Jump to content


anyweb

Prompting standard users to confirm or change Regional, Time Zone and Country settings after Windows Autopilot enrollment is complete

Recommended Posts

Introduction

When users complete Windows Autopilot Out of Box Experience (OOBE), they can be asked to confirm Country and Keyboard settings, based on what is configured in the following Windows Autopilot Deployment Profile settings. Below is the Windows Autopilot deployment profile settings used for this blog post, notice how the User account type is set to Standard. Notice also that the Privacy settings setting is set to Hide.

Windows Autopilot deployment profile settings.png

Your users will most likely be used to seeing the region related screens during OOBE, for example:

lets start with this region.png

However if you disable Privacy Settings in the Windows Autopilot Deployment profile, even though you might allow users to select Country and Keyboard settings, Windows Autopilot still sets the Time Zone to Pacific Standard Time.

You can confirm this behavior by pressing left shift+F10 and typing PowerShell then Get-TimeZone.

Get-TimeZone.png

This Time Zone will apply regardless of what country the user selects.

Even if your users are tech-savvy enough to find out where in Windows Settings they need to change these region based settings, if they are a standard user (which they should be in today's security conscious world), changing the timezone may leave them with incorrect time and incorrect regional format settings in the operating system.

To fix this you could use Geo location and Azure services as per Nickolaj's post here, provided of course that:

  • Your company allows Geo location
  • Your company is not using any proxies or VPN's that mask the users actual location.

This solution is not affected by either of these things, doesn't need local administrative permissions and does not require enabling privacy settings. This solution prompts the end user to confirm (or change) the detected settings, and then uses some back end magic to set everything in place including triggering a time sync.

This method works even for standard (non administrator) users.

Requirements

The method requires that you use the English (En-US) version of Windows 10 as delivered from your OEM. If any other language is applied from the factory then it might cause some of the logic to fail. If you do go down that route, then you'll need to prepare language specific versions of the zonemapping.csv and other files as necessary. So let's get started. You can always install language packs later.

 

Step 1. Get the scripts

Note: You can only download these files when logged on as a member of https://www.windows-noob.com

Note: Intune has a hard block of 200,000 bytes per PowerShell script. To get around this limit, I've removed most of the original comments from the Powershell scripts. The resulting script can be uploaded to Intune as it's less than the 200,000 bytes limit even with all the files encoded. If you'd like a copy of the version with comments included to help with troubleshooting, scroll to the very bottom of this blog post.

Download the condensed ZIP: win.ap.CreateScheduledTask.SetTimeZone_CONDENSED_VERSION.zip

Extract the condensed ZIP file to C:\Scripts\SetTimeZone

 

Step 2. Get ServiceUI.exe from MDT

You'll need the ServiceUI.exe executable file to display user interfaces (UI) to end users when operating in SYSTEM context. To get the file, download and install MDT somewhere and navigate to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64. To download MDT click here.

Copy the ServiceUI.exe file to your extracted SetTimeZone\Encode folder so it looks like this.

 

ServiceUI exe.png

Step 3. Modify the scripts

Open SetTimeZone-GUI.ps1 and SyncTime.ps1 in PowerShell ISE and make changes as appropriate. Once done editing those scripts to suit your needs save the changes. Then run the Encode script to generate the encoded txt files which you will paste into the variables highlighted below.

blank variables.png

you can do that by locating the appropriate TXT file for each encoded file, for example for ServiceUI.exe it'll be the ServiceUI.txt file, open it in notepad,

copy the contents of that file using CTRL+A and CTRL+C

ServiceUI encoded.png

and paste the results using CTRL+V into the associated variable, once you've done all 5 encoded files it'll look something like this

encoded files added to variables.png

 

If you are happy with all the changes in win.ap.CreateScheduledTask.SetTimeZone.ps1, save the changes.

Step 4. Deploy it from Intune

In Microsoft Endpoint Manager, select devices, scripts and add a new PowerShell script. Fill in some details like so.

deploy the script.png

Deploy it to your Windows Autopilot users (start with a small group of users to test...), note that if you deploy this script to users that have already enrolled, the script checks if the enrollment was within the last 72 hours and if it was it will run, but if the enrollment was more than 72 hours ago, it'll do nothing.

Step 5. Test it out

First off, let's see what the expected outcome is. After Windows Autopilot enrollment is complete, and the user has logged on to the desktop, shortly after they login they will see a popup window asking them to Confirm or Change their Time Zone and Region settings. Below is an example of that.

Please confirm your timezone settings.png

The user can confirm the settings by simply clicking Confirm, or if they want to change any of the options they can do so by clicking the relevant drop down menu.

In this example the user changed the Regional format to English (Sweden), from English (United States) and after clicking Change the settings are applied.

english sweden.png

The following will occur when Confirm or Change is clicked.

The keyboard layout is set (1), the regional format is in the chosen format (2) and the time will change to the selected timezone within one minute (3). The time sync takes place via an event generated in event viewer by the SetTimeZone-Gui script.

changes 123.png

Windows 11 support

Does it work with Windows 11 ? absolutely !

see here:

settimezone in win11.pngJob done !

Troubleshooting

Note: If you are testing this on a hyper-v virtual machine, please disable enhanced mode.

There are three log files generated by this solution

  • win.ap.CreateScheduledTask.SetTimeZone.log located in C:\Windows\Temp
  • win.ap.SetTimeZone-GUI.log located in C:\Users\<username>\appdata\local\Temp
  • win.ap.synctime.log located in C:\Windows\Temp

Here you can see it changing the time zone as revealed in the log file time change...

successfully set.png

the following scheduled tasks are created.

Scheduled Tasks.png

The SetTimeZone scheduled task will run within a few minutes of the user logging in, it runs the following script.

Install_SetTimeZone.png

which in turn launches Powershell and our SetTimeZone-Gui.ps1 script

%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File %temp%\SetTimeZone-Gui.ps1

That will launch the UI shown previously, allowing the end user to confirm or change the detected settings. Once the user confirms or changes the timezone settings an event ID will be generated which will in turn launch the Synctime Based on EventId task.

EventId.png

Magic 🙂

If the user ignores the popup and restarts the computer, it will appear again after logging on every time they logon for 7 days. You can change that behavior via the scripts settings.Ok that's it for this blog post, see you next time,

cheers

niall

 

Related: https://smsagent.blog/2022/05/13/beware-of-changing-regional-format-after-intune-enrolment/

Footnote: Here is the commented version of ZIP. This version of the scripts cannot be uploaded to Intune as it's too big, use for troubleshooting purposes only.win.ap.CreateScheduledTask.SetTimeZone_COMMENTED_VERSION.zip

 

 

Share this post


Link to post
Share on other sites

Hi

 

Fristly

 

Im new to autopilot so please forgive me if i ask stupid questions.

 

...Stumbled across this as i have an issue which seems to be similar.  I set the region and keyboard settings to UK when configuring the deployment profile but it doesn't change it to what i have set it to.  Does this solution change it when applying the deployment profile or does it only wait until it is fully configured and then prompt the user to confirm region settings for up to a period of 72 hours? (from what i have been reading)

 

need help with this part.  What changes would i make?
 

Step 3. Modify the scripts

Open SetTimeZone-GUI.ps1 and SyncTime.ps1 in PowerShell ISE and make changes as appropriate

 

regards

G

Edited by Locutus
error

Share this post


Link to post
Share on other sites

please re-read the blog post, basically this allows you to easily let standard users (non-administrators) change (or confirm) their regional settings that are set during Windows Autopilot, this occurs AFTER Windows Autopilot is finished

Share this post


Link to post
Share on other sites

you don't need to make any changes to SetTimeZone-GUI.ps1 however you should take a look at the synctime.ps1 script as it tries to sync from both on-premise (eg: your Domain) as well as other sources, therefore you might want to make changes in that script

Share this post


Link to post
Share on other sites

Thanks

Just added the data from the txt files and now my antivirus thinks its a threat and has quarantined it...😭

will need to try it on another non business machine with a different antivirus..

Share this post


Link to post
Share on other sites

This is awesome. Been toying with this across a few evenings. I keep getting the wrong time zone after adding in a few timezones, e.g. eastern standard time. I think it is because of the -pattern logic so it is deciding to use eastern standard time (mexico) vs just Eastern Standard Time. Wondering if something like this will work (I'm going crosseyed as an irregular regular expression user trying to make sure I encapsulate and escape correctly so it evaluates the variable contents), or potentially defeat the purpose of your fix for names...
# export list of available timezones on this computer..
    Get-TimeZone -listavailable | Export-CSV $env:temp\timeZones.csv
    $TimeZones = $(select-string -Path $env:temp\timezones.csv -Pattern "^$SetTimezone$")
    LogWrite "Timezones = $TimeZones"

 

Thanks so much!

Share this post


Link to post
Share on other sites

what media are you using ? i'll remind you of this bit..

 

Requirements

The method requires that you use the English (En-US) version of Windows 10 as delivered from your OEM. If any other language is applied from the factory then it might cause some of the logic to fail. If you do go down that route, then you'll need to prepare language specific versions of the zonemapping.csv and other files as necessary. So let's get started. You can always install language packs later.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...