Dump Task Sequence variables during OSD the safe way
I have used Michael Niehaus excellent script for dumping all task sequence variables during OSD which is great for troubleshooting. https://blogs.technet.microsoft.com/mniehaus/2010/04/26/dumping-task-sequence-variables/
However it dumps all TS variables including:
- _SMSTSReserved variables which for instance contains the Network access account username and password in clear text. The same goes for the Domain Join account used in the Task Sequence.
- _OSDOAF which contains the TPM Password Hash for the computer it the Pre-Provision Bitlocker step is used and it takes ownership of the TPM.
So my college Johan Schrewelius posted a nice little Powershell script that can be used instead, which excludes the “sensitive” variables and only write the public ones to the log file.
It can be downloaded here: https://gallery.technet.microsoft.com/Task-Sequence-Variables-de05b064
In many environment scripts used for troubleshooting like this are left in the production Task Sequences and that is not a really good idea if it includes username/password in clear text or TPM password hash.
The script simply filters out the “sensitive” variables:
So if you need to use a script to list the TS variables be carefull where that log file is stored or use this one.
Exclude .Net Framework 4.5.1 building images using Windows Update
ConfigMgr vNext Feature: Download Package Content
Deploying a custom iOS Wi-Fi profile with password using Intune+ConfigMgr
About Author
Jörgen Nilsson
Add a Comment
This site uses Akismet to reduce spam. Learn how your comment data is processed.
hi.
to utilize this in TS environment, check this :
https://gallery.technet.microsoft.com/Show-and-Save-all-SCCM-MDT-331a1ef0#content
no need to write PS manually, simply click and run