top of page

OUR PRECONDITIONS

  • The old network infrastructure, referred to as OldNet:
    Doesn’t support 802.1x.
    Two domains on different VLAN’s with a one way trust, referred to as Enterprise and Educational.
    The two domains have their own network infrastructure, different IP Helpers, DNS, DHCP and so on.

  • The new infrastructure, referred to as NewNet:
    802.1x is required using CISCO ISE and Layer 3 switches.
    Only one fallback net with its own IP range, common for both domains, which also supports WebAuth guest access.
    The two domains still have their own IP range, DHCP, DNS etc. but will use the same PXE-server since PXE boot is taking place on the fallback network.

  • Both the old and the new network infrastructure will be used to deploy Windows 10 x64 and Windows 7 x86.

  • MAB will not be used during OSD, the network team don’t want to spread a special OSD VLAN so clients will get an IP address according to its current location and only certificate-based authentication is allowed.

  • The task sequence needs to support both the new computer and refresh scenario as well as BIOS to UEFI conversion regardless of the currently installed operating system.
    The scripts used for managing 802.1x needs to support Windows 7 and its PowerShell version.

Search
Writer's picturesomeguy100
Jun 28, 20192 min read

Create your own "just a moment"-dialog and prevent users from logging in.

This is a great example of how you can combine a little bit of this and a little bit of that and create something that at least I haven’t seen yet.

A combination that serves both the end user as well as the SCCM-guy/gal that’s afraid that the user will do something to screw up the sequence since it’s running in Full OS.

Feeding the user with info of what that is going on instead of a “My computer has restarted 3 times now, I typed my password, I saw my desktop and then my monitor became black and the computer restarted”-Call and at the same time calming that SCCM-person (that SCCM-person being me) that the bios-update won’t break 5% of the computers, is simply a Win/Win-situation.


This “solution” is a collaboration of a lot different things so I won’t take the credit for putting them all together. The improvements, the customizations and changes however, those you can blame me for ;P


If you attend to use the original custom splash screen during the sequence please download it to another folder than the standard one. Else there might be some dlls that’s in use when the TS-agent tries to delete the _SMSTaskSequence-folder.


Changes:

1. Block keyboard/mouse input. Bypass: CTRL+ALT+DEL and without pressing any other key in between, hold down rightshift and right click to close the dialog.

2. Prevent monitor from going a sleep while running. (Since I was using this during a bios/tpm update sequence the last thing I wanted was for the users to hold down the powerbutton due to the screen being black nomather what they did)

3. The UI is only shown after a reboot and is running as system. It is possible to show the UI even for and if a user is logged on but I can’t seem to block the input if running in a user context. And letting a user play around with a process running as local system is never good.

4. The task deletes itself if “TSManager” isn’t running. And the UI closes itself if it can’t find that process.


I havn't tried it during a IPU task and there might be parts where TSManager isn't running. That's why I've put the scheduled task name in a variable. So you can disable it in an easy matter if you need to and prevent it from deleting itself when not supposed to.


Will fix the part for when a user is logged on but for now here it is in action.



https://github.com/MattiasC85/UserInfoUI




563 views0 comments

Comentarios

bottom of page