f /t 300

The contents of the reg file is as follows

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomain"="" ; Add a domain if you are part of one

To export the Wi-Fi.xml file run the below netsh command

netsh wlan export profile key=clear


  • Order pre secured DFE devices that are covered by the Cisco Umbrella filtering from the DFE


  • USB Sticks
  • DEF unsecured Windows devices

External Links

Words of caution

You are reading this guide with the knowledge that anything provided here is given as is, we do not hold any responsibility for damage or loss of property, customers, profits and or loss of data.

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

Leave a Reply

Your email address will not be published. Required fields are marked *