Skip to main content

Run server side code and commands in a safe way during SCCM OSD

This is part 2 of my posts about Onevinn SCCM Extensions that my colleague Johan Schrewelius has written and posted on TechNet Gallery: https://gallery.technet.microsoft.com/SCCM-Extensions-for-driver-be30b298

It includes Modern driver management features but also an extension to execute Server Side commands during OS deployment in the Task Sequence to replace Scripts and Webservices.

This functionality is a direct response to the fact that the world is turning rougher. We can no longer expose this kind of functionality trough a web service, which in practice is a low security interface to Configuration Manager and/or Active directory. Instead we have implemented a windows service that monitors Configuration managers own status message que and picks up requests made from the clients during deployment. It is, of course, highly recommended to switch to HTTPS haven’t you already.

All “sensitive” commands that were available in the previous release of the Onevinn web service have been replaced with a predefined TS command, just choose from the drop-down list:

The “Note” box will provide basic help regarding necessary argument:

In the event the built-in commands are not enough it’s possible to run custom scripts!! 😀

In this case a script called “TEMPLATE_AD.ps1” is run with parameters -OSDComputerName and -ResourceID.

Any script in the “C:\TSScripts” folder can be invoked the same way.

The service account used for TS Commander will, depending on which functionality is invoked, need matching permissions in AD and SCCM. Again test it out, provide feedback so it can be improved if you miss something.

Läs hela artikeln