Deploy using provisioning packages

  • 3 minutes

A provisioning package is a method of applying configuration settings to a Windows 10 or later device using either removable media or downloaded directly to the device. They are created using a graphical tool called Windows Configuration Designer (WCD). Similar to the concept of group policies, Administrators use WCD to select options for a specific configuration. WCD then exports a package file containing the settings that can be applied to a Windows 10 or Windows 11 device.

You can use a provisioning package to modify a Windows installation and configure many runtime settings without having to reinstall the Windows operating system. For example, you can use a provisioning package to:

  • Configure the Windows user interface.
  • Add additional files or apps.
  • Adjust connectivity settings.
  • Meet mobile network requirements.
  • Manage Certificates.
  • Comply with security policies.
  • Remove installed software.
  • Reset the Windows installation to its initial state.

Although you can achieve the same result by deploying a new customized Windows 10 or Windows 11 image, using a provisioning package is much faster because the file sizes are very small.

In a provisioning package, you can configure many settings such as:

  • ComputerAccount
  • Certificates
  • EditionUpgrade
  • Folders
  • Policies

For example, by using the ComputerAccount setting, you can specify:

  • The name for a Windows computer.
  • Which domain the computer is a member of.
  • Which organizational unit (OU) you want to create the computer account in.
  • Which user account you will use to add the computer to the domain.

You can use the EditionUpgrade setting to:

  • Upgrade Windows Pro to Windows Enterprise edition or Windows Education edition.
  • Upgrade Windows Home to Windows Education edition without reinstallation.
  • Change a product key.
  • Perform activation by using the EditionUpgrade setting.
  • Apply runtime settings to a running Windows computer, to an offline Windows image, or during the OS installation.

After you configure the settings in the provisioning package, you export the package to a .ppkg file. During the export, you can choose to encrypt the package and sign it. If the provisioning package is signed, you can allow only packages that are trusted to be applied on a client computer.

You apply the provisioning package by running the .ppkg file, by adding the provisioning package in the Settings app, or by running the Add-ProvisioningPackage Windows PowerShell cmdlet.

Provisioning Packages can be beneficial for organizations who do not have a more centralized management tool. However, as Provisioning Packages can be applied offline, they can be beneficial for enterprise organizations in scenarios where internet connectivity is limited or unreliable.