Skip to main content

PowerShell + SCCM 2012 : Get Started with CM Cmdlets

This post will quickly cover on how to start using PowerShell with ConfigMgr. It's good to see that ConfigMgr Admins are finally embracing the Shell :) 

Planning to have one of these getting started hangouts for PowerShell Bangalore User Group (@PSBUG) in near future.

There are essentially two routes:
  1. Using ConfigurationManager Cmdlets
  2. Using WMI/CIM (next post probably)

Using ConfigurationManager Cmdlets


ConfigMgr starting from 2012 SP1 has got the official PowerShell support, which means when you install the ConfigMgr console on a machine then you will get a PowerShell Module along with it in the below location :



<drive>\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin


Don't worry you don't have to remember this. There is an environment variable SMS_ADMIN_UI_PATH which holds this piece of information for you (Note the path we need is till bin folder only ) 



The best way to get the CM cmdlets (the cmdlets are prefixed with CM) is to open the the ConfigMgr Console and click on the top left "Connect via Windows PowerShell"



After that you should get a prompt like below if you are doing this the first time:

Select "A" (Always Run) to trust the MSFT Code Signing Cert for the User. 


Accepting the above creates MRU key for the User , see below is the MRU key created for me :




After the first run (trusting the Code Signing Cert from MSFT) one can use the normal PowerShell console to load the Module in below way :

001
002
003
#Load the ConfigurationManager Module
Import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1"

Now this has been fixed in ConfigMgr 2012 R2 CU1 . Read this question at Technet for more details.

One can also install the certificate for the local machine (for different Automation scenarios) using the below PowerShell function by Tore Groneng

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
function Import-SCCMmoduleCert
{
<#
.Synopsis
   Imports the signed certificate used in the SCCM module into the certificate store on the local computer
.DESCRIPTION
   Requires administrative privileges to run. Run the function as the user that will have the cert
   imported. The function accepts no parameters and does not return any output.
.EXAMPLE
   Import-SCCMmoduleCert
.NOTES
    Created by Tore Groneng @ToreGroneng Tore.Groneng@gmail.com

#>

[CmdletBinding()]
[OutputType([int])]
Param()

    Write-verbose "Start $($MyInvocation.MyCommand.Name)"
    $sccmModulePath = "$(Split-Path $env:SMS_ADMIN_UI_PATH -Parent)\ConfigurationManager.psd1"

    Write-Verbose "Module path is $sccmModulePath, getting cert"
    $cert = Get-AuthenticodeSignature -FilePath "$sccmModulePath" -ErrorAction SilentlyContinue

    Write-Verbose "Creating a store object for LocalMachine\TrustedPublisher"
    $store = new-object System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher","LocalMachine")
    $store.Open("MaxAllowed")

    Write-Verbose "Adding cert to store"
    $store.Add($cert.SignerCertificate)
    $store.Close()

    Write-Verbose "Done"
}


Now the whole CM Cmdlets are there for you to explore. All the PowerShell concepts apply here with only gotcha --> one has to Set the present location to the CMSite Drive before using the CM cmdlets .


In the next post will cover on how to use PowerShell & WMI  (ConfigMgr Context)

Below is an animated GIF to show this in action:







Resources :

ConfigMgr Scripting With PowerShell Module - Tore Groneng
http://asaconsultant.blogspot.no/2014/05/configmgr-scripting-with-powershell.html

How to Use Scripts with ConfigMgr PowerShell cmdlets - David O'Brien
http://www.david-obrien.net/2014/05/22/use-scripts-configmgr-powershell-cmdlets/#


Popular posts from this blog

Azure DevOps Tips & Tricks - Find private REST APIs

Often working with Azure DevOps, I hit a wall trying to automate some tasks but there are no REST API's made public yet. It was one of those task of automating creation of Environments in multi-stage YAML based pipelines in AzDO. Quick research reveals that this has been requested in uservoice  (please upvote). Let's see one of the very simple ways to discover some of these APIs.

PowerShell + SCCM : WMI Scripting

Why should I use WMI, when there is a PowerShell module available for Configuration Manager (CM Module) already? Well the cmdlets behind the scene interact with the WMI layer and if you know which WMI classes the corresponding cmdlet work with , it can be of help in future by : Switching to native WMI calls when the CM cmdlets fail for some reason (probably bug in the CM Module). Making your scripts more efficient by optimizing the WMI (WQL query) calls, the cmdlet will query all the properties for an Object (select *) you can select only ones you need.  Lastly no dependency on the CM Module, you can run these automation scripts from a machine not having the CM console installed (needed for CM module). Moreover ConfigMgr uses WMI extensively, you already have this knowledge leveraging it with PowerShell shouldn't surprise you. This post assumes you have been working with CM cmdlets (you already are versed with PowerShell), know where the WMI namespace for ConfigMgr resides

Test connectivity via a specific network interface

Recently while working on a Private cloud implementation, I came across a scenario where I needed to test connectivity of a node to the AD/DNS via multiple network adapters.  Many of us would know that having multiple network routes is usually done to take care of redundancy. So that if a network adapter goes down, one can use the other network interface to reach out to the node. In order to make it easy for everyone to follow along, below is an analogy for the above scenario: My laptop has multiple network adapters (say Wi-Fi and Ethernet) connected to the same network. Now how do I test connectivity to a Server on the network only over say Wi-Fi network adapter?