Dumping Task Sequence Variables

Several people asked me after the troubleshooting session I presented at MMS 2010 how to write a script to dump out all the task sequence variables.  Here are a few samples showing how to do just that.  (These examples work for ConfigMgr and MDT Lite Touch task sequences.)

First, the absolute “bare bones” approach:


Set env = CreateObject("Microsoft.SMS.TSEnvironment")
For each v in env.GetVariables
   WScript.Echo v & " = " & env(v)
Next


Save that as “DumpVar.vbs” and run it via the task sequence, redirecting the output to a text file.  For example, if you saved this script in the MDT “Scripts” folder, you could use a command line like this:

cmd.exe /c cscript.exe "%ScriptRoot%\DumpVar.vbs" >> %Temp%\DumpVar.txt

If you want to get fancier, you can use MDT’s logging capabilities:


<job id="ZTIConnect">
   <script language="VBScript" src="ZTIUtility.vbs"/>
   <script language="VBScript">

   Set env = CreateObject("Microsoft.SMS.TSEnvironment")
   For each v in env.GetVariables
      oLogging.CreateEntry v & " = " & env(v), LogTypeInfo
   Next

   </script>
</job>


Save that as “DumpVar.wsf” in the MDT “Scripts” folder, and run it with a simpler command line:

cscript.exe "%ScriptRoot%\DumpVar.wsf"

If you would prefer to use PowerShell, the same thing can be done with it:


# Determine where to do the logging
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$logPath = $tsenv.Value("_SMSTSLogPath")
$logFile = "$logPath\$($myInvocation.MyCommand).log"

# Start the logging
Start-Transcript $logFile

# Write all the variables and their values
$tsenv.GetVariables() | % { Write-Host "$_ = $($tsenv.Value($_))" }

# Stop logging
Stop-Transcript


Save that as “DumpVar.ps1” in the MDT “Scripts” folder, and run it using PowerShell.exe (as long as execution of scripts has been enabled):

PowerShell.exe –File "%ScriptRoot%\DumpVar.ps1"

Here are some related links:

https://blogs.technet.com/deploymentguys/archive/2008/08/29/outputting-all-the-configuration-manager-task-sequence-variables.aspx

https://blogs.technet.com/mniehaus/archive/2009/09/22/running-powershell-scripts-as-part-of-a-task-sequence.aspx

A few people commented on how they could see my Administrator account and password details in the output of the script I was running, as I had specified that account for my ConfigMgr network access account.  That’s definitely not a best practice – you should specify an account that has the minimum rights required, typically just enough to connect to your distribution point shares.  It should never have domain admin rights.  (Yes, I was lazy and just reused the only account I set up in my demo VMs.)

You might wonder why the example script above that uses ZTIUtility.vbs doesn’t log the password.  That’s because we have specific logic in that script that refuses to log any line that contains the word “password” as a security feature.