Provide a method for expiring standalone media
There are many ways to expire standalone media but most involve using a date stamp to compare with system time to determine if the sequence is still supported. Changing the system time circumvents this process. With Windows Servicing, it will be critical that an administrator be able to limit installation at or near the end of a support cycle. A supported process for expiring media programmatically ensures new devices aren't installed outside of a supported servicing window.
Updating status to completed. This is now available in SCCM 1702 – see here https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1702 for more details
RE: David – any check we do needs to be against local clock as stand-alone media is for non-network scenarios
David O'Neil commented
Again Bob thanks for keeping us up-to-date on this new feature. While I certainly appreciate this new feature coming out, I still have to ask this question. Wouldn't it be better for the standalone media to check against a file creation data from the media itself versus going by the local machine time? If users really wanted to, they could just adjust the system time temporarily to use the outdated/expired standalone media and then set it back to what it should be when they're done with the standalone media. However if the standalone media went by a file creation time stamp somewhere within the standalone media itself and cannot be altered, that would be a lot more beneficial.
Could this suggestion perhaps be taken back to Microsoft for a future enhancement to this upcoming release?
David O'Neil commented
Excellent! Thanks so much Bob for the update and am looking forward to seeing what Microsoft does with this new feature.
Question. Do you think it would be better and more accurate to check the time stamp for the creation of the policy.xml file versus just going by local machine time? Based on my understanding of the process, it looks like policy.xml is created by SCCM during the standalone boot media creation process. If the date/time check for expired media was made against policy.xml versus the local machine time (which for new machines is likely to be inaccurate), I imagine that would be a more accurate method. Thoughts/comments?
This should be in SCCM and MDT. There are other methods to make this happen via a script but should be built-in as most customers use this.
Joshua Twitchell commented
For those looking for a workaround until this is implemented, we found that this has worked very well for us: https://blogs.technet.microsoft.com/deploymentguys/2012/02/15/expiring-outdated-stand-alone-media/.