System Center Configuration Manager (SCCM) can be used to perform Zero Touch Installation Operating System (OS) deployments. You can easily target an existing Windows system that has the SCCM client installed to install a new OS on it. But how do you target systems that don’t even have an OS installed on them? This article discusses the available options to deploy an OS to bare metal machines using SCCM.
Investigating the available options to deploy an operating system to an unmanaged system (a computer not known to SCCM) can be confusing when you run into the SCCM terms below.
- Computer Association
- Unknown Computer Support
- Unknown Computers Collection
- Unprovisioned Computers Node
Prior to the release of R2 for SCCM, the only way to target a system unknown to SCCM for OSD was to create a record for the system in the SCCM database. The new computer record is then simply added to a collection, and you just advertise your OSD task sequence to this collection. To create the record, you have to know the system’s MAC address or SMBIOS GUID. The SMBIOS GUID is easy to obtain from a computer running a Windows operating system by querying WMI. For example, in Windows 7, you can type the following command at the command prompt:
Wmic csproduct get uuid
However, for computers without an operating system installed, this isn’t possible. You can get the SMBIOS GUID from the CMOS BIOS. If you are using a PXE Service Point, you can boot the bare metal machine into PXE and check the PXE screen or look at the smspxe.log on the server. The following article provides details on how to add computers to the SCCM database:
https://technet.microsoft.com/en-us/library/bb633291.aspx
The methods detailed in the article above will overwrite a computer that already exists in the SCCM database if the new computer information has the same name. The script in this article will not overwrite an existing record. Run it from the command prompt using the following syntax:
Cscript addComputerRecordToSCCM.vbs
The script will prompt you for the name of the SCCM computer to connect to, the MAC address of the system being added, and the collection ID of the collection where the new computer resource should be added. You can find the collection ID by looking at the properties of a collection.
R2 for SCCM introduced Unknown Computer Support (SCCM needs to be at service pack level SP1 or higher), removing the need to pre-create a record in the SCCM database for OSD. This works with PXE boot and with boot media. R2 creates two unknown system resources: x86 Unknown Computer and x64 Unknown Computer. It adds these two resources to a new collection that it creates called All Unknown Computers.
Once you enable Unknown Computer Support, you can then advertise your OSD task sequence to this collection. Note that you can add these unknown computer resources to any custom collection. You might wonder how this process works. When using a PXE Service Point for OSD, the SCCM PXE Service Point will record the MAC address of the unknown computer when it PXE boots. At this point, SCCM no longer considers this computer as unknown but rather as unprovisioned. SCCM then adds the computer to the Unprovisioned Computers node.
The unprovisioned system now has an SMS unique identifier and is able to receive OSD task sequences. Once the operating system is installed on it, the system is removed from the Unprovisioned Computers node. However, if the task sequence fails, the system will remain in this node. This is good for informational purposes.
To enable unknown computer support for PXE boot, enable the Enable unknown computer support option in the PXE Service Point configuration.
To enable unknown computer support for bootable media, enable the same option in the Create Task Sequence Media wizard after you select Bootable media.
To avoid wiping out systems in error, especially Zero Touch OSD deployments using PXE boot, you may want to require a password so after the system PXE boots someone needs to enter the password before wiping the machine and installing a new OS (if using a mandatory advertisement). Another way to protect systems from being reformatted and getting a new OS by mistake is to create an exclusion list. The following article provides details on how to accomplish this.
You can download the source file here: