Is there a powershell module that I can uses on client system where I have the agents installed ?
I pushed the patches from SCCM Console to client with deployment status as "available" and need to run the install command from the machine where I have sccm agent installed. how can i do that ?
Yes, you can automate using the ClientSDK WMI classes and powershell. There is a good writeup about it here
https://timmyit.com/2016/08/01/sccm-and-powershell-force-install-of-software-updates-thats-available-on-client-through-wmi/
https://byteben.com/bb/identifying-and-installing-sccm-client-software-updates-remotely-with-powershell-and-trigger-a-vmware-snapshot-before-remediation-part-1-of-3/
It is better to just run a "Required" deployment on collection with the specific clients to want. See the docs
You may create that collection with query "where Client0 is 1" or doing fine-grain selection with direct membership. Here's how.
This way the SCCM Agent will be controlling the installation the whole way, and allow to:
Handle temporarily offline clients
Active users on the device
Scheduling and windowing
and more...
Related
I'm installing the latest MMASetup-AMD64.exe and want to hook up to Log Analytics AND SCOM. But, I'm having trouble finding the command line parameters for SCOM. Does anybody know them? The Log Analytics ones are well documented and are here:
ADD_OPINSIGHTS_WORKSPACE=1
OPINSIGHTS_WORKSPACE_ID="1234"
OPINSIGHTS_WORKSPACE_KEY="5678"
I need the equivalent parameters for management group name and management server. Effectively completing these boxes but via the command line.
Thanks in advance.
I believe parameters for management group, secure port, etc. are not available with MMASetup-AMD64.exe. Here are the supported command line options with it. So may be, if its feasible in your environment and setup, try to use MOMAgent.msi to install agent manually or to deploy System Center Operations Manager agents from the command line or by using the Setup Wizard. The parameters like MANAGEMENT_GROUP, SECURE_PORT, etc. are all explained along with examples in this document. For more information, please refer it.
Other references related to OM agents and OM groups:
Process manual agent installations
Configuring Windows agents
Operations Manager agents
Creating and managing groups
Connecting management groups in Operations Manager
Planning a Management Group Design
I have been struggling with bootstrapping my Windows instances in AWS. I need to download some things from S3 and other places when the instance starts up and execute them.
This seems to be really straightforward for Linux instances, but not so much for Windows instances.
I have a user data script that works when I run it after logging into the instance, but it doesn't work when it runs as part of the EC2Launch/EC2Config described here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html
I've found that the reason it doesn't work is that I am unable to download things from the internet due to: "The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist."
Really what I'm trying to do is the following:
Download AWS_CLI Installer
Right now I'm using bitsadmin to try to download the installer from https://s3.amazonaws.com/aws-cli/AWSCLI64.msi
Install AWS_CLI
I am able to install the CLI with the CLI installer using msiexec and the /qn flags once it's on the box
Pull items from S3
This should be able to be done with aws s3 cp or sync
Install Python (installer stored in S3)
I am able to install the installer with msiexec once it's on the box similar to the CLI installer
Execute (python) scripts pulled from S3
Does anyone know of a better way to do this? This all works after I RDP in, but not as part of the Launch Script.
TL;DR - I need to download things using the EC2Launch User Data script provided to my EC2 Windows instances but the network doesn't seem to be available when it runs.
Thanks in advance for your help!
I Ran into a similar issue, I was using BITS to download an installer on a "user data" script and was getting the same error: "The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist."
This not due to network issues, but rather to how BITS works, the user starting the download job must be logged on the machine, which it seems not to be the case for "user data" execution, which "runs as" the local Administrator without the user being logged in a way that BITS recognizes. From BITS documentation:
For BITS to detect that a user is logged on, the user must use one of the following interactive logon options:
Log on through the Welcome screen.
Log on to a terminal client.
Use fast user switching.
Starting with Windows 10, version, log on from another device using Remote Powershell.
During the script execution the network is mounted and ready to use, you can download your files using other methods that do not rely on BITS(e.g.: Invoke-WebRequest (rather slow for bigger files) or using System.Net.WebClient, both on PowerShell).
The scenario is as follows:
I have TeamCity set up to use AWS EC2 hosts running Windows Server 2012 R2 as build agents. In this configuration, the TeamCity agent service is running as SYSTEM. I am trying to implement FastBuild as our new compilation process. In order to use the distributed compilation functionality of FastBuild, the build agent host needs to have access to a shared network folder. Unfortunately, I cannot seem to give this kind of access from one machine to another.
To help further the explanation, I'll use named examples. The networked folder, C:\Shared-Folder, lives on a host named Central-Host. The build agent lives on Builder-Host. Everything is running Windows Server 2012 R2 on EC2 hosts that are fully network permissive to each other via AWS security groups. What I need is to share a directory from Central-Host so that Builder-Host can fully access it via a directory structure like this:
\\Central-Host\Shared-Folder
By RDPing into both hosts using the default Administrator account, I can very easily set up the network sharing and browse (while on Builder-Host) to the \\Central-Host\Shared-Folder location. I can also open up the command line and run:
type NUL > \\Central-Host\Shared-Folder\Empty.txt
with the result of an empty text file being created at that networked location.
The problem arises from the SYSTEM account. When I grab PSTOOLS and use the command:
PSEXEC -i -s cmd.exe
I can test commands that will be given by TeamCity. Again, it is a service being run as SYSTEM which, I need to emphasize, cannot be changed to a normal User due to other issues we have when using TeamCity agents under the User account type.
After much searching I have discovered how to set up Active Directory services so that I can add Users and Computers from the domain but after doing so, I still face access denied errors. I am probably missing something important and I hope someone here can help. I believe this problem will be considered "solved" when I can successfully run the "type NUL" command shown above.
This is not an answer for the permissions issue, but rather a way to avoid it. (Wanted to add this as a comment, but StackOverflow won't let me - weird.)
The shared network drive is used only for the remote worker discovery. If you have a fixed list of workers, instead of using the worker discovery, you can specify them explicitly in your config file as follows:
Settings
{
.Workers =
{
'hostname1' // specify hostname
'hostname2'
'192.168.0.10' // or ip
}
... // the other stuff that goes here
This functionality is not documented, as to-date all users have wanted the automatic worker discovery. It is fine to use however, and if it is indeed useful, it can be elevated to a supported feature with just a documentation update.
I am looking for a tool to know if a given computer on the local network is being remotely accessed by a user or not and ideally I'd like to know who that user is. In my company, we share virtual machines and we keep have to ask members in the team if they use any remote computer. I'd like to have some kind of dashboard that can tell me what computer is being used, and what computer is free.
I am happy to use any kind of commercial solution that would require the install of services on each of the machines that need to be monitored or things like that.
The below is made easier if you're querying from a Windows client joined to the same domain as the system you are querying, and may require certain rights above and beyond a standard domain user. If you run into authentication/permission issues, that would be the first thing I'd check.
There is a tool available at least as far back as Windows XP called "qwinsta". Later versions of Windows have both qwinsta and "query session".
qwinsta /server:computer01
SESSIONNAME USERNAME ID STATE TYPE DEVICE
console 0 Conn wdcon
rdp-tcp 65536 Listen rdpwd
administrator 2 Disc rdpwd
That shows user "administrator" logged in but disconnected. Since in this example computer01 is a Windows Server 2003 system with the default "administration" RDP license, there's a second session listening for someone to connect.
Running the same command again after connecting to that previously disconnected session looks like this:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
[unchanged output removed]
rdp-tcp#25 administrator 2 Active rdpwd
This is enough to answer "is someone currently active via RDP", and if you're using individual usernames, it should answer the "who" as well. If you're all using "testuser" or "administrator" or something, you'll probably want to know the answer to "from what client", and that is not given above.
The above gives a quick basic answer without needing additional tools. For more detailed information, you might look at the cassia library or PSTerminalServices (built on cassia). See some of the answers in this question for more detail.
My first thought on this was to use Sysinternals tools such as PsLoggedOn or LogonSessions. I then found reference to the previously-unknown-to-me qwinsta and rwinsta tools in this blog post from 2003.
You can use a PSModule named PSRdSessions, this module provide some simple funtions
sample of use
Get-RdSession -ComputerName Server01.domain.xyz # return [Cassia.Impl.TerminalServicesSession]
for return [hashtable]
Get-RdSession -ComputerName Server01.domain.xyz | Convert-RdSession # return
for return [pscustomobject]
Get-RdSession -ComputerName Server01.domain.xyz | Convert-RdSession | %{[pscustomobject]$_}
I'm using an AutoIt script to start and automate a GUI application. I need to activate the script each hour.
Will AutoIt scripts (which perform actions on a GUI) work when used as a service? The script will be run as a service (not scheduled task).
You can easily make an autoit script run as a service using service.au3 written by archer of the autoit forums. Unfortunately or fortunately since it is a security measure. A service needs to start independent of the current user session (before login). It cant access send APIs for input manipulation of the current user session from there. It does sound much more like you need a scheduled task and not a service.
As mentioned above, a scheduled task is what you're looking for. To run a script as a service read this:
Q4. How can I run my script as a service?
This is also a question with multiple answers, and none of them are the only way to do it. The first question to ask yourself is whether or not you wish to install the service on other computers besides your own.
A1. If you only wish to install the service on your own computer, The easiest way to do this is to use Pirmasoft RunAsSvc. This program makes services easy to install and easy to remove when necessary.
A2. If you wish to make the service available to anyone running your script, you can use SRVANY.EXE and ServiceControl.au3. You can then use this code to install your script as a service:
#include "ServiceControl.au3"
$servicename = "MyServiceName"
_CreateService("", $servicename, "My AutoIt Script", "C:\Path_to_srvany.exe", "LocalSystem", "", 0x110)
RegWrite("HKLM\SYSTEM\CurrentControlSet\Services\" & $servicename & "\Parameters", "Application", "REG_SZ", #ScriptFullPath)
or use the following code to delete this service:
#include "ServiceControl.au3"
$servicename = "MyServiceName"
_DeleteService("", $servicename)
There is one caveat to setting up AutoIt as a service. If the service is not installed using the above code, it must have the "allow service to interact with the desktop" setting or else automation functions such as Control* or Win* functions will not function. To assure the service does indeed have this setting, use the following code:
RegWrite("HKLM\SYSTEM\CurrentControlSet\Services[ServiceName]", "Type", "REG_DWORD", 0x110)
Taken from the FAQ topic on the AutoIt Forums. www.autoitscript.com/forum/index.php?showtopic=37289)
It sounds like you're want to use a scheduled task instead of a service. Scheduled tasks can execute every hour, while you're logged in, and should also be able to interact with your desktop. Just remember that a task run as a normal user can not interact (send input) to a elevated program if you're using Vista/Windows Server 2008 with User Account Control enabled.