Documentation for SCCM task sequence deployment orchestrator

SCCM - Configuration directory

Create a folder with the name sccmtspsi on one of the drives on the SCCM management point.

Share the above folder and give it a share name sccmtspsi.

Grant ‘ReadShare and NTFS permission to the below security group [Implement strict access controls by removing other security principals].

sccmtspsi-users-XXX

[Where XXX is the Realm name]

Create a sub-folder and give it the same name as your Realm.  If you’ve got multiple realm’s your setup will look similar to the below image.

In the below image r01, ret and xyz are realm names.

Create the following sub-folders inside the newly created sub-folder (named after the Realm)

  1. token
  2. usmt
  3. patch

Break inheritance and only grant read access to the realm broker account “sccmtspsi-broker-r01” [r01 is the name of the Realm] for the three sub-folders. Only the Realm broker and administrators will have access to these folders.

The configuration file :

This is an integral part of SCCMTSPSI. The file “sccmtspsi.config” holds within it the configuration data necessary for SCCMTSPSI to function.

The configuration file is created using the SCCMTSPSI configuration tool. Information on how to create the configuration file using the tool has been documented in another section.

The configuration file resides in the configuration directory for the Realm as seen in the image below.

Token folder:

The Free license token will be placed inside the ‘token’ sub-folder.

USMT folder:

Save USMT XML files into the “usmt” folder under the Realm configuration directory. In the below image “r01” is the Realm name.

Patch folder:

Special custom subroutines can be initiated at various parts during sccmtspsi run-time.

On request we can develop patches to accomplish tasks  specific to your environment.

These patches should be copied to the ‘patch’ sub-folder.

Suggest Edit

DCOM hardening issue.

This application fails to authenticate with WMI on the SCCM server because Microsoft has not yet hardened DCOM on their Windows Preinstallation Environment. We are working on a different approach, but it will only be released during the first quarter of 2024. But until that time, the only workaround will be to uninstall the update corresponding to KB5004442.