Task Sequence PIN Protect: Protect your TS with a PIN code

In this post I will show you a PowerShell GUI I created for SCCM or MDT that allows you to protect a Task Sequence with a PIN code.

Context
You don't want anyone can run a TS and install a computer, for instance by mistake.
For that you want that people who run the TS have to type a specific PIN code at the beginning of the TS.
If 5 bad PIN code have been typed, then the TS will exit and the computer will reboot.
If not the TS will continue to the next step.
In this post I will explain both SCCM and MDT way.

Other protection methods
You can find some other methods to protect a TS in my previous posts:
- Protect a Task Sequence with a password
- Protect a Task Sequence with an AD account

Prerequisites
- Add PowerShell and .NET components in your boot image
- Check the the WinPE and WPF bug is fixed, see here.

How to get it ?

• DOWNLOAD

How it looks like ?
The GUI looks like as below:

Choose your PIN code using numbers buttons then click on the blue button.
Click on the red button to clear PIN code.
If a bad PIN code has been typed the lock icon will become red.
An icon in the tool bar allows you to change the main theme: Dark or Light.

See it in action from MDT

Create the GUI content
1. Download the wizard
2. Copy the folder to your server
3. Go to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64
4. Copy the file ServiceUI.exe in the wizard folder: 

So far we have seen how to create the wizard content and how to customize it. Now let's see how to implement it in our SCCM environment.

Create the SCCM package
1. Go to Software Library
2. Go to Application Management then Packages
3. Do a right click and select Create Package
4. Type a name like TS PIN Code Protect GUI
5. Check This package contains source files
6. Click on Browse, then select the folder containing the wizard

7. Click on Next
8. Select Do not create a program

9. Click on Next
10. Click on Next
11. Click on Close

Distribute the package
1. Do a right-click on your package
2. Select Distribute Content
3. Click on Next

4. Click on Add and select Distribution Point
5. Select your DP and click on OK

6. Click on Next
7. Click on Next
8. Click on Close

Task Sequence implementation
In this method we will create two Run command Line steps that will work as below:
- Add the Task Sequence PIN code in a variable
- Run the TS PIN Code Protect GUI

1. Edit your TS
2. Click on Add, General then Set Task Sequence Variable

3. Type a name like Set TS PIN
4. Configure as below:

5. Click on Add, General then Run Command Line
6. Type a name like Run TS PIN Protect
7. In the commandline part, configure as below:
8. Check package and select the previously created package.
9. See below how looks like the step:

Do it for MDT
In this part I will explain how to use it with MDT.
1. Edit your TS
2. Click on Add, General then Set Task Sequence Variable
3. Type a name like Set TS PIN
4. In the TS variable field, type TS_PIN
5. Type a password in the Value field

6. Click on Add, General then Run PowerShell script
7. Type a name like Run TS PIN Code Protect

8. Copy the GUI folder in the Deploy folder, for instance

9. Type the below command line