Audit your Configuration Manager Maintenance Windows with PowerShell

I just finished a simple PowerShell script that queries all the MW information and it creates an HTML file. This script accepts three parameters:

1. Site Server name
2. Site Code
3. File path where to save the file eg c:\temp.

You can download this script from here (CM12_Maintenance_Windows_Audit.ps1)

Managing Configuration Manager 2012 Security Scopes with PowerShell

Managing ConfigMgr 2012 Security Scopes is quite easy with PowerShell. If you want to create a new Security Scope, then you just need to create an instance to SMS_SecuredCategory WMI class and you need to specify two parameters

1. CategoryName
2. CategoryDescription

If you want to associate an object with the Security Scope, then you can use SMS_SecuredCategoryMembership WMI class method AddMemberships and removing the object from the Security Scope RemoveMemberships method.

You can download this script from here. (CM12_Security_Scopes.ps1) . This script file contains four functions:

1. Create-CMSecurityScope -SiteServer Localhost -SiteCode TRT -ScopeName "New Scope" -ScopeDescription "PowerShell TEST"            
2. Create-CMObjectAssociation -SiteServer Localhost -SiteCode TRT -ScopeName "New Scope" -ApplicationName "Dynamics CRM"            
3. Remove-CMObjectAssociation -SiteServer Localhost -SiteCode TRT -ScopeName "New Scope" -ApplicationName "Dynamics CRM"            
4. Remove-CMSecurityScope -SiteServer Localhost -SiteCode TRT -ScopeName "New Scope"

Please remember that currently Create-CMObjectAssociation function can only associate an Application objects.

Best

MCTS: Administering and Deploying System Center 2012 Configuration Manager

Today I received finally my Beta exam results and now I´m Administering and Deploying System Center 2012 Configuration Manager Techology Specialist :)

Creating Configuration Manager 2012 Distribution Groups with PowerShell

If you are bulding a new CM2012 infrastructure, then adding these DP groups and configuring these DP Group membership can be time-consuming and because of that I created two simple functions:

1. Create-CMDistributionPointGroup
2. Add-CMDPToDistributionGroup

The first function creates new DP group and the second one adds Distribution Points to DP groups.

Examples

Create-CMDistributionPointGroup -SiteCode TRT -SiteServer Localhost -Name "New York DP-s"   

         
Add-CMDPToDistributionGroup -SiteCode trt -SiteServer localhost -DistributionPoint server6.cm.local -DPGroup "New York DP-s"

This script file contains a function Get-ServerFQDNStatus and this function verifies server FQDN address.

You can download this script file from here. (CM12_Create_DPGroup.ps1)

Lock and Unlock Configuration Manager 2012 objects with PowerShell

Configuration Manager SEDO (Serialized Editing of Distributed Objects) in the System Center 2012 Configuration Manager SDK provides a mechanism for assigning and unassigning locks to globally replicated SDK provider objects in the context of a site, machine and user. SEDO-enabled objects are globally replicated SDK provider objects that require the user to obtain a lock if that user wishes to edit and save that object. When the user obtains that lock, the lock will be assigned to that user, the user’s machine and the site in which the machine resides. While that lock is assigned, no other user or machine will be able to edit that object until the user releases the lock.

Only SEDO-enabled objects require users to obtain a lock before editing them. The SEDO-enabled objects are the following:

1. SMS_Application
2. SMS_AuthorizationList
3. SMS_BootImagePackage
4. SMS_ConfigurationBaselineInfo
5. SMS_ConfigurationItem
6. SMS_DeploymentType
7. SMS_Driver
8. SMS_DriverPackage
9. SMS_GlobalCondition
10. SMS_ImagePackage
11. SMS_OperatingSystemInstallPackage
12. SMS_Package
13. SMS_SoftwareUpdatesPackage
14. SMS_TaskSequencePackage

How-To Acquire an Explicit Lock on a SEDO-enabled Object

If you want to lock a SEDO based object, then you first need to create an instance of the SMS_ObjectLock WMI class and before you can invoke the RequestLock method you need to create System.Management.InvokeMethodOptions object and set two parameters.

How-To Release a Lock on a SEDO-Enabled Object

To release a lock on a SEDO based object is almost the same as locking the object, but before releasing the object you need to query Object AssignedObjectLockContext property.

Scripts

You can download this script from here. CM12_Object_Locks.ps1 file contains three functions:

1. Enable-CMObjectLock – this function currently only locks applications but you can easily modify/extend it.
2. Get-CMObjectLock – this function queris application AssignedObjectLockContext property
3. Disable-CMObjectLock – this function releases the lock on object

Examples

Enable-CMObjectLock -SiteCode TRT -SiteServer localhost -ApplicationName DotNet 

           
Get-CMObjectLockNumber -sitecode trt -siteserver localhost -applicationname DotNet   

         
Disable-CMObjectLock -SiteCode TRT -SiteServer localhost -ApplicationName DotNet -ObjectLockNumber "95adfc57-9faa-472a-9151-68c2e696c024"

Create Configuration Manager computer association with PowerShell

SMS_StateMigration WMI class contains method called AddAssociation and this method accepts three parameters:

1. SourceClientResourceID
2. RestoreClientResourceID
3. UserNames

You can download this script from here (Create-CMAssociation.ps1)

Create-CMComputerAssociation -SiteServer localhost -SiteCode C01 -SourceComputer sms07 -DestinationComputer server1

Best

Audit your Configuration Manager 2012 Distribution Points with PowerShell

Configuration Manager 2012 Distribution Points contains a lot more settings than ConfigMgr 2007 and because of that I wrote a simple PowerShell script that queries DP settings and this script creates nice HTML output

This script even decodes the refresh schedule string

You can download this script from here (CM12_Distribution_Point_Audit.ps1)

Best