If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!
Show DP information during OSD using TSBackground
One request that was made many times in the comments of the blog posts on TSBackground which is a remarkable tool from Johan Schrewelius, is to be able to show which DP is being used during OSD. I will try to explain the challenges with displaying DP information using TSBackground and some ways of doing it. The existing variable can be used without TSBackground as well of course to tattoo the registry for example with DPs used. Which will give us the following result.
More information about TSBackground can be found here: https://onevinn.schrewelius.it/Apps01.html and here https://ccmexec.com/2019/06/tsbackground-for-configmgr/ Displaying Management Point used is easy there is a Task Sequence variable that contains the MP used, “_SMSTSMP”. When it comes to displaying the Distribution Point used it is way more challenging. When the Task Sequence starts it check that all necessary content is available on the DP(s) used before the TS starts. This makes sense otherwise it will fail anyway when it runs, better to stop it before it starts. More than one DP can exist in the same boundary group and then more than one is listed. When the Task Sequence runs and there are more than one DP it will choose one randomly and potentially use more than one DP during OSD.
The following Task Sequence variables are created that can be used.
If “Copy the content in this package to a package share on distribution points:” is checked as shown below those packages will be added to a variable with the name “_SMSTSxxxx” where xxx stands for packageid.
For the packages that are not copied to a Package share on the DPs the information is blank as show in the table below.
Each package referenced is also added to a variable with the name _SMSTHTTPxxxx where xxxx reflects the packageID as shown below.
The challenge of using this variable is that each DP can be represented more than once depending on HTTPS configuration on the DPs. For my boot image which I have on two DP’s in the Boundary for the client we will have four entries for content location.
This variable shows the latest content location used during OSD. Note: that if “Run from DP” is selected for the Task Sequence this variable will be empty during the whole time the Task Sequence runs expect if Applications are being deployed during the Task Sequence they will download the content and show up in the variable. Example of TS variable content is shown below.
Options that can be used together with TSBackground.
TSBackground is a great tool where we can customize the “General.xaml” file where we can modify what is being displayed during OSD. Looking at the options we have I have created a little script that I run in the beginning of the Task Sequence that will create a new variable “OSDDPS” that contains the HTTPLocations where my BootImage is available when the Task Sequence starts. Reason for it is that the boot image used has its own variable, _SMSTSBootImageID. Using that we can calculate the name of the _SMSTSHTTPxxxxx variable for the boot image, in my example “_SMSTSHTTP060001AF”
I use this PowerShell script to calculate the DP(s) where the BootImage is available in the Boundary Group when the Task Sequence starts.
I run it early in my Task Sequence to make the variable available as soon as possible in my Task Sequence.
Then I update the “General.xaml” file in the TsBackground source files with the following rows.
I also add the _SMSTSLastContentDownloadLocation to my General.xaml file.
The result looks like this where Distribution Point(s) represents all DPs where the client can download the bootimage from in the Boundary Group. And Last used content location is the last DP used to download content from.
As TSbackground updates the variables every second it will update the last used content location dynamically. IF Run TS from distribution point is used the Last used content location will be empty as nothing is downloaded. As shown in the example below. This client is in a boundary group with only one DP as well.
None of these options are perfect but adds information about which DPs are used which can be useful for troubleshooting and looks nice when added to the TSBackground as well. The sample General.xaml used can be downloaded here together with the script.