The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Building and installing Provisioning Packages on Windows devices

Download Windows Speedup Tool to fix errors and make PC run faster

Provisioning Packages are small executables that prepare one or more devices for corporate use. When devices are common for both office and personal use, certain rules should prevent data mix-ups. Though we have the Enterprise Data Protection feature in Windows 11/10, it is still a good idea to provision Windows devices with rules so that they are fit for both office and personal use. This post looks at building provisioning packages in Windows 10 and deploying them.

Windows Provisioning Packages

Provisioning packages can be considered a group of commands that make a device ready for use. Though intended for commercial use, these packages can also be used to restore devices for personal use. Provisioning packages can be used to program multiple devices, so you can use them for various purposes instead of restricting them to offices. For instance, you can provision your mobile phone and tablet to have the same set of rules related to the lock screen, wallpaper, apps,, etc.

With Windows, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. This can result in a significant reduction in the time required to configure multiple devices in your organization, says TechNet.

You can configure the following using a provisional package:

  1. Applications: you can choose what apps to install and what rights the apps enjoy;
  2. MDM – Mobile Device Management: You can use provisional packages to enroll devices into Microsoft Intune or other MDM services automatically;
  3. Certificates: you can install and manage certificates using provisional packages in Windows;
  4. Connectivity: you can create and install WiFi profiles to Windows 10 devices without having to set them up on each device manually;
  5. User Rights: you can specify the privileges for apps and data access using the Windows provisioning packages; the same provisioning package can be used to provide the same user rights on different devices;
  6. Data: you can also provision documents, videos, music, and images if the need arises
  7. Start menu and other customization: you can select what all features should be available to users while building the provisioning packages and then use it to customize the start menu, lock screen etc.

Provisioning packages can be used via an email, an SD card, direct PC-to-device connection (recommended) and a USB Flash drive.

Benefits of Provisioning Packages in Windows

With services such as Bring Your Own Device (BYOD) or Bring Your Own Service (BYOS) gaining momentum in the corporate sector, you have to configure each device properly so that the corporate data is not at risk. You can apply rules manually, but that would be tedious if you have many employees.

To counter this, use the provisioning packages for Windows devices. You can build a provisioning package using the Provisioning Package Wizard and then deploy the rules, etc., to different devices just by running the package on each device. This saves tremendous work and time.

You can configure a new device using the provisioning package, eliminating the need for imaging. You can quickly configure an employee-owned device without having to go for Mobile Device Management or Enterprise Data Security in Windows.

In short, provisioning packages are key to saving time and effort when configuring or re-configuring devices used by employees, whether the device is provided by the company or employee-owned.

Building a Provisioning Package in Windows

To create and configure devices, you will need to use Windows Imaging and Configuration Designer (Windows ICD). A provisioning package, with the extension .ppkg, will contain the customizations you choose using the Windows ICD.

  1. To create a new provisioning package, select New provisioning package from the Windows ICD start page.
  2. In the next page, enter the name of the project and location where you wish to save the ppkg file
  3. Click Next and select the edition of Windows for which you are creating the provisioning package; by default, it will be Windows Common but since we are talking about Windows 10 here, select Windows 10
  4. Click Finish to start adding rules to the configuring package.

The provisioning page will look somewhat like the image below. When you select one of the options in the left pane, you will see the rules in the right pane. Select the ones you wish to include in the provisioning package.

Windows 10 Provisioning Packages

Note that the components available will be based on the Windows edition you select. You don’t need to see exactly the same window options in your Windows ICD as shown in the image. It will differ for different editions, so you need not worry if you can’t find an option.

  1. Once you are done with configuring the package and adding customizations to it, click on the Export button.
  2. Select Provisioning Package from the drop-down menu that appears
  3. You will encounter a page asking you for details about the project; these are same as you entered in step 2; if you wish to make any changes, you can do so or else, proceed to next page
  4. This step is optional too; you may choose to encrypt the provisioning package or leave it unencrypted. I would recommend you to encrypt the package so that no one can break into it to alter the configurations
  5. On the next page, select the destination where you wish to save the ppkg file and click Next
  6. Click on Build; it will take a while to build the provisioning package so you may go and get yourself a cup of coffee meanwhile

Applying the Provisioning Packages to Windows devices

You can experiment with the Windows Insider program since the final build is not yet out. You will have two options: configure a PC or configure a phone.

You can apply the configuration during deployment or runtime to configure a PC. The latter is easier as you double-click the provisioning package and click on Allow to let the package configure the device. To configure a PC during deployment, you must use the Windows ICD command line.

For mobile phones, you cannot use the provisioning package at deployment. You have to use it at runtime, which is similar to the method for PC. Just connect the mobile device to PC using a USB cable and double-click on the provisioning package. Click Allow to let the package configure your device.

You can see how easy it becomes to set up and configure devices with provisioning packages in Windows. You do not have to do it manually for each device, and in the case of large organizations, you save plenty of days by provisioning the devices that the employees use.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.