I’m starting a DCM project for a customer and one of the requirements is to determine whether a system was deployed via a ConfigMgr task sequence. This seemed like a simple request but initially stymied me as to how to best implement it with a significant level of authority that cannot be easily circumvented. I came up with the following options, along with input from colleagues:
- Key off of a registry or environment variable tattoo. This was rejected as too easy to circumvent making a hand-built system appear compliant. But that could be paired with a WMI tattoo as well, making it slightly more complicated to get around. The MDT Tattoo task could potentially fit the bill for both the registry and WMI branding.
- Use a script to parse HKLM:\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History for entries where _ProgramID = [char]42 (aka “*”), where and then potentially comparing the _RunStateTime with the InstallDate attribute from Win32_OperatingSystem (to within a timeframe such as 12 hours). A bit more complicated to circumvent, but can cause issues when non-OSD task sequences are used, unless the specific package ID is included in the query.
- Parse smsts.log.
From this discussion I received an interesting tidbit from Nate Bachmeier, a ConfigMgr SDET, to look for a registry key named CM_DSLID. A quick search on a Windows 7 64-bit workstation yielded the following:
CM_DSLID = P01:C0100123
MC_DSLID = C0100045
In this example, P01 is the primary site to which the system is assigned, C0100123 is the task sequence ID (C01 is the central site) and C0100045 is the OS image package ID.
Michael Niehaus pointed out that MDT has some logic in ZTITatoo.wsf to create the second key if _SMSTSPackageID is populated.