$scriptContent = @' Install-Module LocalMDM -Force $enrollmentRoot = 'HKLM:\SOFTWARE\Microsoft\Enrollments' $targetProvider = 'MS DM Server' $syncScript = @" 4 ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/FirstSyncStatus/ExpectedPolicies chr text/plain ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/EXEGroup/EXE/Policy./Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnableAccount./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID "@ $match = Get-ChildItem -Path $enrollmentRoot | Where-Object { (Get-ItemProperty -Path $_.PSPath -Name ProviderID -ErrorAction SilentlyContinue).ProviderID -eq $targetProvider } if (-not $match) { Write-Error "No enrollment instance found with ProviderID='$targetProvider'." exit 1 } $instancePath = $match.PSPath function Set-EnrollmentType { param($typeValue) Set-ItemProperty -Path $instancePath -Name EnrollmentType -Type DWord -Value $typeValue -Force } $firstSyncKey = Join-Path $instancePath 'FirstSync' if (-not (Test-Path $firstSyncKey)) { New-Item -Path $firstSyncKey -Force | Out-Null } $existingValue = Get-ItemProperty -Path $firstSyncKey -Name 'IsServerProvisioningDone' -ErrorAction SilentlyContinue New-ItemProperty -Path $firstSyncKey -Name 'IsServerProvisioningDone' -PropertyType DWord -Value 0 -Force | Out-Null Set-EnrollmentType -typeValue 20 send-localmdmrequest -SyncML $syncScript $result = send-localmdmrequest -omauri ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/FirstSyncStatus/ExpectedPolicies $result.data > c:\windows\temp\123.log Set-EnrollmentType -typeValue 6 $existingValue = Get-ItemProperty -Path $firstSyncKey -Name 'IsServerProvisioningDone' -ErrorAction SilentlyContinue New-ItemProperty -Path $firstSyncKey -Name 'IsServerProvisioningDone' -PropertyType DWord -Value 1 -Force | Out-Null '@ $bytes = [System.Text.Encoding]::Unicode.GetBytes($scriptContent) $encoded = [Convert]::ToBase64String($bytes) Start-Process powershell.exe -ArgumentList "-mta -NoProfile -ExecutionPolicy Bypass -EncodedCommand $encoded" -Wait