Add Run PowerShell Script Step to SCCM Task Sequence

Let’s check how to add Run PowerShell Script Step to SCCM Task Sequence. The PowerShell script added to SCCM task sequence must be installed silently when you decide to add during the OS deployment.

This option helps SCCM Admin to perform various operations easily during the operating system deployment with Task sequence. The details to post will provide you insights about the available option with this step. As per Microsoft, The PowerShell Script must meet the following criteria –

• PowerShell Script shouldn’t interact with the desktop, must run silently or in an unattended mode.
• It must not initiate a restart on its own. The script must request a restart using the standard restart code, 3010. This behavior makes sure that the task sequence properly handles the restart. If the script does return a 3010 exit code, the task sequence engine restarts the computer. After the restart, the task sequence automatically continues.
• Use signed PowerShell scripts in Unicode format. ANSI format, which is the default, doesn’t work with this step.

How to Add Run PowerShell Script Step to SCCM Task Sequence

Let’s follow the below steps to add Run PowerShell Script in the Task sequence and learn about the available options –

Create or Edit an Existing Task Sequence

This Guide will help you to create a Configuration Manager task sequence from scratch. Use the following steps to modify an existing task sequence. 

• In the Configuration Manager console, go to the Software Library workspace, expand Operating Systems, and then select the Task Sequences node.
• In the Task Sequence list, select the task sequence that you want to edit. Select Edit to modify.

To add this step in the task sequence editor, select Add, select General and select Run PowerShell Script.

This step can be run in the full OS or Windows PE. To run PowerShell Script step in Windows PE, enable PowerShell in the boot image. Enable the WinPE-PowerShell component from the Optional Components tab in the properties for the boot image. More you can check

Properties for Run PowerShell Script

• On the Properties tab for Run PowerShell Script step, You can configure the following settings –
  • Package
  • Script name
  • Enter a PowerShell Script
  • Parameters
  • PowerShell execution policy
  • Start in
  • Time-out (minutes)
  • Run this step as the following account (Account)

Package

Select this option to specify the Configuration Manager package that contains the necessary files for execution. It can contain multiple PowerShell scripts.

Script name

Specifies the name of the PowerShell script to run. For Example – FileName.ps1

Enter a PowerShell script

In this step, you can enter the PowerShell code directly. This feature lets you run PowerShell commands during a task sequence without distributing a package. If needed, you can directly do the changes and perform testing without looking into the package creation process and distribution.

When you add or edit a script, the PowerShell script window provides the following actions –

• Edit the script directly.
• Click Open an existing script from file
• Browse to an existing approved script in Configuration Manager

Parameters

If you use a script in a package, you can specify the parameters passed to the PowerShell script. These parameters are the same as the PowerShell script parameters on the command line.

PowerShell execution policy

Determine which PowerShell scripts you allow running on the computer. You can choose one of the following execution policies –

• AllSigned: Only run scripts signed by a trusted publisher.
• Undefined: Don’t define any execution policy.
• Bypass: Load all configuration files and run all scripts. If you download an unsigned script from the internet, Windows PowerShell doesn’t prompt for permission before running the script.

Start in

This field is optional. You can specify the executable folder for the program, up to 127 characters. This folder can be an absolute path on the destination computer or a path relative to the distribution point folder that contains the package.

Time-out (minutes)

This option is disabled by default. Specifies a value that represents how long Configuration Manager allows the command line to run. This value can be from one minute to 999 minutes. The default value is 15 minutes.

Run this step as the following account (Account)

Here you can specify the local user or domain account to run the command line. The command line runs with the permissions of the specified account. Select Set to specify the account.

Options for Run PowerShell Script

On the Run PowerShell Script step, Options tab. Here you can configure the additional settings of this task sequence step –

Continue on error – When you select Continue on error on the Options tab of this step, the task sequence continues when a PowerShell Script fails to execute. When you don’t enable this option, the task sequence fails and will not execute the remaining steps.

Success codes – Include other exit codes from the script that the step should evaluate as success.

Once you are done, click Apply and OK to save the changes. Close the task sequence editor, and the task sequence is ready for deployment.

About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Resources

• Easily Find SCCM Task Sequences Reference Application
• How to Add Run Command Line Step to SCCM Task Sequence