Loading...

Task Sequence Password Protect: GUI for SCCM and MDT

7 A+ A-

In this post I will show you a PowerShell GUI I created for SCM or MDT that allows you to protect a Task Sequence with a password.

Context
You don't want anyone can run a TS and install a computer, for instance by mistake.
For that you want that people who run the TS have to type a specific password a the beginning of the TS.
If 5 bad password has been typed, then the TS will exit and the computer will reboot.
If not the TS will continue to the next step.
In this post I will explain both SCCM and MDT way.

Prerequisites
- Add PowerShell and .NET components in your boot image
- Check the the WinPE and WPF bug is fixed, see here.

How to get it ?

How it looks like ?
The GUI looks like as below:

Type the password in the password box then click on the button.
If bad password has been typed the lock icon will become red.
An icon in the tool bar allows you to change the main theme: Dark or Light.

See it in action from MDT

What's next ?
Use AD credentials
In the next version I will allow you to run a TS using an AD account.
Users who are able to run TS will have to be member of a specific AD group.
In the GUI, you will have to type your AD credentials.
If credentials are those one from a member of the group, the TS will continue.

Multi language
I will also allow you to customize all text from an XML file. This way you will be able to customize it easily with your own language.

Create the GUI content
1. Download the wizard
2. Copy the folder to your server
3. Go to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64
4. Copy the file ServiceUI.exe in the wizard folder: 

So far we have seen how to create the wizard content and how to customize it. Now let's see how to implement it in our SCCM environment.

Create the SCCM package
1. Go to Software Library
2. Go to Application Management then Packages
3. Do a right click and select Create Package
4. Type a name like TS Password Protect GUI
5. Check This package contains source files
6. Click on Browse, then select the folder containing the wizard

7. Click on Next
8. Select Do not create a program

9. Click on Next
10. Click on Next
11. Click on Close

Distribute the package
1. Do a right-click on your package
2. Select Distribute Content
3. Click on Next

4. Click on Add and select Distribution Point
5. Select your DP and click on OK

6. Click on Next
7. Click on Next
8. Click on Close

Task Sequence implementation
In this method we will create two Run command Line steps that will work as below:
- Step the Task Sequence password in a variable
- Run the TS Password Protect GUI

1. Edit your TS
2. Click on Add, General then Set Task Sequence Variable

3. Type a name like Set TS Password
4. Configure as below:

5. Click on Add, General then Run Command Line
6. Type a name like Run TS Password Protect
7. In the commandline part, configure as below:
8. Check package and select the previously created package.
9. See below how looks like the step:


Do it for MDT

In this part I will explain how to use it with MDT.
1. Edit your TS
2. Click on Add, General then Set Task Sequence Variable
3. Type a name like Set TS Password
4. In the TS variable field, type TS_Password
5. Type a password in the Value field
6. Click on AddGeneral then Run PowerShell script
7. Type a name like Run TS Password Protect
8. Copy the GUI folder in the Deploy folder, for instance

9. Type the below command line
Task Sequence password 486509252940658017

Enregistrer un commentaire

  1. This is a very useful project, good work, a great addition to the TS. Would like to use it in Software Center to allow a user to trigger a task sequence. Currently it fails as it does not think it is being run from a task sequence. Could the powershell files be adapted to allow this?

    RépondreSupprimer
  2. Hi,

    This looks good. How do you change or add the password that you want?

    RépondreSupprimer
  3. hello, how can i change or add the password that i want?
    thanks

    RépondreSupprimer
  4. hello, how can i set my password?

    thanks

    RépondreSupprimer
  5. Has anyone figured this out yet?

    Do we download the entire folder from GitHub or just the require file?

    How do we change the passcode and add this into mdt?

    RépondreSupprimer
  6. Hi, can you help me understand the problem on MDT?

    FAILURE ( 5206 ): The Deployment Wizard was cancelled or did not complete successfully. The deployment will not proceed.
    Exception calling "LoadFrom" with "1" argument(s): "Could not load file or assembly 'file:///Z:\Scripts\TS_Password\MahApps.Metro.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)"
    At \\192.168.1.100\DeploymentShare$\Scripts\TS_Password\TS_Password.ps1:13 char:1
    + [System.Reflection.Assembly]::LoadFrom('Z:\Scripts\TS_Password\MahApp ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    NotSpecified: (:) [], MethodInvocationException
    Exception calling "LoadFrom" with "1" argument(s): "Could not load file or assembly 'file:///Z:\Scripts\TS_Password\MahApps.Metro.IconPacks.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)"
    At \\192.168.1.100\DeploymentShare$\Scripts\TS_Password\TS_Password.ps1:14 char:1
    + [System.Reflection.Assembly]::LoadFrom('Z:\Scripts\TS_Password\MahApp ...

    RépondreSupprimer

Accueil item