System Center Configuration Manager and FastTrack

FastTrack can interact with System Center Configuration Manager (SCCM) by injecting scripts into Task Sequences. By doing this you have access to Task Sequence variables the same simple way that you have access to regular script variables. The exchange of variables between FastTrack and SCCM is completely transparent and on the fly.

You also have access to information about the SCCM client and to standard SCCM logging during execution by using one simple command:
LogTaskActionInfo "Cisco VPN installation skipped - already installed"

SCCM

The client

FastTrack offers information about the installed SCCM client, such as whether the client is installed or not, which version is installed and which site the computer is assigned to. One use of this information could be checking that all computers actually have the SCCM client installed. Your clients that show up in the Configuration Manager Console are based on the discovery methods you have set up. For example, if you use Active Directory System Discovery, a list of computers is retrieved from the computer accounts in your Active Directory. If you use Network Discovery, clients are found by various means such as querying Microsoft DHCP and WINS servers for a client list. It is therefore not likely that computers will not eventually show up in the console. However, what is not unlikely is it not being possible to push the client to all computers. There are a number of situations, where we know a FastTrack script will be running on these computers from time to time, and we could use these to make integrity checks. We could put this script line into the regular logon script: SCCM Logo

If Not SCCMClientInstalled Then ShowMessage Your computer is unable to receive software updates. Please contact the Help Desk.

If it then turns out that the SCCM client is not installed on a computer, when a user logs on, this is shown during the logon process:

SCCM Warning

In fact, this is essentially what the Logon Script Wizard does, if use the SCCM client check. The Logon Script Builder is essentially just a script generator, but you are limited to what GUI can produce, if you do not write the script "by hand".

Home Screen Logon Script General Settings

We could also choose to use the SendMail command to email the Help Desk to advise of this problem. This script line would also be of great value to put in a SmartDock script, as it is most likely that problems pushing the client to a computer would be over VPN connections for computers that are rarely or never on the LAN.

Another use would be to include SCCM client information in your personal SkyBox. When you use SCCM, you might not be using SkyBox at the same time, but one does not rule out the other. While SCCM collects heaps of inventory data about computers, SkyBox is a light-weight inventory, because the purpose of SkyBox is to make inventory information available in the cloud. SkyBox can also be used to identify clients that do not have the SCCM client installed or that have an older version, simply by using the SkyBox filter function. To include SCCM client information in your personal SkyBox, we can simply supply the relevant information as custom properties:

UploadInventory [SCCMClientVersion],[SCCMSiteCode]

When we log on to SkyBox and investigate a computer, this information is now available as two custom attributes. In the case below, the names are set by using the link below the information. The version of the SCCM client is also available in the software inventory list.

SCCM Inventory

Task Sequences

The true power of the collaboration between SCCM and FastTrack is when using FastTrack as part of SCCM Task Sequences. To learn what a Task Sequence is, please refer to the official Microsoft documentation here. In short, you can say that a Task Sequence is a series of steps controlled by SCCM with the option to execute each step conditionally. Including a FastTrack script in your Task Sequence is very simple. Simply insert a "Run Command Line" action anywhere in your sequence:

SCCM Task Sequence Read

You can then choose to execute a compiled FastTrack exe file or you can put a copy of FSH.Exe, FSH.Lic and a copy of your script in a directory and execute it from there. In this example, the second option is used:

SCCM Task Sequence Read

Task Sequence Logging

FastTrack supports logging entries in the SCCM logging format. All you have to do to log, is to issue the LogTaskActionInfo, LogTaskActionWarning or LogTaskActionError command. By default the log file is FSH.log, but you can change this with the SetTaskActionLogFile command.

It is up to you to decide how much logic you place in the sequence and how much logic you want controlled by a script. If there are any uncertainties, it might be safer to have a FastTrack script control a large part of the logic. For example, if there is uncertainty as to whether or not some laptops may already have the Cisco VPN client installed manually, why not simply execute a script on all computers and let the script decide the logic. So we could go:

If Portable Then

  If Not ProgramInstalled Cisco Systems VPN Client Then

    LogTaskActionInfo Cisco VPN installation started

    InstallMSI \\AcmeServer\deploy$\CiscoVPN.msi

    LogTaskActionInfo Cisco VPN installation completed

  Else

    LogTaskActionWarning Cisco VPN installation skipped - already installed

  End If

End If

If we examine the log for a laptop that has the software installed, it looks like this:

SCCM Log Trace Tool


Using Task Sequence variables

To learn what Task Sequence variables are, please refer to the official Microsoft documentation here. Basically Task Sequence variables are what make Task Sequences cool. The variables are available upon execution and only during execution. The variables available are the sum of standard variables and variables assigned specifically to a collection or computer. The standard variables (the ones starting with underscore) are read-only, whereas all other variables can be changed and new variables created during the sequence for other steps to use.

When executing a script as part of a Task Sequence, all variables can be read by using the TaskVar function and existence can be checked with the TaskVarExists condition in the FastTrack script. A script line using a custom variable that must be passed from a collection variable could look like the example below, where the installation folder must be passed to the script as a Task Sequence variable. The installation folder variable can be passed by using a collection variable, a computer variable or can be defined by a previous step.

If TaskVarExists InstallFolder Then SyncDir Bin,[TaskVar InstallFolder]

There are lots of standard variables available, for example the variables _SMSTSLastActionSucceeded and _SMSTSPackageName variables, which tells if the previous action/step in the sequence failed and the name of the executing sequence. These can be read with the TaskVar function, but they are also available as the condition "LastTaskActionFailed" and the "TaskSequenceName" function, which are basically wrappers for these two variables. If there was a prerequisite step prior to installing the Cisco VPN client and we wanted the FastTrack script to fire the installation conditionally, our script to install is not the first action in the sequence. In case there is a severe error in the prerequisite action (previous step), we could email the administrator notifying of the problem and not attempt the installation:

If LastTaskActionFailed Then

  SendMail smtp.acme.com,25,robot@acme.com,SCCM Robot,admin@acme.com,SCCM Error,Unable to execute [TaskSequenceName] on [ComputerName]

Else

  If Portable And Not ProgramInstalled Cisco Systems VPN Client Then InstallMSI CiscoVPN.msi

End If


Setting Task Sequences variables

In the previous section we looked at how to consume SCCM variables in our scripts. But we can also do it the other way around and make variables available to other actions in the sequence. Any condition or other information you can do or get with a FastTrack script, you can set as variables in sequence using the SetTaskVar command.

For example, if we wanted to deploy our Cisco VPN client software only to laptops, we could deploy it to a collection of laptops, hoping that the collection includes nothing more or less than the actual laptops in the organization. Another way around it is to deploy a Task Sequence to all computers and then install it conditionally, as shown in the previous section. There are a number of examples available to determine in an SCCM Task Sequence, if a computer is a laptop by reading the chassis type through WMI. This approach is unsafe, because if there is a new chassis type in the future, the VPN software gets installed on too many or too few computers. The only safe way to do it is to rely on the FastTrack "Portable" condition. This means that we could either use the above approach and execute a sequence on all computers, or we could make the "Portable" condition available to the rest of the Task Sequence to install an SCCM package instead of executing the installation MSI from the script. To do the same using a Task Sequence, we need to make the Laptop condition available in the Task Sequence through a new variable. While we are at it, let's make a generic expandable template script that we could use as a general first action in sequences:

SetTaskVar ComputerType=[ComputerType]

 

If Server Then

  SetTaskVar IsServer=true

Else

  SetTaskVar IsServer=false

End If

 

If Windows64Bit Then

  SetTaskVar Is64Bit=true

Else

  SetTaskVar Is64Bit=false

End If

Subsequent actions will now have three new variables available: "ComputerType" (value will be "Desktop" or "Portable), "IsServer" and "Is64Bit". You can expand this script to make much more rich information available to a sequence. For example, you can now make Active Directory information of the executing computer available to the sequence, such as creating a true/false variable based on the "ComputerIsInOU" or "ComputerIsMemberOf" to tell if the computer is member of a specific group and in a specific Organizational Unit.

To get the script executed, we must either use a copy of FSH.Exe, FSH.Lic and the script on a share or compile it into an exe file. We will do the latter in this case and save the output exe file as TSVarSetter.exe in root of a share named \\acmeserver\deploy$:

SCCM Task Sequence exe file

Next step is creating a new Task Sequence, which will use the exe file as the first step to make the variables available. Create a new Task Sequence and edit it:

SCCM Task Sequence

The first step in the sequence is calling the new TSVarSetter.exe file. Select the "Run Command Line" command as the first step and call the TSVarSetter.exe:

SCCM Task Sequence

SCCM Task Sequence

At this point in the sequence, the new variables are available. This means that we can install the Cisco VPN package conditionally:

SCCM Task Sequence

SCCM Task Sequence

Operating System Deployments

Operating System Deployments (OSD) can also use Task Sequences as part of the installation process. The Task Sequence will be running under Windows PE and for this reason, it is not recommended to use a FastTrack script at this stage for two reasons. The first reason is that FastTrack, like PowerShell, requires the .net 2.0 framework to execute and the .net 2.0 framework is not available in Windows PE. This limitation is relatively easy to overcome, if you Google the subject and it is relatively easy to get FastTrack and PowerShell to work under Windows PE.

However, the second and more important reason is that Windows PE is not the full operating system and therefore only a subset of FastTrack and PowerShell will actually work under Windows PE, which is the real reason why FastTrack Software cannot support use under Windows PE the same way Microsoft cannot support PowerShell under Windows PE. The way to get around this is to handle this scenario a little different. Let SCCM execute the basic Task Sequences required to install drivers and packages and then hook into the unattended deployment process later and get access to the full Windows API, all features of FastTrack and the ability to work with your Active Directory during OS installation. Basically it is just a question of placing 4 files in the source image under Sources\$OEM$\$$\Setup\Scripts, which would be under \\AcmeServer\Images$\Win7x64Pro\sources\$OEM$\$$\Setup\Scripts in the example below. Please refer to this page for documentation on how to execute FastTrack scripts with SCCM OS deployments.

SCCM unattended install images folder


Software Distribution Packages

In the previous sections we have focused mainly on how to distribute software using Task Sequences. You can also deploy software or maintenance tasks through regular SCCM packages that are based on a controlling FastTrack script. The easiest way to do that is to compile your maintenance or installation script into an exe file and place it along your installation files (if any). Please refer to this page for information on how to compile script into exe files. You can also just place your script and a copy of FSH.Exe and FSH.lic in the folder and execute FSH.Exe passing the script file to FSH.Exe.

Other points of interest

You can use other FastTrack features to handle tasks that SCCM cannot do. For example:
  • Handle some installations outside SCCM based on Active Directory groups. More info
  • Create public exe-based install packages for computers not available for servicing. More info
  • Create MSI packages from non-MSI based installers without using snapshots. More info
  • Create MSI based scheduled tasks that for example backup your SQL Servers. More info
  • Add custom tasks and security to your MSI packages and repackage them back to MSI format. More info
  • Automatically re-use computer names based on MAC addresses when re-installing operating systems. More info
  • Add custom tasks to your operating system deployments. More info
  • Handle scripting tasks that SCCM cannot do for you, like LAN and VPN logon scripts and laptop backups.


Rating: 5 out of 5

"Use this as a replacement for VBScript and PowerShell"

"It's easy to include attractive GUI elements in FastTrack scripts, beyond the basic dialog boxes and text input that VBScript offers ... Another powerful feature is the ability to distribute scripts as Windows Installer (.msi) or standard .exe files. Although interesting in its own right, this ability results in a much more intriguing capability: to repackage -- or wrap -- software installers as .msi files without using snapshots. If you've ever created an .msi installer file from before-and-after system snapshots, for use with a software distribution system such as Group Policy or SCCM, then you know how hit-and-miss the results can be."

Read full review


Rating: 8 out of 10

"Faster than the rest"

"We found the FastTrack syntax to be more transparent and easier to learn than Microsoft's PowerShell – the editor in particular provided good support in this regard. the Script Editor offers a large number of options from the command set through to simple output of graphical elements, which cannot be achieved at all with PowerShell or other solutions or only with a significantly greater level of effort."

"Anyone wanting to tackle the many hurdles in everyday admin and especially anyone for whom logon scripts and client automation is a priority will benefit from the variety of functions offered by FastTrack."

Review in English      Review in German