Since wireless imaging is possible if using WinRE instead of PE in an SCCM Task Sequence, sometimes you may need to prompt for wireless connection details during the deployment, which is where these handy-dandy scripts come into play.
In my environment, I used a cached package to store the wireless profile persistently during the TS Deployment. This script is tailored to store the scrips and wireless information in D:\TS_Temp\<packageID>\ and call on it throughout the process to ensure the device remains connected.
This script displays the boxes during the TS Deployment, prompting for the connection details and are then passed through to the PowerShell script to create a profile XML and connect to the wireless network.
prompt.bat
ping 8.8.8.8
IF %ERRORLEVEL% equ 0 goto eof
) Else (
call :netname "Enter Wireless Network:" "SSID"
call :netpass "Enter Network Password:" "Password"
call :netauth "Enter Network Auth - Likely WPA2PSK but could be WPAPSK:" "Authentication Type"
mkdir D:\TS_Temp\PM1001A3\
ren C:\TS_Temp\PM1001A3\*.profile C:\TS_Temp\PM1001A3\*.profile.old
D:\TS_Temp\PM1001A3\*.profile D:\TS_Temp\PM1001A3\*.profile.old
echo %ssid%>D:\TS_Temp\PM1001A3\%ssid%.profile
cmd /c powershell -ExecutionPolicy Bypass ".\connectwifi.ps1 -WirelessNetworkSSID %ssid% -WirelessNetworkPassword %pass% -Authentication %auth%
goto eof
:netname
set ssid=
set heading=%~2
set message=%~1
echo wscript.echo inputbox(WScript.Arguments(0),WScript.Arguments(1)) >"%temp%\ssid.vbs"
for /f "tokens=* delims=" %%a in ('cscript //nologo "%temp%\ssid.vbs" "%message%" "%heading%"') do set ssid=%%a
exit /b
:netpass
set pass=
set heading=%~2
set message=%~1
echo wscript.echo inputbox(WScript.Arguments(0),WScript.Arguments(1)) >"%temp%\pass.vbs"
for /f "tokens=* delims=" %%a in ('cscript //nologo "%temp%\pass.vbs" "%message%" "%heading%"') do set pass=%%a
exit /b
)
:netauth
set auth=
set heading=%~2
set message=%~1
echo wscript.echo inputbox(WScript.Arguments(0),WScript.Arguments(1)) >"%temp%\auth.vbs"
for /f "tokens=* delims=" %%a in ('cscript //nologo "%temp%\auth.vbs" "%message%" "%heading%"') do set auth=%%a
exit /b
)
:eof
exit /b
The verification of connectivity will skip the script if successful as this semi-automated process is deployed to all devices, even if it’s connected on the wire. If it’s connect to the wire (or wireless network from a previous step) already, there is no need to prompt the user for input.
The following portion (lines 9-12) is/are related to the reimaging of devices offsite and connecting to a partner organization’s wireless profile and then to a PPTP VPN to image offsite devices. The pertinent piece is saving the <ssid>.profile to a location that can persist during the imaging process and be called as a task sequence step later on. This SSID.profile is used to identify what SSID we should be connecting to.
Note: If you’re not doing crazy, wacka-doodle imaging offsite, you probably won’t need this small section.
mkdir D:\TS_Temp\PM1001A3\
ren C:\TS_Temp\PM1001A3\*.profile C:\TS_Temp\PM1001A3\*.profile.old
D:\TS_Temp\PM1001A3\*.profile D:\TS_Temp\PM1001A3\*.profile.old
echo %ssid%>D:\TS_Temp\PM1001A3\%ssid%.profile
Additional side note (since you’re dying to know) after the offsite imaging is complete, an AlwaysOn VPN Device Tunnel takes over and the PPTP VPN is removed.
connectwifi.ps1
This is called on by the connect.bat script and the variables you set are passed-through to build an XML profile and connect to the wireless network. In my case, the profile is stored in D:\TS_Temp\PM1001A3\offsiteprofile.xml
Param(
[string]$WirelessNetworkSSID,
[string]$WirelessNetworkPassword,
[string]$Authentication
)
# Fill in mandatory details for the WiFi network
$Encryption = 'AES'
# Create the WiFi profile, set the profile to auto connect
$WirelessProfile = @'
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
<name>{0}</name>
<SSIDConfig>
<SSID>
<name>{0}</name>
</SSID>
</SSIDConfig>
<connectionType>ESS</connectionType>
<connectionMode>auto</connectionMode>
<MSM>
<security>
<authEncryption>
<authentication>{2}</authentication>
<encryption>{3}</encryption>
<useOneX>false</useOneX>
</authEncryption>
<sharedKey>
<keyType>passPhrase</keyType>
<protected>false</protected>
<keyMaterial>{1}</keyMaterial>
</sharedKey>
</security>
</MSM>
</WLANProfile>
'@ -f $WirelessNetworkSSID, $WirelessNetworkPassword, $Authentication, $Encryption
# Create the XML file locally
$tempProfileXML = "D:\TS_Temp\PM1001A3\offsiteprofile.xml"
$WirelessProfile | Out-File $tempProfileXML
# Add the WiFi profile and connect
Start-Process netsh ('wlan add profile filename={0}' -f $tempProfileXML)
# Connect to the WiFi network - only if you need to
Start-Process netsh ('wlan connect name="{0}"' -f $WirelessNetworkSSID)
#
There you have it! A prompt to collect wireless connection details, and a script to create the profile in XML format so you can call on it later.
As for Offsite Imaging, you can read more about that process in a later post.
Cheers!
