Dumping Task Sequence Variables
Several people asked me after the troubleshooting session I presented at MMS 2010 how to write a script to dump out all the task sequence variables. Here are a few samples showing how to do just that. (These examples work for ConfigMgr and MDT Lite Touch task sequences.)
First, the absolute “bare bones” approach:
Set env = CreateObject("Microsoft.SMS.TSEnvironment")
For each v in env.GetVariables
WScript.Echo v & " = " & env(v)
Next
Save that as “DumpVar.vbs” and run it via the task sequence, redirecting the output to a text file. For example, if you saved this script in the MDT “Scripts” folder, you could use a command line like this:
cmd.exe /c cscript.exe "%ScriptRoot%\DumpVar.vbs" >> %Temp%\DumpVar.txt
If you want to get fancier, you can use MDT’s logging capabilities:
<job id="ZTIConnect">
<script language="VBScript" src="ZTIUtility.vbs"/>
<script language="VBScript">
Set env = CreateObject("Microsoft.SMS.TSEnvironment")
For each v in env.GetVariables
oLogging.CreateEntry v & " = " & env(v), LogTypeInfo
Next
</script>
</job>
Save that as “DumpVar.wsf” in the MDT “Scripts” folder, and run it with a simpler command line:
cscript.exe "%ScriptRoot%\DumpVar.wsf"
If you would prefer to use PowerShell, the same thing can be done with it:
# Determine where to do the logging
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$logPath = $tsenv.Value("_SMSTSLogPath")
$logFile = "$logPath\$($myInvocation.MyCommand).log"
# Start the logging
Start-Transcript $logFile
# Write all the variables and their values
$tsenv.GetVariables() | % { Write-Host "$_ = $($tsenv.Value($_))" }
# Stop logging
Stop-Transcript
Save that as “DumpVar.ps1” in the MDT “Scripts” folder, and run it using PowerShell.exe (as long as execution of scripts has been enabled):
PowerShell.exe –File "%ScriptRoot%\DumpVar.ps1"
Here are some related links:
A few people commented on how they could see my Administrator account and password details in the output of the script I was running, as I had specified that account for my ConfigMgr network access account. That’s definitely not a best practice – you should specify an account that has the minimum rights required, typically just enough to connect to your distribution point shares. It should never have domain admin rights. (Yes, I was lazy and just reused the only account I set up in my demo VMs.)
You might wonder why the example script above that uses ZTIUtility.vbs doesn’t log the password. That’s because we have specific logic in that script that refuses to log any line that contains the word “password” as a security feature.