Dump Task Sequence variables during OSD the safe way
I have used Michael Niehaus excellent script for dumping all task sequence variables during OSD which is great for troubleshooting. https://blogs.technet.microsoft.com/mniehaus/2010/04/26/dumping-task-sequence-variables/
However it dumps all TS variables including:
- _SMSTSReserved variables which for instance contains the Network access account username and password in clear text. The same goes for the Domain Join account used in the Task Sequence.
- _OSDOAF which contains the TPM Password Hash for the computer it the Pre-Provision Bitlocker step is used and it takes ownership of the TPM.
So my college Johan Schrewelius posted a nice little Powershell script that can be used instead, which excludes the “sensitive” variables and only write the public ones to the log file.
It can be downloaded here: https://gallery.technet.microsoft.com/Task-Sequence-Variables-de05b064
In many environment scripts used for troubleshooting like this are left in the production Task Sequences and that is not a really good idea if it includes username/password in clear text or TPM password hash.
The script simply filters out the “sensitive” variables:
So if you need to use a script to list the TS variables be carefull where that log file is stored or use this one.
Excluding .Net Framework 4.5.2 when you build your images.
Presenting at TechDays Sweden 2014!
Use DCM to monitor that all laptops are encrypted using Bitlocker
About Author
Jörgen Nilsson
Add a Comment
This site uses Akismet to reduce spam. Learn how your comment data is processed.
hi.
to utilize this in TS environment, check this :
https://gallery.technet.microsoft.com/Show-and-Save-all-SCCM-MDT-331a1ef0#content
no need to write PS manually, simply click and run