none
Prevent OSD over Wireless and VPN networks

    Question

  • Hi Everyone!

    Is there a way to prevent an OSD task sequence deployment over Wireless and VPN networks like there is for a package deployment in SCCM 2012 SP1?

    Note: The DP's that service these networks are configured as slow in their corresponding Boundary groups

    Also, is there a way to build the collections we plan to target for our zero-touch mandatory (required) deployments that exclude Wireless and VPN networks?

    Ideally, we don't want the OSD task sequence to run at all on any Wireless and VPN connected systems. 

    I think we could use MDT (Gather) to detect the default gateway of a connected system and exit out of the task sequence, but we really don't want the Wireless or VPN connected systems to ever run the task sequence.

    Is the best or only option to dedicate a DP to servicing Wireless and VPN clients and not deploying the OSD content to these DP's?

    Any help would be greatly appreciated!

    Regards,

    JJ

    Tuesday, September 17, 2013 2:10 AM

All replies

  • Are you building via PXE. Remove the IP Helper or DHCP scope option that serves these networks.


    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Tuesday, September 17, 2013 5:38 AM
  • Gary,

    Thanks for the reply and suggestion!  The zero-touch portion of our plan will be delivered through scheduled deployments targeting collections, so PXE will not be used in this case to initiate the deployment.

    Any other ideas?

    Regards,

    JJ

    Tuesday, September 17, 2013 11:58 AM
  • We are working on this problem right now ourselves. I first thought of defining wireless gateway however our network has a huge amount so it's not practical.

    The way we are approaching this is a script which looks at the link speed and based on that it determines if it hard wired or not. If it's not on LAN speed (wireless or VPN) it will exit with an error code 4 or 5 which should cause the TS to fail. I put the script at the first step as a preflight check.

    I have an issue with the script though. While it works fine manually even executed as system account fine locally it isn't working as expected in the TS. It's giving me some kind of access denied message in my logs. I hope we will work this out by the end of the week.

    Anyway, one way you may be able to determine this is by a script that checks link speed at start of TS.


    • Edited by LB_3 Tuesday, September 17, 2013 12:34 PM
    Tuesday, September 17, 2013 12:34 PM
  • Is the best or only option to dedicate a DP to servicing Wireless and VPN clients and not deploying the OSD content to these DP's?


    In that case this looks like a pretty good option


    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Tuesday, September 17, 2013 5:24 PM
  • Thanks again for the reply Gary!

    Any other suggestions out there?

    To be honest, why there is no option to 'not run' a task sequence over a slow connection is actually quite disappointing.  Why would you have the option for programs and applications, but not a task sequence?

    Doesn't seem to make sense.  Amazing there is an option to enable the task sequence to run for internet based clients.

    Are we over looking something obvious here?

    Regards

    JJ

    Tuesday, September 17, 2013 5:47 PM