Loading...

Task Sequence Password Protect: GUI for SCCM and MDT


In this post I will show you a PowerShell GUI I created for SCM or MDT that allows you to protect a Task Sequence with a password.

Context
You don't want anyone can run a TS and install a computer, for instance by mistake.
For that you want that people who run the TS have to type a specific password a the beginning of the TS.
If 5 bad password has been typed, then the TS will exit and the computer will reboot.
If not the TS will continue to the next step.
In this post I will explain both SCCM and MDT way.

Prerequisites
- Add PowerShell and .NET components in your boot image
- Check the the WinPE and WPF bug is fixed, see here.

How to get it ?

How it looks like ?
The GUI looks like as below:

Type the password in the password box then click on the button.
If bad password has been typed the lock icon will become red.
An icon in the tool bar allows you to change the main theme: Dark or Light.

See it in action from MDT

What's next ?
Use AD credentials
In the next version I will allow you to run a TS using an AD account.
Users who are able to run TS will have to be member of a specific AD group.
In the GUI, you will have to type your AD credentials.
If credentials are those one from a member of the group, the TS will continue.

Multi language
I will also allow you to customize all text from an XML file. This way you will be able to customize it easily with your own language.

Create the GUI content
1. Download the wizard
2. Copy the folder to your server
3. Go to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64
4. Copy the file ServiceUI.exe in the wizard folder: 

So far we have seen how to create the wizard content and how to customize it. Now let's see how to implement it in our SCCM environment.

Create the SCCM package
1. Go to Software Library
2. Go to Application Management then Packages
3. Do a right click and select Create Package
4. Type a name like TS Password Protect GUI
5. Check This package contains source files
6. Click on Browse, then select the folder containing the wizard

7. Click on Next
8. Select Do not create a program

9. Click on Next
10. Click on Next
11. Click on Close

Distribute the package
1. Do a right-click on your package
2. Select Distribute Content
3. Click on Next

4. Click on Add and select Distribution Point
5. Select your DP and click on OK

6. Click on Next
7. Click on Next
8. Click on Close

Task Sequence implementation
In this method we will create two Run command Line steps that will work as below:
- Step the Task Sequence password in a variable
- Run the TS Password Protect GUI

1. Edit your TS
2. Click on Add, General then Set Task Sequence Variable

3. Type a name like Set TS Password
4. Configure as below:

5. Click on Add, General then Run Command Line
6. Type a name like Run TS Password Protect
7. In the commandline part, configure as below:
8. Check package and select the previously created package.
9. See below how looks like the step:


Do it for MDT

In this part I will explain how to use it with MDT.
1. Edit your TS
2. Click on Add, General then Set Task Sequence Variable
3. Type a name like Set TS Password
4. In the TS variable field, type TS_Password
5. Type a password in the Value field
6. Click on AddGeneral then Run PowerShell script
7. Type a name like Run TS Password Protect
8. Copy the GUI folder in the Deploy folder, for instance

9. Type the below command line
Task Sequence password 486509252940658017

Publier un commentaire

Publier un commentaire

emo-but-icon

Accueil item