SCCM – How to deploy an Operating System to Bare Metal Machines

System Center Configuration Manager (SCCM) can be used to perform Zero Touch Installation Operating System (OS) deployments.  You can easily target an existing Windows system that has the SCCM client installed to install a new OS on it.  But how do you target systems that don’t even have an OS installed on them?  This article discusses the available options to deploy an OS to bare metal machines using SCCM.

Investigating the available options to deploy an operating system to an unmanaged system (a computer not known to SCCM) can be confusing when you run into the SCCM terms below.

  • Computer Association
  • Unknown Computer Support
  • Unknown Computers Collection
  • Unprovisioned Computers Node

Prior to the release of R2 for SCCM, the only way to target a system unknown to SCCM for OSD was to create a record for the system in the SCCM database.  The new computer record is then simply added to a collection, and you just advertise your OSD task sequence to this collection.  To create the record, you have to know the system’s MAC address or SMBIOS GUID.  The SMBIOS GUID is easy to obtain from a computer running a Windows operating system by querying WMI.  For example, in Windows 7, you can type the following command at the command prompt:

Wmic csproduct get uuid

However, for computers without an operating system installed, this isn’t possible.  You can get the SMBIOS GUID from the CMOS BIOS.  If you are using a PXE Service Point, you can boot the bare metal machine into PXE and check the PXE screen or look at the smspxe.log on the server.  The following article provides details on how to add computers to the SCCM database:

https://technet.microsoft.com/en-us/library/bb633291.aspx

The methods detailed in the article above will overwrite a computer that already exists in the SCCM database if the new computer information has the same name.  The script in this article will not overwrite an existing record.  Run it from the command prompt using the following syntax:

Cscript addComputerRecordToSCCM.vbs

The script will prompt you for the name of the SCCM computer to connect to, the MAC address of the system being added, and the collection ID of the collection where the new computer resource should be added.  You can find the collection ID by looking at the properties of a collection.

R2 for SCCM introduced Unknown Computer Support (SCCM needs to be at service pack level SP1 or higher), removing the need to pre-create a record in the SCCM database for OSD.  This works with PXE boot and with boot media.  R2 creates two unknown system resources: x86 Unknown Computer and x64 Unknown Computer.  It adds these two resources to a new collection that it creates called All Unknown Computers.

Once you enable Unknown Computer Support, you can then advertise your OSD task sequence to this collection.  Note that you can add these unknown computer resources to any custom collection.  You might wonder how this process works.  When using a PXE Service Point for OSD, the SCCM PXE Service Point will record the MAC address of the unknown computer when it PXE boots.  At this point, SCCM no longer considers this computer as unknown but rather as unprovisioned.  SCCM then adds the computer to the Unprovisioned Computers node.

The unprovisioned system now has an SMS unique identifier and is able to receive OSD task sequences.  Once the operating system is installed on it, the system is removed from the Unprovisioned Computers node.  However, if the task sequence fails, the system will remain in this node.  This is good for informational purposes.

To enable unknown computer support for PXE boot, enable the Enable unknown computer support option in the PXE Service Point configuration.

To enable unknown computer support for bootable media, enable the same option in the Create Task Sequence Media wizard after you select Bootable media.

To avoid wiping out systems in error, especially Zero Touch OSD deployments using PXE boot, you may want to require a password so after the system PXE boots someone needs to enter the password before wiping the machine and installing a new OS (if using a mandatory advertisement).  Another way to protect systems from being reformatted and getting a new OS by mistake is to create an exclusion list.  The following article provides details on how to accomplish this.

https://blogs.technet.com/b/manageabilityguys/archive/2011/03/24/preventing-pxe-boot-on-servers-and-other-critical-client-systems-using-macignorelistfile.aspx .

You can download the source file here:

Add Computer Record to SCCM

Share:

Facebook
Twitter
LinkedIn
Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 018
Cyber Security

WME Security Briefing 15 July 2024

OVHcloud Mitigates Record-Breaking 840 Million PPS DDoS Attack Overview In April 2024, OVHcloud, a top French cloud computing firm, successfully stopped a massive DDoS attack. The attack hit a record-breaking rate of 840 million packets per second

Read More »
E-Commerce Security - Solutions for Online Retailers
Azure

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=