Friday, July 9, 2010

SCCM: Advertise Task Sequence without notifying users

Hey, I love professors as much as the next Information Security guy working for a University, but sometimes they do silly things. When we first started using Microsoft System Center Configuration Manager (SCCM) to manage our machines we encountered one of those silly things. We had created an Operating System Deployment (OSD) task sequence and advertised it to a collection of computers. When the advertisement went out, a small bubble notification showed up on people's computer telling them that software was available. One of our professors clicked on that and saw our OSD task sequence. The professor then proceeded to ignore all the warnings about lost data and ran the task sequence. He was shocked when his computer rebooted itself and reinstalled everything.

Our response to this was to turn off program notification across the board to make sure this didn't happen again. That of course created other problems when we actually WANTED to notify users about programs or restart options.

But now after scouring the Internet, a solution has presented itself. And since it took me more than 15 minutes to find it, I feel obligated to put the answer on my blog for others to see. So here is how you can advertise a task sequence to all your computers without bubbles showing up and without risk of the users running the task sequence from Run Advertised Programs.

Step 1, create your task sequence and save it. Then right-click on the task sequence and go to Properties. On the advanced tab, select the options so that the task sequence can only run on some flavor of operating system that you're not planning to deploy. Since we only use task sequences to push Windows 7 and Windows XP, I selected Windows Server 2003 64 bit.

Step 2, advertise your task sequence to collections that are full of end user workstations. The machines will get the advertisement and reject it because they aren't running Windows Server 2003 64 bit.

The magic that makes this work is that when you use PXE to boot your machines or if you use boot media to start your task sequence, it ignores the operating system settings that we did in step one. Thus you can pxe boot a machine and see the OSD task sequences, but you don't have to worry about end users accidentally running one of them from Run Advertised Programs.


CPL said...

You can also select Windows 2000. In my organization it's dead as a stone and serves as a nice placeholder.

MMoore said...

Awesome, thanks. I was trying to figure out how to filter a collection based on a PE Operating System, to advertise the task sequence collection to. Now I don't have to.

Mike D. said...

Genius....absolutely genius. Thanks for sharing you've just made my life a whole lot easier.