Powershell Filtering for Differing Environments
​
Imagine 2 environments, a development and a production, MDT is deployed to both systems and are to be kept aligned but are on physically separate networks. Both systems have different IP's, Firewall, Domains etc etc.
​
Having been in this situation a couple of times, the challenge is not migrating the data, its ensuring the correct settings are applied to the correct system
​
What would appear to be the easiest is to have Task Sequence (TS) steps for both DEV and PROD in the TS, disabling the DEV or PROD respectively. This can be prone to error when migrating configurations from one system to the other, there's a lot of manual intervention required.
​
An MDT variable or WMI system query could be used, but still doubles up on the number of steps and I don't like this method.
​
So my preferred method, to ensure the correct configuration is applied with minimal effort and maximum accuracy is to set a registry key for the environment and for PowerShell to detect the setting and run a function.
​
Add a 'Run PowerShell' step for each environment, DEV and PROD, and point to their respective script.
​
I've simply disabled the 'PROD' step, but a WMI query could be used to query the system so the correct step is run.
​
The PowerShell script will have the following line, change DEV accordingly.
#DEV Setting the environmental value
Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' -Name TargetEnvironment -Value DEV -Force
In this example I'll be setting different Time servers for DEV and PROD, add another 'Run PowerShell' step and point to TimeServer.ps1. So I know from looking at the TS that a script is doing some type of query or filtering I add (FS) to the name.
This is an example of setting a Time Server IP dependent on querying for DEV or PROD
#Function to set Time Server for DEV
Function DEVTM
{
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters' -name NTPServer -Value "192.168.0.10,0x8 192.168.1.88,0x8" -Force
}
​
#Function to set Time Server for PROD
Function PRODTM
{
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters' -name NTPServer -Value "192.168.0.10,0x8 192.168.2.99.,0x8" -Force
}
​
#Get the environmental value
$envir = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' -Name TargetEnvironment
​
#Run function if environment setting is $true
if ($envir .TargetEnvironment -eq "DEV"){DEVTM}
if ($envir .TargetEnvironment -eq "PROD") {PRODTM}
Now, I've a single PowerShell script that is copied to both MDT servers, there's no requirement for multiple Time Server TS steps and migrating or uplifting configs from DEV to PROD is less pron to error.
​
For instructions on how to deploy from MDT (here)