tontontools.

Release Notes

Create Device In SCCM — Changelog

Version history for Create Device In SCCM. Entries follow the Keep a Changelog convention with four groups: Added, Changed, Fixed, Security.

v1.0.0

Released January 2026released

Initial public release of Create Device In SCCM. The product is sold in the Essentials tier of the TontonTools suite. A 14-day free trial is available without a credit card.

Added

  • Pre-stage SCCM device records before the physical machine exists — designed for OSD task sequence pre-staging where the device must be known to SCCM with a target collection assignment before its first boot.
  • Three input modes for the device identifier: Computer Name + SMBIOS GUID (preferred for modern hardware), Computer Name + MAC Address (fallback for older hardware or VM scenarios), and Computer Name + Serial Number (alternative identifier for specific OEM stacks).
  • Bulk creation via CSV import: one row per device with columns for Name, SMBIOS GUID, MAC, Serial, and target collection. Header detection is automatic.
  • Direct invocation of SMS_Site.ImportMachineEntry — the official Microsoft method for creating SCCM device resources programmatically. No PowerShell shell-out, no console automation.
  • Post-creation polling: after ImportMachineEntry returns, CDS polls SMS_R_System to confirm the resource has been propagated and a ResourceID has been assigned. The polling timeout is configurable; by default 60 seconds with a 2-second interval.
  • Optional automatic addition to a target Device collection: once the resource is propagated, CDS creates an SMS_CollectionRuleDirect rule on the chosen collection and invokes RequestRefresh — the device is ready for OSD deployment within seconds.
  • Filterable Device collection picker dialog: same UX as Add Device To Collection. Sorted alphabetically, real-time filtering.
  • SCCM connection via the standard WMI namespace root\sms\site_<X> with the in-dialog Auto-detect cascade.
  • CMTrace-compatible activity log written to C:\TEMP\CreateDeviceInSCCM.log with full per-device timing (ImportMachineEntry duration, propagation polling duration, collection assignment duration).
  • DPAPI-encrypted credential storage shared across the suite at %AppData%\TontonTools\credentials.dat.
  • Read-only fallback mode in license grace period: device creation is disabled, history and collection browsing remain available.

Security

  • No agent installed on managed endpoints — the product only communicates with the SCCM site server (RPC) and the TontonTools license endpoint.
  • No telemetry, no cloud backend, no third-party analytics.
  • Kerberos authentication under the signed-in Windows user — no service account required, no Graph permissions required.
  • TLS 1.2 enforced on the license validation request.
  • ImportMachineEntry requires site-level Create Resource permission in SCCM RBAC — this is a platform constraint (the method is exposed by the SMS_Site class which cannot be scoped below the site level). See the SCCM permissions reference for details.

Related documentation