Skip to main content
Matrix42 Self-Service Help Center

Self Provisioning

The WinPE based OS Deployment supports from Matrix42 Client Management v19.0.1 the Computer Self Provisioning. Computer Self Provisioning allows employees without Empirum knowledge to set up computer completely automated with operating system and software.

Compared to Empirum-PE-based Computer Self Provisioning, two conceptual changes have been made. First, the concept of computer templates was introduced, which is explained in more detail below. In addition, the Empirum API is used to communicate with the Empirum server during Computer Self Provisioning execution. Therefore, the Empirum API service must also be installed and configured on the Empirum server.


WinPE-based Self Provisioning can be used on all (EFI) computers but the local boot (to skip the self-provisioning) only works on computers that were previously set up with Empirum 19.0.1 / WinPE Support 1.6.1. You can start Self Provisioning from a USB stick, which can be created under Boot Configurations in Empirum. Currently the additional drivers from a Self-Provisioning boot configuration are not installed.

WinPE-based Self Provisioning only works with EFI computers - BIOS computers are not supported. Therefore, it is important to ensure that the WinPE-based boot configuration intended for self-provisioning does not include a BIOS option.

A deployment via the Empirum Sub depots is currently only possible if the computer to be deployed can establish a connection directly to the Empirum-API service on the Empirum Master Server.

If a USB stick is created on a Server 2012 R2 or Server 2016 or Windows Server before version 1703, offline sources cannot be added because these Windows Server versions cannot create a second NTFS partition. This feature is only supported from Server 2019 onwards. Alternatively, a current Windows 10 version with installed ADK 10 (1903) and Matrix42 Management Console can be used.

While choosing a WinPE based PXE Default-Image, EPE-based OS-Installations are not supported for that specific PXE-Server. Mixed-Mode operations between WinPE-PXE Default/SP-Images and EPE-PXE OS-Installations are not supported.

Starting with WinPE PreBoot Support version 1.8.3 it is also possible to perform Self Provisioning via http(s).

Computer templates

WinPE based Computer Self Provisioning introduces the concept of computer templates. This replaces the concept of Self Provisioning groups. Computer templates are placeholders in Empirum and can be treated like normal computer objects. They can be assigned to the configuration and assignment groups like normal computers. This allows you to set the target state of the new computers.

While performing a Computer Self Provisioning, a computer template is selected that serves as a template for the computer being newly created. It is assigned to the configuration and assignment groups to which the computer template is assigned. The new computer is activated and then deployed.

Creating computer templates

Computer templates can be created in the Matrix42 Management Console under Administration via the context menu in the left tree. For example, open the context menu in the left tree at the top entry Computers.


If the context menu entry New Computer Template... is selected, the dialog opens in which a new computer template can be created.


The New Computer Template dialog corresponds to the dialog for creating a new computer.

If a name is specified for a Name Pattern, this value is used in the self-provisioning process and the user is no longer asked for the name. The value is automatically used as the computer name for the client to be created. The EmpirumAPI will append a "001, 002, ..." if there is already a corresponding client. Only the characters A-Z, a-z, 0-9, -, _ are allowed. Maximum 12 characters.

If the value of the name pattern is empty, the user will be asked for the computer name (during the self-provisioning process). Here the user can specify a name with a maximum of 15 characters. The system checks whether the name is already assigned in Empirum and informs the user accordingly.

A special feature here is that the UUID and MAC address properties are not specified for computer templates. These properties can only be determined by the computer during the runtime of Computer Self Provisioning. Therefore, these properties are grayed out.

If a password is entered under password and Confirm password, the password stored here must be entered directly after the display/selection of the computer SP template in order to start the installation. If no password is entered, no query is made.

The following specifications are required when creating a computer template:

  • Computer Name
  • Workgroup/Domain


Once the specifications have been made, the new computer template can be created with OK. The new computer template appears in the list within the filter Computer Templates in the left Administration tree (it also appears in the list of unassigned computers).


Filter Computer Templates lists all Computers, which have the role Computer Template assigned.

Configure and assignment of computer templates

Once the computer template has been created, it can be assigned to an existing configuration group that has already been prepared for WinPE based OS deployment. The configuration group must be prepared as described in Chapter 2.3 Assignment in Administration starting on page19. The following settings must therefore be made:

  • Assignment of a WinPE based PXE image
  • Assignment of the necessary PreOS packages (DiskPartitioning, WindowsInstallation, PxeOffAndReboot, DomainJoin, EmpirumAgentSetup, …)
  • Configuration of computer variables
  • Assignment of the operating system edition
  • Assignment of software packages that should be installed after the operating system installation

Assignment groups can also be used to configure computer templates. Computer templates can also be assigned to multiple assignment groups. When a Computer Self Provisioning is performed, the newly created client is assigned to all groups to which the computer template is assigned.

Configure and install Empirum API service

As mentioned above, the Empirum API is used for communication during Computer Self Provisioning. To do this, the Empirum API service must be configured and installed on the Empirum Master Server via Matrix42 DBUtil.

Detailed information about the service installation via Matrix42 DBUtil can be found at Matrix42 Online Help.

  1. Start Matrix42 DBUtil.
  2. Login with the corresponding user.
  3. Select the location.
  4. Open the service configuration via the menu > Actions > Install/Configure Services.
  5. Select the protocol HTTP and configure the Port for the HTTP Connection (Default value is 9200).



Currently, the WinPE based Computer Self Provisioning requires that the Empirum API service is configured with the HTTP protocol. The protocol can be configured either as unencrypted (HTTP), or as encrypted using a certificate (HTTPS).

  1. Apply the changes
  2. Install the Empirum-API service via the context menu of the Empirum-API entry at the list.
  3. After the successful installation of the service you can close Matrix42 DBUtil.

The Empirum-API service is installed and available for WinPE based Computer Self Provisioning. The next step is to create a Boot Configuration for the Computer Self Provisioning.

Boot Configurations at Computer Self Provisioning 

To perform computer self-provisioning at boot time, you must create a boot configuration that includes this functionality.

  1. A WinPE based boot configuration contains the Enable Self Provisioning property, which must be selected. To see all properties, you've to activate the Advanced Properties switch first.



  1. After selecting the Self Provisioning property, the properties for the Empirum-API logon information appears additionally. These must also be specified.

Use a user who has enough rights on the database. The user must have at least the roles EMP_M_COMPUTER and EMP_M_COMP_ROLE, which can be assigned to the user via Matrix42 DBUtil. SQL Server or Windows users are possible.


  1. The boot configuration must be saved so that the changes can be implemented.

If the PXE image creation was successful, you can continue with the activation of the Computer Self Provisioning on the Empirum server.

Additional Empirum-API connection data

In order to establish this communication to the WinPE runtime, additional connection data is taken from the database and stored in the PXE boot image when building the PXE boot image. The following information will be used:

  • Empirum-API service server name
  • Empirum API service HTTP Protocol Specifications
    • Port
    • Encryption

If the Empirum-API service has not been configured and installed via Matrix42 DBUtil, an error will occur when building the Self Provisioning activated PXE boot image, because the connection specifications to the Empirum-API service are necessary.

Currently only the HTTP protocol is supported. It can be configured either as unencrypted (HTTP), or as encrypted using a certificate (HTTPS).

Activating Computer Self Provisioning at Empirum Server

WinPE-based self-provisioning is only intended for installation roads in its current state and should not be used in productive environments, since the tools cannot be booted locally there, as long as they have not previously been set up with the WinPE support version (1.6.3) or EPE support version (4.7.11).

Using the Offline Boot Medium Creation function, a USB flash drive can be created at the Boot Configuration in the Empirum console. This USB flash drive can be used to perform Computer Self Provisioning directly on the new computer by booting the USB flash drive.

If the Computer Self Provisioning should be used via a PXE boot, the standard PXE image on the PXE server entry of the Empirum Master Server in Matrix42 DBUtil must be set to the created WinPE based self-provisioning image. Afterwards the change must be saved with Apply and the PXE service must be reinstalled.


Registry modification for the Empirum PXE service

At the WinPE based Computer Self Provisioning the following registry value must be set on the Empirum Master Server (on which the PXE service runs) (like the EmpirumPE 4 based Computer Self Provisioning):


Must be set to 1, or respectively must be created (Type = DWORD; Value = 1).

Executing Computer Self Provisioning at the computer

If the preparations have been made, the Computer Self Provisioning can now be started with a new computer. Booting can be done either from the created USB flash drive or from PXE.

When the computer boots windows boot manager shows a menu where Local Boot is selected per default. To start Self Provisioning you must select Empirum Self Provisioning within 10 seconds.


After selecting Empirum Self Provisioning the WinPE based environment is automatically started and the user is guided through Computer Self Provisioning. The following  information is required:

  • Choosing the computer template
  • Specification of the stored password (if configured)
  • Specify the new computer name (if no name pattern was specified).

After starting the Self Provisioning user interface, the necessary drivers are installed (1), then a connection to the Empirum server is established (2). If the action was successful, a green checkmark is displayed.


(3) Select computer template

Select one of the available computer templates.


Only assigned computer templates are displayed here for selection.

After selecting the computer template, you will be taken directly to the entry for the password of the computer template (4). If no password has been assigned for the selected computer template, proceed directly with (5).


(4) Enter the password of the computer template.

If a password has been entered in the computer template, this must be confirmed here to reinstall the computer using Self Provisioning.


After entering the password, press the [ENTER] or [TAB] key.

The computer template password is checked. If the password has been entered correctly, press (5) to continue if no name pattern has been defined.

If a name pattern has been defined, press (6) directly.

If an incorrect password has been specified for the selected computer template, you can enter it again or select another computer template (3).


(5) Enter new computer name

If no name pattern was defined in the computer template, you must now specify a computer name.


After entering the computer name, press the [ENTER] or [TAB] key to go to the item (6).

A maximum of 12 characters A-Z, a-z, 0-9, -, _ are allowed. If the computer name is entered incorrectly, the input area turns red. If you move the mouse over the input area bordered in red, a corresponding error message is displayed.

If a computer template with a predefined name pattern was selected, this name pattern is already entered as the computer name.


(6) Start deployment now

Now you can check all the information provided.


Pressing any key [ENTER] completes the operation so that the deployment for the computer can be performed directly afterwards.

A check is performed to see if this computer name already exists - if so, a "_01", "_02" etc. is appended and the computer with this name is registered in Empirum.

Currently this schema of the name extension ("_01", "_02 etc.") is fixed and cannot be changed!

The lower area now shows the actual computer name as it was created in Empirum - in the group with the selected computer template - via API.

The new computer will now be created with the specified name in Empirum and assigned and activated to the configuration and assignment groups according to the selected computer template.

If the computer is already known in Empirum, it will be completely removed from all groups and Empirum before re-creation.


This Self Provisioning screen remains visible (hourglass) until the new distribution orders have been written to the DDC file, then the start screen is displayed and the usual OS deployment runs.


Self-Provisioning via Depot Server (Offline)

The following prerequisites must be fulfilled so that Self Provisioning can also be performed using a depot server (offline):

  • Customized Empirum Agent Template.
  • Customized WinPE Boot image - Standard and Self Provisioning.
  • Own Empirum group with selected Empirum Server (Depot).
  • The variable FQDN must be filled with a correct value.
  • The sync template ESubdepot_DeviceMapping must be assigned to the depot server (offline).


Empirum Agent Template

It is best to create your own Empirum Agent template for the depot server (offline) (in this example "Agent_Depot").


It is important that the depot server (offline) has been selected here as "Fallback Server" (in this example "").


WinPE Boot images

For the standard WinPE boot image and for the Self Provisioning boot image, the previously created agent template must be selected (in this example "Agent_Depot").




Empirum group

It makes sense to create your own configuration group here (in this example "SelfProvisioning"). For the configuration files to be transferred (sync) to the correct depot server, you must make the following settings.

Right-click this group and select Properties. Switch to the Empirum Server tab. Under Available Empirum Servers, select your depot server (Offline) and add it via the Plus button under Assigned Empirum Servers.


For this configuration group to function properly, it must be assigned the PreOS packages you require, an operating system import, a PXE boot image (default, no self-provisioning), and a computer template. Optionally, language packs, the UEM Agent, and other software packages can be assigned.

All variables used here must also be set to this configuration group, in particular the FQDN variable.


The default boot image is required if additional reboots are required during operating system installation.


  • Was this article helpful?