November 25, 2016
HomeSystem Center Configuration ManagerDump Task Sequence variables during OSD the safe way

Dump Task Sequence variables during OSD the safe way

By  System Center Configuration Manager  1 Comment

I have used Michael Niehaus excellent script for dumping all task sequence variables during OSD which is great for troubleshooting. https://blogs.technet.microsoft.com/mniehaus/2010/04/26/dumping-task-sequence-variables/

However it dumps all TS variables including:

  • _SMSTSReserved variables which for instance contains the Network access account username and password in clear text. The same goes for the Domain Join account used in the Task Sequence.
  • _OSDOAF which contains the TPM Password Hash for the computer it the Pre-Provision Bitlocker step is used and it takes ownership of the TPM.

So my college Johan Schrewelius posted a nice little Powershell script that can be used instead, which excludes the “sensitive” variables and only write the public ones to the log file.
It can be downloaded here: https://gallery.technet.microsoft.com/Task-Sequence-Variables-de05b064

In many environment scripts used for troubleshooting like this are left in the production Task Sequences and that is not a really good idea if it includes username/password in clear text or TPM password hash.

The script simply filters out the “sensitive” variables:

FilterSo if you need to use a script to list the TS variables be carefull where that log file is stored or use this one.

Tags:, , ,

Related Posts

About Author

Jörgen Nilsson

One Comment
  1. Martin

    hi.
    to utilize this in TS environment, check this :
    https://gallery.technet.microsoft.com/Show-and-Save-all-SCCM-MDT-331a1ef0#content

    no need to write PS manually, simply click and run

    Reply

Add a Comment

Your email address will not be published. Required fields are marked *