How can I deploy a Hidden task sequence in Configuration Manager 2012 SP1

[anyweb 451]

Configuration Manager 2012 SP1 provides several new features when it comes to OSD and one in particular that I like is the ability to deploy hidden task sequences, what this means is that you can target task sequences to a collection and they will be hidden from view in Software Center, Boot Media and PXE boot unless you know how to access them.

I will assume that you already have a Deploy Windows 8 X64 (or similar) task sequence created at this point and now want to avail of making one hidden. Why would you want to hide a task sequence ? well perhaps you are still testing features within the task sequence that you do not want readily available to your users so hiding it is a good idea indeed.

Step 1. Create a Hidden collection

We will be deploying our hidden task sequence to a specific collection, so to make this easy to understand we'll create a new collection called Deploy Windows 8 Hidden, right-click on Device Collections and choose Create Device Collection,



give the collection a suitable name like Deploy Windows 8 hidden and limit it to All Systems



and click your way through the rest of the wizard, no need to configure any membership rules at this point as we will add computers to the collection later.

Step 2. Copy an existing task sequence

Locate a task sequence that you want to make hidden or create a new one from scratch, right click on the task sequence and choose Copy.



once the task sequence is copied you'll get a message informing you.



Locate the copied task sequence (the name was in the message above) and right click on it and rename it by choosing Properties, append the word Hidden. You can optionally add a category of Hidden and change the custom text to read Hidden Task Sequence as per the screenshot below.




Step 3. Add a prestart file to a custom boot image

This step is important as in order to access the hidden task sequence we need to add a prestart command via a file added to a custom boot image. The boot image should be separately created from your default X86 and X64 boot images as we don't want our normal task sequence deployments to be prompted with the prestart script.

To create the custom boot image do as follows, right click on boot images and choose Add Boot Image.



browse to the UNC path of your default X86 boot image (something like \\sccm.server2008r2.lab.local\SMS_P01\osd\boot\i386\boot.wim) and select that boot wim file



fill in some details about this custom boot image including it's version (x86)



and click your way through to the end of the wizard.



Now that we have a custom boot image, let's right click on it and add some changes.



select the Customization tab, and make sure to place a checkmark in the following options

• Enable prestart command
• Include files for the prestart command
• Enable command support (testing only)

so that it is like the screenshot below



Point the prestart command to the following script file by typing

cscript.exe get_SMSTSPreferredAdvertID_via_Prestart.vbs

here's the VBS

get_SMSTSPreferredAdvertID_via_Prestart.vbs.txt

Note: remove the .TXT extension on the file above before using it.

save get_SMSTSPreferredAdvertID_via_Prestart.vbs to \\sccm\sources\os\extrafiles

next click on the Deploy tab, make sure that Deploy this boot image from the PXE enabled distribution point is selected

click ok and answer NO when prompted to update to Distribution points as we have not selected any distribution points for this boot image yet.

Continue to the end of the wizard.

Step 4. Distribute our prestart boot image

Right click on our Prestart boot image and choose Distribute Content



the distribute content wizard appears, add your distribution points and continue through the wizard until completion



once done, right click on the Prestart Boot Image and choose Update Distribution Points, continue through that wizard.




Step 5. Attach our prestart boot image to our hidden task sequence

In Task Sequences, select our hidden task sequence, right click and choose properties, select the Advanced tab and change the boot image from the X86 default boot image to our hidden prestart boot image as per the screenshot below



click apply and ok.

Step 6. Add a computer to the hidden collection

using direct membership (or whatever method you wish) add a computer to the hidden collection, verify the computer object exists in the collection before moving on to the next step.



Step 7. Deploy the hidden task sequence

right click on our new Hidden task sequence and choose Deploy



choose our previously created Deploy Windows 8 hidden collection and click next



and on the Deployment Settings screen click the down arrow beside Make available to the following and select Only media and PXE (hidden)



click your way through the rest of this wizard.

Step 8. Locate the Deployment ID of the hidden task sequence

In Task sequences, select our hidden task sequence and click on the Deployments tab below it



our Deployment is listed, click on the column in a blank space and right click to add new column options, select Deployment ID from the list.



and now we can see our Deployment ID, take note of what it says (write it down).




Step 9. PXE boot your client

Now that the hard work is done, PXE boot the computer you added to the hidden collection, note the boot WIM file listed is the Image ID of our Prestart Hidden boot wim



if you did everything above correctly you'll see the following immediatly after entering your PXE password (if you set one) and before the task sequences are normally displayed (assuming you have some available task sequences)



enter the Deployment ID we noted from above, that was P012001B or don't enter it and just get to see the normal list of available task sequences.



and if you entered the Deployment ID correctly you'll see your hidden task sequence kicking off, cool huh ? yup, cool.



until next time, adios !

 

Next Steps: Perform the above 'on-demand', if you want to learn how, click here.

[rpieniaz 1]

Hey ,

 

Quick question - setting SMSTSPreferredAdvertID on collection level - would it do the same job ?

[anyweb 451]

I havnt tried it but will later tonite and see what happens

[fareed 0]

Good Job bro

[TheOverfiend 0]

Hi,

 

This tutorial is fantastic and i am currently using this in my environment.

 

Is there any way that the cscript.exe cmd black window can be hidden or at least minimized ?

 

Cheers

[jet_rider 0]

Nice post start to finish.

to: TheOverfiend

//nologo is the parameter that should hide the command windows when running cscript.

 

 

specfic example for this case:

before

cscript.exe get_SMSTSPreferredAdvertID_via_Prestart.vbs

after

cscript.exe //nologo get_SMSTSPreferredAdvertID_via_Prestart.vbs

[sliceofdanny 0]

Alternatively, you can create Boot media and add the variable under the customization portion, with name / value pair being SMSTSPreferredAdvertID / DeploymentID. This way only those with the ISO will see the TS.

[P@docIT 5]

Hello,

 

I'm having issues with this. It worked just fine for a bit. I imaged 2 machines using it. Then out of the blue I can't get the TS to run. The prestart VB script is running. I put the deployment ID in exactly as I see it in CM, click ok and after a few seconds I am brought to the regular TS wizard. Not sure what I'm missing. Is there a log somewhere I can check to see why it not running the hidden TS?

 

Ok so I found the entry in the smsts log from the tablet i'm trying to image, but I'm still not exactly sure why it thinks it can't find it. As you can see in the image my ID matches. Just a standard deployment set to pxe and media only (hidden).

 

 

Thanks,

Mike

[anyweb 451]

Is there a log somewhere I can check to see why it not running the hidden TS?

 

 

smsts.log will tell you why, please attach it

[P@docIT 5]

Hey Niall.

 

I edited my post to include what I see in the smsts log.

smsts.log

[anyweb 451]

<![LOG[Provided preferred deployment CR320028 is not found among the available deployments.]LOG]!><time="07:59:12.365+240" date="08-12-2014" component="TSPxe" context="" type="3" thread="964" file="tsmediawizardcontrol.cpp:1502">

 

 

there you go !

 

so is this computer in a collection targeted by that depoyment above and is the deployment deployed with a purpose of hidden

[P@docIT 5]

I have it deployed to the "All Unknown Computers" collection. It is set to media and pxe only (hidden), purpose is available. The weird thing is it did work a few times before it stopped working and i changed nothing in CM.

[P@docIT 5]

So I deleted the deployment to all unknown computers and created a new deployment pointing to the All Systems collection it's now working. Very weird since these devices are brand new out of the box and definitely unknown. Anyway working as I need it to now. Thanks.

[anyweb 451]

check Devices under assets and compliance,

 

do you see a whole bunch of UNKNOWN objects (please do NOT delete the UNknown Computers collections)

 

you can delete all the unknown devices (not the collections) then try again, 1 shown below but i've seen up to 91 in our production environment....

 

 

 

[P@docIT 5]

I had done that already. What I found is that the two built in Unknown Computers (x64 and x86) are also in the All Systems Collection. Not sure if that collection is taking precedence or what. The machines are definitely unknown, brand new out of the box. Very strange but deploying to All unknown just won't work, only All systems.

[mikeyp 0]

If you use/have PowerShell built into your WinPE image, you could avoid using any files at all with this one-liner in the "Prestart command settings">"Command line" box:

powershell.exe -noprofile -command "$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment;$TSDeploymentID = Read-Host 'Enter the TS Deployment ID: ';$TSEnv.Value('SMSTSPreferredAdvertID') = $TSDeploymentID"

Partly leaving this here so I can find it in future. 😛