Query SCCM from Task Sequence - is it possible?

Question

I have a VBscript which works abolultuly fine on my workstation. It queries SCCM to find out what domain a computer is in. When I run it as part of the task sequence, it fails. Note that this is almost the last step in the task sequence, under Windows 7, not Windows PE.

Option Explicit

Const wbemFlagReturnImmediately = &H10
Const wbemFlagForwardOnly = &H20

Dim computerName, userName, userPassword, server
Dim swbemLocator, swbemServices, providerLoc
Dim location, connection
Dim query, found, resource, resources

'--- Settings ---
userName = "domain\username"
userPassword = "password"
server = "domain.com"  

'--- Get computer name ---
computerName = CreateObject("WScript.Network").ComputerName
WScript.Echo"Computer name: " & computerName

'--- Connect ----
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
swbemLocator.Security_.AuthenticationLevel = 6
Set swbemServices = swbemLocator.ConnectServer(server, "root\sms",userName,userPassword)
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")
For Each location In providerLoc
    If location.ProviderForLocalSite = True Then
        WScript.Echo "SiteCode: " & location.SiteCode       
        Set connection = swbemLocator.ConnectServer(server, "root\sms\site_" + location.SiteCode)
    Else
        WScript.Echo "Not provider for local site."
    End If
Next

'--- Query & output ---
query = "SELECT * FROM SMS_FullCollectionMembership WHERE name = '" & computerName & "'"
Set resources = connection.ExecQuery(query, , wbemFlagForwardOnly Or wbemFlagReturnImmediately)
found = False
For Each resource In resources
    WScript.Echo "Domain: " & resource.Domain & " (" & resource.CollectionID & ")"
    found = True
    Exit For
Next
If Not found Then WScript.Echo "Computer not found!"

If I open a command prompt ruing the task sequence (using F8 under Windows 7, not Windows PE) and run the script, I get:

SWbemLocator: Access is denied

on the line:

Set connection = swbemLocator.ConnectServer(server, "root\sms\site_" + location.SiteCode)

Any thoughts? Alternatively, any other suggestions on how to find out what domain a computer was in last time it was built?

Answer 1

I realise this is a very old post but I just had this problem myself. You already have the username and password in the script and it is used here

Set swbemServices = swbemLocator.ConnectServer(server, "root\sms",userName,userPassword)

However just a bit further down you are making a connection to the site without the username and password.

Set connection = swbemLocator.ConnectServer(server, "root\sms\site_" + location.SiteCode)

Try this:

Set connection = swbemLocator.ConnectServer(server, "root\sms\site_" + location.SiteCode, userName, userPassword)

Hope this helps someone!

Answer 2

Your Task Sequence runs in context of the the local system account, and per default this account has no rights in SCCM.

If you define "yourdomain\domain computers" in the SCCM admin console, Security Rights, Users, and give them read and read resource rights on Collection, you should be able to connect to your SCCM server.

Please notice, you have to do this on all site servers you want to connect to, these definitons are not replicated between sites.