SCCM Package Plugin
The SCCM Package Plugin enable the creation of services that simplifies creating, removing, and deploying Packages in your organization and doing this in a standardized and automated way that hides away a lot of the complexity.
| Activities |
|---|
| New-ZPSCCMSession |
| New-ZPSCCMPackage |
| New-ZPSCCMProgram |
| New-ZPSCCMFolder |
| New-ZPSCCMDeviceCollectionInstall |
| New-ZPSCCMDeviceCollectionUninstall |
| New-ZPSCCMDeployment |
| Remove-ZPSCCMSession |
| Remove-ZPSCCMPackage |
| Remove-ZPSCCMFolder |
| Remove-ZPSCCMDeviceCollection |
| Remove-ZPSCCMDistributionPoint |
| Remove-ZPSCCMSecurityScope |
| Get-ZPSCCMPackageInformation |
| Get-ZPSCCMGroupCollection |
| Set-ZPSCCMPackage |
| Set-ZPSCCMDeployment |
| Set-ZPSCCMProgram |
| Add-ZPSCCMDistributionPoint |
| Add-ZPSCCMSecurityScope |
| Add-ZPSCCMMembershipRule |
| Clear-ZPSCCMLastPxeAdvFlag |
| Data sources | Type |
|---|---|
| Get-ZPPackageProperty | Web service |
| Get-ZPSCCMPackageInformation | Web service |
| Test-ZPSCCMCollection | Web service |
| Test-ZPSCCMFolder | Web service |
| DropDown.SCCMCollectionRootFolder | Drop down |
| DropDown.SCCMDeploymentGroup | Drop down |
| DropDown.SCCMDistributionPoint | Drop down |
| DropDown.SCCMLimitingCollection | Drop down |
| DropDown.SCCMPackage | Drop down |
| DropDown.SCCMPackageRootFolder | Drop down |
| DropDown.SCCMPackages | Drop down |
| DropDown.SCCMRootFolder | Drop down |
| DropDown.SCCMSecurityScope | Drop down |
Installation and Configuration
- Verify that the frontend account has read permissions in the Organizational Unit where the Deployment groups are created in Active Directory.
- Verify that the backend account has read and write permisssions in the Organizational Unit where the Deployment groups are created in Active Directory.
- Local group membership on the SCCM Server (frontend and backend account)
- Local Group Name: Remote Management Users
- Description: Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
- Local Group Name: SMS Admins
- Description: Members have access to the SMS Provider.
- Permissions in SCCM (frontend account)
- Permission Name: Read-only Analyst
- Description: Grants permissions to view all Configuration Manager objects.
- Permissions in SCCM (backend account)
- Permission Name: Application Administrator
- Description: Grants permissions to perform both the Application Deployment Manager role and the Application Author role. Administrative users who are associated with this role can also manage queries, view site settings, manage collections, edit settings for user device affinity, and manage App-V virtual environments.
- Security Scope settings in SCCM (frontend and backend account)
- Assign security scopes and collections to: All instances of the objects that are related to the assigned security roles
- Start the 'Windows PowerShell Console' as both the frontend and backend accounts on the SCCM server and choose to trust the Microsoft published files associated with SCCM:
- Local group membership on the SCCM Server (frontend and backend account)
Info
For this service to work SCCM needs to have Discovery Methods "Active Directory User Discovery" and "Active Directory Group Discovery" activated with a reoccuring pulling schedule.
Recommendation is to have a standardlized set of collection with target systems to use as limiting collections when creating new collections for package deployment. This is since the "All Systems" collection will cause performance issues in larger environments.
To deploy the application to computers the computers need to be members of the created Install AD group. But our recommendation is that it is also a member of the Uninstall group. Since the Uninstall query requires that the machine is not a member of the Install group before uninstalling any application, this is just to have one group to administer (Install AD group) when Uninstalling computers.
And to easly install/uninstall applications by just adding membership to the "Install" AD Group.
Update Provider Config
ProvisioningSystem
Update the provider config with the settings applicable for your environment
sccmpackage.provisioningsystem.providers.xml
| Key | Example Value | Description |
|---|---|---|
| DomainController | DC01.domain.local | Preferred domain controller FQDN |
| SCCMServer | SCCM01.domain.local | Target SCCM Server FQDN |
| SiteCode | P01 | Site code to use |
| UICulture | en-US | Language to display state messages in (en-US or sv-SE) |
| ModulePath | C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1 | Installation path of the ConfigurationManager module on the SCCM server |
| InstallCollectionQuery | SELECT SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System WHERE SMS_R_System.SystemGroupName='$installGroupName' | Specifies the Install Collection Query. The following variables can be used in the query: $installGroupName |
| UninstallCollectionQuery | SELECT SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SMS_R_System.ResourceId in (select SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID from SMS_G_System_ADD_REMOVE_PROGRAMS where ProdID = 'productID') or SMS_R_System.ResourceId in (select SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID from SMS_G_System_ADD_REMOVE_PROGRAMS_64 where ProdID = 'productID') | Specifies the Install Collection Query. The following variables can be used in the query: $installGroupName, $uninstallGroupName, $productID |
| Protocol | Wsman | Protocol to use (Wsman or DCOM) |
ClientWebService
Update the provider config with the settings applicable for your environment
sccmpackage.clientwebservice.provider.xml
| Key | Example Value | Description |
|---|---|---|
| DomainController | DC01.domain.local | Preferred domain controller FQDN |
| SearchBase | OU=Demo,DC=domain,DC=local | Default search base if no other search base is set up in the dropdown.xml file |
| SCCMServer | SCCM01.domain.local | Target SCCM Server FQDN |
| Sitecode | P01 | Number of retries to perform if the connection to MSOL fails |
| ConnectionRetryIntervalSec | 1 | Number of seconds to wait between each connection attempt |
| Protocol | Wsman | Protocol to use (Wsman or DCOM) |
| Connection | Cim | Connection type to use (Cim or SQL) |
| Method | Scope | Delegation method (Folder, Scope or Unrestricted). Folder method delegates to specific folders in SCCM, Scope method delegates based on security scope in SCCM and Unrestricted method bypass all delegation. |
| ConnectionString | Data Source=SCCM01;Initial Catalog=CM_P01;Integrated Security=True; multipleactiveresultsets=True | Connection string to SCCM SQL server |
Dependencies
- System Center 2012 R2 Configuration Manager SP1
- Console version: 5.0.8239.1000
- Site version: 5.00.8239.1000
- PowerShell Module Version: 5.0.8328.1155