Run server side code and commands in a safe way during SCCM OSD

This is part 2 of my posts about Onevinn SCCM Extensions that my colleague Johan Schrewelius has written and posted here:

It includes Modern driver management features but also an extension to execute Server Side commands during OS deployment in the Task Sequence to replace Scripts and Webservices.

This functionality is a direct response to the fact that the world is turning rougher. We can no longer expose this kind of functionality trough a web service, which in practice is a low security interface to Configuration Manager and/or Active directory. Instead we have implemented a windows service that monitors Configuration managers own status message que and picks up requests made from the clients during deployment. It is, of course, highly recommended to switch to HTTPS haven’t you already.

All “sensitive” commands that were available in the previous release of the Onevinn web service have been replaced with a predefined TS command, just choose from the drop-down list:

The “Note” box will provide basic help regarding necessary argument:

In the event the built-in commands are not enough it’s possible to run custom scripts!! 😀

In this case a script called “TEMPLATE_AD.ps1” is run with parameters -OSDComputerName and -ResourceID.

Any script in the “C:\TSScripts” folder can be invoked the same way.

The service account used for TS Commander will, depending on which functionality is invoked, need matching permissions in AD and SCCM.
Again test it out, provide feedback so it can be improved if you miss something.

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.