Community Tools

In the past I wrote some scripts that I have donated to the community. Both scripts can be downloaded from the Microsoft TechNet Gallery and are described below.

Cleanup in AD deleted devices via Powershell in ConfigMgr 2012 SP1 / R2

The script checks every device that is available in the All Systems collection if it is still available in Active Directory and it will delete devices that comply to the following rules:

  • The device is available in ConfigMgr but not in Active Directory
  • The device is not a member of a Workgroup
  • The device is not a mobile device
  • The device is not manually imported for Operating System Deployment

The script RemoveDeletedDevicesFromConfigMgr2012SP1.ps1 uses the cmdlet Get-CMDevices to retrieve the information about the devices from Configuration Manager. After checking if the device is available in Active Directory, part of a workgroup, part of an other domain or mobile device the Remove-CMDevices cmdlet will be used to remove the device from Configuration Manager. Together with the log function of fellow Configuration Manager MVP Kaido Järvemets (http://www.cm12sdk.net) this script will log also if a devices is deleted or why a device is preserved. The script will check the device in Configuration Manager and report back which device does not have an account in the Active Directory you configured.

Download the script here: http://gallery.technet.microsoft.com/Cleanup-in-AD-deleted-b80e452d

Import approved software updates from WSUS to ConfigMgr 2012

While being in the process of migrating Windows Software Update Services 3.x to Configuration Manager 2012 you have only one really supported solution, namely adding all approved software updates to Software Update Group manually. This is a lot of work when being in an environment that was operational for years and years with lots of products and approved updates. Just adding all updates isn’t an option either since all approved and declined updates are tested throughout the years. When looking on the Internet for a workaround I came across this workaround for Configuration Manager 2007.

This output can be imported to Configuration Manager 2012 (SP1 or R2) with this PowerShell script using the native Configuration Manager 2012 SP1/R2 PowerShell cmdlets.

Read the complete article about the migration process here: /2013/10/26/migrate-approved-software-updates-wsus-configmgr-2012/

The PowerShell script can be downloaded here and works as follows:

Prerequisites:

  • Be sure that the Software Updates of the enabled products and categories are synchronized and available in Configuration Manager
  • Enable only the products that you still want to support with Configuration Manager 2012. Only updates that are available will be added to a Software Update Group.
  • Export the ArticleID’s and match them with UpdateIDs like described above.

What does it?

Based on the approved WSUS updates in an updates.txt file, the script creates for every 999 approved updates a Software Update Group which you are able to deploy to your collections. You cannot have more than 1000 Software Updates in one deployment so that’s why I limited the script to not allow more than 999 updates in a Software Update Group. The script will only add updates to the Software Update Group that are available within Configuration Manager 2012, so if you leave out old operating systems like Windows XP or Windows Server 2003 those updates will not be imported.

After the Software Update Groups are created you are able to clean them up by removing the membeship of updates that you do not want to install anymore.

The script can be downloaded here: http://gallery.technet.microsoft.com/Import-approved-software-054ff136

 ConfigMgrBlog.com Windows 8 App

Via the application you are able to read the intro from my blog posts and browse to the complete article via the link below the intro. In the future I will try to extend the app with several options. If you have an idea, please let me know!

By downloading and launching the application you are able to follow blog posts in the following categories:

  • Blogs (all new blogs)
  • ConfigMgr (all ConfigMgr related blogs)
  • Windows Intune (all Windows Intune related blogs)
  • MVP (all MVP related blogs)
  • Speaking (all Speaking related blogs)
  • Scripts (all Scripts / application related blogs)
  • General (all blogs with general subjects)

Download the app here: http://apps.microsoft.com/windows/app/configmgrblog-com-blogs/dabd7726-c59e-4188-b0f7-0256b3a3959e

Compliance Settings

Besides mentioned above, I have also released several Compliance Settings that are available for download in the Microsoft Gallery.

Compliance Settings: Set background of Mac OS X with ConfigMgr 2012 R2

This compliance setting can be used to set the default homepage of Safari in Mac OS X with the use of settings management in Configuration Manager 2012 R2.

Mac OS X support by Configuration Manager 2012 R2 has two ways of supporting Settings Management namely, managing settings through preferences directly or managing it through Shell Scripts. One of the things I showed was the ability to change user preferences in Mac OS X. In an earlier blog I described how you could use the $USER variable if you want to change a user setting, but for some reason how the Configuration Manager clients interacts with Mac OS X is changed.

The context in which the Configuration Manager client runs and now changes preferences or running scripts is not the current user but the ROOT user. System preferences can still be changed via the native Mac OS X preferences.

Download it here: http://gallery.technet.microsoft.com/Compliance-settings-Set-8cf1bd74

Compliance Settings: Set background of Mac OS X with ConfigMgr 2012 R2

While Apple is slightly changing how preferences are stored. For instance, until Mac OS X Mountain Lion the background was managed in the preferences located in file ~\Library\Preferences\com.apple.desktop.plist . You could easily change the background key in this file. With the release of Mac OS X Mavericks this setting is moved to a database file instead of preference file. The guys at Apple are making it harder and harder to manage those fruity devices 😉

Luckily the Mac community is also sharing knowledge with others around the globe, so the issue was already described on several blogs like here.

Looking at the blog, two scripted options are offered, one via Applescript and Osascript or via a PyObjC script. Since Osascript seems to be a shell script command, which is supported by Configuration Manager.

Is you want to force the wallpaper be set correctly every time the Configuration Manager client evaluates the configuration baseline, then we just need to (mis-)use it in our discovery script in the Configuration Item.

Download it here: http://gallery.technet.microsoft.com/Settings-Management-Set-ddc88291

Compliance settings: Set Mac OS X Welcome Message on Logon Screen

Another use case where you could use the Compliance Settings of Configuration Manager 2012 to manage your Apple OS X devices. In the preference file /library/preferences/com.apple.loginwindow.plist you are able to set the variable LoginwindowText. So to be able to change or set a text message you need to create a Configuration Item with the settingtype set to Mac OS X Preferences with the data type set to string.

This Baseline with Compliance Item can be used to check if the logon message is set and if needed, it can be remediated.

Download it here: http://gallery.technet.microsoft.com/Compliance-settings-Set-e12c0cfd

Compliance settings: Configure Remote Management plus Remote Admin User

With this Compliance Baseling I want to show you that you are also able to enable remote administration, including VNC access and that you are able to manage or add users to a remote Mac OS X device. This can be handy if you need to manage a lot of Mac devices and if you do not want to configure them by hand. Let’s see how this works, again the Mac community was very helpful in explaining how to for instance create a user via Shell Script.

After trying to manage the com.apple.remotemanagement.plist file located in /library/Preferences I searched for an alternative option to enable remote management and remote control via VNC. An alternative was found in Kickstart, located in a well hidden place /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ . With this command line utility you are able to configure the remote management preferences. So this is a great tool to misuse (again 😉 ) in for instance the Discovery Script of a Configuration Item.

Download it here: http://gallery.technet.microsoft.com/Compliance-settings-0d082ea6

 

Leave a Reply

Your email address will not be published. Required fields are marked *