Customer's own laptop, they bought it because their school insisted they buy their own laptops. The school's IT staff had their wicked way with it. Now the customer's finished school and wants to use their laptop as its own thing again. I've just backed up data, zeroed the drive in diskpart, reinstalled w10 from USB media. On reconnection to the internet the OOBE goes back to their school logo and asks for a school Microsoft ID to continue. I'm ****ing mystified as to how this happened, frankly. There is clearly a blind spot in my understanding of Windows activation and credentials. How can it be picking up the school as an organisation if I wiped the entire machine? There's nothing in the UEFI about organisations, admins or anything else like a company backdoor. There are no other drives or partitions present. The only persistent element I can even think of is the product key in the EFI, but a company can't/wouldn't overwrite that with their own, would they? I redid the reload, started with an offline account, then went online once Windows was fully installed and signed into their credentials and it worked fine, no mention of the school. But I'm haunted by the fact that it was able to appear in the OOBE after a clean reinstall.
Sounds like there must be an embedded key somewhere, I didn't even know you could do that. Mind you there's lots I don't know.
When you say you zeroed the drive, did you actually use the clean command? If not, a recovery partition could remain Also, windows installs can be tied a motherboard, I'm wondering if the key that's bound to the laptop is for a cut down version
Yeah, I always clean, convert gpt every drive, just for peace of mind. To prevent exactly this sort of thing! The only persistent elements are the product key and the hardware IDs. The association must be managed on Microsoft's side, I figure - they somehow remember an association between either the product key or the motherboard itself and the organisation, and automatically suggest/link it when you go through OOBE with an internet connection? It's undocumented online though and I find it seriously creepy.
Sounds like some kind of MDM is kicking in and you need to unenroll/disconnect it from whatever corporate spyware remote management tools the school is/was using. Here's how to unenroll it from MS Intune [if that's what they're using] but it looks like you need to be able to get into a user account first. https://docs.microsoft.com/en-us/mem/intune/user-help/unenroll-your-device-from-intune-windows As for how it knows, it's probably based off device id in windows, so as soon as it connects to MS' services it'll go 'Device ID A1BC234D is enrolled in XYZ org' and prompt you like you're being prompted. ...but like everyone else, not my sphere of knowledge so just best guestimation on my part.
Sounds like the laptop was joined to their Azure AD and Windows Autopilot/InTune. Fresh installs of 10 & 11 Pro/Enterprise connect to Microsoft at the start of OOBE to check if they should be applying company/school settings etc. It should be ok but I'd personally get your client to contact their old school and have them remove the device from AD completely as it will happen again if it ever gets reinstalled.
I had an ex business PC that was doing that, I did the offlin account then added but I had the same worries so editted the serial number which sorted mine as I seller wasn't sure whop it was off as he doubt a bulk buy
Yup the device is setup for auto enrollment via Intune. I don't know if this will work but try this. Use Rufus to burn the windows 10 image to the usb, select the option to create an offline account (you can rename it afterwards. When installing windows do not plug the laptop into Ethernet or connect to WiFi during the setup process at all. I've got a call with my Guys that manage our environment on Thursday, I'll ask them for "Science" for this type of scenario.
