SCCMTSPSI
SCCMTSPSI

Documentation for SCCM task sequence deployment orchestrator

  1. Overview
  2. Realm setup
  3. Active Directory & SCCM setup.
    1. Active directory - Security group
    2. Active directory - Broker account
    3. SCCM - Deployment collection
    4. SCCM - Administrative category for applications
    5. SCCM - Administrative category for office
    6. SCCM - Limiting collection for collections
    7. AD - Parent AD group for AD group list
    8. AD - Staging OU
    9. SCCM - Configuration directory
    10. SCCM - WinPE boot image setup
  4. Configuration tool & File
    1. Realm secret key
    2. Allowed WinPE instances
    3. Network access account
    4. Notification account
    5. Hostname formatting
    6. Automatically identify hostname
    7. Overrides
    8. Active directory staging OU
    9. MBAM Server details
    10. SMTP server details
    11. Notification types
    12. User state migration (USMT)
      1. Data store encryption
      2. Migration types
      3. Free space
      4. Config XML
      5. Migration rules XML
      6. Ignore return error codes
      7. Migrating EFS files
      8. Move domain
      9. Move user
      10. Currupt user profiles
    13. Logs and Profiles location
    14. Disk setup
    15. Content availability check
    16. Error adding collection member
    17. Error adding AD group member
    18. Wait for Bitlocker decryption
    19. Approved hardware
    20. Extension Attributes
  5. Using sccmtspsi (Operator view)
    1. sccmtspsi login window content
    2. sccmtspsi controls
      1. Asset hostname
      2. Unlock bitlocker
      3. Get task sequence deployments
      4. Get operating system images and packages
      5. Get office application
      6. Get SCCM applications
      7. Get SCCM collections
      8. Get AD Groups
      9. sccmtspsi actions
      10. Data migration options
      11. Primary users
      12. AD / SCCM entry
      13. Extension Attributes
  6. Task sequence steps
    1. sccmtspsi-tasksequence.exe
    2. Task sequence variables
    3. Apply operating system image step
  7. Task sequence error codes
  8. sccmtspsi error codes

Active directory - Security group

The Realm security group serves two objectives.

  1. Acts as the gate keeper, by maintaining a list of Active Directory users who can access a SCCMTSPSI Realm instance.
  2. Provides read access into the configuration directory for a Realm.

Create the below Active Directory global security group.

sccmtspsi-users-XXX [Where XXX is the Realm name]

The security group members tab will look similar to the below image. Where “Build Engineer 1” , “Build Engineer 2” and “Build Engineer 3” are normal sccmtspsi operators and “sccmtspsi-broker-r01” is the broker account [discussed in the next section].

Note:

  • The Realm security group can be a nested group. But for performance purposes, we recommend using a flat membership structure.
  • Do not add any foreign security principals as a member of this group.
« Active Directory & SCCM setup.Active directory - Broker account »
Suggest Edit

DCOM hardening issue.

This application fails to authenticate with WMI on the SCCM server because Microsoft has not yet hardened DCOM on their Windows Preinstallation Environment. We are working on a different approach, but it will only be released during the first quarter of 2024. But until that time, the only workaround will be to uninstall the update corresponding to KB5004442.