How to Create and Run Scripts in ConfigMgr
Wouldn’t it be amazing if you could write your own custom PowerShell scripts and easily run them against devices and collections? Oh wait, you can! If you’re unfamiliar with what PowerShell is, that’s totally okay. However, I strongly encourage you to get comfortable with PowerShell before playing with scripts in ConfigMgr. You can cause very big and expensive problems if you’re not careful in production environments. Disclaimer: You are fully responsible for any scripts you create and execute in your environment.
Let’s dive in!
Step 1:
Identify a problem that can be solved with a PowerShell script. Write a script to solve the issue and test that it works locally on an affected machine.
In my scenario, we’re going to use a very basic custom script to resolve an issue where Recast Agents sometimes have trouble re-enrolling on a Recast Management Server after being manually deleted from the server. It’s not important that you know what a Recast Agent or Recast Management Server is. The steps are essentially the same for any scenario apart from the code being used.
Here is the PowerShell script that I’ll be using:
Stop-Service -DisplayName "Recast Agent Service"
Remove-Item "C:\Windows\System32\Config\Systemprofile\Appdata\Roaming\Recast Software\Recast Agent\agent.sqlite"
Start-Service -DisplayName "Recast Agent Service"
Summary of the script: It stops the Recast Agent Service from running, deletes the agent.sqlite file, and starts up the Recast Agent Service again afterwards which will result in the agent.sqlite file being recreated.
Step 2:
In ConfigMgr, navigate to Software Library > Overview > Scripts, right-click “Scripts”, and select “Create Script”.
Step 3:
Name your script something related to the action it completes. Copy and paste it over to the script field (or click “import” to find your script to add it), and then click next.
Step 4:
If everything looks good, click “Next” again to confirm.
Step 5:
If you see the script creation completed successfully, you can close the wizard. 🙂 If it failed, research any errors encountered and attempt to create the script again.
Step 6:
Nice! We now have a script. The next step is to get the script approved. By default, another admin with script approver privileges will need to approve your script as a security precaution. (Learn more) I highly recommend not disabling this in production. Although, most of you reading this will likely be in a lab environment, so we can quickly go over how to disable the requirement for secondary approval.
Notice the approval options greyed out in the screenshot above.
Within ConfigMgr, navigate through Administration > Overview > Site Configuration > Sites > and click on the Hierarchy Settings ribbon button.
Then deselect the radio option for “Script authors require additional approver”.
Step 7:
Navigate back to your script in Software Library > Overview > Scripts and right-click it > then select “Approve/Deny”(or highlight it and click on the “Approve/Deny” ribbon button) to launch the approval wizard.
Click “Next” if everything looks okay to you.
Click “Next” again to approve the script.
“Next” again to confirm the details!
Once you see that the task has completed successfully, you can close out the wizard.
Nice! We now have a script created and approved for use in our environment!
Step 8:
Time to run the script we’ve created! Again, you don’t have to be familiar with Recast Agents or Recast Management Server (although they are both awesome and you should definitely learn more about them here). You can see in my Recast Management Server that only “CLIENT2” is listed. I know for a fact that another computer, “CLIENT1” also has an agent installed.
I want “CLIENT1” to populate on my Recast Agents page. Let’s try running my newly created and approved script against “CLIENT1” and see what happens (you can run your script on a single machine or a collection of machines).
To do this, I’ll navigate over to Assets and Compliance > Overview > Devices, and then I’ll right-click on “CLIENT1” and select “Run Script”.
I’ll then highlight my script to select it and will click “Next” to continue.
I’ve confirmed everything looks good, so I’ll click “Next” again to run the script against “CLIENT1”.
I can see the script was able to complete successfully against “CLIENT1” because it returned a “Status” of 1. Nice! I’ll close the window and check to see if the agent is now showing in my Recast Management Server.
Hooraaay!!! My script solved the issue!
The possibilities are nearly endless when it comes to what you can do with script deployments in ConfigMgr. Have fun and be careful!
Thank you, @GarthMJ for this great blog post suggestion!