Context difference between a Task Sequence in MDT and SCCM

I have gotten this question so many times now when writing scripts and blog posts what the difference is between a Task Sequence in MDT and SCCM. In some scenarios this makes a huge difference and is important to know about.

When you execute an OSD Task Sequence in MDT you are logged on as the local administrator account as shown below. Which means that all Scripts, Applications etc. is run as the local administrator account.

MDTTS_Context

MDTTS_Context1

When you use Configuration Manager the Task Sequence is executed in System context which means that scripts, applications are executed in System Context. So if we enable F8 support (Remember testing only!) we are running in System Context.
SCCMTS_Whoami

Why is this important?, well if you test and install applications using Configuration Manager you should always test them in System Context and not as the local administrator, this can be done using PSexec. When you develop and run scripts you need to be aware of this as well and again test them in System Context if applicable.
An example would be the script I blogged a while ago to set a corporate wallpaper in Windows 10, when running that script we need to take ownership of the files in question before we can replace them. If we run it in MDT we need to the “Administrator” to own the files to be able to replace them, if we use Configuration Manager we need to use “System” instead to own the files.

Example MDT

takeown /f c:\windows\WEB\wallpaper\Windows\img0.jpg

takeown /f C:\Windows\Web\4K\Wallpaper\Windows\*.*

icacls c:\windows\WEB\wallpaper\Windows\img0.jpg /Grant ‘Administrator:(F)’

icacls C:\Windows\Web\4K\Wallpaper\Windows\*.* /Grant ‘Administrator:(F)’

Remove-Item c:\windows\WEB\wallpaper\Windows\img0.jpg

Remove-Item C:\Windows\Web\4K\Wallpaper\Windows\*.*

Copy-Item $PSScriptRoot\img0.jpg c:\windows\WEB\wallpaper\Windows\img0.jpg

Copy-Item $PSScriptRoot\4k\*.* C:\Windows\Web\4K\Wallpaper\Windows

Example Configuration Manager

takeown /f c:\windows\WEB\wallpaper\Windows\img0.jpg

takeown /f C:\Windows\Web\4K\Wallpaper\Windows\*.*

icacls c:\windows\WEB\wallpaper\Windows\img0.jpg /Grant ‘System:(F)’

icacls C:\Windows\Web\4K\Wallpaper\Windows\*.* /Grant ‘System:(F)’

Remove-Item c:\windows\WEB\wallpaper\Windows\img0.jpg

Remove-Item C:\Windows\Web\4K\Wallpaper\Windows\*.*

Copy-Item $PSScriptRoot\img0.jpg c:\windows\WEB\wallpaper\Windows\img0.jpg

Copy-Item $PSScriptRoot\4k\*.* C:\Windows\Web\4K\Wallpaper\Windows

I hope this is helpful!

Add a Comment

Your email address will not be published. Required fields are marked *