Should We Use Unknown Computer Support?

I have had a few interesting discussions around enabling unknown computer support for operating system deployment. It is one of these subjects that is very subjective, everyone has their own ideas, I thought I would share mine and my experiences.

Unknown computer support has been around for a while now. It is a feature which allows us to deploy operating systems to resources which do not exist inside ConfigMgr. It has been a very useful feature for many of my customers however some recent events have changed this. Not particularly the fault of unknown computers but more a lack of knowledge of how it all fits together in the bigger picture.

Here are a few lessons and tips for when your looking at using unknown computer support.

Mandatory Deployments

Never enable mandatory deployments when you use unknown computer support. My customer learned this when I plugged my laptop into their network for Internet access, rebooted and up came a task sequence during PXE boot.

If you must use mandatory deployments then put a password on the task sequence, this will prevent it from just running. It doesn’t have to be a big secret, but it just prevents it from starting by mistake.

Staging Devices

In a higher security environment such as a government establishment or maybe a bank it’s common to setup operating system deployment so that clients must already be imported into ConfigMgr before they build, these are imported into a collection which has a mandatory deployment on it. This just means the resources need to be imported, you can do this in the console and even import a bulk CSV if you wish.

Variable Control

This links into the above section really. However I have also setup the past week or so that when we import a machine we set a variable on that, something like CanBuild and set it to yes. We then check the value of this condition at the top of the task sequence and clear down the variable using some code from the SDK later in the task sequence. This is all part of a bigger automated process where the variable is set when the build is requested or imported.

Summary

In summary, you should be very careful with this feature, if it’s not setup properly things can go very wrong. Make sure you plan out how this works and how it will react not just to your equipment but third party machines which may also get plugged into the network that you have no control over.

Advertisements

Tags: , , ,

About Martyn

Martyn is one of the Senior Cloud Architects and DevOps Team Leader at one of the worlds leading Cloud Transformation Specialists Inframon. Martyn is responsible for the architecture of some of the largest Azure deployments in EMEA and is a advisor to a many businesses on their strategies. Martyn is a regular speaker at Microsoft events and community events on Azure and DevOps, giving his insight to a growing number of audiences.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: