Hello All, my name is Deepika and I’m a Premier Field Engineer with Microsoft India. I would like to share one of the methods to identify devices which are built via SCCM.
Imagine a scenario where machines are re-imaged\built at different geographical locations by using multiple Task sequences each with different TS steps and with different Operating systems Images referenced in it. To find which machines was built using which OS image will be a tough task unless we have some unique value\setting available to differentiate in these images.
Here is one instance I encountered where an organization had many methods of imaging a machine. A Standard OS Image is used in all these methods which has a hash associated with it and is not allowed to be modified as per their corporate security standards. Now there is a specific ask where the SCCM team wants to keep track or find machines which are built via SCCM going forward.
Plan is to generate Unique GUIDS, apply those while running the task sequences [One Unique GUID for One Task Sequence] and track them using Compliance baselines. Below steps can be followed to do the same.
Generate one or more Unique GUIDs on SCCM server [Can be any server, in this case its generated on SCCM server
If this SCCM package or cmd file is deployed outside of task sequence can also bring the machines as compliant. So, we need to have a process\Role Based Access Control which secures this package\GUID\cmd file to be deployed outside of Task Sequence.
All existing machines will be non-compliant and will only be compliant once they are re-imaged.
A default report ‘List of Assets by compliance state for a configuration baseline' can be run against the specific baseline to list all the machines which is compliant, meaning these machines were imaged using the image example: ContosoUniquebuild.
Now we have list of machines with a specific image built using SCCM.
Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.