Working with Security Scopes in Configuration Manager with PowerShell

Last year @MMS Kent showed our automated RBA solution and I just discovered that this does not work in ConfigMgr 2012 R2 CU1 environment. It seems like they have changed the process behind the UI and in ConfigMgr 2012 R2 CU1 environment they are using different IDs to identify the Object. Before they used FolderTypeID value but now they are using SecuredTypeID values. You will need these values, if you are working with SMS_SecuredCategoryMemberShip WMI class and AddMemberShips/RemoveMemberships mehtods FolderTypeID FolderTypeName SecuredTypeID 2 SMS_Package 2 7 SMS_Query 7 9 SMS_MeteredProductRule 9 11 SMS_ConfigurationItem 11 14 SMS_OperatingSystemInstallPackage 14 16 SMS_VhdPackage 16 [...]

How to change Configuration Manager Hardware Inventory Schedule Client Setting

Today I tried to modify Hardware Inventory Schedule client setting and it didn't work. First I thought that I did something wrong or the cmdlet is broken. Here is the cmdlet Verbose output Then I thought that, lets disable the HW client setting and then enable the HW client setting with correct schedule and Bingo it worked correctly. #Step 1 $ClientSettingsName = 'HW Settings' Set-CMClientSetting -Name $ClientSettingsName -EnableHardwareInventory $false -Verbose -Debug #Step 2 $CMWeeklySchedule = New-CMSchedule -RecurCount 1 -RecurInterval Hours Set-CMClientSetting -InventorySchedule $CMWeeklySchedule -Name $ClientSettingsName -EnableHardwareInventory $True -Verbose -Debug If you compare the verbose outputs, then you will see the [...]

Export out User Device Affinity Relationship with PowerShell

This script allows to export out specific collection UDA Relationships to a CSV file. Here is the script it self. Run it on your Primary Site Server and then open the CSV file with Excel. <# .Synopsis This script exports out specific collection UDA Relationships .DESCRIPTION .EXAMPLE Export-CMUDARelationships.ps1 -DeviceCollectionName "All Systems" -OutPut C:\Scripts\Reports\UDA.csv -SiteCode PS1 .NOTES Developed by Kaido Järvemets, Coretech A/S Version 1.0 #> Param( [Parameter(Mandatory=$True,HelpMessage="Please Enter ConfigMgr Collection Name",ParameterSetName='CSV')] $DeviceCollectionName, [Parameter(Mandatory=$True,HelpMessage="Please Enter CSV file location",ParameterSetName='CSV')] $OutPut, [Parameter(Mandatory=$True,HelpMessage="Please Enter ConfigMgr site code",ParameterSetName='CSV')] $SiteCode ) $CollectionQuery = Get-CimInstance -Namespace "Root\SMS\Site_$SiteCode" -ClassName "SMS_Collection" -Filter "Name='$DeviceCollectionName' and CollectionType='2'" $ResourcesInCollection = Get-CimInstance -Namespace [...]

By |2014-03-25T13:44:03+01:00March 25th, 2014|Configuration Manager (SCCM), Powershell|1 Comment

The EASY WAY – List objects in specific folder in Configuration Manager 2012 with PowerShell

Last week I saw one blog post how to list specific folder objects and I believe that actually there is much easier way to list the objects in specific folder. First we need to figure out the ContainerNodeID which is the folder unique ID. We have several ways to find out the folder unique ID, for example we can run the ConfigMgr Admin console in developer mode or we can use a WMI tool. There are different WMI tools that you can find from the internet or you can simple use the WBEMTEST tool also which is already built-in in [...]

How to move objects in Configuration Manager Admin Console with PowerShell

Starting with Configuration Manager 2012 R2 we have a cmdlet called Move-CMObject. This cmdlet allows to move different objects in Admin Console. We still don't have a cmdlet that allows to create ConfigMgr Admin Console folders but if necessary you can use this code to create folders. Here are 6 different examples How to move objects in ConfigMgr Admin Console # Example 1 $CMCollection = Get-CMDeviceCollection -Name "OSD - Windows 8.1" Move-CMObject -FolderPath "PS1:\DeviceCollection\OSD" -InputObject $CMCollection # Example 2 $CollectionID = "PS10036C" Move-CMObject -FolderPath "PS1:\DeviceCollection\OSD" -ObjectId $CollectionID # Example 3 $ConfigurationItem = Get-CMConfigurationItem -Name "Business Hours" Move-CMObject -FolderPath "PS1:\ConfigurationItem\LOB" -InputObject [...]

Create ConfigMgr 2012 R2 Collections with Powershell

I know we have migrations tools and other built-in options when we want to build a new ConfigMgr environment. But Microsoft have given us Powershell, and there are some really cool cmdlets that we can utilize. I’ve had a couple of examples lately where i had to create 100+ collections from scratch – or basicly from just a list of applications… And instead of doing that by hand i would much rather do it with Powershell, and save my poor fingers alot of clicking and typing. Microsoft have a Technet site where all ConfigMgr 2012 R2 cmdlets are listed and [...]

By |2014-02-18T14:07:36+01:00February 18th, 2014|Configuration Manager (SCCM), Powershell|6 Comments

Simple workflow for Configuration Manager Client installation

Here is a really simple Configuration Manager Client installation PowerShell workflow. This workflow queries all the clients where ClientType property is NULL. You can easily add logging, scheduling etc. workflow Install-CMClient { Param( $SiteCode, $SiteServer ) $Computers = Get-WmiObject -Namespace "Root\SMS\Site_$($SiteCode)" ` -Query "Select Name from SMS_R_System where ClientType is NULL" -PSComputerName $SiteServer Write-Output -Input "Total computers without Configuration Manager Client:$($Computers.Count)" ForEach -parallel ($item in $Computers){ $Path = "\\$($item.Name)\c$" if(Test-Path -Path $Path) { Write-Output -Input "Copying installation files to $($item.Name) TEMP folder" Copy-Item -Path "\\Terminaator\CMClient" -Destination "\\$($item.Name)\c$\TEMP" -Recurse -Force Inlinescript{ Write-Output -Input "Starting CCMSETUP.EXE on $($Using:Item.Name)" Start-Process -FilePath "C:\TEMP\CCMSETUP.EXE" } [...]

SCO 2012: Force a Failed status of the runbook!

There are a number of scenarios where you want to fail your runbook and make sure that the runbook status is “failed” this could, for instance be Triggering runbook from service manager, or other external system which checks the result Triggering from PowerShell If you want to use the statistics properly in orchestrator. There is one rule that decides if the runbook status is success,warning or failed. Success = All Activities is success full Warning = One or more activities has failed or warning Failed = Last activity that executes has status failed. The challenge is that many “failures” in [...]

By |2014-02-11T13:03:39+01:00February 11th, 2014|Automation|4 Comments

Why I can’t convert my Windows Server 2012 R2 Core to GUI

Let’s assume that you installed some time ago one Windows Server 2012 R2 Server Core and you have installed also latest Windows Updates to that server and this server does not have an internet connection. Here are the updates that are installed In one day you discover that you need to add graphical user interface and you execute the following command Install-WindowsFeature Server-Gui-Shell -Source:wim:D:\Sources\install.wim:2 You will see that it reaches to 68% and fails with following error Install-WindowsFeature : The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or [...]

By |2014-01-23T11:53:34+01:00January 23rd, 2014|Operating Systems, Powershell, Windows Server|18 Comments

Installing a Domain Controller on Windows Server 2012 R2 Core

In my previous post I showed how you can install Active Directory Domain Services on Windows Server Core and in this post I´m going to show how you can add an additional Domain Controller to your environment because best practice recommends that you have at least two of them. To add an additional Domain Controller we need to do following: 1. Rename the server 2. Set the IP and DNS address 3. Join the server to domain 4. Install Active Directory Domain Services Server Role 5. Deploy the Domain Controller   Before you continue I recommend to read my first [...]

By |2014-01-21T14:18:27+01:00January 21st, 2014|Powershell, Windows Server|2 Comments

Installing Active Directory Domain Services on Windows Server 2012 R2 Core

Installing Active Directory Domain Services on Windows Server Core is really easy. You only need to run 8 commands and your Domain Controller is ready. These steps are: 1. Rename the server 2. Set the IP and DNS address 3. Install Active Directory Domain Services Server Role 4. Promote the server to a Domain Controller Let’s Get Started :) I assume that you already have one Windows Server Core installed. If you log in, then it automatically runs command prompt. To get to PowerShell, then just type PowerShell.exe and you are ready to configure your Domain Controller. I don’t like [...]

By |2014-01-21T11:56:47+01:00January 21st, 2014|Windows Server|12 Comments

Capture output from command line tools with PowerShell

A simple task and then again not A customer asked me if it was possible to grab output from a command and analyze the output afterwards. In the particular case he needs to call a telnet session and check if there was a proper response from the server. The easy solution and then again not The very simple solution would be to start the command from PowerShell, redirecting the output to a file, wait for the process to finish and then read the file content. But in this case the process would not end on its own, as the telnet [...]

By |2018-01-24T23:02:52+01:00January 16th, 2014|Powershell|9 Comments

Set-SCSMTemplateWithActivities powershell script

UPDATE 02-01-2014: Fixed some issues in script   When dealing with the cmdlet: Set-SCSMTemplate in SMLets, you might have noticed that if you apply a template with activities, the prefix of the ID’s (e.g. RA300 or MA250) is all missing. And it’s the same issue if done via the SDK or Orchestrator. One workaround, described by Lee Berg here: is to modify the management pack that contains the template, and then insert the prefix like this: MA{0}. This approach works, but can be quite cumbersome as it takes time to do and also “locks” the template so any modification [...]

How to add Configuration Manager Distribution Point Remotely with PowerShell

If you are trying to add a Configuration Manager Distribution Point remotely you may end up with issue: WARNING: The self-signed certificate could not be created successfully Validation of input parameters failed. Cannot Continue Code example Invoke-Command -ScriptBlock { #Step 1 Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") #Step 2 $SiteCode = Get-PSDrive -PSProvider CMSITE #Step 3 Set-Location "$($SiteCode.Name):\" #Step 4 Add-CMDistributionPoint -SiteSystemServerName -SiteCode $SiteCode.Name ` -ClientConnectionType Intranet -MinimumFreeSpaceMB 50 -PrimaryContentLibraryLocation Automatic ` -SecondaryContentLibraryLocation Automatic -PrimaryPackageShareLocation Automatic -EnablePxeSupport ` -SecondaryPackageShareLocation Automatic -CertificateExpirationTimeUtc ((Get-Date).AddYears(100)) -ErrorAction STOP } -ComputerName If you take same code and run it locally on your Primary Site Server, then it [...]

Modify Maintenance Windows with Configuration Manager cmdlets

One of the new features in Configuration Manager 2012 R2 is that you can configure Maintenance Windows only for Software Updates We can configure all these new stuff with ConfigMgr cmdlets also :) #Import ConfigMgr PSH Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") #Get the CMSITE SiteCode $SiteCode = Get-PSDrive -PSProvider CMSITE # Change the connection context Set-Location "$($SiteCode.Name):\" #Apply MW only to Task Sequence $Collection = Get-CMDeviceCollection -Name "MW 2 - LOB Servers" Set-CMMaintenanceWindow -CollectionID $Collection.CollectionID -ApplyToTaskSequenceOnly -Name "TEST 2" #Apply MW only to Software Updates $Collection = Get-CMDeviceCollection -Name "MW 2 - LOB Servers" Set-CMMaintenanceWindow -CollectionID $Collection.CollectionID -ApplyToSoftwareUpdateOnly -Name "TEST 2" #Modify [...]

By |2013-10-18T09:28:43+01:00October 18th, 2013|Configuration Manager (SCCM), Powershell, Scripting & Development|Comments Off on Modify Maintenance Windows with Configuration Manager cmdlets

Create Maintenance Windows with Configuration Manager cmdlets

Configuration Manager 2012 R2 PowerShell module contains now New-CMMaintenanceWindow cmdlet :) #Import ConfigMgr PSH Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") #Get the CMSITE SiteCode $SiteCode = Get-PSDrive -PSProvider CMSITE # Change the connection context Set-Location "$($SiteCode.Name):\" #Occurs day 3 of every 2 months effective 10/17/2013 1:00 PM $Schedule = New-CMSchedule -DurationCount 1 -DurationInterval Hours -RecurCount 2 -DayOfMonth 3 -Start ([Datetime]"13:00") $Collection = Get-CMDeviceCollection -Name "MW 1 - Windows Servers" New-CMMaintenanceWindow -CollectionID $Collection.CollectionID -Schedule $Schedule -Name "TEST 1" #Occurs the First Thursday of every 2 months effective 10/17/2013 1:00 PM $Schedule = New-CMSchedule -DurationCount 1 -DurationInterval Hours -RecurCount 2 -DayOfWeek 4 -WeekOrder First -Start [...]

New cmdlets in Configuration Manager 2012 R2

Here are the new cmdlets in Configuration Manager 2012 R2. Now we have totally 560 cmdlets Copy-CMClientAuthCertificateProfileConfigurationItem Copy-CMRemoteConnectionProfileConfigurationItem Copy-CMTrustedRootCertificateProfileConfigurationItem Copy-CMVpnProfileConfigurationItem Copy-CMWirelessProfileConfigurationItem Get-CMAccessLicense Get-CMClientAuthCertificateProfileConfigurationItem Get-CMClientOperations Get-CMDeviceVariable Get-CMInitialModifiableSecuredCategory Get-CMMaintenanceWindow Get-CMRemoteConnectionProfileConfigurationItem Get-CMRemoteConnectionProfileConfigurationItemXmlDefinition Get-CMTrustedRootCertificateProfileConfigurationItem Get-CMVhd Get-CMVpnProfileConfigurationItem Get-CMWirelessProfileConfigurationItem Invoke-CMClientNotification Invoke-CMContentValidation Invoke-CMDeviceRetire Invoke-CMDeviceWipe Move-CMObject New-CMClientAuthCertificateProfileConfigurationItem New-CMDeviceVariable New-CMMaintenanceWindow New-CMRemoteConnectionProfileConfigurationItem New-CMTrustedRootCertificateProfileConfigurationItem New-CMVhd New-CMVpnProfileConfigurationItem New-CMWirelessProfileConfigurationItem Publish-CMPrestageContentTaskSequence Remove-CMClientAuthCertificateProfileConfigurationItem Remove-CMContentDistribution Remove-CMDeviceVariable Remove-CMMaintenanceWindow Remove-CMRemoteConnectionProfileConfigurationItem Remove-CMTrustedRootCertificateProfileConfigurationItem Remove-CMVhd Remove-CMVpnProfileConfigurationItem Remove-CMWirelessProfileConfigurationItem Set-CMAssignedSite Set-CMClientAuthCertificateProfileConfigurationItem Set-CMDeviceOwnership Set-CMDeviceVariable Set-CMMaintenanceWindow Set-CMRemoteConnectionProfileConfigurationItem Set-CMTrustedRootCertificateProfileConfigurationItem Set-CMVhd Set-CMVpnProfileConfigurationItem Set-CMWirelessProfileConfigurationItem Get-CMInitModifiableSecuredCategory

Quick and Dirty – Build Configuration Manager 2012 Admin Console Extensions automatically

I just finished one PowerShell script that queries all the Admin Console XML files and it creates automatically Admin Console Extension. You can use this script to locate correct place for you right-click tool. There are totally 655 Console GUIDs. You can download the script from here  

By |2013-10-15T13:27:20+01:00October 15th, 2013|Configuration Manager (SCCM), Powershell, Scripting & Development|Comments Off on Quick and Dirty – Build Configuration Manager 2012 Admin Console Extensions automatically

Can you combine Get-WmiObject with ConfigMgr cmdlets? Yes, you can

Last week I discovered that you can create a Refresh Schedule with New-CMSchedule cmdlet and then you can easily use that object with Get-WmiObject cmdlet to query and modify for example Device Collection Refresh Schedule. Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE Set-Location "$($SiteCode.Name):\" $Schedule = New-CMSchedule -RecurCount 2 -RecurInterval Days $Collection = Get-WmiObject -Namespace "Root\SMS\Site_PS1" -Class SMS_Collection -Filter "Name='Windows 8.1 OSD'" $Collection.RefreshType = 2 $Collection.RefreshSchedule = $Schedule.psbase.ManagedObject $Collection.Put() You can create the Device Collection with correct Refresh Schedule but Set-CMDeviceCollection cmdlet does not allow to change the Refresh Schedule. $Schedule = New-CMSchedule -RecurCount 2 -RecurInterval Days New-CMDeviceCollection -Name "Windows [...]

By |2013-10-14T10:28:47+01:00October 14th, 2013|Configuration Manager (SCCM), Powershell, Scripting & Development|Comments Off on Can you combine Get-WmiObject with ConfigMgr cmdlets? Yes, you can

Configuration Items and Baselines, Using Scripts (Powershell Example)

In the previous blog post i used file and registry settings for my Configuration Item. Another way to define your Configuration Item setting are scripts. And in CM2012 we have 3 scripting options: JScript PowerShell VBScript (The same goes for the use of scripts in Detection Methods when we create Application Deployment Types.)   Since the new colour fashion in scripting today is blue, i guess the popular choice would be PowerShell. On a serious note – PowerShell is now everywhere, just ask my buddy Kaido Järvemets. And in this example i will be checking for a setting on the [...]

The Coretech Software Update Management Tool

As demonstrated @TechEd in Australia and New Zealand our latest free tool is the Software Update Management Tool. The sole purpose of the tool is to automate the creation of software update deployments. The benefits of using the tool are: All deployments will be using the same naming standard. the naming standard is WRK/SRV + Year + Value of Month WRK 2013 09. The names are automatically generated using the actual month. You save time by automating the process. You eliminate errors by automating the process. All deployments are created as disabled deployments. This gives you complete control over the [...]

By |2013-09-20T13:45:06+01:00September 20th, 2013|Configuration Manager (SCCM)|30 Comments

Building PoshCAT Part 3 – Enabling PowerShell Remoting through Group Policy for PoshCAT

You may want to read these posts before: · How to install PoshCAT · Building PoshCAT Part 1 – Create different Client Actions lists · Building PoshCAT Part 2 – Adding your own custom functions One of the most important thing you need to know before you start using PoshCAT is that it relies on PowerShell remoting. If you don’t configure PowerShell remoting on your computers, then the Client Actions will fail. In this post I will show how you can enable PowerShell remoting through Group Policy but you can also configure it manually. To enable PowerShell remoting manually you [...]