The User / Account Enrollment Status Page (ESP) has long been a source of frustration for IT administrators using Windows Autopilot. Devices often get stuck, time out, or fail to finish the Account Setup (User Enrollment Status Page) correctly.
In a previous blog, I explored an alternative approach using the Company Portal instead of Account Setup. While that method remains valid, we now have some good news: Microsoft appears to have addressed this issue with a new feature in the latest Windows Insider builds: AutopilotClearUserEspCacheOnComplete.
This feature changes how the Enrollment Status Page (ESP) operates by clearing outdated ESP cache data once a user completes the setup. Previously, this process relied on the Intune Management Extension, but Microsoft is now integrating it directly into Windows. This shift could improve Autopilot’s reliability and streamline user provisioning.
Discovering the New ESP Feature
While analyzing the latest Windows Insider Preview build, we identified a new feature using the mach2 tool: AutopilotClearUserEspCacheOnComplete (ID: 55554139).
This Autopilot discovery follows a similar method that previously revealed Microsoft’s work on Autopilot Device Preparation (41603559). While some assumed that development on Autopilot had slowed, these findings suggest continued improvements. The core function of this feature appears to directly address common Enrollment Status Page issues. However, before diving into the details, it is important to examine how similar functionality exists within the Intune Management Extension (IME).
ESP Cache Clearing in the Intune Management Extension
Before the discovery of AutopilotClearUserEspCacheOnComplete, ESP cache clearing was also built in to the Intune Management Extension (IME) code. Within the Win32App plugin, a function exists that performs a similar cleanup process.
As shown below inside the IME code, we could also spot the clearespaccountsetupcacheifnecessary method.
- It checks whether OOBE is complete by calling OOBEComplete(ref complete), a function in kernel32.dll.
- If OOBE is complete, it then checks for existing ESP-related registry keys (SOFTWARE\Microsoft\Provisioning\AutopilotSettings).
- If ESP cache entries exist, it archives the current AccountSetupCategory.Status value and removes the original entry.
At first, this looked like just another IME enhancement, ensuring that ESP didn’t get stuck on stale data. But then, while digging into the latest Windows Insider Preview builds, we discovered Microsoft had baked this logic directly into Windows itself. (windows.management.service.dll)
The new Windows feature mirrors what IME was doing but is now executed as part of Autopilot’s native Windows deployment logic. This means ESP cache clearing is no longer just an Intune-specific fix, it’s now a core Windows function.
Autopilot Clear User ESP Cache
This Autopilot Clear ESP Cache feature ties directly into how Autopilot manages the Enrollment Status Page (ESP) . It seems to trigger a function called `PrepareForForNthUserAsync, which kicks off the AutopilotClearUserEspCacheOnComplete. This function clears the ESP Account cache after the first user finishes setup, which gets the system ready for the next user.
What’s interesting is that this might be Microsoft’s fix for the common issue where the Account ESP (or User ESP) page gets stuck. Many of us have dealt with devices hanging on this page during Autopilot setup, especially when there was a delay in processing or when certain device configurations failed.
In the past, IT admins tried to work around this by enabling options like `SkipUserStatusPage` or tweaking ESP profile settings by configuring the “Only show page to devices provisioned by out-of-box experience (OOBE)”
However, this new Autopilot User ESP cache clearing feature seems to address the root of the problem by cleaning up the ESP cache to prevent these issues altogether. Before zooming into the feature itself, we need to discuss the Prepareforfor NTH user that kicks off the esp user cache clearing feature.
What Is the “Nth User”?
The term “Nth user” sounds fancy, but it’s just a way of saying “the next user” or “any user after the first.” When a device is provisioned with Autopilot, the first user gets a clean, fully set-up experience. But what happens if another user logs in later?
Without cleanup, the old account status data from the first user could mess things up for the next one, which could lead to the User ESP being stuck.
The “Nth user” concept ensures the device resets certain settings so the next user can log in without any issues. Think of scenarios like shared devices in schools or workplaces or devices being reassigned to a new user. This new feature ensures that the second user’s experience is just as smooth as the first.
How the ESP Clear Cache Feature Works
Let’s examine the mermaid flow before zooming in on the steps of how this clear ESP function will work.
1. Feature Check:
- The function first checks if a feature flag (
AutopilotClearUserEspCacheOnComplete) is enabled. If not, it exits early.
2. Registry Key Handling:
- Attempts to open the registry key
Software\Microsoft\Provisioning\AutopilotSettings. - If the key cannot be opened, the function logs an error and exits.
3. Value Query:
- Checks if the
AccountSetupCategory.Statusvalue exists in the registry key. - If the value does not exist, the function skips further processing and exits.
4. Value Manipulation:
- Allocates memory to read the value’s data.
- If successful, it retrieves the current system time and appends it to the value’s data, forming a new value.
5. Registry Update:
- It writes the new value with the timestamp back in the registry.
- Deletes the original
AccountSetupCategory.Statusregistry value.
Summary of Purpose
The code is part of the Windows Autopilot logic for managing the OOBE and ESP processes. Its goal is to:
- Ensure that OOBE and ESP sessions don’t inadvertently resume due to leftover states.
- Reset necessary configurations for a clean and predictable experience for the next user.
- Clear user-specific ESP cache to enable a fresh start for subsequent users.
Why Is This Useful?
Autopilot is mostly used for single-user setups, but there are cases where multiple users interact with the same device. These include:
Shared Devices: In schools or offices where several people log in to the same machine.
Reassigning Devices: When a device is wiped and given to someone else without a full factory reset. (Please Note: This is not the best method. Just wipe the device, please.)
This feature also addresses the common problem of the Account ESP getting stuck. Instead of skipping the page entirely with `SkipUserStatusPage,` it cleans up the leftover ESP data that causes the issue. Combined with improved ESP profile settings, it provides a more robust solution to prevent these problems.
Why Now?
Many thought Autopilot’s development had slowed down, with Microsoft focusing on newer deployment tools. But this feature shows Autopilot is still being improved. It might be a response to feedback from organizations that use shared devices or frequently reassign hardware. Fixing these edge cases makes Autopilot more reliable for everyone.
The Bottom Line
`AutopilotClearUserEspCacheOnComplete` and its helper function `PrepareForForNthUserAsync` solve the shared and multi-user devices ESP problem. By deleting the `AccountSetupCategory.Status` key and replacing it with a timestamped version, they ensure the next user’s experience isn’t impacted by the first. This might even solve the frustrating “stuck on the Account ESP” issue that’s plagued Autopilot users for a while.
