TUTORIAL: Easily setup DFE unsecured devices using a script

Contents
show
This article is for you if
- You are trying to setup DFE unsecured devices for student home learning and need to do this on mass
- You want to easily setup multiple DFE unsecured Windows devices for student home use and don’t have time to do this process over and over and require a quicker method
Issue / Fault definition
- The DFE are now issuing unsecured Windows devices to schools and these are then having to be configured via the schools IT Support teams. Sometimes in in batches of >100 devices at a time.
Known Fixes / Solutions
- A good solution would be to setup a custom MDT installation and bundle in all the required software and then image the machines, however if time does not permit this or if there are not enough devices to warrant this a script which can be ran from USB is a good alternative.
@echo off cls REM ---- COVID Laptop Setup Script V5 ---- echo ---- Get device serial number set torun=wmic bios get serialnumber /format:value for /f "tokens=2 delims==" %%a in ('%torun%') do set serial=%%a echo ---- Change computer Hostname to the site initials + device serial number removing any spaces set /p site=Site initials (Example - SRU): set "hostname=%site%-%SERIAL%" REM Remove any spaces set hostname=%hostname: =% cmd /c "wmic computersystem where name='%computername%' call rename name='%hostname%'" echo ---- Gather PC Specs and output to a text file ( systeminfo | findstr /c:"OS Name" systeminfo | findstr /c:"OS Version" systeminfo | findstr /c:"System Manufacturer" systeminfo | findstr /c:"System Model" systeminfo | findstr /c:"System type" systeminfo | findstr /c:"Total Physical Memory" echo Serial Number = %SERIAL% ) >> "%~dp0%hostname%.txt" echo ---- Add Wifi profile netsh wlan add profile filename="%~dp0WiFi.xml" user=all echo ---- Detecting Internet connection :DetectPing echo ---- Waiting for Internet connection timeout 5 ping -n 1 1.1.1.1 | find "TTL=" || goto :DetectPing echo ---- Internet connection detected proceeding with script echo ---- Get accurate time by setting a time server ntp address net stop w32time w32tm /config /syncfromflags:manual /manualpeerlist:"0.uk.pool.ntp.org 1.uk.pool.ntp.org 2.uk.pool.ntp.org 3.uk.pool.ntp.org" net start w32time echo ----- Create a standard student user net user Student /ADD /ACTIVE:YES echo ---- Set the student user to auto login reg import "%~dp0User_Autologon.reg" echo ---- Add an Office 365 shortcut to all users desktops copy "%~dp0Office 365.url" %public%\Desktop REM Check if we are installing office i.e. the presence of an Office folder and skip if not found IF NOT EXIST "%~dp0Office" GOTO Skip_Office echo ----- Uninstall any Click to run Office msiexec.exe /uninstall {90160000-008C-0000-1000-0000000FF1CE} /q msiexec.exe /uninstall {90160000-008C-0409-1000-0000000FF1CE} /q msiexec.exe /uninstall {90160000-007E-0000-1000-0000000FF1CE} /q echo ----- Please uninstall 365 Click to run manually from control panel rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl pause echo ---- Install Office "%~dp0Office\setup.exe" /adminfile "%~dp0Office\adminfile.msp" echo ---- Activate Officevprior to filtering cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /act :Skip_Office echo ---- Install Edge msiexec /i "%~dp0Edge.msi" echo ---- Install remote management msiexec /i "%~dp0RMM.msi" echo ---- Install filtering msiexec /i "%~dp0Filtering.msi" echo ---- Please test the filtering is working by visiting bbc.co.uk (allowed) and 888.com (blocked) cmd /C start microsoft-edge:http://www.bbc.co.uk cmd /C start microsoft-edge:http://www.888.com pause echo ---- Rebooting the device so the Student user Windows 10 setup can be ran and filtering checked as the Student user shutdown /r /f /t 300
The contents of the reg file is as follows
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultUserName"="Student" "DefaultPassword"="" "DefaultDomain"="" ; Add a domain if you are part of one "AutoAdminLogon"="1"
To export the Wi-Fi.xml file run the below netsh command
netsh wlan export profile key=clear
Mitigation
- Order pre secured DFE devices that are covered by the Cisco Umbrella filtering from the DFE
Prerequisites
- USB Sticks
- DEF unsecured Windows devices
External Links
- Get laptops and tablets for children who cannot attend school due to coronavirus (COVID-19) – GOV.UK (www.gov.uk)
- Get help with technology during coronavirus (COVID-19) – GOV.UK (www.gov.uk)
- Login – Department for Education (service-now.com)
- Get help with technology – GOV.UK (education.gov.uk)
- Laptops, tablets and 4G wireless routers provided during coronavirus (COVID-19) – GOV.UK (www.gov.uk)
Words of caution
You are reading this guide with the knowledge that anything provided here is given as is, we do not hold any responsibility for damage or loss of property, customers, profits and or loss of data.