How Can I Ensure OSD Task Sequence Advertisement Does Not Run?
I recently deployed two OSD task sequences to a collection for All Unknown and Known Computers. The deployment was not intended for systems outside our lab. The deployment didn't stay within the lab and was deployed to our enterprise systems. I deleted the advertisement and task sequence from the console. I also deleted the OS from the console. In addition I turned off the PXE service point role. It's been off for 1 week now. The question is whether or not those systems that received the advertisement but did not accept it would be in jeopardy of running the pxe boot portion of the advertisement. We're concerned that the users would still receive the popup that alerting the user that there was an optional OS available and asking if they want to run it. Since the advertisement, task sequence, and OS image were deleted, would a user who received the advertisement, but did not accept or decline the popup notice to install the OS see the advertisement popup again once we restart the PXE service point role? And, if the user did, would the pxe boot process begin since the boot images are still in the OSD>Boot Images portion of the SCCM console? Thanks for any help.
April 27th, 2012 1:06pm

I guess a few points here: PXE can only be initiated directly for a system by either changing the boot order or manualy selecting an alternate boot device at boot time. Thus, there is no PXE boot portion of a TS. PXE is merely a means to deliver the boot image as is boot media and built-in content distribution. If a user initiates a TS from the RAP, PXE is never part of the process. Once you delete an advert, it must also be propogated to the clients based upon the machine policy polling interval. Thus, as long as the machine has pulled a new policy, they will not see anything. Also, TSes are actually contained in hidden packages that are downloaded when the TS is first run similar to other content. Thus deleting a TS also deletes this package and so even if a user has the advert because their policy hasn't refreshed yet, they won't be able to actually execute the TS because it is not available anymore. Thus, you should be safe. Jason | http://blog.configmgrftw.com | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2012 1:50pm

Thanks for the prompt response, Jason. Am I correct in my thinking that the clients poll the server every x amount of time and this is how they know there's a task sequence available to run? It's not a case of the task sequence being pushed out to the clients?
April 27th, 2012 2:57pm

Correct. The default machine policy polling interval in ConfigMgr is 60 minutes (although this is easily changed). All client activity in ConfigMgr is intiated by the client and is client pull in nature except for a few minor things (client push, remote control, OOB, and WoL) and there is no concept of pushing anything from the server.Jason | http://blog.configmgrftw.com | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2012 3:35pm

Thanks again, Jason. I certainly appreciate the help.
April 27th, 2012 4:10pm

in addition to Jasons advice you might also consider adding task sequence passwords so that even if an advertisement ends up on a box you didn't intend, then they cannot run it without knowing the password see below for more (including how to hide the ts from RAP in windows) How can I password Protect a Task Sequence ? Password Protecting a Task Sequence Step by Step ConfigMgr 2007 Guides | Step by Step ConfigMgr 2012 Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2012 4:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics