Post by starmantle on Oct 10, 2019 18:28:12 GMT
Problem: Supporting SCCM for a collection of IT groups (no central IT control). Each Group want to use it differently.. no password/seperate password per group(or per user).. light tough/zero touch, etc...
I am planning to use a combination UI++, Autoit & Powershell to put a Pre-Execution Hook that gives me the versatility that each group desires.
Autoit(compiled as EXE) is my pre-execution hook..this will map Y: (writeable) & Z: (read-only) shares. Then start a powershell script from Z: .. and wait for it to complete.
- Account is "least privledge" Primary & only group membership is a custom group.. that is granted the share permissions to these 2 specific shares only... account is not used anywhere else.
- putting the bulk of my logic in the Z:\ powershell script allows me to make changes without editing the boot image.
- Boot image will NOT have F8 enabled.. The script will replace this functionality...
Script
1) Spawn (dont wait for terminate) a new EXE (autoit script) that watches for F8 key.. and when pressed.. spawns a UI++ script (LDAP authentication.. on success it will open cmd.exe)
2) UI++ script (WAIT for this to terminate) This is the bulk of the process... I wanted it dynamic.. and simple to edit.. so I am using an Excel file with multiple sheets.. and a macro to export these as CSV files on edit.
I want to allow light/zero touch.. so I am reading a config file from Y:\SerialNumber.txt then parsing that into Default Variables. The last step of the script will be to export these default choices to the same file.
In order to make EDITS of the wizard quick and easy.. I am building it to be dynamic.. based upon CSV data sets.(below).
Here is my CSV file structure
UNIT.csv
- SCOPE : This is a "Parent UNIT" .. used to control who can request changes to a section.. not used in the script itself "EDU"
- UNIT : This is a short UNIT_ID "EDU"
- DESCRIPTION : This is used in the selection list for UNIT "College of Education"
- ADMINS : This is the Group or Groups that are allowed ADMIN access to the netboot process (Press F8 to get CMD.exe) "SCCM-EDU,SCCM-ADMINS"
- TASK : Default selected Task Sequence ID."TAM2207A"
- LOCATION : This is to enable a prompt to track physical location. "TRUE"
- ROLE : This is to enable tracking computer ROLE(s). "TRUE"
- TIMEOUT : This is the timeout on the confirmation dialog at the completion of the UI++ dialog
- PRIVATE : This Enables/Disables the requirement to be in the ADMINS group(s).. (see above).. just to choose the UNIT.
TASK.csv
- SCOPE : (as above) "EDU"
- TASK : Task Sequence ID.. this will be used to specify the Task Sequence to jump into after the Pre-Execution script has completed. "TAM2207A"
- DESCRIPTION : Description of the Task Sequence. "Domain Joined(EDU) Windows 10 1906 LTSC with full Software Load"
- EDU : Enable Task Sequence for the EDU unit "TRUE"
- : (Each UNIT will be represented here)...
LOCATION.csv
- SCOPE : (as above) "EDU"
- BUILDING : Short Acronym for building "LIB"
- DESCRIPTION : Full description of building "Central Library (Building #45)"
- ROOM : Room Designation "285"
- EDU : Enable for EDU Unit. "TRUE"
- : (Each UNIT will be represented here)...
ROLE.csv
- SCOPE : (as above) "EDU"
- ROLE : Acronym designation for a workstation role "ADA"
- DESCRIPTION : Full description of the Role, used in drop down list. "ADA Compliant Workstation"
- EDU : Enables role for selection within the SCOPE
- : (Each UNIT will be represented here)...
Process flow for the UI++ Script...
Get Device Defaults from a file.
--Add Default conversions(later).. becouse some of these values will change over time.. and i want to convert them rather than forcing the user to re-select them from the prompts.
Set a "STEP" variable = 1
(These steps are very similar for EVERY choice.. Unit, Task, Location, etc.. so I am only showing the 1st as an example..)
UI Info Prompt "Loading.." (1 sec - Continue) .. This gives me a place to jump back to when you go "BACK" from a prompt choice. (Condition = Step < 99)
Generate comma seperated strings used for "UNIT" selection.
Verify UNIT choice from DEFAULTS is in the list of choices. Otherwise remove this DEFAULT value.
UI Choice "UNIT" Condition = UNIT (Default) is set and STEP < 99 ((later steps will also verify that the UNIT wanted to configure the step.. Task, Location, Role, etc..)
Populate variables of relevant data from UNIT.csv (matching the UNIT selected)
UI Credential Prompt (condition = UNIT.PRIVATE = TRUE & User group not already authenticated as a member of "UNIT.ADMINS)
...(repeat for each choice)
Set a "STEP" variable = 99
UI Info Prompt to confirm all choices (timeout from UNIT.TIMEOUT)
Save Device DEFAULTs to file. (to be used next time netboot happens for this machine).
I am planning to use a combination UI++, Autoit & Powershell to put a Pre-Execution Hook that gives me the versatility that each group desires.
Autoit(compiled as EXE) is my pre-execution hook..this will map Y: (writeable) & Z: (read-only) shares. Then start a powershell script from Z: .. and wait for it to complete.
- Account is "least privledge" Primary & only group membership is a custom group.. that is granted the share permissions to these 2 specific shares only... account is not used anywhere else.
- putting the bulk of my logic in the Z:\ powershell script allows me to make changes without editing the boot image.
- Boot image will NOT have F8 enabled.. The script will replace this functionality...
Script
1) Spawn (dont wait for terminate) a new EXE (autoit script) that watches for F8 key.. and when pressed.. spawns a UI++ script (LDAP authentication.. on success it will open cmd.exe)
2) UI++ script (WAIT for this to terminate) This is the bulk of the process... I wanted it dynamic.. and simple to edit.. so I am using an Excel file with multiple sheets.. and a macro to export these as CSV files on edit.
I want to allow light/zero touch.. so I am reading a config file from Y:\SerialNumber.txt then parsing that into Default Variables. The last step of the script will be to export these default choices to the same file.
In order to make EDITS of the wizard quick and easy.. I am building it to be dynamic.. based upon CSV data sets.(below).
Here is my CSV file structure
UNIT.csv
- SCOPE : This is a "Parent UNIT" .. used to control who can request changes to a section.. not used in the script itself "EDU"
- UNIT : This is a short UNIT_ID "EDU"
- DESCRIPTION : This is used in the selection list for UNIT "College of Education"
- ADMINS : This is the Group or Groups that are allowed ADMIN access to the netboot process (Press F8 to get CMD.exe) "SCCM-EDU,SCCM-ADMINS"
- TASK : Default selected Task Sequence ID."TAM2207A"
- LOCATION : This is to enable a prompt to track physical location. "TRUE"
- ROLE : This is to enable tracking computer ROLE(s). "TRUE"
- TIMEOUT : This is the timeout on the confirmation dialog at the completion of the UI++ dialog
- PRIVATE : This Enables/Disables the requirement to be in the ADMINS group(s).. (see above).. just to choose the UNIT.
TASK.csv
- SCOPE : (as above) "EDU"
- TASK : Task Sequence ID.. this will be used to specify the Task Sequence to jump into after the Pre-Execution script has completed. "TAM2207A"
- DESCRIPTION : Description of the Task Sequence. "Domain Joined(EDU) Windows 10 1906 LTSC with full Software Load"
- EDU : Enable Task Sequence for the EDU unit "TRUE"
- : (Each UNIT will be represented here)...
LOCATION.csv
- SCOPE : (as above) "EDU"
- BUILDING : Short Acronym for building "LIB"
- DESCRIPTION : Full description of building "Central Library (Building #45)"
- ROOM : Room Designation "285"
- EDU : Enable for EDU Unit. "TRUE"
- : (Each UNIT will be represented here)...
ROLE.csv
- SCOPE : (as above) "EDU"
- ROLE : Acronym designation for a workstation role "ADA"
- DESCRIPTION : Full description of the Role, used in drop down list. "ADA Compliant Workstation"
- EDU : Enables role for selection within the SCOPE
- : (Each UNIT will be represented here)...
Process flow for the UI++ Script...
Get Device Defaults from a file.
--Add Default conversions(later).. becouse some of these values will change over time.. and i want to convert them rather than forcing the user to re-select them from the prompts.
Set a "STEP" variable = 1
(These steps are very similar for EVERY choice.. Unit, Task, Location, etc.. so I am only showing the 1st as an example..)
UI Info Prompt "Loading.." (1 sec - Continue) .. This gives me a place to jump back to when you go "BACK" from a prompt choice. (Condition = Step < 99)
Generate comma seperated strings used for "UNIT" selection.
Verify UNIT choice from DEFAULTS is in the list of choices. Otherwise remove this DEFAULT value.
UI Choice "UNIT" Condition = UNIT (Default) is set and STEP < 99 ((later steps will also verify that the UNIT wanted to configure the step.. Task, Location, Role, etc..)
Populate variables of relevant data from UNIT.csv (matching the UNIT selected)
UI Credential Prompt (condition = UNIT.PRIVATE = TRUE & User group not already authenticated as a member of "UNIT.ADMINS)
...(repeat for each choice)
Set a "STEP" variable = 99
UI Info Prompt to confirm all choices (timeout from UNIT.TIMEOUT)
Save Device DEFAULTs to file. (to be used next time netboot happens for this machine).