Skip to main content

PowerShell + SCCM 2012 : Get Started with CM Cmdlets

This post will quickly cover on how to start using PowerShell with ConfigMgr. It's good to see that ConfigMgr Admins are finally embracing the Shell :) 

Planning to have one of these getting started hangouts for PowerShell Bangalore User Group (@PSBUG) in near future.

There are essentially two routes:
  1. Using ConfigurationManager Cmdlets
  2. Using WMI/CIM (next post probably)

Using ConfigurationManager Cmdlets

ConfigMgr starting from 2012 SP1 has got the official PowerShell support, which means when you install the ConfigMgr console on a machine then you will get a PowerShell Module along with it in the below location :

<drive>\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin

Don't worry you don't have to remember this. There is an environment variable SMS_ADMIN_UI_PATH which holds this piece of information for you (Note the path we need is till bin folder only ) 

The best way to get the CM cmdlets (the cmdlets are prefixed with CM) is to open the the ConfigMgr Console and click on the top left "Connect via Windows PowerShell"

After that you should get a prompt like below if you are doing this the first time:

Select "A" (Always Run) to trust the MSFT Code Signing Cert for the User. 

Accepting the above creates MRU key for the User , see below is the MRU key created for me :

After the first run (trusting the Code Signing Cert from MSFT) one can use the normal PowerShell console to load the Module in below way :

#Load the ConfigurationManager Module
Import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1"

Now this has been fixed in ConfigMgr 2012 R2 CU1 . Read this question at Technet for more details.

One can also install the certificate for the local machine (for different Automation scenarios) using the below PowerShell function by Tore Groneng

function Import-SCCMmoduleCert
   Imports the signed certificate used in the SCCM module into the certificate store on the local computer
   Requires administrative privileges to run. Run the function as the user that will have the cert
   imported. The function accepts no parameters and does not return any output.
    Created by Tore Groneng @ToreGroneng



    Write-verbose "Start $($MyInvocation.MyCommand.Name)"
    $sccmModulePath = "$(Split-Path $env:SMS_ADMIN_UI_PATH -Parent)\ConfigurationManager.psd1"

    Write-Verbose "Module path is $sccmModulePath, getting cert"
    $cert = Get-AuthenticodeSignature -FilePath "$sccmModulePath" -ErrorAction SilentlyContinue

    Write-Verbose "Creating a store object for LocalMachine\TrustedPublisher"
    $store = new-object System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher","LocalMachine")

    Write-Verbose "Adding cert to store"

    Write-Verbose "Done"

Now the whole CM Cmdlets are there for you to explore. All the PowerShell concepts apply here with only gotcha --> one has to Set the present location to the CMSite Drive before using the CM cmdlets .

In the next post will cover on how to use PowerShell & WMI  (ConfigMgr Context)

Below is an animated GIF to show this in action:

Resources :

ConfigMgr Scripting With PowerShell Module - Tore Groneng

How to Use Scripts with ConfigMgr PowerShell cmdlets - David O'Brien

Popular posts from this blog

Test connectivity via a specific network interface

Recently while working on a Private cloud implementation, I came across a scenario where I needed to test connectivity of a node to the AD/DNS via multiple network adapters.  Many of us would know that having multiple network routes is usually done to take care of redundancy. So that if a network adapter goes down, one can use the other network interface to reach out to the node. In order to make it easy for everyone to follow along, below is an analogy for the above scenario: My laptop has multiple network adapters (say Wi-Fi and Ethernet) connected to the same network. Now how do I test connectivity to a Server on the network only over say Wi-Fi network adapter?

PowerShell + SCCM : Run CM cmdlets remotely

Today I saw a tweet about using implicit remoting to load the Configuration Manager on my machine by Justin Mathews . It caught my eye as I have never really tried it, but theoretically it can be done. Note - The second tweet says "Cannot find a provider with the name CMSite", resolution to which is in the Troubleshooting section at the end.

PowerShell : Trust network share to load modules & ps1

Problem Do you have a central network share, where you store all the scripts or PowerShell modules ? What happens if you try to run the script from a network share ? or if you have scripts (local) which invoke scripts or import PowerShell modules stored on this network share ? Well you would see a security warning like below (Note - I have set execution policy as 'Unrestricted' not 'bypass' here): Run a .ps1 from the network share Well this is a similar warning, which you get when you download scripts from Internet. As the message says run Unblock-File cmdlet to unblock the script and then run it, let's try it.