Another option for folks that are deploying to collections other than “unknown”
would be to just password protect the whole TS outside the boot image that way
it can be used in Software Center as well, put a condition on the “Execute Task
Sequence” step (or the first step in your TS for those that aren’t using MDT
integration), then just give that password to techs. It would be in clear text
in a vb script, but really only using it as a safety check for that accidental
mandatory push to “All Systems”. Helps me sleep at night :)
::PasswordCheck.vbs::
Dim objOSD, strInputBox, PassCheck
Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")
' Close Task Sequence Progress bar
Set ProgressUI = CreateObject("Microsoft.SMS.TsProgressUI")
ProgressUI.CloseProgressDialog
Do
Response = InputBox("This process will capture your data, reinstall the
Operating System and restore your user data." & VbCrLf & VbCrLf & "The media is
password protected." & VbCrLf & VbCrLf & "Enter the password below and click OK
to continue."& VbCrLf & VbCrLf,"Imaging Confirmation")
' Check for correct password
If isEmpty(Response) Then
objOSD("PasswordCheck") = False
Wscript.Quit
ElseIf Response = "PASSWORD" Then
PassCheck = True
Else
MsgBox("Invalid password. Please contact the
help desk for further assistance.")
PassCheck = False
End If
Loop While Not(PassCheck)
' Assign SCCM Task Sequence variable
objOSD("PasswordCheck") = PassCheck
From: [email protected] [mailto:[email protected]] On
Behalf Of Merenda, Kenneth
Sent: Wednesday, April 1, 2015 8:53 AM
To: [email protected]
Subject: RE: [mssms] Re-imaging computers without deleting sccm object
My org has tight control over who can use SCCM console, and even tighter
control of task sequences and deployments.
I have an available deployment of our task sequence to all unknown PC’s, and
all client systems, media/PXE only.
To prevent problems, I’ve password protected the boot images. We’ve been doing
this for years with no issues.
There are steps you can take <http://osdoa.com/osd-kill-switch/> to help limit
the impact of an accidental required TS deployment, like adding a check for a
text file on the network as an emergency kill switch.
Kenneth Merenda
From: [email protected] <mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Steve Whitcher
Sent: Wednesday, April 1, 2015 7:09 AM
To: [email protected] <mailto:[email protected]>
Subject: Re: [mssms] Re-imaging computers without deleting sccm object
As others have said, we have a collection "Deploy Windows 7" that we put
computers in when we want them to be imaged. Then reboot to pxe. There is a
role that removes them from the collection and clears the required pxe
deployments automatically when the task sequence completes successfully.
If you don't want to give techs access to SCCM, you could probably bar the
collection membership off of an AD group.
—
Sent from Mailbox
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.dropbox.com_mailbox&d=AwMFaQ&c=r_B2dqKkHczsuXPCSs5DOw&r=krYjy-Xm1tps1F_nkG9sNKQIT3ZPFrUh3rvr18goJ2E&m=dt9ocDZbm4TfVPKy1wJyFCScS3d8I1VFXTajf1dwvXA&s=t_iIuiQzvqqimGq364F-kUgpoTKHmuep_0y-9MQqjKk&e=>
On Tue, Mar 31, 2015 at 3:19 PM, Chris Carbone
<[email protected] <mailto:[email protected]>
> wrote:
We currently need to delete the computer out of SCCM each time we want to image
a computer. Is there a way where we can image a computer without doing this? We
want it to stay in SCCM for asset management from another system that is
pulling from SCCM.
This electronic mail transmission may contain confidential information intended
only for the use of the individual(s) identified as addressee(s). If you are
not the intended recipient, you are hereby notified that any disclosure,
copying, distribution or the taking of any action in reliance on the contents
of this electronic mail transmission is strictly prohibited. If you have
received this transmission in error, please notify me by telephone immediately.
