Setting "password" on entrance to WDS/MDT PE Boot sequence RRS feed

  • Question

  • We had a user reimage their computer today. Not a fun time...

    We've tried to automate as much as possible to be able to build quickly and have many machines imaging at once. So IDs are buried in the scripts and options.

    What I would love to do is put a simple "key" (a "gateway" key) at the front-end of the process, so if somehow a user gets into the reimage and gets prompted by the menu and STILL picks Windows 10 install (because they "think" they are supposed to), at that point we prompt in a very simple script and if they don't type the right response, the "gateway" script passes a bad RC and they are simply flushed from the process.

    I am having trouble finding the right insert point for this script, it doesn't seem to be getting executed regardless of where in the list of Task Sequence steps I put it.

    Any general advice on introducing a step that would execute and allow for this branching, before things like formatting the disk occur?

    Monday, August 21, 2017 10:46 PM

All replies

  • I should clarify to get best response - I have moved the sequence up so it runs before anything except the gathering screens such as machine name and such. I would love to move it higher. But while maybe not efficient its not an issue to run it where it is. I cannot get the prompt to appear nor wait for input. The task name sits there on the run screen and I suspect that where I've put it, maybe I cannot expect that the script (a .wsf adapted from one of the ZTI scripts) has capability to prompt user. The technique used is (excerpt):

            WScript.StdOut.Write ourPrompt & " "
            GWPswdInput = WScript.StdIn.ReadLine
     If GWPswdInput = GWPswd Then
      IRetVal = Success
      IRetVal = Failure
     End if

    Monday, August 21, 2017 11:05 PM
  • ACL. I only allow a few individual accounts that belong to techs, access to the deployment share. I do not set the USERID or password in bootstrap or customsettings. MDT will then prompt for the network account to access the share.

    You can specify the USERDOMAIN so the tech has one less thing to type in.

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Tuesday, August 22, 2017 8:41 PM
  • Thank you Dan. We are automating that but its certainly one of the considerations we looked at.

    We did find a way to do what I described above today, where we have a simple 2-character code (vs an ID/pswd), a "gateway" code. Below is the relevant code that was missing - without it our script was not properly connected to the running MDT environment and thus could not prompt or get input. Its setup in such a way that there is a single prompt, if you get it right it immediately continues, wrong and you are stuck on that screen (until power reset).

    We're still puzzling over how the user go to the F12/Network boot/WDS in the first place, other than the obvious: that someone purposely set them up. But even if it recurs we have no doubt now that it will stop and freeze and we can assist before the person obliterates their computer.

    '08/22/2017, acts as a "gateway" to allow tech's to image PC's but if somehow users get into the process,
    ' they won't know the "secret code" to continue.
    ' Note the secret code is defined in the first tasks of the Windows 10 Task Sequence

    FailureMsg = "Call Helpdesk immediately. Tell them your computer attempted WDS reimaging. Do not continue."
    SuccessMsg = "Welcome to WDS imaging services."
    ourPrompt = "Enter the super-secret Gateway password to initiate PC reimaging process:"

    'below as defined in ZTI, ref: ZTIUtility.vbs
    Success = 0
    Failure = 1
    myRetVal= Failure

    Set env = CreateObject("Microsoft.SMS.TSEnvironment")
    Set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI")
    strTSPassword = env("OSDPASSWORD")

     If strTSPassword = strMyPass Then
      myRetVal = Success
      myRetVal = Failure
      While 1 <> 0 ' forever
        x=Inputbox(FailureMsg )
      Wend ' forever
     End If


    Tuesday, August 22, 2017 9:13 PM
  • Hi,

    i don't fully understand what you want but you can use the customsetttings.ini maybe.



    Bis dann, Toni! Wenn Dir meine Antwort hilft dann markiere sie bitte als Antwort! Vielen Dank!

    Wednesday, August 23, 2017 10:19 PM