Dump Task Sequence variables during OSD the safe way

I have used Michael Niehaus excellent script for dumping all task sequence variables during OSD which is great for troubleshooting. https://blogs.technet.microsoft.com/mniehaus/2010/04/26/dumping-task-sequence-variables/

However it dumps all TS variables including:

  • _SMSTSReserved variables which for instance contains the Network access account username and password in clear text. The same goes for the Domain Join account used in the Task Sequence.
  • _OSDOAF which contains the TPM Password Hash for the computer it the Pre-Provision BitLocker step is used and it takes ownership of the TPM.

So my college Johan Schrewelius posted a nice little PowerShell script that can be used instead, which excludes the “sensitive” variables and only write the public ones to the log file.
It can be downloaded here: Onevinn – Scripts (schrewelius.it)

In many environment scripts used for troubleshooting like this are left in the production Task Sequences and that is not a really good idea if it includes username/password in clear text or TPM password hash.

The script simply filters out the “sensitive” variables:

FilterSo if you need to use a script to list the TS variables be carefull where that log file is stored or use this one.


Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.