├── README.md └── SCOM.Management.xml /README.md: -------------------------------------------------------------------------------- 1 | # SCOM.Management 10.25.10132.1 2 | 3 | ## [Download Here][Download] 4 | 5 | [Download]: https://github.com/thekevinholman/SCOM.Management/archive/master.zip 6 | 7 | 8 | SCOM - Management Pack to discover properties and add tasks to make SCOM Admins life easier 9 | 10 | https://kevinholman.com/2017/05/09/scom-management-mp-making-a-scom-admins-life-a-little-easier/ 11 | 12 | Version History: 13 | * 10.25.10132.1 - Added support for SCOM 2019 post UR6 hotfix KB5037360 on Gateway. 14 | * 10.25.10132.0 - Added support for SCOM 2025. Truncated FQDN from Primary MS and FailoverList for agents to reduce character count. 15 | * 10.22.10684.0 - Added support for SCOM 2019 UR6. Added support for post UR hotfixes KB5029601, KB5029512, KB5028684, KB5033752, KB5037360 16 | * 10.22.10610.0 - Added support for SCOM 2022 UR2. Updated MSOLEDBSQL and ODBC driver detection. Removed SQL Client detection. Changed OMS references to Log Analytics 17 | * 10.22.10337.2 - Added support for SCOM 2019 UR5 18 | * 10.22.10337.1 - Added support for SCOM 2022 UR1 19 | * 10.22.10118.4 - Added support for SCOM 2019 UR4 plus KB5016576 Console Hotfix updated release 20 | * 10.22.10118.3 - Added support for SCOM 2019 UR4 plus KB5016576 Console Hotfix 21 | * 10.22.10118.2 - Added support for SCOM 2019 UR4 22 | * 10.22.10118.1 - Fixed bug in Agent version discovery. 23 | * 10.22.10118.0 - Added support for SCOM 2022 and fixed bug in detection of Health Service State disk drive. 24 | * 10.19.10552.1 - Added support for detection of KB5005527 on GW and Agents 25 | * 10.19.10552.0 - Added support for KB5006871 and KB5005527 26 | * 10.19.10505.0 - Added support for SCOM 2019 UR3 27 | * 10.19.10407.5 - Added monitor for KB4601269 Event Log Security which was released as a post-UR2 hotfix 28 | * 10.19.10407.3 - Fixed issue getting Agent version when SCOM agent path in registry is incorrect. Added .NET version property. Added MSOLEDBSQL Property. 29 | * 10.19.10407.2 - Added support for SCOM 2016 UR10. Added task to approve agent pending actions 30 | * 10.19.10407.1 - Minor bug fix with quotation marks 31 | * 10.19.10407.0 – Added support for SCOM 2019 UR2 32 | * 10.19.10349.0 – Added support for SCOM 2019 Post UR1 Hotfix. Fixed bug when a management server config file is huge and the script runs out of resources getting XML content. 33 | * 10.19.10311.2 – Added support for SCOM 2016 UR9 34 | * 10.19.10311.0 – Added support for SCOM 2019 UR1 35 | * 7.0.0.66 – Added support for SCOM 2016 UR8, and added support for US Government Cloud Type for onboarding Log Analytics direct agent configuration (OMS Workspace) 36 | * 7.0.0.65 – Added support for SCOM 2016 UR7 37 | * 7.0.0.64 – Added support for SCOM 2019 RTM 38 | * 7.0.0.63 – Added tasks for HSLockdown, Added preliminary support for SCOM 2019 39 | * 7.0.0.62 – Fixed bugs for UR6 display, Added properties for certificates such as expiration, thumbprint, issuer 40 | * 7.0.0.59 – Added support for SCOM UR6 41 | * 7.0.0.58 – Added IP address and Port availability check 42 | * 7.0.0.54 – Added OS/CPU Architecture property 43 | * 7.0.0.53 – Updated for TLS 1.2 support 44 | * 7.0.0.51 – Updated for SCOM 2016 UR5 45 | * 7.0.0.50 – Updated for SCOM 2012 R2 UR14 46 | * 7.0.0.47 – Updated to support discovery of SCOM 2016 UR4 47 | * 7.0.0.46 – Updated server properties discovery to properly detect UR level on Gateways 48 | * 7.0.0.45 – Bug fixes, Added properties for OMS, Added tasks for OMS, Changes to views based on customer requests 49 | * 7.0.0.42 – Added discovery for OMS proxy, Added tasks for OMS Workspace ADD and REMOVE, Minor bug fixes to Agent Properties powershell discovery. 50 | * 7.0.0.33 – Added APM installed discovery to find agents that need NOAPM reinstall, Added Tasks for Agent Delete, and Set IsManualyInstalled to false, Added view for HealthService objects 51 | * 7.0.0.27 – Added AD Integration discovered property and tasks to enable/disable AD integration 52 | * 7.0.0.20 – Renamed Views, Added Health Service Watcher View, Added Agent install and delete tasks, Added install path property 53 | * 7.0.0.4 – Major Re-write to include Server Roles, add OMS workspaces, UR levels 54 | * 1.0.0.77 – Updated OS Version discovery to PowerShell to better handle WS2016 and Windows 10 55 | * 1.0.0.75 – Updated to support SCOM 2012R2 UR13 and SCOM 2016 UR3 in update rollup discovery 56 | * 1.0.0.73 – Corrected minor bug in script names in export event log task 57 | * 1.0.0.72 – Updated with additional properties and dual versions for safer tasks. 58 | * 1.0.0.65 – Initial Release 59 | -------------------------------------------------------------------------------- /SCOM.Management.xml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | SCOM.Management 5 | 10.25.10132.1 6 | 7 | SCOM.Management 8 | 9 | 10 | Microsoft.Windows.Library 11 | 7.5.8501.0 12 | 31bf3856ad364e35 13 | 14 | 15 | System.Library 16 | 7.5.8501.0 17 | 31bf3856ad364e35 18 | 19 | 20 | Microsoft.SystemCenter.Library 21 | 7.0.8433.0 22 | 31bf3856ad364e35 23 | 24 | 25 | System.Health.Library 26 | 7.0.8433.0 27 | 31bf3856ad364e35 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | SCOM.Management.AddManagementGroup.WA.ps1 105 | 106 | #================================================================================= 107 | # Script to ADD a SCOM Management Group to an Agent 108 | #================================================================================= 109 | param([string]$MGName,[string]$MSName) 110 | 111 | 112 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 113 | #================================================================================= 114 | # $MGName = "SCOM TEST" 115 | # $MSName = "SCOMServer1.domain.com" 116 | #================================================================================= 117 | 118 | 119 | # Constants section - modify stuff here: 120 | #================================================================================= 121 | # Assign script name variable for use in event logging 122 | $ScriptName = "SCOM.Management.AddManagementGroup.WA.ps1" 123 | $EventID = "1310" 124 | #================================================================================= 125 | 126 | 127 | # Starting Script section 128 | #================================================================================= 129 | # Gather who the script is running as 130 | $whoami = whoami 131 | #Load the MOMScript API and discovery propertybag 132 | $momapi = New-Object -comObject "Mom.ScriptAPI" 133 | #================================================================================= 134 | 135 | 136 | # Begin Main Script 137 | #================================================================================= 138 | #Log event that we are starting task 139 | $momapi.LogScriptEvent($ScriptName,$EventID,0, "`nStarting script. `nRunning as ($whoami)") 140 | Write-Host "Task Starting. Running as ($whoami)" 141 | 142 | # Check if this is running on a SCOM Management Server or Gateway and stop if it is 143 | $SCOMServerRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups" 144 | IF (Test-Path $SCOMServerRegKey) 145 | { 146 | # This is a management server. STOP 147 | $momapi.LogScriptEvent($ScriptName,$EventID,1,"`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `n Terminating script.") 148 | Write-Host "`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `nTerminating script." -ForegroundColor Red 149 | EXIT 150 | } 151 | 152 | #Load agent scripting object 153 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 154 | 155 | Write-Host "Adding Management Group ($MGName)" 156 | $Error.Clear() 157 | 158 | TRY 159 | { 160 | $AgentCfg.AddManagementGroup("$MGName","$MSName",5723) 161 | } 162 | CATCH 163 | { 164 | Write-Host "ERROR adding Management group. Error is: ($Error)." 165 | EXIT 166 | } 167 | 168 | Write-Host "Management Group ($MGName) Added." 169 | #Restart Agent 170 | Write-Host "Restarting Agent now...." 171 | #================================================================================= 172 | # End Main Script 173 | 174 | # Restart Agent 175 | #================================================================================= 176 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 177 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 178 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 179 | $Process.ShowWindow = 0 180 | $Process.CreateFlags = 16777216 181 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 182 | #================================================================================= 183 | 184 | 185 | 186 | MGName 187 | $Config/MGName$ 188 | 189 | 190 | MSName 191 | $Config/MSName$ 192 | 193 | 194 | $Config/TimeoutSeconds$ 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | System!System.BaseData 203 | System!System.BaseData 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | SCOM.Management.RemoveManagementGroup.WA.ps1 219 | 220 | #================================================================================= 221 | # Script to REMOVE a SCOM Management Group from an Agent 222 | #================================================================================= 223 | param([string]$MGName) 224 | 225 | 226 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 227 | #================================================================================= 228 | # $MGName = "SCOM TEST" 229 | #================================================================================= 230 | 231 | 232 | # Constants section - modify stuff here: 233 | #================================================================================= 234 | # Assign script name variable for use in event logging 235 | $ScriptName = "SCOM.Management.RemoveManagementGroup.WA.ps1" 236 | $EventID = "1310" 237 | #================================================================================= 238 | 239 | 240 | # Starting Script section 241 | #================================================================================= 242 | # Gather who the script is running as 243 | $whoami = whoami 244 | #Load the MOMScript API and discovery propertybag 245 | $momapi = New-Object -comObject "Mom.ScriptAPI" 246 | #================================================================================= 247 | 248 | 249 | # Begin Main Script 250 | #================================================================================= 251 | #Log event that we are starting task 252 | $momapi.LogScriptEvent($ScriptName,$EventID,0, "`nStarting script. `nRunning as ($whoami)") 253 | Write-Host "Task Starting. Running as ($whoami)" 254 | 255 | # Check if this is running on a SCOM Management Server or Gateway and stop if it is 256 | $SCOMServerRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups" 257 | IF (Test-Path $SCOMServerRegKey) 258 | { 259 | # This is a management server. STOP 260 | $momapi.LogScriptEvent($ScriptName,$EventID,1,"`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `n Terminating script.") 261 | Write-Host "`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `nTerminating script." -ForegroundColor Red 262 | EXIT 263 | } 264 | 265 | #Load agent scripting object 266 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 267 | 268 | Write-Host "Removing Management Group ($MGName)" 269 | $Error.Clear() 270 | 271 | TRY 272 | { 273 | $AgentCfg.RemoveManagementGroup("$MGName") 274 | } 275 | CATCH 276 | { 277 | Write-Host "ERROR removing Management group. Error is: ($Error)." 278 | EXIT 279 | } 280 | 281 | Write-Host "Management Group ($MGName) Removed." 282 | #Restart Agent 283 | Write-Host "Restarting Agent now...." 284 | #================================================================================= 285 | # End Main Script 286 | 287 | # Restart Agent 288 | #================================================================================= 289 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 290 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 291 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 292 | $Process.ShowWindow = 0 293 | $Process.CreateFlags = 16777216 294 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 295 | #================================================================================= 296 | 297 | 298 | 299 | MGName 300 | $Config/MGName$ 301 | 302 | 303 | $Config/TimeoutSeconds$ 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | System!System.BaseData 312 | System!System.BaseData 313 | 314 | 315 | 316 | 317 | 318 | B253A4FA-71BE-4F5D-94D5-A46B0D2505AA 319 | 320 | 321 | System!System.BaseData 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | SCOM.Management.RestartService.WA.ps1 337 | 338 | #================================================================================= 339 | # Script to restart services via PowerShell 340 | #================================================================================= 341 | param($ServiceName) 342 | 343 | # For testing discovery manually in PowerShell: 344 | # $ServiceName = "xspooler" 345 | 346 | #================================================================================= 347 | # Constants section - modify stuff here: 348 | 349 | # Assign script name variable for use in event logging 350 | $ScriptName = "SCOM.Management.RestartService.WA.ps1" 351 | #================================================================================= 352 | 353 | # Gather script start time 354 | $StartTime = Get-Date 355 | 356 | # Gather who the script is running as 357 | $whoami = whoami 358 | 359 | #Load the MOMScript API and discovery propertybag 360 | $momapi = New-Object -comObject "Mom.ScriptAPI" 361 | 362 | #Log script event that we are starting task 363 | $momapi.LogScriptEvent($ScriptName,1315,0, "Starting script. Running as ($whoami)") 364 | 365 | # Begin Main Script 366 | #================================================================================= 367 | $Services = Get-Service $ServiceName 368 | IF (!$Services) 369 | { 370 | #Log script event that we are starting task 371 | $momapi.LogScriptEvent($ScriptName,1315,2, "Service ($ServiceName) not found. Error is ($error)") 372 | EXIT 373 | } 374 | ELSE 375 | { 376 | Write-Host "Attempting to restart service: " $ServiceName 377 | Restart-Service $Services -PassThru 378 | } 379 | 380 | # Log an event for script ending and total execution time. 381 | $EndTime = Get-Date 382 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 383 | $momapi.LogScriptEvent($ScriptName,1315,0,"`n Script has completed. `n Service ($ServiceName) was restarted. `n Runtime was ($ScriptTime) seconds.") 384 | 385 | 386 | 387 | ServiceName 388 | $Config/ServiceName$ 389 | 390 | 391 | $Config/TimeoutSeconds$ 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | System!System.BaseData 400 | System!System.BaseData 401 | 402 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | 411 | 412 | 413 | 414 | 415 | 416 | 417 | SCOM.Management.ExportEventLog.WA.ps1 418 | 419 | #================================================================================= 420 | # Script to Export Event log to a Share via PowerShell 421 | #================================================================================= 422 | param($LogName,$SharePath) 423 | 424 | # For testing discovery manually in PowerShell: 425 | # $LogName = "Operations Manager" 426 | # $SharePath = "\\server\logbackup" 427 | 428 | #================================================================================= 429 | # Constants section - modify stuff here: 430 | 431 | # Assign script name variable for use in event logging 432 | $ScriptName = "SCOM.Management.ExportEventLog.WA.ps1" 433 | #================================================================================= 434 | 435 | # Gather script start time 436 | $StartTime = Get-Date 437 | 438 | # Gather who the script is running as 439 | $whoami = whoami 440 | 441 | #Load the MOMScript API and discovery propertybag 442 | $momapi = New-Object -comObject "Mom.ScriptAPI" 443 | 444 | #Log script event that we are starting task 445 | $momapi.LogScriptEvent($ScriptName,1319,0, "Starting script. Running as ($whoami)") 446 | 447 | # Begin Main Script 448 | #================================================================================= 449 | $ComputerName = $env:computername 450 | 451 | $LogNameStr = $LogName.Replace("/","-") 452 | 453 | $TimeStamp = Get-Date -Format "MM-dd-yyyy" 454 | wevtutil epl $LogName "$SharePath\$ComputerName $LogNameStr $TimeStamp.evtx" /overwrite:true 455 | 456 | # Log an event for script ending and total execution time. 457 | $EndTime = Get-Date 458 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 459 | $momapi.LogScriptEvent($ScriptName,1319,0,"`n Script has completed. `n Runtime was ($ScriptTime) seconds.") 460 | 461 | 462 | 463 | LogName 464 | $Config/LogName$ 465 | 466 | 467 | SharePath 468 | $Config/SharePath$ 469 | 470 | 471 | $Config/TimeoutSeconds$ 472 | 473 | 474 | 475 | 476 | 477 | 478 | 479 | System!System.BaseData 480 | System!System.BaseData 481 | 482 | 483 | 484 | 485 | 486 | 487 | 488 | 489 | 490 | 491 | 492 | 493 | 494 | 495 | SCOM.Management.RunAnyPowerShell.WA.ps1 496 | $Config/ScriptBody$ 497 | 498 | $Config/TimeoutSeconds$ 499 | 500 | 501 | 502 | 503 | 504 | 505 | 506 | System!System.BaseData 507 | System!System.BaseData 508 | 509 | 510 | 511 | 512 | 513 | 514 | 515 | 516 | 517 | 518 | 519 | 520 | 521 | 522 | SCOM.Management.DeleteAgent.WA.ps1 523 | 524 | #================================================================================= 525 | # Script to delete agents via PowerShell 526 | # 527 | # This script will delete agents using the SDK binaries and .NET based SDK commands 528 | # Takes a single parameter of a computer FQDN 529 | # Should be run on a management server 530 | # 531 | # v 1.0 532 | #================================================================================= 533 | param($AgentName) 534 | 535 | # For testing manually in PowerShell: 536 | # $AgentName = 'WS2012.opsmgr.net' 537 | 538 | #================================================================================= 539 | # Constants section - modify stuff here: 540 | 541 | # Assign script name variable for use in event logging 542 | $ScriptName = "SCOM.Management.DeleteAgent.WA.ps1" 543 | #================================================================================= 544 | 545 | # Gather script start time 546 | $StartTime = Get-Date 547 | 548 | # Gather who the script is running as 549 | $whoami = whoami 550 | 551 | #Load the MOMScript API and discovery propertybag 552 | $momapi = New-Object -comObject "Mom.ScriptAPI" 553 | 554 | #Log script event that we are starting task 555 | $momapi.LogScriptEvent($ScriptName,1016,0, "Starting script. AgentName is ($AgentName). Running as ($whoami)") 556 | 557 | # Begin Main Script 558 | #================================================================================= 559 | # Get SCOM directory for binaries 560 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 561 | $SCOMPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory 562 | $SCOMPath = $SCOMPath.TrimEnd("\") 563 | $SCOMSDKPath = "$SCOMPath\SDK Binaries" 564 | 565 | #Load SDK binaries 566 | $dummy = [System.Reflection.Assembly]::LoadFrom("$SCOMSDKPath\Microsoft.EnterpriseManagement.Core.dll") 567 | $dummy = [System.Reflection.Assembly]::LoadFrom("$SCOMSDKPath\Microsoft.EnterpriseManagement.OperationsManager.dll") 568 | $dummy = [System.Reflection.Assembly]::LoadFrom("$SCOMSDKPath\Microsoft.EnterpriseManagement.Runtime.dll") 569 | 570 | # Connect to management group 571 | $MG = [Microsoft.EnterpriseManagement.ManagementGroup]::Connect("localhost") 572 | $Admin = $MG.GetAdministration() 573 | 574 | # Define generic collection list which is required parameter for the SDK delete command 575 | $AgentManagedComputerType = [Microsoft.EnterpriseManagement.Administration.AgentManagedComputer]; 576 | $GenericListType = [System.Collections.Generic.List``1] 577 | $GenericList = $GenericListType.MakeGenericType($AgentManagedComputerType) 578 | $AMCList = new-object $GenericList.FullName 579 | 580 | # Get the AgentManagedComputer from the name in the most efficient way possible 581 | # This SDK method does not require the performance hit of Get-SCOMAgent or looping through each agent to find the right one 582 | Write-Host "Getting agent details for agent: ($AgentName)" 583 | $query = "Name= '$AgentName'" 584 | $AgentCriteria = New-Object Microsoft.EnterpriseManagement.Administration.AgentManagedComputerCriteria($query) 585 | $Agent = ($Admin.GetAgentManagedComputers($AgentCriteria))[0] 586 | $AgentCount = $Agent.Count 587 | 588 | # Log messages to console 589 | IF ($AgentCount -eq 1) 590 | { 591 | $AgentDisplayName = $Agent.DisplayName 592 | Write-Host "Found agent: ($AgentDisplayName)" 593 | } 594 | ELSE 595 | { 596 | Write-Host "ERROR: An Agent with name ($AgentName) not found!" 597 | Write-Host "Terminating" 598 | $momapi.LogScriptEvent($ScriptName,1016,2,"`n ERROR: Agent not found with agent name ($AgentName). Terminating script") 599 | EXIT 600 | } 601 | 602 | # Add our agent to the collection 603 | $AMCList.Add($Agent) 604 | 605 | # Delete the agent in the collection 606 | Write-Host "Deleting Agent" 607 | $Admin.DeleteAgentManagedComputers($AMCList) 608 | Write-Host "Agent Deleted" 609 | #================================================================================= 610 | # End Main Script 611 | 612 | 613 | # Log an event for script ending and total execution time. 614 | $EndTime = Get-Date 615 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 616 | $momapi.LogScriptEvent($ScriptName,1016,0,"`n Script has completed. `n Deleted ($AgentName). `n Runtime is ($ScriptTime) seconds.") 617 | 618 | 619 | 620 | AgentName 621 | $Config/AgentName$ 622 | 623 | 624 | $Config/TimeoutSeconds$ 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | System!System.BaseData 633 | System!System.BaseData 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 | 646 | 647 | 648 | SCOM.Management.InstallAgent.WA.ps1 649 | 650 | #================================================================================= 651 | # Script to Push Install SCOM agents via PowerShell 652 | # 653 | # Takes a single parameter of a computer FQDN 654 | # Should be run on a management server 655 | # 656 | # v 1.0 657 | #================================================================================= 658 | param($AgentName) 659 | 660 | # For testing manually in PowerShell: 661 | # $AgentName = 'WS2012.opsmgr.net' 662 | 663 | #================================================================================= 664 | # Constants section - modify stuff here: 665 | 666 | # Assign script name variable for use in event logging 667 | $ScriptName = "SCOM.Management.InstallAgent.WA.ps1" 668 | #================================================================================= 669 | 670 | # Gather script start time 671 | $StartTime = Get-Date 672 | 673 | # Gather who the script is running as 674 | $whoami = whoami 675 | 676 | #Load the MOMScript API and discovery propertybag 677 | $momapi = New-Object -comObject "Mom.ScriptAPI" 678 | 679 | #Log script event that we are starting task 680 | $momapi.LogScriptEvent($ScriptName,1017,0, "Starting script. AgentName is ($AgentName). Running as ($whoami)") 681 | 682 | #Connect to local SCOM Management Group Section 683 | #================================================================================= 684 | # Clear any previous errors 685 | if($Error) 686 | { 687 | $Error.Clear() 688 | } 689 | 690 | # Import the OperationsManager PowerShell module and connect to the management group 691 | Try 692 | { 693 | $SCOMPowerShellKey = "HKLM:\SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\Powershell\V2" 694 | $SCOMModulePath = Join-Path (Get-ItemProperty $SCOMPowerShellKey).InstallDirectory "OperationsManager" 695 | Import-module $SCOMModulePath 696 | } 697 | Catch 698 | { 699 | $momapi.LogScriptEvent($ScriptName,1017,2, "Unable to load the OperationsManager module, Error is: $error") 700 | } 701 | Try 702 | { 703 | New-DefaultManagementGroupConnection 704 | } 705 | Catch 706 | { 707 | $momapi.LogScriptEvent($ScriptName,1017,2, "Unable to connect to the management server. Error when calling New-DefaultManagementGroupConnection. Error is: $error") 708 | } 709 | #================================================================================= 710 | 711 | 712 | # Begin Main Script 713 | #================================================================================= 714 | # Get local SCOM management server name 715 | $LocalHost = [System.Net.Dns]::GetHostEntry([string]$env:computername).HostName 716 | Write-Host "Running on management server ($LocalHost)" 717 | Write-Host "Getting Management Server object" 718 | # Get SCOM Management Server object 719 | $PrimaryMgmtServer = Get-SCOMManagementServer -Name $LocalHost 720 | Write-Host "Attempting to Install Agent" 721 | # Clear any previous errors 722 | if($Error) 723 | { 724 | $Error.Clear() 725 | } 726 | # Install SCOM Agent 727 | Install-SCOMAgent -DNSHostName $AgentName -PrimaryManagementServer $PrimaryMgmtServer 728 | if($Error) 729 | { 730 | Write-Host "Error ocurred: ($Error)" 731 | $momapi.LogScriptEvent($ScriptName,1017,2, "Error installing agent. Error is: $Error") 732 | } 733 | Write-Host "Push install attempted. Check Alerts view for any failures, Pending Actions, or the Agent Logs on the management servers." 734 | #================================================================================= 735 | # End Main Script 736 | 737 | 738 | # Log an event for script ending and total execution time. 739 | $EndTime = Get-Date 740 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 741 | $momapi.LogScriptEvent($ScriptName,1017,0,"`n Script has completed. Runtime is ($ScriptTime).") 742 | 743 | 744 | 745 | AgentName 746 | $Config/AgentName$ 747 | 748 | 749 | $Config/TimeoutSeconds$ 750 | 751 | 752 | 753 | 754 | 755 | 756 | 757 | System!System.BaseData 758 | System!System.BaseData 759 | 760 | 761 | 762 | 763 | 764 | 765 | 766 | 767 | 768 | 769 | 770 | 771 | 772 | 773 | 774 | 775 | 776 | 777 | 778 | 779 | SCOM.Management.LAWorkspaceAdd.WA.ps1 780 | 781 | #================================================================================= 782 | # Script to ADD Log Analytics Workspace 783 | #================================================================================= 784 | param($WorkspaceID,$WorkspaceKey,$ProxyURL,[int]$AzureCloudType) 785 | 786 | 787 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 788 | #================================================================================= 789 | # $WorkspaceID = "WorkspaceID" 790 | # $WorkspaceKey = "WorkspaceKey" 791 | # $ProxyURL = "" 792 | # $AzureCloudType = "0" 793 | #================================================================================= 794 | 795 | 796 | # Constants section - modify stuff here: 797 | #================================================================================= 798 | # Assign script name variable for use in event logging 799 | $ScriptName = "SCOM.Management.LAWorkspaceAdd.WA.ps1" 800 | #================================================================================= 801 | 802 | 803 | # Starting Script section 804 | #================================================================================= 805 | # Gather who the script is running as 806 | $whoami = whoami 807 | 808 | #Load the MOMScript API and discovery propertybag 809 | $momapi = New-Object -comObject "Mom.ScriptAPI" 810 | 811 | #Log script event that we are starting task 812 | $momapi.LogScriptEvent($ScriptName,1347,0, "`n Starting script. `n Running as ($whoami)") 813 | #================================================================================= 814 | 815 | 816 | # Begin Main Script 817 | #================================================================================= 818 | Write-Host "Task Starting. Running as $whoami" 819 | #Load agent scripting object 820 | Write-Host "Loading agent scripting objects." 821 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 822 | #Check to see if this agent supports Log Analytics Workspaces 823 | $AgentSupportsLA = $AgentCfg | Get-Member -Name 'GetCloudWorkspaces' 824 | IF (!$AgentSupportsLA) 825 | { 826 | Write-Host "FATAL ERROR: This agent version does not support Cloud Workspaces. You must upgrade this agent. Terminating." 827 | EXIT 828 | } 829 | 830 | #Evaluate AzureCloudType parameter 831 | IF ($AzureCloudType -eq 0) 832 | { 833 | $AzureCloudType = 0 #This is commercial Azure Cloud and default 834 | Write-Host "Azure Cloud Type = 0 which is default Azure Commercial." 835 | } 836 | ELSEIF ($AzureCloudType -eq 1) 837 | { 838 | Write-Host "Azure Cloud Type = 1 which is Azure for US Government." 839 | } 840 | ELSE 841 | { 842 | Write-Host "An invalid Azure Cloud Type was passed. This value must be 0 or 1. `nSetting Azure Cloud Type = 0 which is default Azure Commercial." 843 | $AzureCloudType = 0 844 | } 845 | 846 | #Evaluate if this MMA supports AzureCloudType 847 | $CloudWorkspaceSupport = $AgentCfg | Get-Member -Name "AddCloudWorkspace" 848 | [string]$CloudWorkspaceSupDef = $CloudWorkspaceSupport.Definition 849 | IF ($CloudWorkspaceSupDef -notmatch "AzureCloudType") 850 | { 851 | #This MMA does not support AzureCloudType parameter 852 | Write-Host "This MMA/Agent version does not support the AzureCloudType parameter. `nIf you require AzureCloudType then the MMA/Agent must be upgraded. `nAttempting to add Log Analytics Workspace with no AzureCloudType." 853 | #Add LA Workspace 854 | Write-Host "Adding Log Analytics Workspace: ($WorkspaceID)" 855 | $Error.Clear() 856 | $AgentCfg.AddCloudWorkspace($WorkspaceID,$WorkspaceKey) 857 | } 858 | ELSE 859 | { 860 | #This MMA supports AzureCloudType parameter 861 | #Add LA Workspace 862 | Write-Host "Adding Log Analytics Workspace: ($WorkspaceID)" 863 | $Error.Clear() 864 | $AgentCfg.AddCloudWorkspace($WorkspaceID,$WorkspaceKey,$AzureCloudType) 865 | } 866 | 867 | IF ($Error) 868 | { 869 | Write-Host "There was a critical error adding Log Analytics Workspace. Error is: $Error" 870 | EXIT 871 | } 872 | Write-Host "Log Analytics Workspace Added." 873 | #Add Proxy URL 874 | IF ($ProxyURL) 875 | { 876 | Write-Host "A proxy URL was specified: ($ProxyURL). Adding Log Analytics Proxy configuration to agent." 877 | $AgentCfg.SetProxyUrl($ProxyURL) 878 | Write-Host "Proxy Added." 879 | } 880 | #Restart Agent 881 | Write-Host "Restarting Agent now...." 882 | #================================================================================= 883 | # End Main Script 884 | 885 | # Restart Agent 886 | #================================================================================= 887 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 888 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 889 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 890 | $Process.ShowWindow = 0 891 | $Process.CreateFlags = 16777216 892 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 893 | #================================================================================= 894 | 895 | 896 | 897 | WorkspaceID 898 | $Config/WorkspaceID$ 899 | 900 | 901 | WorkspaceKey 902 | $Config/WorkspaceKey$ 903 | 904 | 905 | ProxyURL 906 | $Config/ProxyURL$ 907 | 908 | 909 | AzureCloudType 910 | $Config/AzureCloudType$ 911 | 912 | 913 | $Config/TimeoutSeconds$ 914 | 915 | 916 | 917 | 918 | 919 | 920 | 921 | System!System.BaseData 922 | System!System.BaseData 923 | 924 | 925 | 926 | 927 | 928 | 929 | 930 | 931 | 932 | 933 | 934 | 935 | 936 | 937 | SCOM.Management.LAWorkspaceRemove.WA.ps1 938 | 939 | #================================================================================= 940 | # Script to REMOVE LA Workspace 941 | #================================================================================= 942 | param($WorkspaceID) 943 | 944 | #================================================================================= 945 | # Constants section - modify stuff here: 946 | 947 | # Assign script name variable for use in event logging 948 | $ScriptName = "SCOM.Management.LAWorkspaceRemove.WA.ps1" 949 | #================================================================================= 950 | 951 | # Gather who the script is running as 952 | $whoami = whoami 953 | 954 | #Load the MOMScript API and discovery propertybag 955 | $momapi = New-Object -comObject "Mom.ScriptAPI" 956 | 957 | #Log script event that we are starting task 958 | $momapi.LogScriptEvent($ScriptName,1347,0, "`n Starting script. `n Running as ($whoami)") 959 | 960 | # Begin Main Script 961 | #================================================================================= 962 | Write-Host "Task Starting. Running as $whoami" 963 | #Load agent scripting object 964 | Write-Host "Loading agent scripting objects." 965 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 966 | #Check to see if this agent supports LA 967 | $AgentSupportsLA = $AgentCfg | Get-Member -Name 'GetCloudWorkspaces' 968 | IF (!$AgentSupportsLA) 969 | { 970 | Write-Host "FATAL ERROR: This agent version does not support Cloud Workspaces. You must upgrade this agent. Terminating." 971 | EXIT 972 | } 973 | #Verifying that LA Workspace Exists 974 | $Workspace = $AgentCfg.GetCloudWorkspace($WorkspaceID) 975 | IF ($Workspace) 976 | { 977 | Write-Host "Found configured LA Workspace: ($WorkspaceID)" 978 | } 979 | ELSE 980 | { 981 | Write-Host "FATAL ERROR: LA Workspace not found! Workspace ID: ($WorkspaceID)" 982 | EXIT 983 | } 984 | #Remove LA Workspace 985 | Write-Host "Attempting to remove LA Workspace" 986 | $Error.Clear() 987 | $AgentCfg.RemoveCloudWorkspace($WorkspaceID) 988 | IF ($Error) 989 | { 990 | Write-Host "There was a critical error removing LA Workspace. Error is: $Error" 991 | EXIT 992 | } 993 | #Restart Agent 994 | Write-Host "LA Workspace Removed" 995 | Write-Host "Restarting Agent now." 996 | #================================================================================= 997 | # End Main Script 998 | 999 | # Restart Agent 1000 | #================================================================================= 1001 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 1002 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 1003 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 1004 | $Process.ShowWindow = 0 1005 | $Process.CreateFlags = 16777216 1006 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 1007 | #================================================================================= 1008 | 1009 | 1010 | 1011 | WorkspaceID 1012 | $Config/WorkspaceID$ 1013 | 1014 | 1015 | $Config/TimeoutSeconds$ 1016 | 1017 | 1018 | 1019 | 1020 | 1021 | 1022 | 1023 | System!System.BaseData 1024 | System!System.BaseData 1025 | 1026 | 1027 | 1028 | 1029 | 1030 | 1031 | 1032 | 1033 | 1034 | 1035 | 1036 | 1037 | 1038 | 1039 | SCOM.Management.ApprovePendingAction.WA.ps1 1040 | 1041 | #================================================================================= 1042 | # Script to Approve Pending Actions 1043 | # 1044 | # This script will approve a pending action based on passing the agent name 1045 | # Takes a single parameter of a computer FQDN 1046 | # 1047 | # v 1.0 1048 | #================================================================================= 1049 | param($AgentName) 1050 | 1051 | 1052 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 1053 | #================================================================================= 1054 | # $AgentName = 'WS2012R2.opsmgr.net' 1055 | #================================================================================= 1056 | 1057 | 1058 | # Constants section 1059 | #================================================================================= 1060 | # Assign script name variable for use in event logging 1061 | # ScriptName should be the same as the ID of the module that the script is contained in 1062 | $ScriptName = "SCOM.Management.ApprovePendingAction.WA.ps1" 1063 | $EventID = "1093" 1064 | #================================================================================= 1065 | 1066 | 1067 | # Starting Script section - All scripts get this 1068 | #================================================================================= 1069 | # Gather the start time of the script 1070 | $StartTime = Get-Date 1071 | #Set variable to be used in logging events 1072 | $whoami = whoami 1073 | # Load MOMScript API 1074 | $momapi = New-Object -comObject MOM.ScriptAPI 1075 | #Log script event that we are starting task 1076 | $momapi.LogScriptEvent($ScriptName,$EventID,0, "Starting script. `nAgentName is ($AgentName). `nRunning as ($whoami).") 1077 | Write-Host "Starting script to approve Pending Action. `nAgentName is ($AgentName). `nRunning as ($whoami)." 1078 | #================================================================================= 1079 | 1080 | 1081 | # Connect to local SCOM Management Group Section - If required 1082 | #================================================================================= 1083 | # I have found this to be the most reliable method to load SCOM modules for scripts running on Management Servers 1084 | # Clear any previous errors 1085 | $Error.Clear() 1086 | # Import the OperationsManager module and connect to the management group 1087 | $SCOMPowerShellKey = "HKLM:\SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\Powershell\V2" 1088 | $SCOMModulePath = Join-Path (Get-ItemProperty $SCOMPowerShellKey).InstallDirectory "OperationsManager" 1089 | Import-module $SCOMModulePath 1090 | TRY 1091 | { 1092 | New-DefaultManagementGroupConnection -managementServerName "localhost" 1093 | } 1094 | CATCH 1095 | { 1096 | IF ($Error) 1097 | { 1098 | $momapi.LogScriptEvent($ScriptName,$EventID,1,"`n FATAL ERROR: Unable to load OperationsManager module or unable to connect to Management Server. `n Terminating script. `n Error is: ($Error).") 1099 | EXIT 1100 | } 1101 | } 1102 | #================================================================================= 1103 | 1104 | 1105 | # Begin Main Script 1106 | #================================================================================= 1107 | $Error.Clear() 1108 | $Pending = Get-SCOMPendingManagement | where {$_.agentname -eq $AgentName} 1109 | IF ($Pending) 1110 | { 1111 | Write-Host "Found a Pending Action for ($AgentName). `nAttempting Approval now." 1112 | $Pending | Approve-SCOMPendingManagement 1113 | IF ($Error) 1114 | { 1115 | Write-Host "Error attempting approval. `nError is ($Error)" 1116 | } 1117 | ELSE 1118 | { 1119 | Write-Host "Successfully approved pending action for ($AgentName)." 1120 | } 1121 | } 1122 | ELSE 1123 | { 1124 | Write-Host "Unable to find a Pending Action for ($AgentName). `nTerminating." 1125 | } 1126 | #================================================================================= 1127 | # End Main Script 1128 | 1129 | 1130 | # Log an event for script ending and total execution time. 1131 | $EndTime = Get-Date 1132 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 1133 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript has completed. `nRuntime is ($ScriptTime) seconds.") 1134 | 1135 | 1136 | 1137 | AgentName 1138 | $Config/AgentName$ 1139 | 1140 | 1141 | $Config/TimeoutSeconds$ 1142 | 1143 | 1144 | 1145 | 1146 | 1147 | 1148 | 1149 | System!System.BaseData 1150 | System!System.BaseData 1151 | 1152 | 1153 | 1154 | 1155 | 1156 | 1157 | 1158 | 1159 | 1160 | 1161 | 1162 | 1163 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$ 1164 | 1165 | 1166 | CustomSD 1167 | SYSTEM\CurrentControlSet\Services\EventLog\Operations Manager\CustomSD 1168 | 1 1169 | 1170 | 1 1171 | 1172 | 1173 | 1174 | 86400 1175 | 1176 | 1177 | 1178 | 1179 | 1180 | Values/CustomSD 1181 | 1182 | 1183 | DoesNotContainSubstring 1184 | 1185 | A;;0x3;;;NU 1186 | 1187 | 1188 | 1189 | 1190 | 1191 | 1192 | 1193 | Values/CustomSD 1194 | 1195 | 1196 | ContainsSubstring 1197 | 1198 | A;;0x3;;;NU 1199 | 1200 | 1201 | 1202 | 1203 | 1204 | 1205 | 1206 | 1207 | 1208 | 1209 | 1210 | 1211 | 1212 | 1213 | 1214 | 1215 | 1216 | 1217 | 1218 | 1219 | 1220 | 1221 | 1222 | 1223 | 1224 | 1225 | 1226 | 1227 | Discovery 1228 | 1229 | 1230 | 1231 | 1232 | 1233 | 1234 | 1235 | 1236 | 1237 | 1238 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1239 | 1240 | 1241 | AgentRegKeyExists 1242 | SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups 1243 | 0 1244 | 1245 | 0 1246 | 1247 | 1248 | 1249 | PSInstalled 1250 | SOFTWARE\Microsoft\PowerShell 1251 | 0 1252 | 1253 | 0 1254 | 1255 | 1256 | 1257 | DotNetVersion 1258 | SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release 1259 | 1 1260 | 1261 | 1 1262 | 1263 | 1264 | 1265 | Architecture 1266 | SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE 1267 | 1 1268 | 1269 | 1 1270 | 1271 | 1272 | 1273 | OSName 1274 | SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName 1275 | 1 1276 | 1277 | 1 1278 | 1279 | 1280 | 1281 | APMInstalled 1282 | SYSTEM\CurrentControlSet\Services\System Center Management APM 1283 | 0 1284 | 1285 | 0 1286 | 1287 | 1288 | 1289 | 43195 1290 | $MPElement[Name="SCOM.Management.Agent.Class"]$ 1291 | 1292 | 1293 | 1294 | $MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1295 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1296 | 1297 | 1298 | $MPElement[Name="System!System.Entity"]/DisplayName$ 1299 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1300 | 1301 | 1302 | $MPElement[Name="SCOM.Management.Agent.Class"]/PSInstalled$ 1303 | $Data/Values/PSInstalled$ 1304 | 1305 | 1306 | $MPElement[Name="SCOM.Management.Agent.Class"]/DotNetVersion$ 1307 | $Data/Values/DotNetVersion$ 1308 | 1309 | 1310 | $MPElement[Name="SCOM.Management.Agent.Class"]/Architecture$ 1311 | $Data/Values/Architecture$ 1312 | 1313 | 1314 | $MPElement[Name="SCOM.Management.Agent.Class"]/OSName$ 1315 | $Data/Values/OSName$ 1316 | 1317 | 1318 | $MPElement[Name="SCOM.Management.Agent.Class"]/APMInstalled$ 1319 | $Data/Values/APMInstalled$ 1320 | 1321 | 1322 | 1323 | 1324 | 1325 | 1326 | Values/AgentRegKeyExists 1327 | 1328 | 1329 | Equal 1330 | 1331 | 1332 | true 1333 | 1334 | 1335 | 1336 | 1337 | 1338 | 1339 | 1340 | Discovery 1341 | 1342 | 1343 | 1344 | 1345 | 1346 | 1347 | 1348 | 1349 | 1350 | 1351 | 1352 | 1353 | 1354 | 1355 | 1356 | 1357 | 1358 | 1359 | 1360 | 1361 | 1362 | 1363 | 1364 | 1365 | 86393 1366 | 1367 | SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1 1368 | 1369 | #================================================================================= 1370 | # Script to gather agent properties via PowerShell 1371 | # 1372 | # Author: Kevin Holman 1373 | # 1374 | # Version: 3.2 1375 | #================================================================================= 1376 | param($SourceId,$ManagedEntityId,$ComputerName,$MGName,[string]$IP) 1377 | 1378 | 1379 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 1380 | #================================================================================= 1381 | # $SourceId = '{00000000-0000-0000-0000-000000000000}' 1382 | # $ManagedEntityId = '{00000000-0000-0000-0000-000000000000}' 1383 | # $Computername = 'server.domain.com' 1384 | # $MGName = 'SCOMA' 1385 | # $IP = '123.123.123.123' 1386 | #================================================================================= 1387 | 1388 | 1389 | # Constants section - modify stuff here: 1390 | #================================================================================= 1391 | # Assign script name variable for use in event logging 1392 | $ScriptName = "SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1" 1393 | $EventID = "1006" 1394 | 1395 | #SCOM Management Servers or Gateways that we wish to test the port availability to using FQDN seperated by a comma such as "scom1.opsmgr.net","scom2.opsmgr.net","scom3.opsmgr.net" 1396 | [array]$Parents = "" 1397 | #================================================================================= 1398 | 1399 | 1400 | # Starting Script section - All scripts get this 1401 | #================================================================================= 1402 | # Gather the start time of the script 1403 | $StartTime = Get-Date 1404 | #Set variable to be used in logging events 1405 | $whoami = whoami 1406 | # Load MOMScript API 1407 | $momapi = New-Object -comObject MOM.ScriptAPI 1408 | #Log script event that we are starting task 1409 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript is starting. `nManagement Group: ($MGName). `nRunning as ($whoami).") 1410 | #================================================================================= 1411 | 1412 | 1413 | # Discovery Script section 1414 | #================================================================================= 1415 | # Load SCOM Discovery module 1416 | $DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId) 1417 | #================================================================================= 1418 | 1419 | 1420 | # Begin MAIN script section 1421 | #================================================================================= 1422 | # Get SCOM Agent Path Section 1423 | #======================================================================= 1424 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 1425 | $SCOMAgentPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory 1426 | $SCOMAgentPath = $SCOMAgentPath.TrimEnd("\") 1427 | #======================================================================= 1428 | 1429 | # Get SCOM Agent Version Section 1430 | #======================================================================= 1431 | # Test to see if the file exists that we need for versioning 1432 | $AgentFileExists = Test-Path -Path $SCOMAgentPath\Tools\TMF\OMAgentTraceTMFVer.Dll 1433 | IF (!($AgentFileExists)) 1434 | { 1435 | #Try to get the agent path from the HealthService location 1436 | $HealthServiceRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\HealthService" 1437 | $HSImagePath = (Get-ItemProperty $HealthServiceRegKey).ImagePath 1438 | $HSImagePath = $HSImagePath.Replace('"',"") 1439 | $SCOMAgentPath = Split-Path -Path $HSImagePath 1440 | } 1441 | 1442 | $SCOMAgentVersionFile = Get-Item $SCOMAgentPath\Tools\TMF\OMAgentTraceTMFVer.Dll 1443 | $SCOMAgentVersion = $SCOMAgentVersionFile.VersionInfo.FileVersion 1444 | $SCOMAgentVersionSplit = $SCOMAgentVersion.Split(".") 1445 | [int]$MajorSCOMAgentVersion = $SCOMAgentVersionSplit[0] 1446 | 1447 | #Check for SCOM 2019 Post UR3 Hotfix 1448 | IF ($SCOMAgentVersion -eq "10.19.10177.0") 1449 | { 1450 | #This is SCOM 2019 UR3. Check for Hotfix 1451 | $SCOMAgentVersionFile = Get-Item $SCOMAgentPath\MOMModules2.dll 1452 | $SCOMAgentVersion = $SCOMAgentVersionFile.VersionInfo.FileVersion 1453 | } 1454 | 1455 | [string]$SCOMAgentURVersion = switch($SCOMAgentVersion) 1456 | { 1457 | # SCOM 2012 1458 | "7.1.10184.0" {"2012 R2 RTM"} 1459 | "7.1.10195.0" {"2012 R2 UR2"} 1460 | "7.1.10204.0" {"2012 R2 UR3"} 1461 | "7.1.10211.0" {"2012 R2 UR4"} 1462 | "7.1.10213.0" {"2012 R2 UR5"} 1463 | "7.1.10218.0" {"2012 R2 UR6"} 1464 | "7.1.10229.0" {"2012 R2 UR7"} 1465 | "7.1.10241.0" {"2012 R2 UR8"} 1466 | "7.1.10268.0" {"2012 R2 UR9"} 1467 | "7.1.10285.0" {"2012 R2 UR11"} 1468 | "7.1.10292.0" {"2012 R2 UR12"} 1469 | "7.1.10302.0" {"2012 R2 UR13"} 1470 | "7.1.10305.0" {"2012 R2 UR14"} 1471 | 1472 | # SCOM 2016 1473 | "8.0.10918.0" {"2016 RTM"} 1474 | "8.0.10931.0" {"2016 UR1"} 1475 | "8.0.10949.0" {"2016 UR2"} 1476 | "8.0.10970.0" {"2016 UR3"} 1477 | "8.0.10977.0" {"2016 UR4"} 1478 | "8.0.10990.0" {"2016 UR5"} 1479 | "8.0.11004.0" {"2016 UR6"} 1480 | "8.0.11025.0" {"2016 UR7"} 1481 | "8.0.11037.0" {"2016 UR8"} 1482 | "8.0.11049.0" {"2016 UR9"} 1483 | "8.0.11057.0" {"2016 UR10"} 1484 | 1485 | # SEMI ANNUAL Channel 1486 | "8.0.13053.0" {"1801"} 1487 | "8.0.13067.0" {"1807"} 1488 | 1489 | # SCOM 2019 1490 | "10.19.10003.0" {"2019 TP"} 1491 | "10.19.10014.0" {"2019 RTM"} 1492 | "10.19.10140.0" {"2019 UR1"} 1493 | "10.19.10153.0" {"2019 UR2"} 1494 | "10.19.10177.0" {"2019 UR3"} 1495 | "10.19.10185.0" {"2019 UR3 with KB5005527"} 1496 | "10.19.10200.0" {"2019 UR4"} 1497 | "10.19.10211.0" {"2019 UR5"} 1498 | "10.19.10253.0" {"2019 UR6"} 1499 | 1500 | # SCOM 2022 1501 | "10.22.10056.0" {"2022 RTM"} 1502 | "10.22.10110.0" {"2022 UR1"} 1503 | "10.22.10208.0" {"2022 UR2"} 1504 | 1505 | # SCOM 2025 1506 | "10.25.10079.0" {"2025 RTM"} 1507 | 1508 | # If nothing else found then default to version number 1509 | default {$SCOMAgentVersion} 1510 | } 1511 | #======================================================================= 1512 | 1513 | # Load Agent Scripting Module 1514 | #======================================================================= 1515 | $AgentCfg = New-Object -ComObject "AgentConfigManager.MgmtSvcCfg" 1516 | #======================================================================= 1517 | 1518 | # Get Agent Management groups section 1519 | #======================================================================= 1520 | #Get management groups 1521 | $MGs=$AgentCfg.GetManagementGroups() 1522 | 1523 | #Loop through each and create a comma seperated list 1524 | FOREACH ($MG in $MGs) 1525 | { 1526 | $MGList=$MGList + $MG.managementGroupName + ", " 1527 | } 1528 | $MGlist=$MGlist.TrimEnd(", ") 1529 | #======================================================================= 1530 | 1531 | # Get Agent LA Workspaces section 1532 | #======================================================================= 1533 | # This section depends on AgentConfigManager.MgmtSvcCfg object in previous section 1534 | [string]$LAList='' 1535 | # Agent might not support LA 1536 | $AgentSupportsLA = $AgentCfg | Get-Member -Name 'GetCloudWorkspaces' 1537 | IF (!$AgentSupportsLA) 1538 | { 1539 | #This agent version does not support Cloud Workspaces. 1540 | } 1541 | ELSE 1542 | { 1543 | $LAWorkspaces = $AgentCfg.GetCloudWorkspaces() 1544 | FOREACH ($LAWorkSpace in $LAWorkSpaces) 1545 | { 1546 | $LAList = $LAList + $LAWorkspace.workspaceId + ", " 1547 | } 1548 | IF ($LAList) 1549 | { 1550 | $LAList = $LAList.TrimEnd(", ") 1551 | } 1552 | 1553 | #Get ProxyURL 1554 | [string]$ProxyURL = $AgentCfg.proxyUrl 1555 | } 1556 | #======================================================================= 1557 | 1558 | # Get Agent AD Integration Setting 1559 | #======================================================================= 1560 | # This section depends on AgentConfigManager.MgmtSvcCfg object in previous section 1561 | # Check Agent version for 2012 or a later version as these use different commands 1562 | IF ($MajorSCOMAgentVersion -lt 8) 1563 | { 1564 | # Assume SCOM 2012 agent 1565 | $ADIntEnabled = $AgentCfg.GetActiveDirectoryIntegrationEnabled() 1566 | } 1567 | Else 1568 | { 1569 | # Assume SCOM 2016 agent or later 1570 | $ADIntEnabled = $AgentCfg.ActiveDirectoryIntegrationEnabled 1571 | } 1572 | #======================================================================= 1573 | 1574 | # Get PowerShell Version section 1575 | #======================================================================= 1576 | $PSVer = $PSVersionTable.PSVersion 1577 | [string]$PSMajor = $PSVer.Major 1578 | [string]$PSMinor = $PSVer.Minor 1579 | $PSVersion = $PSMajor + "." + $PSMinor 1580 | #======================================================================= 1581 | 1582 | # Get PowerShell CLR Version section 1583 | #======================================================================= 1584 | $CLRVer = $PSVersionTable.CLRVersion 1585 | [string]$CLRMajor = $CLRVer.Major 1586 | [string]$CLRMinor = $CLRVer.Minor 1587 | $CLRVersion = $CLRMajor + "." + $CLRMinor 1588 | #======================================================================= 1589 | 1590 | # Get Agent Assignments section 1591 | #====================================================================== 1592 | 1593 | $HSParametersRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\HealthService\Parameters" 1594 | IF ($HSStateDir = (Get-ItemProperty $HSParametersRegKey).'State Directory') 1595 | { 1596 | $FilePath = "$HSStateDir\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 1597 | } 1598 | ELSE 1599 | { 1600 | $FilePath = "$SCOMAgentPath\Health Service State\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 1601 | } 1602 | 1603 | IF (Test-Path -Path $FilePath) 1604 | { 1605 | [xml]$ConfigFileXML = Get-Content -Path $FilePath 1606 | 1607 | #Get Primary MS 1608 | $PrimaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "True"} 1609 | $PrimaryMS = ($PrimaryArr.AuthenticationName).Split(".")[0] 1610 | 1611 | #Get list of Secondary MS 1612 | $SecondaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "False"} 1613 | [string]$SecondaryMSList = @() 1614 | FOREACH ($SecondaryXML in $SecondaryArr) 1615 | { 1616 | $SecondaryMS = ($SecondaryXML.AuthenticationName).Split(".")[0] 1617 | $SecondaryMSList = $SecondaryMSList + $SecondaryMS + ", " 1618 | } 1619 | $FailoverList = $SecondaryMSList.TrimEnd(", ") 1620 | } 1621 | ELSE 1622 | { 1623 | #Log script event that we cannot find config file 1624 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "Cannot find agent config file at path ($FilePath)") 1625 | } 1626 | #======================================================================= 1627 | 1628 | # Get Action Account section 1629 | #======================================================================= 1630 | #Check and see if OS is Nano server for use later where we must take different actions for Nano servers 1631 | $isNano = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels" 1632 | $isNano = $isNano.NanoServer 1633 | IF ($isNano -ne $null) 1634 | { 1635 | $isNano = $true 1636 | } 1637 | ELSE 1638 | { 1639 | $isNano = $false 1640 | } 1641 | 1642 | # Get the action account this script is running under. We will assume that is the default agent action account 1643 | TRY 1644 | { 1645 | $user = "" 1646 | $domain = "" 1647 | IF($isNano) 1648 | { 1649 | $user = $env:username 1650 | $domain = $env:userdnsdomain 1651 | } 1652 | ELSE 1653 | { 1654 | $oNetwork = new-object -comobject "WScript.Network" 1655 | $user = $oNetwork.UserName 1656 | $domain = $oNetwork.UserDomain 1657 | } 1658 | IF(($user.Length -eq 0) -or ($user -eq "SYSTEM")) 1659 | { 1660 | $ActionAccount = $user 1661 | } 1662 | ELSE 1663 | { 1664 | $ActionAccount = $domain + "\" + $user 1665 | } 1666 | } 1667 | CATCH 1668 | { 1669 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "`nFailed to retrieve the User name and domain for the action account. `nError is ($Error).") 1670 | } 1671 | #======================================================================= 1672 | 1673 | # Get OSVersion section 1674 | #======================================================================= 1675 | $OSRegKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" 1676 | [string]$OSCurrentVersion = (Get-ItemProperty $OSRegKey).CurrentVersion 1677 | [string]$OSCurrentBuildNumber = (Get-ItemProperty $OSRegKey).CurrentBuildNumber 1678 | [string]$OSCurrentCurrentMajorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMajorVersionNumber 1679 | [string]$OSCurrentCurrentMinorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMinorVersionNumber 1680 | 1681 | # If Windows 10 or WS2016 use new reg keys else use old keys 1682 | IF ($OSCurrentCurrentMajorVersionNumber) 1683 | { 1684 | [string]$OSVersion = $OSCurrentCurrentMajorVersionNumber + "." + $OSCurrentCurrentMinorVersionNumber + "." + $OSCurrentBuildNumber 1685 | } 1686 | ELSE 1687 | { 1688 | [string]$OSVersion = $OSCurrentVersion + "." + $OSCurrentBuildNumber 1689 | } 1690 | #======================================================================= 1691 | 1692 | # Get Certificate Section 1693 | #======================================================================= 1694 | $CertRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings" 1695 | IF(Test-Path $CertRegKey) 1696 | { 1697 | [array]$CertValue = (Get-ItemProperty $CertRegKey).ChannelCertificateSerialNumber 1698 | IF($Certvalue) 1699 | { 1700 | $CertLoaded = $True 1701 | [string]$CertThumbPrint = (Get-ItemProperty $CertRegKey).ChannelCertificateHash 1702 | $Cert = Get-ChildItem -path cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq $CertThumbPrint} 1703 | IF ($Cert) 1704 | { 1705 | [datetime]$CertExpiresDateTime = $Cert.NotAfter 1706 | [string]$CertExpires = $CertExpiresDateTime.ToShortDateString() 1707 | $CertIssuerArr = $Cert.Issuer 1708 | $CertIssuerSplit = $CertIssuerArr.Split(",") 1709 | [string]$CertIssuer = $CertIssuerSplit[0].TrimStart("CN=") 1710 | } 1711 | ELSE 1712 | { 1713 | $CertIssuer = "NotFound" 1714 | $CertExpires = "NotFound" 1715 | } 1716 | 1717 | } 1718 | ELSE 1719 | { 1720 | $CertLoaded = $False 1721 | } 1722 | } 1723 | ELSE 1724 | { 1725 | $CertLoaded = $False 1726 | } 1727 | #======================================================================= 1728 | 1729 | # Build IP List from Windows Computer Property 1730 | #======================================================================= 1731 | #We want to remove Link local IP 1732 | [string]$IPList = "" 1733 | $IPSplit = $IP.Split(",") 1734 | FOREACH ($IPAddr in $IPSplit) 1735 | { 1736 | [string]$IPAddr = $IPAddr.Trim() 1737 | write-host $IPAddr 1738 | IF (!($IPAddr.StartsWith("fe80") -or $IPAddr.StartsWith("169.254"))) 1739 | { 1740 | $IPList = $IPList + $IPAddr + "," 1741 | } 1742 | } 1743 | $IPList = $IPList.TrimEnd(",") 1744 | #======================================================================= 1745 | 1746 | # Get port connection availability to an array of parents 1747 | #======================================================================= 1748 | [string]$PortList = "" 1749 | IF ($Parents) 1750 | { 1751 | FOREACH ($Parent in $Parents) 1752 | { 1753 | [string]$PortAvail = "" 1754 | $ip=([System.Net.Dns]::GetHostAddresses($Parent)).IPAddressToString; 1755 | $tcp=New-Object net.sockets.tcpclient;$tcp.Connect($Parent,5723); 1756 | $out=$tcp.Connected; 1757 | # write-host "`nPort 5723 test result for ($Parent) on IP ($ip) : ($out)" 1758 | 1759 | IF ($out) 1760 | { 1761 | $PortAvail = "Open" 1762 | } 1763 | ELSE 1764 | { 1765 | $PortAvail = "Blocked" 1766 | } 1767 | 1768 | $ParentSplit = $Parent.Split(".") 1769 | [string]$ServerName = $ParentSplit[0] 1770 | $PortList = $PortList + $ServerName + ": " + $PortAvail + ", " 1771 | } 1772 | $PortList = $Portlist.TrimEnd(", ") 1773 | } 1774 | #======================================================================= 1775 | 1776 | 1777 | # Discovery Script section - Discovery scripts get this 1778 | #================================================================================= 1779 | $instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='SCOM.Management.Agent.Class']$") 1780 | $instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $Computername) 1781 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/AgentVersion$", $SCOMAgentVersion) 1782 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/UpdateRollup$", $SCOMAgentURVersion) 1783 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ADIntEnabled$", $ADIntEnabled) 1784 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ManagementGroups$", $MGList) 1785 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/LAWorkspaces$", $LAList) 1786 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ProxyURL$", $ProxyURL) 1787 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/PSVersion$", $PSVersion) 1788 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CLRVersion$", $CLRVersion) 1789 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/PrimaryMS$", $PrimaryMS) 1790 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/FailoverList$", $FailoverList) 1791 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ActionAccount$", $ActionAccount) 1792 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/OSVersion$", $OSVersion) 1793 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/InstallPath$", $SCOMAgentPath) 1794 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertLoaded$", $CertLoaded) 1795 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertExpires$", $CertExpires) 1796 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertThumbPrint$", $CertThumbPrint) 1797 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertIssuer$", $CertIssuer) 1798 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/IP$", $IPList) 1799 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/Connection$", $PortList) 1800 | $DiscoveryData.AddInstance($instance) 1801 | 1802 | # Return Discovery Items Normally 1803 | $DiscoveryData 1804 | # Return Discovery Bag to the command line for testing (does not work from ISE) 1805 | # $momapi.Return($DiscoveryData) 1806 | #================================================================================= 1807 | 1808 | 1809 | # End of script section 1810 | #================================================================================= 1811 | #Log an event for script ending and total execution time. 1812 | $EndTime = Get-Date 1813 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 1814 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript has completed. `nAgent Version: ($SCOMAgentVersion). `nAgent Rollup: ($SCOMAgentURVersion). `nADIntEnabled: ($ADIntEnabled). `nManagement Group list: ($MGList). `Log Analytics Workspace list: ($LAList). `nProxyURL: ($ProxyURL). `nPowerShell Version: ($PSVersion). `nCLR Version: ($CLRVersion). `n Primary MS: ($PrimaryMS). `nSecondary MS Failover list: ($FailoverList). `nAction Account: ($ActionAccount). `nOS Version: ($OSVersion). `nSCOM Agent Path: ($SCOMAgentPath). `nCertLoaded: ($CertLoaded). `nCert Expiration: ($CertExpires). `nCert Thumbprint: ($CertThumbPrint). `nCert Issuer: ($CertIssuer). `nIP ($IPList). `nConnection: ($PortList). `nScript runtime: ($ScriptTime) seconds.") 1815 | #================================================================================= 1816 | # End of script 1817 | 1818 | 1819 | 1820 | SourceId 1821 | $MPElement$ 1822 | 1823 | 1824 | ManagedEntityId 1825 | $Target/Id$ 1826 | 1827 | 1828 | ComputerName 1829 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1830 | 1831 | 1832 | MGName 1833 | $Target/ManagementGroup/Name$ 1834 | 1835 | 1836 | IP 1837 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/IPAddress$ 1838 | 1839 | 1840 | 600 1841 | 1842 | 1843 | 1844 | Discovery 1845 | 1846 | 1847 | 1848 | 1849 | 1850 | 1851 | 1852 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1853 | 1854 | 1855 | ServerRegKeyExists 1856 | SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups 1857 | 0 1858 | 1859 | 0 1860 | 1861 | 1862 | 1863 | WebConsoleRegKeyExists 1864 | SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\WebConsole 1865 | 0 1866 | 1867 | 0 1868 | 1869 | 1870 | 1871 | OSName 1872 | SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName 1873 | 1 1874 | 1875 | 1 1876 | 1877 | 1878 | 1879 | DotNetVersion 1880 | SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release 1881 | 1 1882 | 1883 | 1 1884 | 1885 | 1886 | 1887 | 14400 1888 | $MPElement[Name="SCOM.Management.Server.Class"]$ 1889 | 1890 | 1891 | 1892 | $MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1893 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1894 | 1895 | 1896 | $MPElement[Name="System!System.Entity"]/DisplayName$ 1897 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1898 | 1899 | 1900 | $MPElement[Name="SCOM.Management.Server.Class"]/OSName$ 1901 | $Data/Values/OSName$ 1902 | 1903 | 1904 | $MPElement[Name="SCOM.Management.Server.Class"]/DotNetVersion$ 1905 | $Data/Values/DotNetVersion$ 1906 | 1907 | 1908 | 1909 | 1910 | 1911 | 1912 | 1913 | 1914 | Values/ServerRegKeyExists 1915 | 1916 | 1917 | Equal 1918 | 1919 | 1920 | true 1921 | 1922 | 1923 | 1924 | 1925 | 1926 | 1927 | 1928 | Values/WebConsoleRegKeyExists 1929 | 1930 | 1931 | Equal 1932 | 1933 | 1934 | true 1935 | 1936 | 1937 | 1938 | 1939 | 1940 | 1941 | 1942 | 1943 | 1944 | Discovery 1945 | 1946 | 1947 | 1948 | 1949 | 1950 | 1951 | 1952 | 1953 | 1954 | 1955 | 1956 | 1957 | 1958 | 1959 | 1960 | 1961 | 1962 | 1963 | 1964 | 1965 | 1966 | 1967 | 1968 | 1969 | 1970 | 1971 | 86400 1972 | 1973 | SCOM.Management.Server.Class.PowerShell.Properties.Discovery.ps1 1974 | 1975 | #================================================================================= 1976 | # Script to gather SCOM Server Component properties via PowerShell 1977 | # 1978 | # Author: Kevin Holman 1979 | # 1980 | # Version: 3.3 1981 | #================================================================================= 1982 | param($SourceId,$ManagedEntityId,$ComputerName,$MGName) 1983 | 1984 | 1985 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 1986 | #================================================================================= 1987 | # $SourceId = '{00000000-0000-0000-0000-000000000000}' 1988 | # $ManagedEntityId = '{00000000-0000-0000-0000-000000000000}' 1989 | # $Computername = 'server.domain.com' 1990 | # $MGName = 'SCOM1' 1991 | #================================================================================= 1992 | 1993 | 1994 | # Constants section - modify stuff here: 1995 | #================================================================================= 1996 | # Assign script name variable for use in event logging 1997 | $ScriptName = "SCOM.Management.Server.Class.PowerShell.Properties.Discovery.ps1" 1998 | $EventID = "1006" 1999 | #================================================================================= 2000 | 2001 | 2002 | # Starting Script section - All scripts get this 2003 | #================================================================================= 2004 | # Gather the start time of the script 2005 | $StartTime = Get-Date 2006 | #Set variable to be used in logging events 2007 | $whoami = whoami 2008 | # Load MOMScript API 2009 | $momapi = New-Object -comObject MOM.ScriptAPI 2010 | #Log script event that we are starting task 2011 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).") 2012 | #================================================================================= 2013 | 2014 | 2015 | # Discovery Script section - Discovery scripts get this 2016 | #================================================================================= 2017 | # Load SCOM Discovery module 2018 | $DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId) 2019 | #================================================================================= 2020 | 2021 | 2022 | # Begin Main Script 2023 | #================================================================================= 2024 | # Begin Role Version Section 2025 | #======================================================================= 2026 | # Function to map a file version to a UR level 2027 | function URVersion($Version) 2028 | { 2029 | switch($Version) 2030 | { 2031 | # SCOM 2012 2032 | "7.1.10226.0" {"2012 R2 RTM"} 2033 | "7.1.10184.0" {"2012 R2 RTM"} #Gateway 2034 | "7.1.10226.1011" {"2012 R2 UR1"} 2035 | "7.1.10188.0" {"2012 R2 UR1"} #Gateway 2036 | "7.1.10226.1015" {"2012 R2 UR2"} 2037 | "7.1.10195.0" {"2012 R2 UR2"} #Gateway 2038 | "7.1.10226.1037" {"2012 R2 UR3"} 2039 | "7.1.10204.0" {"2012 R2 UR3"} #Gateway 2040 | "7.1.10226.1046" {"2012 R2 UR4"} 2041 | "7.1.10211.0" {"2012 R2 UR4"} #Gateway 2042 | "7.1.10226.1052" {"2012 R2 UR5"} 2043 | "7.1.10213.0" {"2012 R2 UR5"} #Gateway 2044 | "7.1.10226.1064" {"2012 R2 UR6"} 2045 | "7.1.10218.0" {"2012 R2 UR6"} #Gateway 2046 | "7.1.10226.1090" {"2012 R2 UR7"} 2047 | "7.1.10229.0" {"2012 R2 UR7"} #Gateway 2048 | "7.1.10226.1118" {"2012 R2 UR8"} 2049 | "7.1.10241.0" {"2012 R2 UR8"} #Gateway 2050 | "7.1.10226.1177" {"2012 R2 UR9"} 2051 | "7.1.10268.0" {"2012 R2 UR9"} #Gateway 2052 | "7.1.10226.1239" {"2012 R2 UR11"} 2053 | "7.1.10285.0" {"2012 R2 UR11"} #Gateway 2054 | "7.1.10226.1304" {"2012 R2 UR12"} 2055 | "7.1.10292.0" {"2012 R2 UR12"} #Gateway 2056 | "7.1.10226.1360" {"2012 R2 UR13"} 2057 | "7.1.10302.0" {"2012 R2 UR13"} #Gateway 2058 | "7.1.10226.1387" {"2012 R2 UR14"} 2059 | "7.1.10305.0" {"2012 R2 UR14"} #Gateway 2060 | "7.1.10226.1413" {"2012 R2 UR14 with KB5006871"} 2061 | 2062 | # SCOM 2016 2063 | "7.2.11719.0" {"2016 RTM"} 2064 | "8.0.10918.0" {"2016 RTM"} #Gateway 2065 | "7.2.11759.0" {"2016 UR1"} 2066 | "7.2.11822.0" {"2016 UR2"} 2067 | "8.0.10949.0" {"2016 UR2"} #Gateway 2068 | "7.2.11878.0" {"2016 UR3"} 2069 | "8.0.10970.0" {"2016 UR3"} #Gateway 2070 | "7.2.11938.0" {"2016 UR4"} 2071 | "8.0.10977.0" {"2016 UR4"} #Gateway 2072 | "7.2.12016.0" {"2016 UR5"} 2073 | "8.0.10990.0" {"2016 UR5"} #Gateway 2074 | "7.2.12066.0" {"2016 UR6"} 2075 | "8.0.11004.0" {"2016 UR6"} #Gateway 2076 | "7.2.12150.0" {"2016 UR7"} 2077 | "8.0.11025.0" {"2016 UR7"} #Gateway 2078 | "7.2.12213.0" {"2016 UR8"} 2079 | "8.0.11037.0" {"2016 UR8"} #Gateway 2080 | "7.2.12265.0" {"2016 UR9"} 2081 | "8.0.11049.0" {"2016 UR9"} #Gateway 2082 | "7.2.12324.0" {"2016 UR10"} 2083 | "8.0.11057.0" {"2016 UR10"} #Gateway 2084 | "7.2.12335.0" {"2016 UR10 with KB5006871"} 2085 | "7.2.12345.0" {"2016 UR10 with KB5028684"} 2086 | "7.2.12348.0" {"2016 UR10 with KB5037360"} 2087 | 2088 | # SEMI ANNUAL Channel 2089 | "7.3.13142.0" {"1801"} 2090 | "8.0.13053.0" {"1801"} #Gateway 2091 | "7.3.13261.0" {"1807"} 2092 | "8.0.13067.0" {"1807"} #Gateway 2093 | 2094 | # SCOM 2019 2095 | "10.19.10014.0" {"2019 TP"} 2096 | "10.19.10050.0" {"2019 RTM"} 2097 | "10.19.10311.0" {"2019 UR1"} 2098 | "10.19.10349.0" {"2019 UR1 with Hotfix"} 2099 | "10.19.10407.0" {"2019 UR2"} 2100 | "10.19.10153.0" {"2019 UR2"} #Gateway 2101 | "10.19.10505.0" {"2019 UR3"} 2102 | "10.19.10177.0" {"2019 UR3"} #Gateway 2103 | "10.19.10550.0" {"2019 UR3 with KB5006871"} 2104 | "10.19.10552.0" {"2019 UR3 with KB5005527"} 2105 | "10.19.10185.0" {"2019 UR3 with KB5005527"} #Gateway 2106 | "10.19.10569.0" {"2019 UR4"} 2107 | "10.19.10200.0" {"2019 UR4"} #Gateway 2108 | "10.19.10574.0" {"2019 UR4 with KB5016576"} 2109 | "10.19.10576.0" {"2019 UR4 with KB5016576"} 2110 | "10.19.10606.0" {"2019 UR5"} 2111 | "10.19.10211.0" {"2019 UR5"} #Gateway 2112 | "10.19.10615.0" {"2019 UR5 with KB5029601"} 2113 | "10.19.10616.0" {"2019 UR5 with KB5029512"} 2114 | "10.19.10618.0" {"2019 UR5 with KB5028684"} 2115 | "10.19.10649.0" {"2019 UR6"} 2116 | "10.19.10253.0" {"2019 UR6"} #Gateway 2117 | "10.19.10652.0" {"2019 UR6 with KB5037360"} 2118 | 2119 | # SCOM 2022 2120 | "10.22.10118.0" {"2022 RTM"} 2121 | "10.22.10337.0" {"2022 UR1"} 2122 | "10.22.10448.0" {"2022 UR1 with KB5024286"} 2123 | "10.22.10565.0" {"2022 UR1 with KB5029512"} 2124 | "10.22.10575.0" {"2022 UR1 with KB5029601"} 2125 | "10.22.10560.0" {"2022 UR1 with KB5028684"} 2126 | "10.22.10610.0" {"2022 UR2"} 2127 | "10.22.10618.0" {"2022 UR2 with KB5033752"} 2128 | "10.22.10684.0" {"2022 UR2 with KB5037360"} 2129 | 2130 | # SCOM 2025 2131 | "10.25.10132.0" {"2025 RTM"} 2132 | } 2133 | } 2134 | 2135 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 2136 | $SCOMPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory 2137 | $SCOMPath = $SCOMPath.TrimEnd("\") 2138 | $SCOMCorePath = $SCOMPath.TrimEnd("Server") 2139 | $SCOMCorePath = $SCOMCorePath.TrimEnd("\") 2140 | 2141 | # Check to see if this is a Gateway 2142 | IF ($SCOMCorePath -match "Gateway") 2143 | { 2144 | $MS = $false 2145 | $ServerURFile = Get-Item $SCOMPath\HealthService.dll 2146 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2147 | $ServerURFileVersionSplit = $ServerURFileVersion.Split(".") 2148 | $MajorSCOMVersion = $ServerURFileVersionSplit[0] + "." + $ServerURFileVersionSplit[1] 2149 | 2150 | $MOMWsManModulesFile = Get-Item $SCOMPath\MOMWsManModules.dll 2151 | $MOMWsManModulesFileVersion = $MOMWsManModulesFile.VersionInfo.FileVersion 2152 | 2153 | $MOMCommonFile = Get-Item $SCOMPath\Microsoft.Mom.Common.dll 2154 | $MOMCommonFileVersion = $MOMCommonFile.VersionInfo.FileVersion 2155 | 2156 | IF ($ServerURFileVersion -eq "8.0.10949.0" -and $MOMWsManModulesFileVersion -eq "8.0.10918.0") 2157 | { 2158 | #This is SCOM 2016 UR2 2159 | $ServerURFileVersion = "8.0.10949.0" 2160 | } 2161 | ELSEIF ($ServerURFileVersion -eq "8.0.10949.0" -and $MOMWsManModulesFileVersion -eq "8.0.10970.0") 2162 | { 2163 | #This is SCOM 2016 UR3 and was patched from UR2 to UR3 2164 | $ServerURFileVersion = "8.0.10970.0" 2165 | } 2166 | ELSEIF ($ServerURFileVersion -eq "8.0.10918.0" -and $MOMWsManModulesFileVersion -eq "8.0.10970.0") 2167 | { 2168 | #This is SCOM 2016 UR3 and was patched from RTM to UR3 directly 2169 | $ServerURFileVersion = "8.0.10970.0" 2170 | } 2171 | ELSEIF ($ServerURFileVersion -eq "10.19.10014.0" -and $MOMCommonFileVersion -eq "10.19.10050.0") 2172 | { 2173 | #This is SCOM 2019 RTM 2174 | $ServerURFileVersion = "10.19.10050.0" 2175 | } 2176 | ELSEIF ($ServerURFileVersion -eq "10.19.10140.0" -and $MOMCommonFileVersion -eq "10.19.10050.0") 2177 | { 2178 | #This is SCOM 2019 UR1 2179 | $ServerURFileVersion = "10.19.10311.0" 2180 | } 2181 | ELSEIF ($ServerURFileVersion -eq "10.19.10177.0") 2182 | { 2183 | #This is SCOM 2019 UR3. Check for Post UR3 hotfix 2184 | $MOMModules2File = Get-Item $SCOMPath\MOMModules2.dll 2185 | $MOMModules2FileVersion = $MOMModules2File.VersionInfo.FileVersion 2186 | $ServerURFileVersion = $MOMModules2FileVersion 2187 | } 2188 | ELSEIF ($ServerURFileVersion -eq "10.19.10253.0") 2189 | { 2190 | #This is SCOM 2019 UR6. Check for Post UR6 hotfix 2191 | $SSHLIBFile = Get-Item $SCOMPath\sshlib.dll 2192 | $SSHLIBVersion = $SSHLIBFile.VersionInfo.FileVersion 2193 | IF ($SSHLIBVersion -eq "10.19.1255.0") 2194 | { 2195 | #This is KB5037360 patch on Gateway 2196 | $ServerURFileVersion = "10.19.10652.0" 2197 | } 2198 | } 2199 | ELSEIF ($MajorSCOMVersion -eq "10.22") 2200 | { 2201 | #This is SCOM 2022 2202 | $ServerURFile = Get-Item $SCOMPath\Microsoft.SystemCenter.Telemetry.EventData.dll 2203 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2204 | } 2205 | 2206 | # Set these to null since we do not expect a web console or a console on a GW 2207 | $WebConsoleURFileVersion = "" 2208 | $ConsoleURFileVersion = "" 2209 | } 2210 | ELSE #This is a Management Server not a Gateway 2211 | { 2212 | $MS = $true 2213 | $ServerURFile = Get-Item $SCOMPath\Microsoft.EnterpriseManagement.RuntimeService.dll 2214 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2215 | $ServerURFileVersionSplit = $ServerURFileVersion.Split(".") 2216 | $MajorSCOMVersion = $ServerURFileVersionSplit[0] + "." + $ServerURFileVersionSplit[1] 2217 | 2218 | IF ($MajorSCOMVersion -eq "7.1") #SCOM2012 2219 | { 2220 | Try 2221 | { 2222 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.EnterpriseManagement.Management.DataProviders.dll 2223 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2224 | } 2225 | Catch 2226 | { 2227 | $WebConsoleURFileVersion = "" 2228 | } 2229 | 2230 | #Need to see if this is Post SCOM2012 UR14 hotfix for web console 2231 | IF ($WebConsoleURFileVersion -eq "7.1.10226.1387") 2232 | { 2233 | #This is SCOM 2012 UR14. Check to see if hotfix is applied 2234 | $WebConsoleHotfixFile = Get-Item $SCOMCorePath\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin\ARViewer.dll 2235 | $WebConsoleHotfixFileVersion = $WebConsoleHotfixFile.VersionInfo.FileVersion 2236 | $WebConsoleURFileVersion = $WebConsoleHotfixFileVersion 2237 | } 2238 | 2239 | Try 2240 | { 2241 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.Management.DataProviders.dll 2242 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2243 | } 2244 | Catch 2245 | { 2246 | $ConsoleURFileVersion = "" 2247 | } 2248 | } 2249 | 2250 | IF ($MajorSCOMVersion -eq "7.2") #SCOM2016 2251 | { 2252 | Try 2253 | { 2254 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.EnterpriseManagement.Monitoring.DataProviders.dll 2255 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2256 | } 2257 | Catch 2258 | { 2259 | $WebConsoleURFileVersion = "" 2260 | } 2261 | 2262 | #Need to see if this is Post SCOM2016 UR10 hotfix for web console 2263 | IF ($WebConsoleURFileVersion -eq "7.2.12324.0") 2264 | { 2265 | #This is SCOM 2016 UR10. Check to see if hotfix is applied 2266 | $WebConsoleHotfixFile = Get-Item $SCOMCorePath\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin\ARViewer.dll 2267 | $WebConsoleHotfixFileVersion = $WebConsoleHotfixFile.VersionInfo.FileVersion 2268 | $WebConsoleURFileVersion = $WebConsoleHotfixFileVersion 2269 | } 2270 | 2271 | Try 2272 | { 2273 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.Monitoring.DataProviders.dll 2274 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2275 | } 2276 | Catch 2277 | { 2278 | $ConsoleURFileVersion = "" 2279 | } 2280 | } 2281 | 2282 | IF ($MajorSCOMVersion -eq "7.3") #SCOM 1801 or 1807 Semi Annual Channel 2283 | { 2284 | $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessLayer.dll 2285 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2286 | 2287 | Try 2288 | { 2289 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.Mom.Common.dll 2290 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2291 | } 2292 | Catch 2293 | { 2294 | $WebConsoleURFileVersion = "" 2295 | } 2296 | Try 2297 | { 2298 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Common.dll 2299 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2300 | } 2301 | Catch 2302 | { 2303 | $ConsoleURFileVersion = "" 2304 | } 2305 | } 2306 | 2307 | IF ($MajorSCOMVersion -eq "10.19") #SCOM 2019 2308 | { 2309 | #We need to use a different file for versioning for SCOM 2019 2310 | $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessLayer.dll 2311 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2312 | 2313 | #Check to see if this is UR1 plus Hotfix special case 2314 | $ServerUR1HotfixFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessService.OperationsManager.dll 2315 | $ServerUR1HotfixFileVersion = $ServerUR1HotfixFile.VersionInfo.FileVersion 2316 | IF ($ServerUR1HotfixFileVersion -eq "10.19.10349.0") 2317 | { 2318 | $ServerURFileVersion = $ServerUR1HotfixFileVersion 2319 | } 2320 | 2321 | #Check to see if this is SCOM 2019 UR3 plus hotfix 2322 | IF ($ServerURFileVersion -eq "10.19.10505.0") 2323 | { 2324 | #This is SCOM 2019 UR3. Check for KB5005527 2325 | $ServerUR3HotfixFile = Get-Item $SCOMCorePath\Server\Eula\Omversion.dll 2326 | $ServerUR3HotfixFileVersion = $ServerUR3HotfixFile.VersionInfo.FileVersion 2327 | $ServerURFileVersion = $ServerUR3HotfixFileVersion 2328 | } 2329 | 2330 | #Check to see if this is SCOM 2019 UR6 plus hotfix 2331 | IF ($ServerURFileVersion -eq "10.19.10649.0") 2332 | { 2333 | #This is SCOM 2019 UR6. Check for KB5037360 2334 | $ServerUR6HotfixFile = Get-Item $SCOMCorePath\Server\Tools\TMF\OMTraceTMFVer.Dll 2335 | $ServerUR6HotfixFileVersion = $ServerUR6HotfixFile.VersionInfo.FileVersion 2336 | $ServerURFileVersion = $ServerUR6HotfixFileVersion 2337 | } 2338 | 2339 | 2340 | Try 2341 | { 2342 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\Dashboard\OMVersion.dll 2343 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2344 | } 2345 | Catch 2346 | { 2347 | $WebConsoleURFileVersion = "" 2348 | } 2349 | 2350 | #Need to see if this isPost UR3 hotfix for web console 2351 | IF ($WebConsoleURFileVersion -eq "10.19.10505.0") 2352 | { 2353 | #This is SCOM 2019 UR3. Check for KB5006871 2354 | $WebConsoleHotfixFile = Get-Item $SCOMCorePath\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin\ARViewer.dll 2355 | $WebConsoleHotfixFileVersion = $WebConsoleHotfixFile.VersionInfo.FileVersion 2356 | $WebConsoleURFileVersion = $WebConsoleHotfixFileVersion 2357 | } 2358 | 2359 | Try 2360 | { 2361 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Components.dll 2362 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2363 | } 2364 | Catch 2365 | { 2366 | $ConsoleURFileVersion = "" 2367 | } 2368 | 2369 | #Need to see if this is Post UR4 hotfix for console 2370 | IF ($ConsoleURFileVersion -eq "10.19.10569.0") 2371 | { 2372 | #This is SCOM 2019 UR4. Check for KB5016576 2373 | $ConsoleHotfixFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.UI.Authoring.dll 2374 | $ConsoleHotfixFileVersion = $ConsoleHotfixFile.VersionInfo.FileVersion 2375 | $ConsoleURFileVersion = $ConsoleHotfixFileVersion 2376 | } 2377 | 2378 | #Need to see if this is Post UR6 hotfix for console 2379 | IF ($ConsoleURFileVersion -eq "10.19.10649.0") 2380 | { 2381 | #This is SCOM 2019 UR6. Check for KB5037360 2382 | $ConsoleHotfixFile = Get-Item $SCOMCorePath\Console\Tools\TMF\OMTraceTMFVer.Dll 2383 | $ConsoleHotfixFileVersion = $ConsoleHotfixFile.VersionInfo.FileVersion 2384 | $ConsoleURFileVersion = $ConsoleHotfixFileVersion 2385 | } 2386 | 2387 | 2388 | } 2389 | 2390 | 2391 | IF ($MajorSCOMVersion -eq "10.22") #SCOM 2022 2392 | { 2393 | #Detect SCOM UR Version 2394 | #We need to use a different file for versioning for SCOM 2022 2395 | $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.Mom.Common.dll 2396 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2397 | 2398 | #Check to see if this is SCOM 2022 UR2 plus hotfix 2399 | IF ($ServerURFileVersion -eq "10.22.10610.0") 2400 | { 2401 | #This is SCOM 2022 UR2. Check for KB5037360 2402 | $ServerUR2HotfixFile = Get-Item $SCOMCorePath\Server\Tools\TMF\OMTraceTMFVer.Dll 2403 | $ServerUR2HotfixFileVersion = $ServerUR2HotfixFile.VersionInfo.FileVersion 2404 | $ServerURFileVersion = $ServerUR2HotfixFileVersion 2405 | } 2406 | 2407 | 2408 | Try 2409 | { 2410 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\Dashboard\OMVersion.dll 2411 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2412 | } 2413 | Catch 2414 | { 2415 | $WebConsoleURFileVersion = "" 2416 | } 2417 | 2418 | Try 2419 | { 2420 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Components.dll 2421 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2422 | } 2423 | Catch 2424 | { 2425 | $ConsoleURFileVersion = "" 2426 | } 2427 | 2428 | #Check to see if this is SCOM 2022 UR2 plus hotfix 2429 | IF (($ConsoleURFileVersion -eq "10.22.10605.0") -or ($ConsoleURFileVersion -eq "10.22.10610.0")) 2430 | { 2431 | #This is SCOM 2022 UR2. Check for KB5033752 and KB5037360 2432 | $ConsoleUR2HotfixFile = Get-Item $SCOMCorePath\Console\Tools\TMF\OMTraceTMFVer.Dll 2433 | $ConsoleUR2HotfixFileVersion = $ConsoleUR2HotfixFile.VersionInfo.FileVersion 2434 | $ConsoleURFileVersion = $ConsoleUR2HotfixFileVersion 2435 | } 2436 | 2437 | } 2438 | } 2439 | $ServerURLevel = URVersion $ServerURFileVersion 2440 | $WebConsoleURLevel = URVersion $WebConsoleURFileVersion 2441 | $ConsoleURLevel = URVersion $ConsoleURFileVersion 2442 | #======================================================================= 2443 | 2444 | # Get Log Analytics Workspaces section 2445 | #======================================================================= 2446 | # Load SCOM Agent scripting module 2447 | $AgentCfg = New-Object -ComObject "AgentConfigManager.MgmtSvcCfg" 2448 | # Try Catch since agent might not support method and throw error or might be empty 2449 | try 2450 | { 2451 | $LAWorkspaces=$AgentCfg.GetCloudWorkspaces() 2452 | foreach($LAWorkspace in $LAWorkspaces) 2453 | { 2454 | $LAList=$LAList + $LAWorkspace.workspaceId + ", " 2455 | } 2456 | $LAList=$LAList.TrimEnd(", ") 2457 | } 2458 | catch 2459 | { 2460 | $LAList='' 2461 | } 2462 | #======================================================================= 2463 | 2464 | # Get PowerShell Version section 2465 | #======================================================================= 2466 | $PSVer = $PSVersionTable.PSVersion 2467 | [string]$PSMajor = $PSVer.Major 2468 | [string]$PSMinor = $PSVer.Minor 2469 | $PSVersion = $PSMajor + "." + $PSMinor 2470 | #======================================================================= 2471 | 2472 | # Get PowerShell CLR Version section 2473 | #======================================================================= 2474 | $CLRVer = $PSVersionTable.CLRVersion 2475 | [string]$CLRMajor = $CLRVer.Major 2476 | [string]$CLRMinor = $CLRVer.Minor 2477 | $CLRVersion = $CLRMajor + "." + $CLRMinor 2478 | #======================================================================= 2479 | 2480 | # Get Assignments section if not a Management Server 2481 | #======================================================================= 2482 | [string]$PrimaryMS = "" 2483 | [string]$FailoverList = "" 2484 | 2485 | #Only continue if this is a Gateway 2486 | IF ($MS -eq $false) 2487 | { 2488 | $HSParametersRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\HealthService\Parameters" 2489 | IF ($HSStateDir = (Get-ItemProperty $HSParametersRegKey).'State Directory') 2490 | { 2491 | $FilePath = "$HSStateDir\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 2492 | } 2493 | ELSE 2494 | { 2495 | $FilePath = "$SCOMPath\Health Service State\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 2496 | } 2497 | 2498 | IF (Test-Path -Path $FilePath) 2499 | { 2500 | [xml]$ConfigFileXML = Get-Content -Path $FilePath 2501 | 2502 | #Get Primary MS 2503 | $PrimaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "True"} 2504 | $PrimaryMS = $PrimaryArr.AuthenticationName 2505 | 2506 | #Get list of Secondary MS 2507 | $SecondaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "False"} 2508 | [string]$SecondaryMSList = @() 2509 | FOREACH ($SecondaryXML in $SecondaryArr) 2510 | { 2511 | $SecondaryMS = $SecondaryXML.AuthenticationName 2512 | $SecondaryMSList = $SecondaryMSList + $SecondaryMS + ", " 2513 | } 2514 | $FailoverList = $SecondaryMSList.TrimEnd(", ") 2515 | } 2516 | ELSE 2517 | { 2518 | #Log script event that we cannot find config file 2519 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "Cannot find config file at path ($FilePath)") 2520 | } 2521 | } 2522 | #======================================================================= 2523 | 2524 | # Get Action Account section 2525 | #======================================================================= 2526 | # Get the action account this script is running under. We will assume that is the default action account 2527 | try 2528 | { 2529 | $user = "" 2530 | $domain = "" 2531 | $oNetwork = new-object -comobject "WScript.Network" 2532 | $user = $oNetwork.UserName 2533 | $domain = $oNetwork.UserDomain 2534 | If(($user.Length -eq 0) -or ($user -eq "SYSTEM")) 2535 | { 2536 | $ActionAccount = $user 2537 | } 2538 | Else 2539 | { 2540 | $ActionAccount = $domain + "\" + $user 2541 | } 2542 | } 2543 | catch 2544 | { 2545 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "Failed to retrieve the User name and domain for the action account, error: ", $error.Description) 2546 | } 2547 | #======================================================================= 2548 | 2549 | # Get OSVersion section 2550 | #======================================================================= 2551 | $OSRegKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" 2552 | [string]$OSCurrentVersion = (Get-ItemProperty $OSRegKey).CurrentVersion 2553 | [string]$OSCurrentBuildNumber = (Get-ItemProperty $OSRegKey).CurrentBuildNumber 2554 | [string]$OSCurrentCurrentMajorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMajorVersionNumber 2555 | [string]$OSCurrentCurrentMinorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMinorVersionNumber 2556 | 2557 | # If Windows 10 or WS2016 use new reg keys else use old keys 2558 | IF ($OSCurrentCurrentMajorVersionNumber) 2559 | { 2560 | [string]$OSVersion = $OSCurrentCurrentMajorVersionNumber + "." + $OSCurrentCurrentMinorVersionNumber + "." + $OSCurrentBuildNumber 2561 | } 2562 | ELSE 2563 | { 2564 | [string]$OSVersion = $OSCurrentVersion + "." + $OSCurrentBuildNumber 2565 | } 2566 | #======================================================================= 2567 | 2568 | # Get Certificate Section 2569 | #======================================================================= 2570 | $CertRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings" 2571 | IF(Test-Path $CertRegKey) 2572 | { 2573 | [array]$CertValue = (Get-ItemProperty $CertRegKey).ChannelCertificateSerialNumber 2574 | IF($Certvalue) 2575 | { 2576 | $CertLoaded = $True 2577 | [string]$CertThumbPrint = (Get-ItemProperty $CertRegKey).ChannelCertificateHash 2578 | $Cert = Get-ChildItem -path cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq $CertThumbPrint} 2579 | IF ($Cert) 2580 | { 2581 | [datetime]$CertExpiresDateTime = $Cert.NotAfter 2582 | [string]$CertExpires = $CertExpiresDateTime.ToShortDateString() 2583 | $CertIssuerArr = $Cert.Issuer 2584 | $CertIssuerSplit = $CertIssuerArr.Split(",") 2585 | [string]$CertIssuer = $CertIssuerSplit[0].TrimStart("CN=") 2586 | } 2587 | ELSE 2588 | { 2589 | $CertIssuer = "NotFound" 2590 | $CertExpires = "NotFound" 2591 | } 2592 | 2593 | } 2594 | ELSE 2595 | { 2596 | $CertLoaded = $False 2597 | } 2598 | } 2599 | ELSE 2600 | { 2601 | $CertLoaded = $False 2602 | } 2603 | #======================================================================= 2604 | 2605 | # Get TLS12Enforced Section 2606 | #======================================================================= 2607 | #Set the value to good by default then look for any bad or missing settings 2608 | $TLS12Enforced = $True 2609 | 2610 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client") 2611 | { 2612 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").Enabled 2613 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").DisabledByDefault 2614 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2615 | { 2616 | $TLS12Enforced = $False 2617 | } 2618 | } 2619 | ELSE 2620 | { 2621 | $TLS12Enforced = $False 2622 | } 2623 | 2624 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server") 2625 | { 2626 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server").Enabled 2627 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server").DisabledByDefault 2628 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2629 | { 2630 | $TLS12Enforced = $False 2631 | } 2632 | } 2633 | ELSE 2634 | { 2635 | $TLS12Enforced = $False 2636 | } 2637 | 2638 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client") 2639 | { 2640 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").Enabled 2641 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").DisabledByDefault 2642 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2643 | { 2644 | $TLS12Enforced = $False 2645 | } 2646 | } 2647 | ELSE 2648 | { 2649 | $TLS12Enforced = $False 2650 | } 2651 | 2652 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server") 2653 | { 2654 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server").Enabled 2655 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server").DisabledByDefault 2656 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2657 | { 2658 | $TLS12Enforced = $False 2659 | } 2660 | } 2661 | ELSE 2662 | { 2663 | $TLS12Enforced = $False 2664 | } 2665 | 2666 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client") 2667 | { 2668 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").Enabled 2669 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").DisabledByDefault 2670 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2671 | { 2672 | $TLS12Enforced = $False 2673 | } 2674 | } 2675 | ELSE 2676 | { 2677 | $TLS12Enforced = $False 2678 | } 2679 | 2680 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server") 2681 | { 2682 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server").Enabled 2683 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server").DisabledByDefault 2684 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2685 | { 2686 | $TLS12Enforced = $False 2687 | } 2688 | } 2689 | ELSE 2690 | { 2691 | $TLS12Enforced = $False 2692 | } 2693 | 2694 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client") 2695 | { 2696 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").Enabled 2697 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").DisabledByDefault 2698 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2699 | { 2700 | $TLS12Enforced = $False 2701 | } 2702 | } 2703 | ELSE 2704 | { 2705 | $TLS12Enforced = $False 2706 | } 2707 | 2708 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server") 2709 | { 2710 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server").Enabled 2711 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server").DisabledByDefault 2712 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2713 | { 2714 | $TLS12Enforced = $False 2715 | } 2716 | } 2717 | ELSE 2718 | { 2719 | $TLS12Enforced = $False 2720 | } 2721 | 2722 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client") 2723 | { 2724 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").Enabled 2725 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").DisabledByDefault 2726 | IF ($Enabled -ne 1 -or $DisabledByDefault -ne 0) 2727 | { 2728 | $TLS12Enforced = $False 2729 | } 2730 | } 2731 | ELSE 2732 | { 2733 | $TLS12Enforced = $False 2734 | } 2735 | 2736 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server") 2737 | { 2738 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server").Enabled 2739 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server").DisabledByDefault 2740 | IF ($Enabled -ne 1 -or $DisabledByDefault -ne 0) 2741 | { 2742 | $TLS12Enforced = $False 2743 | } 2744 | } 2745 | ELSE 2746 | { 2747 | $TLS12Enforced = $False 2748 | } 2749 | 2750 | IF (Test-Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319") 2751 | { 2752 | $SchUseStrongCrypto = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto 2753 | IF ($SchUseStrongCrypto -ne 1) 2754 | { 2755 | $TLS12Enforced = $False 2756 | } 2757 | } 2758 | ELSE 2759 | { 2760 | $TLS12Enforced = $False 2761 | } 2762 | 2763 | IF (Test-Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319") 2764 | { 2765 | $SchUseStrongCrypto = (Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto 2766 | IF ($SchUseStrongCrypto -ne 1) 2767 | { 2768 | $TLS12Enforced = $False 2769 | } 2770 | } 2771 | ELSE 2772 | { 2773 | $TLS12Enforced = $False 2774 | } 2775 | #======================================================================= 2776 | 2777 | # Get SQL Driver ODBC Section 2778 | #======================================================================= 2779 | $RegPath = "HKLM:SOFTWARE\Microsoft\Microsoft ODBC Driver 17 for SQL Server\CurrentVersion" 2780 | 2781 | IF (Test-Path $RegPath) 2782 | { 2783 | [string]$SQLODBC = (Get-ItemProperty $RegPath)."Version" 2784 | } 2785 | ELSE 2786 | { 2787 | [string]$SQLODBC = "Not Installed" 2788 | } 2789 | #======================================================================= 2790 | 2791 | # Get SQL Driver MSOLEDBSQL Section 2792 | #======================================================================= 2793 | $RegPath = "HKLM:SOFTWARE\Microsoft\Microsoft OLE DB Driver for SQL Server\CurrentVersion" 2794 | 2795 | IF (Test-Path $RegPath) 2796 | { 2797 | [string]$SQLMSOLEDBSQL = (Get-ItemProperty $RegPath)."Version" 2798 | } 2799 | ELSE 2800 | { 2801 | [string]$SQLMSOLEDBSQL = "Not Installed" 2802 | } 2803 | #======================================================================= 2804 | 2805 | # Discovery Script section - Discovery scripts get this 2806 | #================================================================================= 2807 | $instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='SCOM.Management.Server.Class']$") 2808 | $instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $Computername) 2809 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ServerVersion$", $ServerURFileVersion) 2810 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ServerURLevel$", $ServerURLevel) 2811 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/WebConsoleVersion$", $WebConsoleURFileVersion) 2812 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/WebConsoleURLevel$", $WebConsoleURLevel) 2813 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ConsoleVersion$", $ConsoleURFileVersion) 2814 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ConsoleURLevel$", $ConsoleURLevel) 2815 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/LAWorkspaces$", $LAList) 2816 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/PSVersion$", $PSVersion) 2817 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CLRVersion$", $CLRVersion) 2818 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/OSVersion$", $OSVersion) 2819 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/PrimaryMS$", $PrimaryMS) 2820 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/FailoverList$", $FailoverList) 2821 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ActionAccount$", $ActionAccount) 2822 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/InstallPath$", $SCOMPath) 2823 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertLoaded$", $CertLoaded) 2824 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertExpires$", $CertExpires) 2825 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertThumbPrint$", $CertThumbPrint) 2826 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertIssuer$", $CertIssuer) 2827 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/TLS12Enforced$", $TLS12Enforced) 2828 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/SQLMSOLEDBSQL$", $SQLMSOLEDBSQL) 2829 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/SQLODBC$", $SQLODBC) 2830 | $DiscoveryData.AddInstance($instance) 2831 | 2832 | # Return Discovery Items Normally 2833 | $DiscoveryData 2834 | # Return Discovery Bag to the command line for testing (does not work from ISE) 2835 | # $momapi.Return($DiscoveryData) 2836 | #================================================================================= 2837 | 2838 | 2839 | # End of script section 2840 | #================================================================================= 2841 | #Log an event for script ending and total execution time. 2842 | $EndTime = Get-Date 2843 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 2844 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script has completed. ServerVersion: ($ServerURFileVersion). `n Server UR Level: ($ServerURLevel). `n WebConsoleVersion: ($WebConsoleURFileVersion). `n Web Console UR Level: ($WebConsoleURLevel). `n ConsoleVersion: ($ConsoleURFileVersion). `n Console UR Level: ($ConsoleURLevel). `n LA Workspaces: ($LAList). `n PowerShell Version: ($PSVersion). `n CLR Version: ($CLRVersion). `n OSVersion: ($OSVersion). `n Primary MS: ($PrimaryMS). `n Secondary MS Failover list: ($FailoverList). `n Action Account: ($ActionAccount). `n Install path: ($SCOMPath). `n TLS 1.2 Enforced: ($TLS12Enforced). `n ODBC Driver: ($SQLODBC). `n Runtime was ($ScriptTime) seconds.") 2845 | #================================================================================= 2846 | # End of script 2847 | 2848 | 2849 | 2850 | 2851 | SourceId 2852 | $MPElement$ 2853 | 2854 | 2855 | ManagedEntityId 2856 | $Target/Id$ 2857 | 2858 | 2859 | ComputerName 2860 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 2861 | 2862 | 2863 | MGName 2864 | $Target/ManagementGroup/Name$ 2865 | 2866 | 2867 | 600 2868 | 2869 | 2870 | 2871 | 2872 | 2873 | Alert 2874 | 2875 | 2876 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$ 2877 | Application 2878 | 2879 | 2880 | 2881 | 2882 | 2883 | EventDisplayNumber 2884 | 2885 | Equal 2886 | 2887 | 100 2888 | 2889 | 2890 | 2891 | 2892 | 2893 | 2894 | PublisherName 2895 | 2896 | Equal 2897 | 2898 | TEST 2899 | 2900 | 2901 | 2902 | 2903 | 2904 | 2905 | 2906 | 2907 | 2908 | 0 2909 | 0 2910 | 2911 | 2912 | 2913 | $MPElement[Name="SCOM.Management.TestEvent100.Rule.AlertMessage"]$ 2914 | 2915 | $Data/EventDescription$ 2916 | 2917 | 2918 | 2919 | 2920 | 2921 | 2922 | 2923 | 2924 | 2925 | 2926 | 2927 | 2928 | 2929 | 2930 | 2931 | 2932 | 2933 | 2934 | Custom 2935 | 2936 | MGNAME 2937 | MSName.Domain.Com 2938 | 60 2939 | 2940 | 2941 | 2942 | Custom 2943 | 2944 | MGNAME 2945 | MSName.Domain.Com 2946 | 60 2947 | 2948 | 2949 | 2950 | Custom 2951 | 2952 | $Target/Property[Type="System!System.Entity"]/DisplayName$ 2953 | 120 2954 | 2955 | 2956 | 2957 | Custom 2958 | 2959 | $Target/Property[Type="SC!Microsoft.SystemCenter.UserActionManager"]/TargetDevicePrincipalName$ 2960 | 120 2961 | 2962 | 2963 | 2964 | Custom 2965 | 2966 | %systemroot%\System32\cmd.exe 2967 | 2968 | /c EVENTCREATE /T ERROR /ID 100 /L APPLICATION /SO TEST /D "This is a Test event 100" 2969 | 60 2970 | true 2971 | 2972 | 2973 | 2974 | Custom 2975 | 2976 | 2977 | 120 2978 | 2979 | 2980 | 2981 | Custom 2982 | 2983 | SCOM.Management.DisableADIntegration.Task.ps1 2984 | 2985 | #================================================================================= 2986 | # Script to disable AD integration 2987 | #================================================================================= 2988 | 2989 | #================================================================================= 2990 | # Constants section - modify stuff here: 2991 | 2992 | # Assign script name variable for use in event logging 2993 | $ScriptName = "SCOM.Management.DisableADIntegration.Task.ps1" 2994 | #================================================================================= 2995 | 2996 | # Gather who the script is running as 2997 | $whoami = whoami 2998 | 2999 | #Load the MOMScript API and discovery propertybag 3000 | $momapi = New-Object -comObject "Mom.ScriptAPI" 3001 | 3002 | #Log script event that we are starting task 3003 | $momapi.LogScriptEvent($ScriptName,1321,0, "Starting script. Running as ($whoami)") 3004 | 3005 | # Begin Main Script 3006 | #================================================================================= 3007 | Write-Host "Task Starting. Running as $whoami" 3008 | #Load agent scripting object 3009 | Write-Host "Loading agent scripting objects." 3010 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 3011 | #Disable AD integration 3012 | Write-Host "Disabling AD Integration" 3013 | $AgentCfg.DisableActiveDirectoryIntegration() 3014 | #Restart Agent 3015 | Write-Host "AD Integration Disabled." 3016 | Write-Host "Restarting Agent now." 3017 | #================================================================================= 3018 | # End Main Script 3019 | 3020 | # Restart Agent 3021 | #================================================================================= 3022 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 3023 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 3024 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 3025 | $Process.ShowWindow = 0 3026 | $Process.CreateFlags = 16777216 3027 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 3028 | #================================================================================= 3029 | 3030 | 3031 | 120 3032 | 3033 | 3034 | 3035 | Custom 3036 | 3037 | SCOM.Management.EnableADIntegration.Task.ps1 3038 | 3039 | #================================================================================= 3040 | # Script to enable AD integration 3041 | #================================================================================= 3042 | 3043 | #================================================================================= 3044 | # Constants section - modify stuff here: 3045 | 3046 | # Assign script name variable for use in event logging 3047 | $ScriptName = "SCOM.Management.EnableADIntegration.Task.ps1" 3048 | #================================================================================= 3049 | 3050 | # Gather who the script is running as 3051 | $whoami = whoami 3052 | 3053 | #Load the MOMScript API and discovery propertybag 3054 | $momapi = New-Object -comObject "Mom.ScriptAPI" 3055 | 3056 | #Log script event that we are starting task 3057 | $momapi.LogScriptEvent($ScriptName,1321,0, "Starting script. Running as ($whoami)") 3058 | 3059 | # Begin Main Script 3060 | #================================================================================= 3061 | Write-Host "Task Starting. Running as $whoami" 3062 | #Load agent scripting object 3063 | Write-Host "Loading agent scripting objects." 3064 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 3065 | #Enable AD integration 3066 | Write-Host "Enabling AD Integration" 3067 | $AgentCfg.EnableActiveDirectoryIntegration() 3068 | #Restart Agent 3069 | Write-Host "AD Integration Enabled." 3070 | Write-Host "Restarting Agent now." 3071 | #================================================================================= 3072 | # End Main Script 3073 | 3074 | # Restart Agent 3075 | #================================================================================= 3076 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 3077 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 3078 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 3079 | $Process.ShowWindow = 0 3080 | $Process.CreateFlags = 16777216 3081 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 3082 | #================================================================================= 3083 | 3084 | 3085 | 120 3086 | 3087 | 3088 | 3089 | Custom 3090 | 3091 | Operations Manager 3092 | \\servername\sharename 3093 | 60 3094 | 3095 | 3096 | 3097 | Maintenance 3098 | 3099 | 3100 | 3101 | Custom 3102 | 3103 | %systemroot%\System32\cmd.exe 3104 | 3105 | /c ""c:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe" /A "NT AUTHORITY\SYSTEM"" 3106 | 60 3107 | true 3108 | 3109 | 3110 | 3111 | Custom 3112 | 3113 | %systemroot%\System32\cmd.exe 3114 | 3115 | /c "c:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe" /L 3116 | 60 3117 | true 3118 | 3119 | 3120 | 3121 | Custom 3122 | 3123 | 3124 | 300 3125 | 3126 | 3127 | 3128 | Maintenance 3129 | 3130 | SCOM.Management.InstallSoftwareFromShare.Task.vbs 3131 | "msiexec.exe /p \\servername\sharename\filename /qn" 3132 | 3133 | on error resume next 3134 | 3135 | set oShellEnv = oShell.Environment("Process") 3136 | computerName = oShellEnv("ComputerName") 3137 | 3138 | CommandAndFilePath = WScript.Arguments(0) 3139 | 3140 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 3141 | 3142 | Set objProcess = objWMIService.Get("Win32_Process") 3143 | Set objProgram = objProcess.Methods_( _ 3144 | "Create").InParameters.SpawnInstance_ 3145 | objProgram.CommandLine = CommandAndFilePath 3146 | 3147 | Set strShell = objWMIService.ExecMethod( _ 3148 | "Win32_Process", "Create", objProgram) 3149 | 3150 | Wscript.Echo "Software Install Executed" 3151 | 3152 | 300 3153 | 3154 | 3155 | 3156 | Custom 3157 | 3158 | WorkspaceID 3159 | WorkspaceKey 3160 | 3161 | 0 3162 | 300 3163 | 3164 | 3165 | 3166 | Custom 3167 | 3168 | WorkspaceID 3169 | 300 3170 | 3171 | 3172 | 3173 | Custom 3174 | 3175 | MGNAME 3176 | 60 3177 | 3178 | 3179 | 3180 | Custom 3181 | 3182 | MGNAME 3183 | 60 3184 | 3185 | 3186 | 3187 | Custom 3188 | 3189 | SCOM.Management.RestartHealthService.Task.vbs 3190 | 3191 | 3192 | Option Explicit 3193 | On Error Resume Next 3194 | Dim ScriptName, oAPI, objWMIService, oShell, oShellEnv, computerName, strCommand, objProcess, objProgram, strShell 3195 | 3196 | ScriptName = "SCOM.Management.RestartHealthService.Task.vbs" 3197 | 3198 | 'Load momscript API 3199 | Set oAPI = CreateObject("MOM.ScriptAPI") 3200 | 'Log script event that we are starting 3201 | Call oAPI.LogScriptEvent(ScriptName, 1313, 2, "A command to restart the agent was sent. We will attempt to stop and then restart the Healthservice now.") 3202 | 3203 | 'Begin Healthservice Restart 3204 | Set oShell = WScript.CreateObject("WScript.Shell") 3205 | set oShellEnv = oShell.Environment("Process") 3206 | computerName = oShellEnv("ComputerName") 3207 | 'Echo that we are about to start for task output 3208 | WScript.echo "Beginning Restart attempt for HealthService on " & computerName 3209 | strCommand = "cmd /c net stop HealthService & cmd /c net start HealthService" 3210 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 3211 | Set objProcess = objWMIService.Get("Win32_Process") 3212 | Set objProgram = objProcess.Methods_( _ 3213 | "Create").InParameters.SpawnInstance_ 3214 | objProgram.CommandLine = strCommand 3215 | Set strShell = objWMIService.ExecMethod( _ 3216 | "Win32_Process", "Create", objProgram) 3217 | 'Echo that we are restarting for task output 3218 | WScript.echo "Restarting HealthService on " & computerName 3219 | 'End Healthservice Restart 3220 | 3221 | 60 3222 | 3223 | 3224 | 3225 | Custom 3226 | 3227 | SCOM.Management.RestartHealthServiceHS.Task.vbs 3228 | 3229 | 3230 | Option Explicit 3231 | On Error Resume Next 3232 | Dim ScriptName, oAPI, objWMIService, oShell, oShellEnv, computerName, strCommand, objProcess, objProgram, strShell 3233 | 3234 | ScriptName = "SCOM.Management.RestartHealthServiceHS.Task.vbs" 3235 | 3236 | 'Load momscript API 3237 | Set oAPI = CreateObject("MOM.ScriptAPI") 3238 | 'Log script event that we are starting 3239 | Call oAPI.LogScriptEvent(ScriptName, 1313, 2, "A command to restart the agent was sent. We will attempt to stop and then restart the Healthservice now.") 3240 | 3241 | 'Begin Healthservice Restart 3242 | Set oShell = WScript.CreateObject("WScript.Shell") 3243 | set oShellEnv = oShell.Environment("Process") 3244 | computerName = oShellEnv("ComputerName") 3245 | 'Echo that we are about to start for task output 3246 | WScript.echo "Beginning Restart attempt for HealthService on " & computerName 3247 | strCommand = "cmd /c net stop HealthService & cmd /c net start HealthService" 3248 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 3249 | Set objProcess = objWMIService.Get("Win32_Process") 3250 | Set objProgram = objProcess.Methods_( _ 3251 | "Create").InParameters.SpawnInstance_ 3252 | objProgram.CommandLine = strCommand 3253 | Set strShell = objWMIService.ExecMethod( _ 3254 | "Win32_Process", "Create", objProgram) 3255 | 'Echo that we are restarting for task output 3256 | WScript.echo "Restarting HealthService on " & computerName 3257 | 'End Healthservice Restart 3258 | 3259 | 60 3260 | 3261 | 3262 | 3263 | Custom 3264 | 3265 | ServiceName 3266 | 60 3267 | 3268 | 3269 | 3270 | Custom 3271 | 3272 | 3273 | 60 3274 | 3275 | 3276 | 3277 | Custom 3278 | 3279 | SCOM.Management.SetManuallyInstalledFalse.Task.ps1 3280 | 3281 | #================================================================================= 3282 | # Script to Set HealthService Manually Installed to False 3283 | #================================================================================= 3284 | Param($AgentName) 3285 | 3286 | # $AgentName = "WS2012R2.opsmgr.net" 3287 | 3288 | 3289 | #================================================================================= 3290 | # Constants section - modify stuff here: 3291 | 3292 | # Assign script name variable for use in event logging 3293 | $ScriptName = "SCOM.Management.SetManuallyInstalledFalse.Task.ps1" 3294 | #================================================================================= 3295 | 3296 | # Gather who the script is running as 3297 | $whoami = whoami 3298 | 3299 | #Load the MOMScript API and discovery propertybag 3300 | $momapi = New-Object -comObject "Mom.ScriptAPI" 3301 | 3302 | #Log script event that we are starting task 3303 | $momapi.LogScriptEvent($ScriptName,1317,0, "Starting script. Running as ($whoami)") 3304 | 3305 | # Begin Main Script 3306 | #================================================================================= 3307 | Write-Host "Task Starting. Running as $whoami" 3308 | 3309 | IF ($AgentName) 3310 | { 3311 | Write-Host "Agent Name is ($AgentName)." 3312 | } 3313 | ELSE 3314 | { 3315 | Write-Host "FATAL ERROR: Agent Name was not passed to script. Terminating" 3316 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: Agent Name was not passed to script. Terminating") 3317 | #EXIT 3318 | } 3319 | 3320 | #Connect to SQL 3321 | 3322 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 3323 | $SQLServer = (Get-ItemProperty $SCOMRegKey).DatabaseServerName 3324 | $SQLDBName = (Get-ItemProperty $SCOMRegKey).DatabaseName 3325 | 3326 | $SqlQuery1 = "SELECT IsManuallyInstalled from MT_HealthService WHERE DisplayName = '$AgentName'" 3327 | 3328 | Write-Host "Connecting to SQL. SQL Server: ($SQLServer). SQL DB: ($SQLDBName)." 3329 | 3330 | $SqlConnection = New-Object System.Data.SqlClient.SqlConnection 3331 | $SqlConnection.ConnectionString = "Server=$SQLServer;Database=$SQLDBName;Integrated Security=True" 3332 | $SqlCmd = New-Object System.Data.SqlClient.SqlCommand 3333 | $SqlCmd.CommandText = $SqlQuery1 3334 | $SqlCmd.Connection = $SqlConnection 3335 | $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter 3336 | $SqlAdapter.SelectCommand = $SqlCmd 3337 | $ds = New-Object System.Data.DataSet 3338 | $SqlAdapter.Fill($ds) | Out-Null 3339 | 3340 | $RowCount = $ds.Tables[0].Rows.Count 3341 | 3342 | IF ($RowCount -lt 1) 3343 | { 3344 | Write-Host "FATAL ERROR: We did not retrieve an IsManuallyInstalled value from SQL for ($AgentName). Terminating" 3345 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: We did not retrieve an InsManuallyInstalled value from SQL for ($AgentName). Terminating") 3346 | #EXIT 3347 | } 3348 | 3349 | $IsManInstValue = $ds.Tables[0].Rows[0].IsManuallyInstalled 3350 | 3351 | IF ($IsManInstValue -ne $true) 3352 | { 3353 | Write-Host "FATAL ERROR: IsManuallyInstalled value from SQL for ($AgentName) is ($IsManInstValue). Terminating" 3354 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: IsManuallyInstalled value from SQL for ($AgentName) is ($IsManInstValue). Terminating") 3355 | #EXIT 3356 | } 3357 | 3358 | # Update Table in SQL 3359 | Write-Host "IsManuallyInstalled value found from SQL was ($IsManInstValue). Attempting to Update SQL now." 3360 | 3361 | $SqlQuery2 = "UPDATE MT_HealthService 3362 | SET IsManuallyInstalled=0 WHERE IsManuallyInstalled=1 AND BaseManagedEntityId IN 3363 | (select BaseManagedEntityID from BaseManagedEntity where BaseManagedTypeId = 'AB4C891F-3359-3FB6-0704-075FBFE36710' AND DisplayName = '$AgentName')" 3364 | 3365 | $SqlCmd.CommandText = $SqlQuery2 3366 | $SqlCmd.Connection = $SqlConnection 3367 | $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter 3368 | $SqlAdapter.SelectCommand = $SqlCmd 3369 | $ds = New-Object System.Data.DataSet 3370 | $SqlAdapter.Fill($ds) | Out-Null 3371 | 3372 | # Check value Again 3373 | 3374 | $SqlCmd.CommandText = $SqlQuery1 3375 | $SqlCmd.Connection = $SqlConnection 3376 | $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter 3377 | $SqlAdapter.SelectCommand = $SqlCmd 3378 | $ds = New-Object System.Data.DataSet 3379 | $SqlAdapter.Fill($ds) | Out-Null 3380 | $SqlConnection.Close() 3381 | 3382 | $IsManInstValue = $ds.Tables[0].Rows[0].IsManuallyInstalled 3383 | 3384 | IF ($IsManInstValue -ne $false) 3385 | { 3386 | Write-Host "FATAL ERROR: Attempt to set IsManuallyInstalled value failed. Current value for ($AgentName) is ($IsManInstValue). Terminating" 3387 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: Attempt to set IsManuallyInstalled value failed. Current value for ($AgentName) is ($IsManInstValue). Terminating") 3388 | #EXIT 3389 | } 3390 | 3391 | Write-Host "Successfully set IsManuallyInstalled value. New value for ($AgentName) is ($IsManInstValue)." 3392 | #================================================================================= 3393 | # End Main Script 3394 | 3395 | 3396 | 3397 | AgentName 3398 | $Target/Property[Type="System!System.Entity"]/DisplayName$ 3399 | 3400 | 3401 | 120 3402 | 3403 | 3404 | 3405 | Custom 3406 | 3407 | $Target/Property[Type='SC!Microsoft.SystemCenter.HealthServiceWatcher']/HealthServiceName$ 3408 | 120 3409 | 3410 | 3411 | 3412 | 3413 | 3414 | Custom 3415 | 3416 | 3417 | 3418 | 3419 | 3420 | 3421 | 3422 | 3423 | 3424 | Custom 3425 | 3426 | SCOM.Management.EventLogSecurity.Monitor.Recovery.ps1 3427 | 3428 | #================================================================================= 3429 | # Script to recover the security configuration of the Operations Manager event log 3430 | # 3431 | # Author: Kevin Holman 3432 | # 3433 | # Version: 1.0 3434 | # 3435 | #================================================================================= 3436 | 3437 | 3438 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 3439 | #================================================================================= 3440 | #================================================================================= 3441 | 3442 | 3443 | # Constants section - modify stuff here: 3444 | #================================================================================= 3445 | # Assign script name variable for use in event logging 3446 | $ScriptName = "SCOM.Management.EventLogSecurity.Monitor.Recovery.ps1" 3447 | $EventID = "3800" 3448 | 3449 | $RegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Operations Manager" 3450 | $NewValue = "O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)" 3451 | #================================================================================= 3452 | 3453 | 3454 | # Starting Script section 3455 | #================================================================================= 3456 | # Gather the start time of the script 3457 | $StartTime = Get-Date 3458 | #Set variable to be used in logging events 3459 | $whoami = whoami 3460 | # Load MOMScript API 3461 | $momapi = New-Object -comObject MOM.ScriptAPI 3462 | #================================================================================= 3463 | 3464 | 3465 | # Begin MAIN script section 3466 | #================================================================================= 3467 | #Log script event that we are starting task 3468 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nRecovery script for Operations Manager event log security is starting. `nRunning as ($whoami).") 3469 | write-host "Recovery script for Operations Manager event log security is starting. Running as ($whoami)." 3470 | 3471 | #Get the Event Log Security before modification 3472 | [string]$EvtSecBefore = (Get-ItemProperty -Path $RegPath -Name CustomSD).CustomSD 3473 | 3474 | #Log event 3475 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nThe registry value before modification is: `n($EvtSecBefore). `nSetting new security configuration now.") 3476 | write-host "The registry value before modification is: `n($EvtSecBefore). `nSetting new security configuration now." 3477 | 3478 | #Set new security 3479 | Set-ItemProperty -Path $RegPath -Name CustomSD -Value $NewValue 3480 | 3481 | #Get the Event Log Security after modification 3482 | [string]$EvtSecAfter = (Get-ItemProperty -Path $RegPath -Name CustomSD).CustomSD 3483 | 3484 | #Log event 3485 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nThe registry value after modification is: `n($EvtSecAfter).") 3486 | write-host "The registry value after modification is: `n($EvtSecAfter)." 3487 | 3488 | 3489 | # End of script section 3490 | #================================================================================= 3491 | #Log an event for script ending and total execution time. 3492 | $EndTime = Get-Date 3493 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 3494 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript Completed. `nScript Runtime: ($ScriptTime) seconds.") 3495 | write-host "Script Completed. Script Runtime: ($ScriptTime) seconds." 3496 | #================================================================================= 3497 | # End of script 3498 | 3499 | 240 3500 | 3501 | 3502 | 3503 | 3504 | 3505 | 3506 | 3507 | Res.SCOM.Management.ConsolePing.Task 3508 | ShellHandler 3509 | 3510 | 3511 | %windir%\system32\ping.exe 3512 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 3513 | 3514 | 3515 | 3516 | Res.SCOM.Management.ComputerManagement.Task 3517 | ShellHandler 3518 | 3519 | 3520 | %windir%\system32\mmc.exe 3521 | %windir%\system32\compmgmt.msc 3522 | /computer:$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 3523 | 3524 | 3525 | 3526 | Res.SCOM.Management.RDP.Task 3527 | ShellHandler 3528 | 3529 | 3530 | %windir%\system32\mstsc.exe 3531 | /v: 3532 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ /f 3533 | 3534 | 3535 | 3536 | 3537 | 3538 | Custom 3539 | 3540 | 3541 | 255 3542 | 3543 | 3544 | 3545 | 3546 | Operations 3547 | 3548 | false 3549 | 3550 | 3551 | 3552 | State 3553 | SCOM.Management.Agent.Class-*-7d5bddb4-c5c3-ee48-c42a-4c8d047825d0-*-Health 3554 | 3555 | 3556 | Maintenance Mode 3557 | InMaintenanceMode 3558 | 3559 | 3560 | Name 3561 | Name 3562 | 3563 | 3564 | Path 3565 | Path 3566 | 3567 | 3568 | Display Name 3569 | System.Entity/DisplayName 3570 | 3571 | 3572 | Agent Version 3573 | SCOM.Management.Agent.Class/AgentVersion 3574 | 3575 | 3576 | Update Rollup 3577 | SCOM.Management.Agent.Class/UpdateRollup 3578 | 3579 | 3580 | AD INT Enabled 3581 | SCOM.Management.Agent.Class/ADIntEnabled 3582 | 3583 | 3584 | Management Groups 3585 | SCOM.Management.Agent.Class/ManagementGroups 3586 | 3587 | 3588 | LA Workspaces 3589 | SCOM.Management.Agent.Class/LAWorkspaces 3590 | 3591 | 3592 | PS Installed 3593 | SCOM.Management.Agent.Class/PSInstalled 3594 | 3595 | 3596 | PS VER 3597 | SCOM.Management.Agent.Class/PSVersion 3598 | 3599 | 3600 | CLR.NET VER 3601 | SCOM.Management.Agent.Class/CLRVersion 3602 | 3603 | 3604 | OS Version 3605 | SCOM.Management.Agent.Class/OSVersion 3606 | 3607 | 3608 | OS Name 3609 | SCOM.Management.Agent.Class/OSName 3610 | 3611 | 3612 | Primary MS 3613 | SCOM.Management.Agent.Class/PrimaryMS 3614 | 3615 | 3616 | Failover List 3617 | SCOM.Management.Agent.Class/FailoverList 3618 | 3619 | 3620 | Action Account 3621 | SCOM.Management.Agent.Class/ActionAccount 3622 | 3623 | 3624 | InstallPath 3625 | SCOM.Management.Agent.Class/InstallPath 3626 | 3627 | 3628 | APM Installed 3629 | SCOM.Management.Agent.Class/APMInstalled 3630 | 3631 | 3632 | 3633 | 3634 | 3635 | Operations 3636 | 3637 | false 3638 | 3639 | 3640 | 3641 | State 3642 | SCOM.Management.Server.Class-*-f67c58eb-c269-0b3a-d1ee-8c11bb668210-*-Health 3643 | 3644 | 3645 | Maintenance Mode 3646 | InMaintenanceMode 3647 | 3648 | 3649 | Name 3650 | Name 3651 | 3652 | 3653 | Path 3654 | Path 3655 | 3656 | 3657 | Display Name 3658 | System.Entity/DisplayName 3659 | 3660 | 3661 | Server Version 3662 | SCOM.Management.Server.Class/ServerVersion 3663 | 3664 | 3665 | Server UR Level 3666 | SCOM.Management.Server.Class/ServerURLevel 3667 | 3668 | 3669 | WebConsole Version 3670 | SCOM.Management.Server.Class/WebConsoleVersion 3671 | 3672 | 3673 | WebConsole UR Level 3674 | SCOM.Management.Server.Class/WebConsoleURLevel 3675 | 3676 | 3677 | Console Version 3678 | SCOM.Management.Server.Class/ConsoleVersion 3679 | 3680 | 3681 | Console UR Level 3682 | SCOM.Management.Server.Class/ConsoleURLevel 3683 | 3684 | 3685 | LA Workspaces 3686 | SCOM.Management.Server.Class/LAWorkspaces 3687 | 3688 | 3689 | PS VER 3690 | SCOM.Management.Server.Class/PSVersion 3691 | 3692 | 3693 | CLR.NET VER 3694 | SCOM.Management.Server.Class/CLRVersion 3695 | 3696 | 3697 | OS Version 3698 | SCOM.Management.Server.Class/OSVersion 3699 | 3700 | 3701 | OS Name 3702 | SCOM.Management.Server.Class/OSName 3703 | 3704 | 3705 | Primary MS 3706 | SCOM.Management.Server.Class/PrimaryMS 3707 | 3708 | 3709 | Failover List 3710 | SCOM.Management.Server.Class/FailoverList 3711 | 3712 | 3713 | Action Account 3714 | SCOM.Management.Server.Class/ActionAccount 3715 | 3716 | 3717 | InstallPath 3718 | SCOM.Management.Server.Class/InstallPath 3719 | 3720 | 3721 | 3722 | 3723 | 3724 | Operations 3725 | 3726 | false 3727 | 3728 | 3729 | 3730 | State 3731 | Microsoft.SystemCenter.AgentWatcher-*-3a9dc906-03f3-d5ee-dde3-dd9b9f8d2f9c-*-Health 3732 | 3733 | 3734 | In Maintenance Mode 3735 | InMaintenanceMode 3736 | 3737 | 3738 | Name 3739 | Name 3740 | 3741 | 3742 | Path 3743 | Path 3744 | 3745 | 3746 | Display Name 3747 | System.Entity/DisplayName 3748 | 3749 | 3750 | Health Service ID 3751 | Microsoft.SystemCenter.HealthServiceWatcher/HealthServiceId 3752 | 3753 | 3754 | Health Service Name 3755 | Microsoft.SystemCenter.HealthServiceWatcher/HealthServiceName 3756 | 3757 | 3758 | 3759 | 3760 | 3761 | Operations 3762 | 3763 | false 3764 | 3765 | IsAgent 3766 | 1 3767 | 3768 | 3769 | 3770 | 3771 | State 3772 | Microsoft.SystemCenter.HealthService-*-ab4c891f-3359-3fb6-0704-075fbfe36710-*-Health 3773 | 3774 | 3775 | Maintenance Mode 3776 | InMaintenanceMode 3777 | 3778 | 3779 | Name 3780 | Name 3781 | 3782 | 3783 | Path 3784 | Path 3785 | 3786 | 3787 | Display Name 3788 | System.Entity/DisplayName 3789 | 3790 | 3791 | Authentication Name 3792 | Microsoft.SystemCenter.HealthService/AuthenticationName 3793 | 3794 | 3795 | Maximum Queue Size 3796 | Microsoft.SystemCenter.HealthService/MaximumQueueSize 3797 | 3798 | 3799 | Maximum Size Of All Transferred Files 3800 | Microsoft.SystemCenter.HealthService/MaximumSizeOfAllTransferredFiles 3801 | 3802 | 3803 | Request Compression 3804 | Microsoft.SystemCenter.HealthService/RequestCompression 3805 | 3806 | 3807 | Create Listener 3808 | Microsoft.SystemCenter.HealthService/CreateListener 3809 | 3810 | 3811 | Port 3812 | Microsoft.SystemCenter.HealthService/Port 3813 | 3814 | 3815 | Is Root Health Service Emulator 3816 | Microsoft.SystemCenter.HealthService/IsRHS 3817 | 3818 | 3819 | Is Management Server 3820 | Microsoft.SystemCenter.HealthService/IsManagementServer 3821 | 3822 | 3823 | Is Agent 3824 | Microsoft.SystemCenter.HealthService/IsAgent 3825 | 3826 | 3827 | Is Gateway 3828 | Microsoft.SystemCenter.HealthService/IsGateway 3829 | 3830 | 3831 | Is Manually Installed 3832 | Microsoft.SystemCenter.HealthService/IsManuallyInstalled 3833 | 3834 | 3835 | Installed By 3836 | Microsoft.SystemCenter.HealthService/InstalledBy 3837 | 3838 | 3839 | Install Time 3840 | Microsoft.SystemCenter.HealthService/InstallTime 3841 | 3842 | 3843 | Version 3844 | Microsoft.SystemCenter.HealthService/Version 3845 | 3846 | 3847 | Action Account Identity 3848 | Microsoft.SystemCenter.HealthService/ActionAccountIdentity 3849 | 3850 | 3851 | Send Heartbeats to Management Servers 3852 | Microsoft.SystemCenter.HealthService/HeartbeatEnabled 3853 | 3854 | 3855 | Heartbeat Interval (seconds) 3856 | Microsoft.SystemCenter.HealthService/HeartbeatInterval 3857 | 3858 | 3859 | Managed Through Active Directory 3860 | Microsoft.SystemCenter.HealthService/ActiveDirectoryManaged 3861 | 3862 | 3863 | Proxying Enabled 3864 | Microsoft.SystemCenter.HealthService/ProxyingEnabled 3865 | 3866 | 3867 | Patch List 3868 | Microsoft.SystemCenter.HealthService/PatchList 3869 | 3870 | 3871 | Agent communication protocol 3872 | Microsoft.SystemCenter.HealthService/Protocol 3873 | 3874 | 3875 | Agent initiates connection to parent agents 3876 | Microsoft.SystemCenter.HealthService/InitiatesConnectionToParent 3877 | 3878 | 3879 | Authentication service URI 3880 | Microsoft.SystemCenter.HealthService/ThirdPartyAuthenticationUri 3881 | 3882 | 3883 | User Action Manager 3884 | Microsoft.SystemCenter.UserActionManager 3885 | 3886 | 3887 | Agent Manager 3888 | Microsoft.SystemCenter.AgentManager 3889 | 3890 | 3891 | Crash Listener 3892 | Microsoft.SystemCenter.CM.AEM.CrashListener 3893 | 3894 | 3895 | CEIP Data Listener Instance 3896 | Microsoft.SystemCenter.CM.SQM.SQMListener 3897 | 3898 | 3899 | 3900 | 3901 | 3902 | Operations 3903 | 3904 | false 3905 | 3906 | 3907 | 3908 | State 3909 | Microsoft.SystemCenter.UserActionManager-*-1a9742b2-cf8d-5ddf-f6bd-0fbb1c5a5565-*-Health 3910 | 3911 | 3912 | Maintenance Mode 3913 | InMaintenanceMode 3914 | 3915 | 3916 | Name 3917 | Name 3918 | 3919 | 3920 | Path 3921 | Path 3922 | 3923 | 3924 | Display Name 3925 | System.Entity/DisplayName 3926 | 3927 | 3928 | Target Device Principal Name 3929 | Microsoft.SystemCenter.UserActionManager/TargetDevicePrincipalName 3930 | 3931 | 3932 | Target Device Network Name 3933 | Microsoft.SystemCenter.UserActionManager/TargetDeviceNetworkName 3934 | 3935 | 3936 | Primary Management Server 3937 | Microsoft.SystemCenter.UserActionManager/ManagementServerName 3938 | 3939 | 3940 | Pending State Type 3941 | Microsoft.SystemCenter.UserActionManager/PendingStateType 3942 | 3943 | 3944 | Last Modified Time 3945 | Microsoft.SystemCenter.UserActionManager/LastModified 3946 | 3947 | 3948 | Failure Type 3949 | Microsoft.SystemCenter.UserActionManager/FailureType 3950 | 3951 | 3952 | 3953 | 3954 | 3955 | 3956 | 3957 | 3958 | 3959 | 3960 | 3961 | 3962 | 3963 | 3964 | 3965 | 3966 | 3967 | 3968 | 3969 | 3970 | 3971 | 3972 | 3973 | 3974 | SCOM Management 3975 | This is a SCOM Management MP to collect data on agents and servers and provide tasks which are useful for management and administration -- Kevin Holman 3976 | 3977 | 3978 | Management Group - ADD 3979 | 3980 | 3981 | Management Group - ADD 3982 | 3983 | 3984 | SCOM Agent Management Class 3985 | 3986 | 3987 | SCOM Management Agent Class Discovery 3988 | 3989 | 3990 | SCOM Management Agent PowerShell Properties Discovery 3991 | 3992 | 3993 | Action Account 3994 | 3995 | 3996 | AD INT Enabled 3997 | 3998 | 3999 | Agent Version 4000 | 4001 | 4002 | APM Installed 4003 | 4004 | 4005 | Architecture 4006 | 4007 | 4008 | CertExpires 4009 | 4010 | 4011 | CertIssuer 4012 | 4013 | 4014 | CertLoaded 4015 | 4016 | 4017 | CLR.NET VER 4018 | 4019 | 4020 | Connection 4021 | 4022 | 4023 | .NET Version 4024 | 4025 | 4026 | Failover List 4027 | 4028 | 4029 | InstallPath 4030 | 4031 | 4032 | IP 4033 | 4034 | 4035 | Management Groups 4036 | 4037 | 4038 | Log Analytics Workspaces 4039 | 4040 | 4041 | OS Name 4042 | 4043 | 4044 | OS Version 4045 | 4046 | 4047 | Primary MS 4048 | 4049 | 4050 | ProxyURL 4051 | 4052 | 4053 | PS Installed 4054 | 4055 | 4056 | PS VER 4057 | 4058 | 4059 | Cert ThumbPrint 4060 | 4061 | 4062 | Update Rollup 4063 | 4064 | 4065 | Agent - DELETE 4066 | 4067 | 4068 | SCOM Agents 4069 | 4070 | 4071 | Test Alerts 4072 | 4073 | 4074 | Approve Pending Agent 4075 | 4076 | 4077 | SCOM Management Base Class 4078 | 4079 | 4080 | Computer Management 4081 | 4082 | 4083 | Ping 4084 | 4085 | 4086 | Create Test Event 4087 | 4088 | 4089 | Agent - DELETE 4090 | 4091 | 4092 | Agent - AD INT DISABLE 4093 | 4094 | 4095 | Agent - AD INT ENABLE 4096 | 4097 | 4098 | SCOM EventLogSecurity Network Service Elevation of Privilege Monitor 4099 | 4100 | 4101 | EventLogSecurityGood 4102 | 4103 | 4104 | EventLogSecurityBad 4105 | 4106 | 4107 | Export Event Log 4108 | 4109 | 4110 | Healthservice - FLUSH 4111 | 4112 | 4113 | SCOM HealthService 4114 | 4115 | 4116 | SCOM HealthService Watcher 4117 | 4118 | 4119 | HSLockDown - Add SYSTEM 4120 | 4121 | 4122 | HSLockDown - LIST Accounts 4123 | 4124 | 4125 | Agent - INSTALL 4126 | 4127 | 4128 | Execute Software From Share 4129 | 4130 | 4131 | Log Analytics Workspace - ADD 4132 | 4133 | 4134 | Log Analytics Workspace - REMOVE 4135 | 4136 | 4137 | SCOM Pending Actions 4138 | 4139 | 4140 | Remote Desktop 4141 | 4142 | 4143 | Management Group - REMOVE 4144 | 4145 | 4146 | Management Group - REMOVE 4147 | 4148 | 4149 | Healthservice - RESTART 4150 | 4151 | 4152 | Healthservice - RESTART 4153 | 4154 | 4155 | Execute any Service Restart 4156 | 4157 | 4158 | SCOM Management 4159 | 4160 | 4161 | Execute any PowerShell 4162 | 4163 | 4164 | SCOM Server Management Class 4165 | 4166 | 4167 | SCOM Management Server Class Discovery 4168 | 4169 | 4170 | SCOM Management Server PowerShell Properties Discovery 4171 | 4172 | 4173 | Action Account 4174 | 4175 | 4176 | CertExpires 4177 | 4178 | 4179 | CertIssuer 4180 | 4181 | 4182 | CertLoaded 4183 | 4184 | 4185 | CLR.NET VER 4186 | 4187 | 4188 | Console UR Level 4189 | 4190 | 4191 | Console Version 4192 | 4193 | 4194 | .NET Version 4195 | 4196 | 4197 | Failover List 4198 | 4199 | 4200 | InstallPath 4201 | 4202 | 4203 | SQL MSOLEDBSQL 4204 | 4205 | 4206 | Log Analytics Workspaces 4207 | 4208 | 4209 | OS Name 4210 | 4211 | 4212 | OS Version 4213 | 4214 | 4215 | Primary MS 4216 | 4217 | 4218 | PS VER 4219 | 4220 | 4221 | Server UR Level 4222 | 4223 | 4224 | Server Version 4225 | 4226 | 4227 | Cert ThumbPrint 4228 | 4229 | 4230 | TLS 1.2 Registry Enforced 4231 | 4232 | 4233 | SQL ODBC 4234 | 4235 | 4236 | WebConsole UR Level 4237 | 4238 | 4239 | WebConsole Version 4240 | 4241 | 4242 | SCOM Servers 4243 | 4244 | 4245 | SET IsManuallyInstalled to FALSE 4246 | 4247 | 4248 | SCOM Management Alert on Test Event 100 Rule 4249 | 4250 | 4251 | Test Alert on Test Event 100 4252 | This is a test alert fired by event ID 100: 4253 | Event Description: 4254 | {0} 4255 | 4256 | 4257 | Agent - DELETE 4258 | 4259 | 4260 | 4261 | 4262 | 4263 | 4264 | Summary 4265 | This monitor inspects the Operations Manager Event log security access, and is unhealthy when Network Service is detected to have a high level of priviledge. 4266 | The monitor inspects the registry at HKLM:SYSTEM\CurrentControlSet\Services\EventLog\Operations Manager\CustomSD 4267 | If the string (A;;0x3;;;NU) is found, this means Network Service has a high level of rights and should be removed per KB4601269. 4268 | See: 4269 | https://support.microsoft.com/en-us/topic/update-for-event-log-channel-in-system-center-operations-manager-2019-kb4601269-19bfccbe-dbda-1371-9871-f2a32157028a 4270 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1728 4271 | 4272 | 4273 | 4274 | 4275 | 4276 | 4277 | 4278 | 4279 | 4280 | 4281 | 4282 | --------------------------------------------------------------------------------