Archive

Archive for the ‘Client Management’ Category

PowerShell & SCCM – Client

October 7th, 2010 1 comment

In the previous posts we created a new Package containing Windows PowerShell and distributed it to all all XP clients in the “All Windows XP Systems” Collection. Assuming that everything went OK the package should have been distributed and installed on the Client.

With Windows PowerShell installed on the Client we can manage the SMS Client using Windows PowerShell. In the Install.bat file used when installing the program we also enabled PowerShell remoting so we can run commands against the client remote. Here’s an example on how to connect to the Client remote.

PS > Enter-PSSession XP01.powershell.nu
[xp01.powershell.nu]: PS >

We can connect to the SMS Client using the Microsoft.SMS.Client COM Object as shown below.

PS > $smsClient = New-Object -ComObject Microsoft.SMS.Client

The COM Object supports a couple of methods that we can use to manage the SMS Client. We can display the properties by sending the object through a pipeline to the Get-Member cmdlet.

PS > $smsClient | Get-Member

   TypeName: System.__ComObject#{d535c884-6b82-47dd-9a15-

Name                           MemberType Definition
----                           ---------- ----------
AutoDiscoverSite               Method     string AutoDisc
ClearProxy                     Method     void ClearProxy
DiscoverDefaultMP              Method     string Discover
EnableAutoAssignment           Method     void EnableAuto
GetAssignedSite                Method     string GetAssig
GetCurrentManagementPoint      Method     string GetCurre
GetCurrentManagementPointEx    Method     void GetCurrent
GetDnsSuffix                   Method     string GetDnsSu
GetInternetManagementPointFQDN Method     string GetInter
GetProxy                       Method     void GetProxy (
IsClientAlwaysOnInternet       Method     int IsClientAlw
IsClientOnInternet             Method     int IsClientOnI
MSIReinstallClient             Method     uint MSIReinsta
ReAssignSite                   Method     string ReAssign
RemoveAssignedSites            Method     void RemoveAssi
ResyncPolicy                   Method     void ResyncPoli
SendClientAssignmentMessage    Method     void SendClient
SetAssignedSite                Method     void SetAssigne
SetClientProvisioningMode      Method     void SetClientP
SetCurrentManagementPoint      Method     void SetCurrent
SetDnsSuffix                   Method     void SetDnsSuff
SetInternetManagementPointFQDN Method     void SetInterne
SetProxy                       Method     void SetProxy (
UseAdminLocator                Method     void UseAdminLo

If we want to display the Assigned Site we use the GetAssignedSite() method.

PS > $smsClient.GetAssignedSite()
LAB

It’s also possible to change the Assigned Site using the SetAssignedSite() method. In the example below we change site from LAB to P01.

PS > $smsClient.SetAssignedSite("P01")
PS > $smsClient.GetAssignedSite()
P01

We can even set the Current SMS Advanced Client Management Point using the SetCurrentManagementPoint() method. The method accepts an IP-Address followed by [int]1 or a Computer Name followed by [int]0.

PS > $smsClient.SetCurrentManagementPoint("SCCM",0)

It’s also possible to use the CPAppletMgr, which is a COM automation class that provides an automated way to perform the same tasks as the Configuration Manager program on the Client.

First we store the COM Object in a variable.

PS > $cpAppletMgr = New-Object -ComObject CPApplet.CPAppletMgr

We can display the supported methods using the Get-Member cmdlet as shown below.

PS > $cpAppletMgr | Get-Member

   TypeName: System.__ComObject#{279463bb-1034-4fb5-878e-4a330a08beab}

Name                MemberType Definition
----                ---------- ----------
GetClientActions    Method     IClientActions GetClientActions ()
GetClientComponents Method     IClientComponents GetClientComponents ()
GetClientProperties Method     IClientProperties GetClientProperties ()

Let’s take a look at the GetClientActions() method. If we simply use the method the available we get a list of the Client Actions available.

PS > $cpAppletMgr.GetClientActions()

ActionID                      Name                           DisplayNameResID DisplayNameResDLL
--------                      ----                           ---------------- -----------------
{00000000-0000-0000-0000-0... Software Inventory Collect...             10005 cfg_res.dll
{00000000-0000-0000-0000-0... MSI Product Source Update ...             10010 cfg_res.dll
{00000000-0000-0000-0000-0... Hardware Inventory Collect...             10001 cfg_res.dll
{00000000-0000-0000-0000-0... Software Updates Assignmen...             10011 cfg_res.dll
{00000000-0000-0000-0000-0... Standard File Collection C...             10006 cfg_res.dll
{00000000-0000-0000-0000-0... Updates Source Scan Cycle                 10013 cfg_res.dll
{00000000-0000-0000-0000-0... Discovery Data Collection ...             10004 cfg_res.dll
{3A88A2F3-0C39-45fa-8959-8... Request & Evaluate User Po...             10007 cfg_res.dll
{00000000-0000-0000-0000-0... Peer DP Maintenance Task                  10012 cfg_res.dll
{8EF4D77C-8A23-45c8-BEC3-6... Request & Evaluate Machine...             10008 cfg_res.dll
{00000000-0000-0000-0000-0... Software Metering Usage Re...             10009 cfg_res.dll

We can retrieve a specific Action using the Where-Object cmdlet. In the example below we retrieve the “Request & Evaluate Machine Policy” Action.

PS > $machinePolicy = $cpAppletMgr.GetClientActions() |
>> Where-Object { $_.Name -eq "Request & Evaluate Machine Policy" }

Now that we’ve stored a specific Action in a variable we can simply use the PerformAction() method to perform the Action.

PS > $machinePolicy.PerformAction()

Pretty Cool!

Rating 4.33 out of 5
[?]
Categories: Client Management, SCCM 2007, WMI Tags: , ,

Managing Local Groups through PowerShell

July 6th, 2009 No comments

When managing Local Groups through PowerShell, we can use the [ADSI] type adapter.
Starting off, We have to connect to the Local Group that we want to modify.


PS > $ComputerName = $env:COMPUTERNAME
PS > $Group = "Administrators"
PS > $LocalGroup = [adsi]"WinNT://$computerName/$Group,group"
PS > $LocalGroup


distinguishedName :
Path              : WinNT://Computer01/Administrators,group

Now that we’re connected to the Local Group, we can start of by adding a user. First let’s add a Local User.


PS > $Domain = "powershell"
PS > $UserName = "nigo"
PS > $LocalGroup.Add("WinNT://$Domain/$userName")

This adds the Domain user powershell\nigo to the local Administrators Group. If we instead want to add a Local User, we just replace the Domain Name with the Local COmputer Name.


PS > $ComputerName = $env:COMPUTERNAME
PS > $LocalGroup.Add("WinNT://$ComputerName/$userName")

And if we want to remove a User from a local Group, we use the Remove() method.


PS > $Domain = "powershell"
PS > $UserName = "nigo"
PS > $LocalGroup.Remove("WinNT://$Domain/$userName")

Here’s a script that automates these tasks.

Click here to download the script.

Here are some examples on running the script.


PS > Set-LocalGroup.ps1 -UserName nigo -Add

PS > Set-LocalGroup.ps1 -UserName nigo -Remove

PS > Set-LocalGroup.ps1 -UserName nigo -Group "Guests" -Domain powershell -Add

PS > Set-LocalGroup.ps1 -help

Rating 4.00 out of 5
[?]
Categories: Client Management Tags:

Managing Local Accounts through PowerShell

July 6th, 2009 2 comments

When managing Local Accounts through PowerShell, it’s possible to use the [ADSI] type adapter.
Starting off, let’s look at how to connect to the Local Computer.


PS > $ComputerName = $env:COMPUTERNAME
PS > $Computer = [adsi]"WinNT://$ComputerName"
PS > $Computer


distinguishedName :
Path              : WinNT://Computer01

Now that we have a variable holding the reference to our local computer, we can go ahead and add a Local User Account. This is done through the Create Method on the object. we’ll also add a Password for our User.


PS > $UserName = "NewUser"
PS > $Password = "Password1"
PS > $User = $Computer.Create("user",$UserName)
PS > $User.SetPassword($Password)
PS > $User.SetInfo()

And it’s as simple as that. If you’r running Windows 7 you have to start PowerShell with elevated rights in order to get it to work.

Removing the User is done by using the Delete() method.


PS > $Computer.Delete("user",$UserName)

Here’s a script i wrote that adds, removes or resets the password of a local User Account.

Click here to download the script

Examples on running the Script:


PS > Set-LocalAccount.ps1 -UserName NewUser -Password Password1 -Add
PS > Set-LocalAccount.ps1 -UserName NewUser -Password Password2 -ResetPassword
PS > Set-LocalAccount.ps1 -UserName NewUser -Remove

Rating 3.00 out of 5
[?]
Categories: Client Management Tags:

Get-PrinterInformation

June 18th, 2009 No comments

Gathering Printerinformation can be done through WMI. Win32_Printer contains information about printers that are used by a computer and Win32_PrinterDriver contains information about the printer drivers. We can combine these 2 WMI classes and retrieve information about both the printer and it’s drivers. This script checks for the following properties:

Computer             : Client1
Name                 : \\SERVER\SRV-FLOOR1-SV01
DefaultPrinter       : True
DriverName           : HP LaserJet 4250 PCL 6
DriverPath           : C:\Windows\system32\spo...
Driverdll            : UNIDRV.DLL
HorizontalResolution : 600
VerticalResolution   : 600
LocalPrinter         : False
PrintProcessor       : HPZPP4wm
Location             : GOT
Comment              : Company Printer
Description          : Printer on Floor 1

I’ve included a switch that let’s you pipe the information to a csv instead of displaying it to the host, and if you pipe an array of computer names to the script you can retrieve information from multiple computers.

Running the Script:


PS > .\Get-PrinterInformation.ps1 -Computer Client1 -ToCsv

PS > "Client1","Client2","Client3" |
>> ForEach { .\Get-PrinterInformation.ps1 -Computer $_ }

Here’s a link to the script.
Get-PrinterInformation.ps1

Rating 4.00 out of 5
[?]
Categories: Client Management, WMI Tags: ,

Set Folder Permissions using a PowerShell script

February 13th, 2009 15 comments

A common Admin task is Setting permissions on folders for new Users or Groups. doing this manually can be pretty boring and timeconsuming. This script automates these steps through PowerShell.

The parameters that I’ve added to the script are:

  • -Path Folder to Create (Required)
  • -User User who should have access (Required)
  • -Permission Specify Permission for User, Default set to Modify (Optional)
  • -help Prints the HelpFile (Optional)

The script sets the folderpermissions for a User or a group on a folder and if the folder doesn’t exist, it creates the folder and adds the specified permissions.

Running the Script on one folder gives the user or group permissions on the folder and on child folders. If you run the script recurse, it will break the inheritance for the specified User/Group and set the permissions specified on each folder.

Here are 2 examples on running the script.


./SetFolderPermission.ps1 -path C:\User -Access APA\MyGroup -Permission Write

Get-ChildItem -path C:\User -recurse |
Where { $_.Attributes -match "d"} |
ForEach {
./SetFolderPermission.ps1 -path $_.Fullname -Access APA\MyGroup -Permission Read
}

If you want to display the HelpText simply type:


./SetFolderPermission.ps1 -help

Here’s a link to the script

Rating 4.00 out of 5
[?]
Categories: Client Management Tags: ,