Zero-Touch Windows Workstation Provisioning & Maintenance Toolkit
A PowerShell-based, automated provisioning solution that transforms Windows 10 & 11 workstation deployment from a 30-step manual process into a single "plug-and-play" operation. Whether you're imaging bare metal, cleaning up an existing PC, or running routine maintenance on already-deployed machines, DeployWorkstation handles bloatware removal, essential application installation, and in-place app upgrades.
- ๐ App Update Support โ detects and upgrades already-installed applications in-place; safe to re-run on existing machines
- ๐ก๏ธ Winget Auto-Bootstrap โ automatically downloads and installs winget on OEM machines where it's missing or outdated
- ๐ Network Retry Logic โ automatic retries with delay on transient network errors during installation
- ๐ฅ๏ธ Windows Edition Awareness โ detects Home vs. Pro/Enterprise and warns when policy keys will have no effect
- ๐๏ธ OEM OneDrive Removal โ three-path removal covering both Appx and embedded OEM binaries
- ๐ Multi-Language Support โ auto-detects locale via
Get-Culture; ships withen-USandes-ES - โ
Real-time Progress โ
Write-Progressconsole bars throughout all major operations
- ๐ Self-Elevating & Policy-Bypassing โ automatically relaunches under Windows PowerShell 5.1 with
-ExecutionPolicy Bypassand UAC elevation - ๐๏ธ UWP "Bloatware" Purge โ comprehensive removal of built-in apps including Copilot, Teams, New Outlook, Clipchamp, OneDrive, Xbox, and more
- โ๏ธ Win32/MSI Removal & DISM Cleanup โ enterprise software removal via WinGet, DISM, and registry manipulation
- ๐ฆ Standard App Installation & Upgrade โ automated install and in-place upgrade of essential third-party tools via WinGet
- ๐พ Offline Fallback Support โ bundles proprietary installers for network-independent deployment
- ๐ Centralized Logging โ detailed operation logs plus an HTML report with pause-for-review functionality
- ๐ง New Outlook & Mail
- ๐ค Copilot Assistant
- ๐ฅ Microsoft Teams (Consumer)
- ๐ฌ Clipchamp Video Editor
- ๐จโ๐ฉโ๐งโ๐ฆ Family Safety & Parental Controls
- โ๏ธ OneDrive Sync Client (Appx + OEM binary)
- ๐ผ LinkedIn Integration
- ๐ Skype for Windows
- ๐ฎ Xbox Gaming Suite
- ๐ต Groove Music
- ๐ฐ News & Weather Apps
- ๐บ๏ธ Maps Application
- ๐ Quick Assist Remote Support
- ๐ฅ๏ธ Remote Desktop Services
- ๐ฅฝ Mixed Reality Platform
- ๐ฎ Game Bar & Gaming Features
- ๐บ Windows Media Player Legacy
- ๐ Windows Search Indexing (Optional)
- ๐ก๏ธ McAfee Security Suite
- ๐ Norton Antivirus
- ๐บ Bloatware Media Applications
- ๐ฏ Manufacturer-Specific Utilities
- ๐ Trial Software & Demos
- ๐ฆ Malwarebytes โ premium malware protection
- ๐งน BleachBit โ system cleanup and privacy tool
- ๐ Windows Defender โ enhanced configuration
- ๐ Google Chrome โ modern web browser
- ๐๏ธ 7-Zip โ universal archive manager
- ๐ Adobe Acrobat Reader DC โ PDF viewer
- ๐น VLC Media Player โ universal media player
- ๐ Notepad++ โ advanced text editor
- โ๏ธ .NET Framework 4.8 โ legacy app compatibility
- โ๏ธ .NET Desktop Runtime 6 / 7 / 8 โ modern app support
- ๐ง Visual C++ 2015โ2022 Redistributables (x64 & x86)
- ๐ป Windows 10/11 (Any Edition)
- ๐ Internet Connection (for WinGet packages โ winget auto-installs if missing)
- ๐ค Administrator Access
- ๐พ USB Drive or Network Share (Optional)
-
๐ฅ Download the Repository
git clone https://github.com/Pnwcomputers/DeployWorkstation.git cd DeployWorkstation -
๐พ Prepare Deployment Media
copy DeployWorkstation.ps1 E:\ copy DeployWorkstation.bat E:\
-
โถ๏ธ Execute Deployment# Method 1: Double-click the .bat launcher (recommended) DeployWorkstation.bat # Method 2: Direct PowerShell execution powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\DeployWorkstation.ps1 -
โณ Select Deployment Mode The launcher presents four options:
Option Description 1 โ Full Deployment Bloatware removal + app install + system config 2 โ Bloatware Removal Only Skips app installation 3 โ App Installation Only Skips bloatware removal 4 โ System Config Only Registry/policy hardening only -
โ Review & Reboot
- Script pauses for final review on completion
- HTML report generated:
DeployWorkstation.html - Detailed log available:
DeployWorkstation.log - System reboot recommended for a clean finish
v5.11 is safe to run on already-deployed workstations. The upgrade logic updates any managed apps with newer versions available via winget.
# Re-run for app updates only (skip bloatware removal on a previously cleaned machine)
.\DeployWorkstation.ps1 -SkipBloatwareRemoval
# Dry-run to preview what would change without making any modifications
.\DeployWorkstation.ps1 -DryRun| Parameter | Description |
|---|---|
-SkipAppInstall |
Skip all application installation |
-SkipBloatwareRemoval |
Skip bloatware and UWP removal |
-SkipDefaultUserConfig |
Skip default user profile configuration |
-SkipSystemConfig |
Skip registry/policy hardening |
-SkipJavaRuntimes |
Skip Java runtime installation |
-ExportWingetApps |
Export currently installed winget apps to apps.json |
-ImportWingetApps |
Import and install apps from apps.json |
-DryRun |
Simulate all actions without making changes |
-LogPath <path> |
Custom path for the log file |
# Core Applications (Always Installed)
$CoreApps = @(
"Google.Chrome",
"7zip.7zip",
"VideoLAN.VLC",
"Malwarebytes.Malwarebytes"
)
# Optional Applications (User Selectable)
$OptionalApps = @(
"Microsoft.VisualStudioCode",
"Git.Git",
"Docker.DockerDesktop"
)$OfflinePackages = @{
"CustomApp1" = "\\NetworkShare\Software\App1.msi"
"CustomApp2" = "E:\Installers\App2.exe /S"
}$LogLevel = "Detailed" # Options: Basic, Detailed, Verbose
$LogRetention = 30 # Days to keep logs| Profile | Use Case | Applications | Configuration |
|---|---|---|---|
| Corporate | Business workstations | Office tools, security software | Details |
| Developer | Programming workstations | IDEs, development tools | Details |
| Home User | Personal computers | Media, communication apps | Details |
| Feature | Manual Deployment | Other Tools | DeployWorkstation |
|---|---|---|---|
| Automation Level | โ Manual (8+ hours) | โ Full Automation (30 minutes) | |
| Bloatware Removal | โ Manual deletion | โ Comprehensive purge | |
| Enterprise Software | โ Manual uninstall | โ Often skipped | โ Registry-based removal |
| App Updates | โ Manual per-app | โ In-place upgrade on re-run | |
| Offline Support | โ Media required | โ Internet dependent | โ Hybrid approach |
| Error Handling | โ Manual intervention | โ Retry logic + HTML report | |
| Customization | โ Full control | โ Highly configurable |
| Metric | Traditional Method | DeployWorkstation |
|---|---|---|
| Total Time | 4-8 hours | 30-45 minutes |
| Manual Steps | 30+ operations | 1 double-click |
| Error Rate | ~15% (human error) | <2% (automated) |
| Consistency | Variable | 100% standardized |
| Scalability | Linear time increase | Parallel deployment |
- New employee workstation setup
- Hardware refresh projects
- Standardized corporate imaging
- Remote office provisioning
- Client workstation deployment and routine maintenance
- Malware cleanup and rebuild
- Hardware upgrade services
- Maintenance contract fulfillment โ re-run to keep apps current
- Lab computer preparation
- Student workstation imaging
- Faculty equipment setup
- Semester refresh operations
- Personal computer setup
- Family PC maintenance
- Small office standardization
Script won't execute
- Ensure PowerShell execution policy allows scripts
- Verify UAC elevation is working
- Check Windows PowerShell 5.1 is available WinGet installation failures
- The script will attempt to auto-install/repair winget on OEM machines
- Verify internet connectivity if bootstrap also fails
- Update Windows to latest version Bloatware returns after reboot
- Run script as Administrator
- Ensure all user profiles are processed
- Check Group Policy restrictions Offline installers not found
- Verify installer paths in script
- Check file permissions on USB drive
- Ensure installers support silent installation
# Check for errors and warnings in the deployment log
Get-Content .\DeployWorkstation.log | Select-String "ERROR|WARNING"
# Verify WinGet package status
winget list --source wingetThe HTML report (DeployWorkstation.html) provides the same information in a readable format โ open it in any browser after the run completes.
DeployWorkstation/
โโโ DeployWorkstation.ps1 # Main PowerShell script
โโโ DeployWorkstation.bat # Self-elevating launcher with menu
โโโ Installers/ # Offline installer directory
โ โโโ CustomApp1.msi
โ โโโ CustomApp2.exe
โโโ Logs/ # Auto-created log directory
โ โโโ DeployWorkstation.log
โ โโโ DeployWorkstation.html # Post-run HTML report
โโโ Config/ # Configuration files
โ โโโ AppLists.json
โ โโโ Settings.xml
โโโ README.md
- ๐ฅ๏ธ GUI Configuration Interface (pre-run checkbox dialog)
- ๐ Web-based Management Console
- ๐ Domain Integration
- ๐ Cloud Configuration Sync
- ๐ Windows Server Hardening Mode (no app install)
- ๐ Analytics & Telemetry (CSV/JSON export for fleet tracking)
We welcome contributions! Here's how to get started:
- ๐ Documentation โ improve README clarity, add configuration examples, create troubleshooting guides
- ๐ Bug Reports โ open issues with detailed descriptions, system info, and log excerpts
- ๐ก Feature Requests โ open issues with
[FEATURE]tag, describe use case and benefits - ๐ Security Issues โ email [email protected] with proof of concept; allow reasonable disclosure time
This project is licensed under the MIT License โ see the LICENSE file for details.
- ๐ Documentation: Check this README and the project wiki
- ๐ Bug Reports: Open an issue on GitHub
- ๐ก Feature Requests: Open an issue with
[FEATURE]tag - ๐ฌ General Support: [email protected]
๐ฏ Transform your Windows deployment process from hours to minutes โ and keep it current with every re-run.
Built with โค๏ธ for efficiency, reliability, and zero-touch automation.
โญ Star this repo if it saved you time and effort!
Tested on Windows 10 (1909+) and Windows 11 โ Enterprise, Pro, and Home editions