Password Protect Task Sequence
Hi guys, I am looking to password protect my rebuild task sequence. Basically I want to have a task sequence which every SCCM client can see via run advertised programs. Then I want helpdesk to be able to troubleshoot it down to the machine requiring a rebuild,
if this is required they can kick this off from Run Advertised Programs. However in order for standard users to not run this themselves I want to be able to password protect the task sequence
The following below works but only after booting into WINPE, which of course the helpdesk person cannot enter it in at this point as he has no remote tools running. Also it appears when placing in the password it is clear text, anyway to hide the charecters
so users cant see this if say the helpdesk person is remoted on via UltraVNC
http://www.windows-noob.com/forums/index.php?/topic/2336-password-protect-a-task-sequence/
Any ideas here would be great
Thanks
June 30th, 2011 5:51am
Hi - Am not sure the below blog will help you or not. But, really worth going through it (if you are not)......
http://blogs.technet.com/b/cameronk/archive/2010/04/27/creating-a-user-interactive-task-sequence-experience.aspxAnoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually
answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2011 9:10am
you can make a dependancy on the task sequence so that a HTA run's first, that way the HTA run's as user permissions before the ts kicks off. to do this right click on the task sequence, properties, advanced and choose Run Another Program First
My step by step
SCCM Guides
I'm on Twitter > ncbrady
June 30th, 2011 11:22am
Thanks guys,
Niall I have got an HTA application up and running and looks to be exactly what I am after. And I can get it to exit if incorrect password is entered, however at this point it will continue on regardless of whether the password is correct or not. I suppose
I dont know how to gracefully exit without starting the task sequence if it is entered incorrectly and how to continue on with the task sequence if it is entered correctly
Nick
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2011 2:18am
Ok, think Im on the right track. What I have thought of is to kick off HTA app which prompts for a password. If this is entered correctly it will add a registry entry such as HKLM\Rebuild\ etc... then the task sequence steps can be set so that they are conditional
on the existence of this reg key
Thats fine but what I would want is to be able to set the whole task sequence to be conditional on a reg entry. Is this possible?
Thanks
July 1st, 2011 4:18am
why not, simply create your own validate section in the TS at the beginning of the TS, if the key is present it continues, if not it exits (similar to the way the password prompter exits)
My step by step
SCCM Guides
I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2011 7:51am
Thanks Niall,
I setup a top level group named "Password Check" and under this group I have all others such as Setup Operating system, install software etc. However the behviour I would have expected is that if it does not find the reg key in this top level group it would
not continue on with the nested groups. It seems as though it performs the correct check, does not find the key but then continues on with the rest of the task sequence... so not getting it to exit gracefully at that top level if the key does not exist. Do
you think that I should use a similar exit strategy to the password prompter mentioned above?
Thanks
Nick
July 3rd, 2011 11:29pm
use a WSF to exit from the ts much like the one i provided in the Password Protect a Task Sequence, have you tried that ?
My step by step
SCCM Guides
I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2011 11:55pm
GOT IT! Sorry, had incorrect nestings of my groups so had a couple of groups which fell outside this top level password check group. I moved these up so they all sit under the top level group. looking all good now. It will successfully exit if entered incorrectly
(exits gracefully). and continues on with task sequence if password is entered correctly
Below is my HTA applicaiton if anyone is interested. Thanks
<html>
<head>
<title>HTA Test</title>
<HTA:APPLICATION
ID="objTest"
APPLICATIONNAME="REBUILD"
SCROLL="yes"
SINGLEINSTANCE="yes"
>
</head>
<SCRIPT LANGUAGE="VBScript">
Sub TestSub
set WshShell = WScript.CreateObject("WScript.Shell")
if PasswordArea.value = "password" Then
Msgbox "Thanks password is correct. Task sequence will now continue"
WshShell.RegWrite "HKLM\Software\REBUILD\Rebuild","00000000","REG_DWORD"
Self.Close
Else
Msgbox "Sorry, password is not correct. Please try again"
End If
End Sub
</SCRIPT>
<body>
<P>MICROSOFT SCCM</p>
<P>SYSTEM REBUILD</P>
<input type="password" name="PasswordArea" size="30"><P>
<input id=runbutton class="button" type="button" value="ENTER" name="run_button" onClick="TestSub">
</body>
July 4th, 2011 1:07am
thanks Nick
i've updated the original post to link back here and to include your code snippet above,
cheers
niall
My step by step
SCCM Guides
I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
July 4th, 2011 4:11pm
Can you expound on this a little? I have the same problem we are trying to solve. I don't understand the part of making an HTA run first to get the password prompt.
September 7th, 2011 1:57pm
a
hta is just a html web page, can be anything, and in this case it simply prompts the user in windows to enter a password, if correct then the rest of the task sequence can begin,
the key here is that the first dependancy, runs in Windows under the user's context, the remaining (the actual task sequence) runs in System, you see you can't display a HTA in windows under the system account as you'll never see it, hence this workaroun/fix/whatever
cheers
niall
My step by step
SCCM Guides
I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2011 5:33pm