Unknown Computers in SCCM 2007 R2 – overview

One of the new features in SCCM 2007 R2 is support for OSD deployments to ‘Unknown’ Computers – computers that do not exist in the SCCM database.  This is a feature that did exist in previous releases of OSD (SMS 2003) but was removed for security and safety reasons.  There are specific environments where having the ability to image ‘unknown’ computers is beneficial so it was again added to R2.

Before using this feature stop to consider that this can introduce unwanted image deployments to the environment.  If enabled, a system booting into the OSD environment, whether through boot media or PXE (more on that in a minute) will be able to access the SCCM environment and download images.  If there are any mandatory image deployments targeted to the ‘unknown’ system the image deployment starts immediately and the existing data on the systems hard drives is removed!  You don’t want to be the one to accidentally cause the CEO’s system to get wiped with a new image so be sure you use this feature appropriately!  🙂  Before you get too nervous – we do have a way to add a layer or protection and ensure key machines aren’t imaged.  More on that near the end of the blog entry.

So, you’ve considered the benefits, weighed the possibilities and decided this is a feature you want to implement – so how do you set it up?  There are really two key areas – Enable ‘unknown’ computer support in your boot sequence and target images to ‘unknown’ computers

Enable ‘unknown’ computer support
‘Unknown’ computers can either be imaged by PXE booting or through media – such as a CD based boot or USB key.  You can choose to enable ‘unknown’ support for either or both methods.

Enable for PXE booting:
To enable ‘unknown’ computer support for PXE booting systems all you need to do is select the ‘Enable unknown computer support’ box on the  PXE service point properties screen as shown:


When you select to enable this the warning screen below will be displayed.


Enable for media booting:
To enable ‘unknown’ computer support for media booting systems all you need to do is select the ‘Enable unknown computer support’ box in the create task sequence – bootable media wizard as shown:


This will create new task sequence media that will allow ‘unknown’ systems to be imaged.

Target images to ‘unknown’ computers
With the boot scenarios configured all that remains is to target images as our ‘unknown’ computers.  This is done by selecting the image(s) you want to be made available to ‘unknown’ computers and advertising them to the ‘All Unknown Computers’ collection.  This collection is new to R2 and contains generic machine records for each machine architecture that might be imaged – x86 or x64.  The ‘All Unknown Computers’ collection is shown below and is the collection that must be used for targeting images to ‘unknown’ systems.


Images can be advertised to this collection either as optional (safer) or mandatory (more risk – image deployment starts immediately).

That’s it – now you can boot your ‘unknown’ system and they will be able to receive OSD images – just like standard machines.  Oh, so what is the mechanism to ensure we don’t image certain machines?  You can specify which systems to deny imaging to using a text file – just list out the MAC addresses for the systems you don’t want to be imaged and store it on the PXE service point – named whatever you like.  In the registry of the PXE service point navigate to HKLM/Software/Microsoft/SMS/PXE and add a string value called MACIgnoreListFile and point it to the full path to the text file!

Looking at this you might ask the question – how does this really work ‘behind the scenes’?  Take a look at my next blog entry for details!

Comments (8)

  1. Steve Rachui just posted some great information about R2's unknown computer support on his blog:

  2. rjkc17 says:

    I have a simple question. If you check the “require a password” check box under the PXE Service Point configuration screen, wouldn’t that stop from the surprise machine image? If I have that option checked, is there any chance someone could accidentally image their machine?

  3. steverac says:

    Thats a good point – and I can’t think of a reason why that wouldn’t work.  Of course, it still could be quite the shock to see the password prompt waiting for you and if your user does know and enter the password, all bets are off.

  4. This is the final article of a series creating a custom Boot wizard to dynamically choose the Task Sequence

  5. Erik says:

    I deleted the 'All Unknown Computers' collection in error. Is there any way to get it back?

  6. Syed says:

    We have SCCM 2007 R2 server–>windows critical patches deployments showing unknown computers, but those are not unknown computers but known computers only.