Monday, July 21, 2014

Password Protect Task Sequence


As my firms EUC (End User Computing aka Workplace) Architect, I am working on our tablet strategy and that requires Windows 8.1 Task Sequences. I noticed in reports that there were far more Windows 8.1 systems then I am creating in my work for this project. I was finding that techs are trying it out, and causing other issues, so I had to come up with a quick solution to keep the riff raff out so to speak. So in short, I have now mandated that any non production Task Sequences are password protected. This just keeps the honest people honest really.

In your Task Sequence, set a Variable for OSDPassword and put in a password. I create a group at the top of each Task Sequence to hold stuff like this called 'Set Up Shop'. This way, each TS can have its own password in place. Also super easy to change.

Then later in the TS, you call the PromptForPassword vbs via its package. I put it between the 'Partition Disk' step(s) and the 'Apply OS' steps, but before the HTA (Tech Interview). Why not as the first step in the TS? Since ConfigMgr 2012 is download and run, it will still run on a bare hardware environment where there have been no volumes created.

During the deployment you will see a dialog box asking for the password. Real simple, no  X attempts before it fails out, obfuscating the password from shoulder surfers, or any other checks and balances. Like a car alarm, Its meant to keep the honest people honest.


If you add any checks and balances I would love for you to send it upstream to me.

This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

You can get the script here.