Skip to content

Update script for Autopilot VM creation with Windows 10/11#42

Open
AndrewJNet wants to merge 1 commit into
masterfrom
AndrewJNet-patch-1
Open

Update script for Autopilot VM creation with Windows 10/11#42
AndrewJNet wants to merge 1 commit into
masterfrom
AndrewJNet-patch-1

Conversation

@AndrewJNet

@AndrewJNet AndrewJNet commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

@arwidmark Playing around with Claude a bit last night - I wanted to add some additional error checking, cleaner output and comments for a bit of context to new users running this script. 2 changes that affect how this script has worked in the past that I want to call out:

-vTPM is enabled
-The copied VHDX is named after the VM, not the template VHDX

Feel free to decline these changes - no hurt feelings :)

Claude generated PR description

Improve robustness and usability of Autopilot test VM script

This PR hardens the VM creation script and makes it friendlier for new Intune admins. No changes to the overall flow — it's still a flat, top-to-bottom script.

Safety & correctness

  • Capture the existing VM's actual VHDX paths and config folder from the VM object before deletion, instead of assuming they're under $VMLocation. Prevents orphaned disk files when the VM was created with a different location. (Note: Remove-VM never deletes disks — the previous folder cleanup only worked when the paths happened to match.)
  • Prompt for confirmation before deleting an existing VM and its files.
  • Replace exit 1 inside the try block with throw, so the finally block reliably dismounts the VHDX on failure.
  • Guard the unattend.xml edit: fail with a clear message if no ComputerName element is found in the template.

Fail fast (before the slow VHDX copy)

  • Verify the Hyper-V switch exists (and list available switches if not).
  • Check free disk space against the reference VHDX size.

Autopilot/Windows 11 support

  • Enable a vTPM before first boot (required by Windows 11; keeps the hardware hash consistent with device state). Auto-creates the UntrustedGuardian if missing. Commented that VMs can't pass TPM attestation, so self-deploying mode won't work — user-driven only.
  • Disable checkpoints by default (comment explains when to re-enable).

Usability

  • All configurable values grouped in one clearly marked "edit this" block, each with a one-line comment; removed leftover commented-out values.
  • Quieter, color-coded console output: cyan progress messages per phase, green completion message; removed -Verbose and suppressed the VM object dump from New-VM.
  • Final message prints the actual host's FQDN ($$([System.Net.Dns]::GetHostEntry('').HostName)) in the vmconnect hint, so it's correct when run remotely via Invoke-Command.

Testing

  • Fresh run on a host with no existing VM
  • Re-run with an existing VM (confirm prompt + cleanup of old paths)
  • Run with a bad switch name / missing files (verify early abort)
  • Remote run via Invoke-Command -ComputerName -FilePath

@AndrewJNet
Update script for Autopilot VM creation with Windows 10/11
79f2966 
@arwidmark Playing around with Claude a bit - I wanted to add some additional error checking, cleaner output and comments for a bit of context to new users running this script. 2 changes that affect how this script has worked in the past that I want to call out:

-vTPM is enabled
-The copied VHDX is named after the VM, not the template VHDX

Feel free to decline these changes - no hurt feelings :)

--------------------------------

## Improve robustness and usability of Autopilot test VM script

This PR hardens the VM creation script and makes it friendlier for new
Intune admins. No changes to the overall flow — it's still a flat,
top-to-bottom script.

### Safety & correctness
- Capture the existing VM's actual VHDX paths and config folder from the
  VM object before deletion, instead of assuming they're under
  `$VMLocation`. Prevents orphaned disk files when the VM was created
  with a different location. (Note: `Remove-VM` never deletes disks —
  the previous folder cleanup only worked when the paths happened to match.)
- Prompt for confirmation before deleting an existing VM and its files.
- Replace `exit 1` inside the try block with `throw`, so the `finally`
  block reliably dismounts the VHDX on failure.
- Guard the unattend.xml edit: fail with a clear message if no
  ComputerName element is found in the template.

### Fail fast (before the slow VHDX copy)
- `#Requires -RunAsAdministrator` and `#Requires -Modules Hyper-V`.
- Verify the Hyper-V switch exists (and list available switches if not).
- Check free disk space against the reference VHDX size.

### Autopilot/Windows 11 support
- Enable a vTPM before first boot (required by Windows 11; keeps the
  hardware hash consistent with device state). Auto-creates the
  UntrustedGuardian if missing. Commented that VMs can't pass TPM
  attestation, so self-deploying mode won't work — user-driven only.
- Disable checkpoints by default (comment explains when to re-enable).

### Usability
- All configurable values grouped in one clearly marked "edit this"
  block, each with a one-line comment; removed leftover commented-out
  values.
- Quieter, color-coded console output: cyan progress messages per phase,
  green completion message; removed `-Verbose` and suppressed the VM
  object dump from `New-VM`.
- Final message prints the actual host name (`$env:COMPUTERNAME`) in the
  `vmconnect` hint, so it's correct when run remotely via
  `Invoke-Command`.

### Testing
- [ ] Fresh run on a host with no existing VM
- [ ] Re-run with an existing VM (confirm prompt + cleanup of old paths)
- [ ] Run with a bad switch name / missing files (verify early abort)
- [ ] Remote run via `Invoke-Command -ComputerName -FilePath`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AndrewJNet