Dumping Task Sequence Variables

Several people asked me after the troubleshooting session I presented at MMS 2010 how to write a script to dump out all the task sequence variables.  Here are a few samples showing how to do just that.  (These examples work for ConfigMgr and MDT Lite Touch task sequences.)

First, the absolute “bare bones” approach:

Set env = CreateObject("Microsoft.SMS.TSEnvironment")
For each v in env.GetVariables
   WScript.Echo v & " = " & env(v)

Save that as “DumpVar.vbs” and run it via the task sequence, redirecting the output to a text file.  For example, if you saved this script in the MDT “Scripts” folder, you could use a command line like this:

cmd.exe /c cscript.exe "%ScriptRoot%\DumpVar.vbs" >> %Temp%\DumpVar.txt

If you want to get fancier, you can use MDT’s logging capabilities:

<job id="ZTIConnect">
   <script language="VBScript" src="ZTIUtility.vbs"/>
   <script language="VBScript">

   Set env = CreateObject("Microsoft.SMS.TSEnvironment")
   For each v in env.GetVariables
      oLogging.CreateEntry v & " = " & env(v), LogTypeInfo


Save that as “DumpVar.wsf” in the MDT “Scripts” folder, and run it with a simpler command line:

cscript.exe "%ScriptRoot%\DumpVar.wsf"

If you would prefer to use PowerShell, the same thing can be done with it:

# Determine where to do the logging
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$logPath = $tsenv.Value("_SMSTSLogPath")
$logFile = "$logPath\$($myInvocation.MyCommand).log"

# Start the logging
Start-Transcript $logFile

# Write all the variables and their values
$tsenv.GetVariables() | % { Write-Host "$_ = $($tsenv.Value($_))" }

# Stop logging

Save that as “DumpVar.ps1” in the MDT “Scripts” folder, and run it using PowerShell.exe (as long as execution of scripts has been enabled):

PowerShell.exe –File "%ScriptRoot%\DumpVar.ps1"

Here are some related links:



A few people commented on how they could see my Administrator account and password details in the output of the script I was running, as I had specified that account for my ConfigMgr network access account.  That’s definitely not a best practice – you should specify an account that has the minimum rights required, typically just enough to connect to your distribution point shares.  It should never have domain admin rights.  (Yes, I was lazy and just reused the only account I set up in my demo VMs.)

You might wonder why the example script above that uses ZTIUtility.vbs doesn’t log the password.  That’s because we have specific logic in that script that refuses to log any line that contains the word “password” as a security feature.

Comments (2)
  1. Anonymous says:

    Since many of our task sequence variables were useful reference items, I used a similar script to dump all of the variables to the registry, then went back and deleted any values that were known to contain sensitive information.  Great for troubleshooting failed builds, or having an "as built" record of important information (we used a LOT of custom variables for our builds).

Comments are closed.

Skip to main content