I recently discovered some computers that had a folder named “C:\_SMSTaskSequence”. This indicates that a previous task sequence failed, as a task sequence that completes successfully will clean up after itself and not leave junk behind. So I wanted to know how many where affected, and I wanted our helpdesk technicians to investigate the computers.
Configuration Items
Configuration item that verifies if a computer have completed or failed a task sequence. A configuration item have a discovery script and a remediation script. The discovery script is where we place our Powershell code to discover the settings or configurations we want to validate, and the remediation script is the code we run on computers who are not compliant.
We know that a task sequence who fails leaves behind a folder named “_SMSTaskSequence” on the C: drive. A configuration item with Powershell code that detects the presence of this folder can be used to determine if the computer failed to complete a task sequence and is not compliant.
Powershell code for the discovery script.
if ((Test-Path 'C:\_SMSTaskSequence' -ErrorAction SilentlyContinue) -eq $true) { $obj = $true } else { $obj = $false } Write-Output $obj
This Powershell code will return return false if there is no folder named “C:\_SMSTaskSequence” and we conclude that no task sequence have failed on this computer. But if the script finds the folder on the c: drive, it returns true, and we will run a remediation script.
Our remediation script will do two things:
- Create a ticket to our helpdesk by sending an email to our helpdesk system. This ensures that a technician will investigate the computer and decide if it needs to be reinstalled or not.
- Rename C:\_SMSTaskSequence to C:\_SMSTaskSequenceFail as we don’t want more than one ticket created for this computer. We consider the incident as handled by whatever actions our technician decides to do.
Powershell code for the remediation script.
$Hostname = (Get-WmiObject Win32_Computersystem).Name $From = "[email protected]" $To = "[email protected]" $Subject = "Computer $Hostname failed to complete a task sequence." $Body = "Configuration Manager detected that computer $Hostname failed to complete a task sequence. Please investigate the computer." $SMTPServer = "smtp.lab.net" $SMTPPort = "25" Send-MailMessage -From $From -to $To -Subject $Subject -Body $Body -SmtpServer $SMTPServer -port $SMTPPort Rename-Item -Path C:\_SMSTaskSequence C:\_SMSTaskSequenceFail
I rather rename the folder instead of deleting it as it contains vital information for our helpdesk to decide if the computer needs to be reinstalled.
Creating the configuration item
Assets and Compliance -> Compliance Settings -> Configuration Items
Right click on configuration item and select “Create Configuration Item”. The wizard will open.
Specify the operating systems you want this configuration item to support. I will only run it on client operating systems so that’s what I chose.
Click new to create the settings for “Completed Task Sequence” configuration item.
We use Powershell to detect the presence of the folder so select Script as setting type. Our script will only return true or false so we select boolean as our data type.
Copy and paste the Powershell code into the discovery script.
Same for our remediation script.
Next select the compliance rules. This is where we tell SCCM if our configuration item is compliant. Our script will return false if “C:\_SMSTaskSequence” is not found, so every computer where our CI returns false is compliant. We also want to run our remediation script on computers that have the folder.
We are almost ready. The configuration item is created.
Configuration Baselines
A configuration baseline contains one or more configuration items, and it is what we deployed to a collection to a collection of users or computers. In this case want to deploy our baseline to a collection of computers as it is a computer and not user specific setting that we’r checking on.
So we create a new configuration baseline and add our configuration item to it.
Next step is to deploy our baseline. Make sure to select “Remediate noncompliant rules when supported”.
SCCM will now generate a helpdesk ticket for every computer where any task sequence failed. Every