Jump to content


  • 0
thadkew

Password Protect a Task Sequence?

Question

I have successfully set up our environment to PXE (thanks to Anyweb's many guides) and have the boot media set to use a password to get to the list of available Task Sequences, but I was wondering if there were a way to password protect a task sequence that is selected.

For example: anyone can select the task to deploy Windows XP or Windows7, however, if someone selects Windows Server 2008, something will prompt for another password and the sequence will fail if it's not correct.

 

Does that make any sense or is it possible?

 

Thanks in advance!

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

here's a sample Task Sequence to see it in action, simply import the XML file into SCCM 2007 sp2 (with MDT 2010 integrated) and you are nearly ready to go,

you will have to edit the task sequence to point to your packages, one package is the prompt for password containing the original wsf file, the second package is your mdt files package (which contains a subfolder in scripts called TS Password, which in turn contains the shutdown.wsf script)

 

attachicon.gifPrompt For Password.xml

 

In my example task sequence I install an application (microsoft security essentials) after successful password completion, however you could install an entire OS or more as you would with any task sequence, it's up to you.

 

Here's a description of the Task Sequence Steps:-

 

Restart to Windows PE

 

This does a check in the options tab to see if we are in WinPE, if not, it restarts the computer into WinPE so you will need to attach a boot image to this Task Sequence. The reason for this check is that we cannot interact with the user on the desktop in Windows itself, only in WinPE.

 

The options we set are:

 

This group/step will run if the following conditions are met:
If All the conditions are true:

Task Sequence Variable _SMSTSinWInPE equals False
attachicon.gifrestart to windows pe.jpg

 

Prompt For Password

 

This step runs the actual promptforpassword.wsf script directly from the package we put it in, you could clean this up even more by placing the script in the mdtfiles/scripts/ts password folder (more on that later). I've also got yet another check in here (not needed if you include the previous step) to see that we are in WinPE (see the options tab). This script returns a value for the AllowOSDBuild variable, either YES or NO depending on whether you enter the password correctly or not.

 

attachicon.gifpromptforpassword.jpg

 

Use Toolkit Package

 

This step loads the MDT Files package (needed for the next step) and you should know by now that we have copied the TS Password folder containing shutdown.wsf to the scripts sub directory of the MDT Files package.

 

Shutdown

 

attachicon.gifshutdown1.jpg

 

This step executes the script called shutdown.wsf contained in the TS Password subfolder (in the scripts directory of MDT Files package). This script will shutdown the computer if:

 

* AllowOSDBuild=NO

or

* If you click on Cancel at the password prompt screen.

 

Below is a copy of the Shutdown Step options

 

attachicon.gifshutdown2.jpg

 

Rest of Task Sequence

 

If the user enters the correct password the the Rest of the Task sequence steps will be ran as normal, in this example I install an application after rebooting back into Windows, (you can put whatever you want here, like installing an OS or migrating from XP to 7 or whatever !).

 

 

attachicon.gifrestofts.jpg

 

 

Hi Niall

 

I have been following this blog trying to get this Prompt For Password thing working. I have got this up and running for the most part now, but I am still having a problem. It is with the “Shutdown” portion of the task sequence. I have these options set: If All the conditions are true: Task Sequence Variable ALLOWOSBUILD not equals “YES”. Even though I input the correct password, the shutdown step still runs. Do you have any insight why that would be? Am I missing something? Attached is snip of my task sequence and my HTA code. Any help would be greatly appreciated.

 

--Tony

<html>
<head>
<title>Prompt for password</title>
<HTA:APPLICATION 
     ID="objAutoRefresh"
     APPLICATIONNAME="Auto Refresh"
     SCROLL="no"
     SINGLEINSTANCE="yes"
     WINDOWSTATE="maximize"
     icon="icon.ico"
     SHOWINTASKBAR="no"
     SYSMENU="no"
>

<link rel="stylesheet" type="text/css" href="skin.css">

<script language=vbscript>
sub activate(thebutton)
	thebutton.classname="btnb"
end sub
sub activate2(thebutton)
	thebutton.classname="btnc"
end sub
sub deactivate(thebutton)
	thebutton.classname="btna"
end sub
sub lblactivate(thebutton)
	thebutton.classname="lblb"
end sub
sub lblactivate2(thebutton)
	thebutton.classname="lblc"
end sub
sub lbldeactivate(thebutton)
	thebutton.classname="lbla"
end sub
</script>
</head>


<SCRIPT LANGUAGE="VBScript">

on error resume next

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")

Sub Window_Onload
   window.resizeTo 700,500

   window.moveTo ((screen.availWidth \ 2) - (700 \ 2)), ((screen.availHeight \ 2) - (500 \ 2))

   self.Focus()

   strVersion = "20100929"

   Footer.InnerHTML= "<HR width='100%' SIZE='2'>" & vbcrlf & _
                     "<table vAlign='bottom' border='0' width='100%'>" & vbcrlf & _
                     "<td align='left'>" & vbcrlf & _
                     "<font color='blue' size='2'>Division of IT -- Metrics & Automation" & vbcrlf & _
                     "<td align='right'>" & vbcrlf & _
                     "<font color='blue' size='2'>Version " & strVersion & vbcrlf & _
                     "</TD>" & vbcrlf & _
                     "</table>"

	MainMenu
End Sub

Sub EnterToTab
  If Window.event.keyCode = 13 Then Window.event.keyCode = 9
End Sub

Sub Mainmenu
	Header.innerHTML = "<table width='100%' border='0' align='left'><tr><td><img src='logo.gif'><td><class='header'>A password is required to continue this task sequence.<br>" & vbcrlf & _
		"Enter the password and click the <b>Continue</b> button.<tr><td colspan='2'><hr width='100%'></table>"

	Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign='top'>Password:</td>" & _
		"<td colspan='2'><input type='password' name='ppassword' size='30' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'><input type='checkbox' id=TogglePasswordInput name='TogglePasswordInput' onClick='TogglePasswordSub'><label class='lbla' onMouseOver='vbscript:lblactivate me' onMouseOut='vbscript:lbldeactivate me' onMouseDown='vbscript:lblactivate2 me' for=TogglePasswordInput>Show password</label>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	ppassword.focus
End Sub

Sub TogglePasswordSub
	If TogglePasswordInput.Checked Then
	   Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign='top'>Password:</td>" & _
		"<td colspan='2'><input type='text' name='ppassword' size='30' value='" & ppassword.value & "' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'><input type='checkbox' id=TogglePasswordInput name='TogglePasswordInput' checked onClick='TogglePasswordSub'><label class='lbla' onMouseOver='vbscript:lblactivate me' onMouseOut='vbscript:lbldeactivate me' onMouseDown='vbscript:lblactivate2 me' for=TogglePasswordInput>Show password</label>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	Else
	   Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign='top'>Password:</td>" & _
		"<td colspan='2'><input type='password' name='ppassword' size='30' value='" & ppassword.value & "' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'><input type='checkbox' id=TogglePasswordInput name='TogglePasswordInput' onClick='TogglePasswordSub'><label class='lbla' onMouseOver='vbscript:lblactivate me' onMouseOut='vbscript:lbldeactivate me' onMouseDown='vbscript:lblactivate2 me' for=TogglePasswordInput>Show password</label>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	End If
	ppassword.focus
End Sub

Sub RunScript
	If ppassword.value <> "password" Then
		messages.InnerHTML = "<font color='red' size='2'>Password is not valid.<br>" & vbcrlf & _
			"<font color='black' size='2'>Retry entering the password ?<br>" & vbcrlf & _
		   	"<input class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Yes' name='Yes_button' onClick='Yes_button'>" & vbcrlf & _
			"<input class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='No' name='No_button' onClick='No_button'>"
		Exit Sub
	Else
		on error resume next
	 	objOSD("ALLOWOSDBUILD") = "YES"
 		Set objOSD = Nothing
		window.close()
	End If 
End Sub

Sub No_button
	on error resume next
	objOSD("ALLOWOSDBUILD") = "NO"
	Set objOSD = Nothing
	window.close()
End Sub

Sub Yes_button
	messages.InnerHTML = "<font color='black' size='2'>Please try again"
	ppassword.value = ""
	ppassword.focus
End Sub


'***************************************************************************************
'****************** END SUB AREA *******************************************************
'***************************************************************************************


'***************************************************************************************
'****************** START FUNCTION AREA ************************************************
'***************************************************************************************


'***************************************************************************************
'****************** END FUNCTION AREA **************************************************
'***************************************************************************************

</SCRIPT>

<body>
<table height="100%" width="100%" border="0">

<TR>
<TD vAlign="top" height="10">
<div class="header" id="Header"></div>
</TD>
</TR>

<TR>
<TD height="200">
<div class="code" id="Code"></div>
</TD>
</TR>

<TR>
<TD align="center">
<div class="messages" id="Messages"></div>
</TD>
</TR>

<TR>
<TD align="center">
<div id="Note"></div>
</TD>
</TR>

<TR>
<TD vAlign='bottom'>
<div id="Footer"></div>
</TD>
</TR>

</table>
</body>

</html>

post-24181-0-71941600-1403625594_thumb.png

Share this post


Link to post
Share on other sites

  • 0

it should be ALLOWOSDBUILD, you are missing a D

 

Thanks Niall!

 

One additional item I discovered with my HTA code is that someone can right click the body of the HTA file -> view source -> scroll to the bottom and see the code that specifies the password. To make this more secure, I created a Task Sequence variable in my Task Sequence to hold the password for the HTA.

 

Next, I changed this line of code: If ppassword.value <> "password" Then to If ppassword.value <> objOSD("TSPassword") Then allowing the HTA to read the Task Seqeunce variable of "TSPassword". This approach will prevent someone from grabbing the password by viewing the HTA source. Thought it would be good to share this with the community.

 

--Tony

post-24181-0-29986800-1405002101_thumb.png

  • Like 1

Share this post


Link to post
Share on other sites

  • 0

 

Thanks Niall!

 

One additional item I discovered with my HTA code is that someone can right click the body of the HTA file -> view source -> scroll to the bottom and see the code that specifies the password. To make this more secure, I created a Task Sequence variable in my Task Sequence to hold the password for the HTA.

 

Next, I changed this line of code: If ppassword.value <> "password" Then to If ppassword.value <> objOSD("TSPassword") Then allowing the HTA to read the Task Seqeunce variable of "TSPassword". This approach will prevent someone from grabbing the password by viewing the HTA source. Thought it would be good to share this with the community.

 

--Tony

Tcilmo,

would you please show me how you deployed the .hta program in the TS , to be more clear i Wanna see the TS Step "Prompt for Password"

Share this post


Link to post
Share on other sites

  • 0

the password is in the script, there is no username

 

here's the actual password as referenced in the script, you can change it from 'password' to something more suite for your environment

If MyPass = "password" then
env("ALLOWOSDBUILD") = "YES"
End If

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.