├── README.md └── SCOM.Management.xml /README.md: -------------------------------------------------------------------------------- 1 | # SCOM.Management 10.25.10132.5 2 | 3 | ## [Download Here][Download] 4 | 5 | [Download]: https://github.com/thekevinholman/SCOM.Management/archive/master.zip 6 | 7 | 8 | SCOM - Management Pack to discover properties and add tasks to make SCOM Admins life easier 9 | 10 | https://kevinholman.com/2017/05/09/scom-management-mp-making-a-scom-admins-life-a-little-easier/ 11 | 12 | Version History: 13 | * 10.25.10132.5 - Changed method to detect OS Name to support Windows 11 OS. Added Agent Version detection of deprecated Azure MMA 10.20.* agents. 14 | * 10.25.10132.2 - Added support for SCOM 2022 UR3. 15 | * 10.25.10132.1 - Added support for SCOM 2019 post UR6 hotfix KB5037360 on Gateway. 16 | * 10.25.10132.0 - Added support for SCOM 2025. Truncated FQDN from Primary MS and FailoverList for agents to reduce character count. 17 | * 10.22.10684.0 - Added support for SCOM 2019 UR6. Added support for post UR hotfixes KB5029601, KB5029512, KB5028684, KB5033752, KB5037360 18 | * 10.22.10610.0 - Added support for SCOM 2022 UR2. Updated MSOLEDBSQL and ODBC driver detection. Removed SQL Client detection. Changed OMS references to Log Analytics 19 | * 10.22.10337.2 - Added support for SCOM 2019 UR5 20 | * 10.22.10337.1 - Added support for SCOM 2022 UR1 21 | * 10.22.10118.4 - Added support for SCOM 2019 UR4 plus KB5016576 Console Hotfix updated release 22 | * 10.22.10118.3 - Added support for SCOM 2019 UR4 plus KB5016576 Console Hotfix 23 | * 10.22.10118.2 - Added support for SCOM 2019 UR4 24 | * 10.22.10118.1 - Fixed bug in Agent version discovery. 25 | * 10.22.10118.0 - Added support for SCOM 2022 and fixed bug in detection of Health Service State disk drive. 26 | * 10.19.10552.1 - Added support for detection of KB5005527 on GW and Agents 27 | * 10.19.10552.0 - Added support for KB5006871 and KB5005527 28 | * 10.19.10505.0 - Added support for SCOM 2019 UR3 29 | * 10.19.10407.5 - Added monitor for KB4601269 Event Log Security which was released as a post-UR2 hotfix 30 | * 10.19.10407.3 - Fixed issue getting Agent version when SCOM agent path in registry is incorrect. Added .NET version property. Added MSOLEDBSQL Property. 31 | * 10.19.10407.2 - Added support for SCOM 2016 UR10. Added task to approve agent pending actions 32 | * 10.19.10407.1 - Minor bug fix with quotation marks 33 | * 10.19.10407.0 – Added support for SCOM 2019 UR2 34 | * 10.19.10349.0 – Added support for SCOM 2019 Post UR1 Hotfix. Fixed bug when a management server config file is huge and the script runs out of resources getting XML content. 35 | * 10.19.10311.2 – Added support for SCOM 2016 UR9 36 | * 10.19.10311.0 – Added support for SCOM 2019 UR1 37 | * 7.0.0.66 – Added support for SCOM 2016 UR8, and added support for US Government Cloud Type for onboarding Log Analytics direct agent configuration (OMS Workspace) 38 | * 7.0.0.65 – Added support for SCOM 2016 UR7 39 | * 7.0.0.64 – Added support for SCOM 2019 RTM 40 | * 7.0.0.63 – Added tasks for HSLockdown, Added preliminary support for SCOM 2019 41 | * 7.0.0.62 – Fixed bugs for UR6 display, Added properties for certificates such as expiration, thumbprint, issuer 42 | * 7.0.0.59 – Added support for SCOM UR6 43 | * 7.0.0.58 – Added IP address and Port availability check 44 | * 7.0.0.54 – Added OS/CPU Architecture property 45 | * 7.0.0.53 – Updated for TLS 1.2 support 46 | * 7.0.0.51 – Updated for SCOM 2016 UR5 47 | * 7.0.0.50 – Updated for SCOM 2012 R2 UR14 48 | * 7.0.0.47 – Updated to support discovery of SCOM 2016 UR4 49 | * 7.0.0.46 – Updated server properties discovery to properly detect UR level on Gateways 50 | * 7.0.0.45 – Bug fixes, Added properties for OMS, Added tasks for OMS, Changes to views based on customer requests 51 | * 7.0.0.42 – Added discovery for OMS proxy, Added tasks for OMS Workspace ADD and REMOVE, Minor bug fixes to Agent Properties powershell discovery. 52 | * 7.0.0.33 – Added APM installed discovery to find agents that need NOAPM reinstall, Added Tasks for Agent Delete, and Set IsManualyInstalled to false, Added view for HealthService objects 53 | * 7.0.0.27 – Added AD Integration discovered property and tasks to enable/disable AD integration 54 | * 7.0.0.20 – Renamed Views, Added Health Service Watcher View, Added Agent install and delete tasks, Added install path property 55 | * 7.0.0.4 – Major Re-write to include Server Roles, add OMS workspaces, UR levels 56 | * 1.0.0.77 – Updated OS Version discovery to PowerShell to better handle WS2016 and Windows 10 57 | * 1.0.0.75 – Updated to support SCOM 2012R2 UR13 and SCOM 2016 UR3 in update rollup discovery 58 | * 1.0.0.73 – Corrected minor bug in script names in export event log task 59 | * 1.0.0.72 – Updated with additional properties and dual versions for safer tasks. 60 | * 1.0.0.65 – Initial Release 61 | -------------------------------------------------------------------------------- /SCOM.Management.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | SCOM.Management 5 | 10.25.10132.5 6 | 7 | SCOM.Management 8 | 9 | 10 | Microsoft.Windows.Library 11 | 7.5.8501.0 12 | 31bf3856ad364e35 13 | 14 | 15 | System.Library 16 | 7.5.8501.0 17 | 31bf3856ad364e35 18 | 19 | 20 | Microsoft.SystemCenter.Library 21 | 7.0.8433.0 22 | 31bf3856ad364e35 23 | 24 | 25 | System.Health.Library 26 | 7.0.8433.0 27 | 31bf3856ad364e35 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | SCOM.Management.AddManagementGroup.WA.ps1 105 | 106 | #================================================================================= 107 | # Script to ADD a SCOM Management Group to an Agent 108 | #================================================================================= 109 | param([string]$MGName,[string]$MSName) 110 | 111 | 112 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 113 | #================================================================================= 114 | # $MGName = "SCOM TEST" 115 | # $MSName = "SCOMServer1.domain.com" 116 | #================================================================================= 117 | 118 | 119 | # Constants section - modify stuff here: 120 | #================================================================================= 121 | # Assign script name variable for use in event logging 122 | $ScriptName = "SCOM.Management.AddManagementGroup.WA.ps1" 123 | $EventID = "1310" 124 | #================================================================================= 125 | 126 | 127 | # Starting Script section 128 | #================================================================================= 129 | # Gather who the script is running as 130 | $whoami = whoami 131 | #Load the MOMScript API and discovery propertybag 132 | $momapi = New-Object -comObject "Mom.ScriptAPI" 133 | #================================================================================= 134 | 135 | 136 | # Begin Main Script 137 | #================================================================================= 138 | #Log event that we are starting task 139 | $momapi.LogScriptEvent($ScriptName,$EventID,0, "`nStarting script. `nRunning as ($whoami)") 140 | Write-Host "Task Starting. Running as ($whoami)" 141 | 142 | # Check if this is running on a SCOM Management Server or Gateway and stop if it is 143 | $SCOMServerRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups" 144 | IF (Test-Path $SCOMServerRegKey) 145 | { 146 | # This is a management server. STOP 147 | $momapi.LogScriptEvent($ScriptName,$EventID,1,"`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `n Terminating script.") 148 | Write-Host "`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `nTerminating script." -ForegroundColor Red 149 | EXIT 150 | } 151 | 152 | #Load agent scripting object 153 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 154 | 155 | Write-Host "Adding Management Group ($MGName)" 156 | $Error.Clear() 157 | 158 | TRY 159 | { 160 | $AgentCfg.AddManagementGroup("$MGName","$MSName",5723) 161 | } 162 | CATCH 163 | { 164 | Write-Host "ERROR adding Management group. Error is: ($Error)." 165 | EXIT 166 | } 167 | 168 | Write-Host "Management Group ($MGName) Added." 169 | #Restart Agent 170 | Write-Host "Restarting Agent now...." 171 | #================================================================================= 172 | # End Main Script 173 | 174 | # Restart Agent 175 | #================================================================================= 176 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 177 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 178 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 179 | $Process.ShowWindow = 0 180 | $Process.CreateFlags = 16777216 181 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 182 | #================================================================================= 183 | 184 | 185 | 186 | MGName 187 | $Config/MGName$ 188 | 189 | 190 | MSName 191 | $Config/MSName$ 192 | 193 | 194 | $Config/TimeoutSeconds$ 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | System!System.BaseData 203 | System!System.BaseData 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | SCOM.Management.RemoveManagementGroup.WA.ps1 219 | 220 | #================================================================================= 221 | # Script to REMOVE a SCOM Management Group from an Agent 222 | #================================================================================= 223 | param([string]$MGName) 224 | 225 | 226 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 227 | #================================================================================= 228 | # $MGName = "SCOM TEST" 229 | #================================================================================= 230 | 231 | 232 | # Constants section - modify stuff here: 233 | #================================================================================= 234 | # Assign script name variable for use in event logging 235 | $ScriptName = "SCOM.Management.RemoveManagementGroup.WA.ps1" 236 | $EventID = "1310" 237 | #================================================================================= 238 | 239 | 240 | # Starting Script section 241 | #================================================================================= 242 | # Gather who the script is running as 243 | $whoami = whoami 244 | #Load the MOMScript API and discovery propertybag 245 | $momapi = New-Object -comObject "Mom.ScriptAPI" 246 | #================================================================================= 247 | 248 | 249 | # Begin Main Script 250 | #================================================================================= 251 | #Log event that we are starting task 252 | $momapi.LogScriptEvent($ScriptName,$EventID,0, "`nStarting script. `nRunning as ($whoami)") 253 | Write-Host "Task Starting. Running as ($whoami)" 254 | 255 | # Check if this is running on a SCOM Management Server or Gateway and stop if it is 256 | $SCOMServerRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups" 257 | IF (Test-Path $SCOMServerRegKey) 258 | { 259 | # This is a management server. STOP 260 | $momapi.LogScriptEvent($ScriptName,$EventID,1,"`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `n Terminating script.") 261 | Write-Host "`nFATAL ERROR: SCOM Server Role Detected. `nThis script should not run on Management Servers or Gateways `nTerminating script." -ForegroundColor Red 262 | EXIT 263 | } 264 | 265 | #Load agent scripting object 266 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 267 | 268 | Write-Host "Removing Management Group ($MGName)" 269 | $Error.Clear() 270 | 271 | TRY 272 | { 273 | $AgentCfg.RemoveManagementGroup("$MGName") 274 | } 275 | CATCH 276 | { 277 | Write-Host "ERROR removing Management group. Error is: ($Error)." 278 | EXIT 279 | } 280 | 281 | Write-Host "Management Group ($MGName) Removed." 282 | #Restart Agent 283 | Write-Host "Restarting Agent now...." 284 | #================================================================================= 285 | # End Main Script 286 | 287 | # Restart Agent 288 | #================================================================================= 289 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 290 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 291 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 292 | $Process.ShowWindow = 0 293 | $Process.CreateFlags = 16777216 294 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 295 | #================================================================================= 296 | 297 | 298 | 299 | MGName 300 | $Config/MGName$ 301 | 302 | 303 | $Config/TimeoutSeconds$ 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | System!System.BaseData 312 | System!System.BaseData 313 | 314 | 315 | 316 | 317 | 318 | B253A4FA-71BE-4F5D-94D5-A46B0D2505AA 319 | 320 | 321 | System!System.BaseData 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | SCOM.Management.RestartService.WA.ps1 337 | 338 | #================================================================================= 339 | # Script to restart services via PowerShell 340 | #================================================================================= 341 | param($ServiceName) 342 | 343 | # For testing discovery manually in PowerShell: 344 | # $ServiceName = "xspooler" 345 | 346 | #================================================================================= 347 | # Constants section - modify stuff here: 348 | 349 | # Assign script name variable for use in event logging 350 | $ScriptName = "SCOM.Management.RestartService.WA.ps1" 351 | #================================================================================= 352 | 353 | # Gather script start time 354 | $StartTime = Get-Date 355 | 356 | # Gather who the script is running as 357 | $whoami = whoami 358 | 359 | #Load the MOMScript API and discovery propertybag 360 | $momapi = New-Object -comObject "Mom.ScriptAPI" 361 | 362 | #Log script event that we are starting task 363 | $momapi.LogScriptEvent($ScriptName,1315,0, "Starting script. Running as ($whoami)") 364 | 365 | # Begin Main Script 366 | #================================================================================= 367 | $Services = Get-Service $ServiceName 368 | IF (!$Services) 369 | { 370 | #Log script event that we are starting task 371 | $momapi.LogScriptEvent($ScriptName,1315,2, "Service ($ServiceName) not found. Error is ($error)") 372 | EXIT 373 | } 374 | ELSE 375 | { 376 | Write-Host "Attempting to restart service: " $ServiceName 377 | Restart-Service $Services -PassThru 378 | } 379 | 380 | # Log an event for script ending and total execution time. 381 | $EndTime = Get-Date 382 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 383 | $momapi.LogScriptEvent($ScriptName,1315,0,"`n Script has completed. `n Service ($ServiceName) was restarted. `n Runtime was ($ScriptTime) seconds.") 384 | 385 | 386 | 387 | ServiceName 388 | $Config/ServiceName$ 389 | 390 | 391 | $Config/TimeoutSeconds$ 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | System!System.BaseData 400 | System!System.BaseData 401 | 402 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | 411 | 412 | 413 | 414 | 415 | 416 | 417 | SCOM.Management.ExportEventLog.WA.ps1 418 | 419 | #================================================================================= 420 | # Script to Export Event log to a Share via PowerShell 421 | #================================================================================= 422 | param($LogName,$SharePath) 423 | 424 | # For testing discovery manually in PowerShell: 425 | # $LogName = "Operations Manager" 426 | # $SharePath = "\\server\logbackup" 427 | 428 | #================================================================================= 429 | # Constants section - modify stuff here: 430 | 431 | # Assign script name variable for use in event logging 432 | $ScriptName = "SCOM.Management.ExportEventLog.WA.ps1" 433 | #================================================================================= 434 | 435 | # Gather script start time 436 | $StartTime = Get-Date 437 | 438 | # Gather who the script is running as 439 | $whoami = whoami 440 | 441 | #Load the MOMScript API and discovery propertybag 442 | $momapi = New-Object -comObject "Mom.ScriptAPI" 443 | 444 | #Log script event that we are starting task 445 | $momapi.LogScriptEvent($ScriptName,1319,0, "Starting script. Running as ($whoami)") 446 | 447 | # Begin Main Script 448 | #================================================================================= 449 | $ComputerName = $env:computername 450 | 451 | $LogNameStr = $LogName.Replace("/","-") 452 | 453 | $TimeStamp = Get-Date -Format "MM-dd-yyyy" 454 | wevtutil epl $LogName "$SharePath\$ComputerName $LogNameStr $TimeStamp.evtx" /overwrite:true 455 | 456 | # Log an event for script ending and total execution time. 457 | $EndTime = Get-Date 458 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 459 | $momapi.LogScriptEvent($ScriptName,1319,0,"`n Script has completed. `n Runtime was ($ScriptTime) seconds.") 460 | 461 | 462 | 463 | LogName 464 | $Config/LogName$ 465 | 466 | 467 | SharePath 468 | $Config/SharePath$ 469 | 470 | 471 | $Config/TimeoutSeconds$ 472 | 473 | 474 | 475 | 476 | 477 | 478 | 479 | System!System.BaseData 480 | System!System.BaseData 481 | 482 | 483 | 484 | 485 | 486 | 487 | 488 | 489 | 490 | 491 | 492 | 493 | 494 | 495 | SCOM.Management.RunAnyPowerShell.WA.ps1 496 | $Config/ScriptBody$ 497 | 498 | $Config/TimeoutSeconds$ 499 | 500 | 501 | 502 | 503 | 504 | 505 | 506 | System!System.BaseData 507 | System!System.BaseData 508 | 509 | 510 | 511 | 512 | 513 | 514 | 515 | 516 | 517 | 518 | 519 | 520 | 521 | 522 | SCOM.Management.DeleteAgent.WA.ps1 523 | 524 | #================================================================================= 525 | # Script to delete agents via PowerShell 526 | # 527 | # This script will delete agents using the SDK binaries and .NET based SDK commands 528 | # Takes a single parameter of a computer FQDN 529 | # Should be run on a management server 530 | # 531 | # v 1.0 532 | #================================================================================= 533 | param($AgentName) 534 | 535 | # For testing manually in PowerShell: 536 | # $AgentName = 'WS2012.opsmgr.net' 537 | 538 | #================================================================================= 539 | # Constants section - modify stuff here: 540 | 541 | # Assign script name variable for use in event logging 542 | $ScriptName = "SCOM.Management.DeleteAgent.WA.ps1" 543 | #================================================================================= 544 | 545 | # Gather script start time 546 | $StartTime = Get-Date 547 | 548 | # Gather who the script is running as 549 | $whoami = whoami 550 | 551 | #Load the MOMScript API and discovery propertybag 552 | $momapi = New-Object -comObject "Mom.ScriptAPI" 553 | 554 | #Log script event that we are starting task 555 | $momapi.LogScriptEvent($ScriptName,1016,0, "Starting script. AgentName is ($AgentName). Running as ($whoami)") 556 | 557 | # Begin Main Script 558 | #================================================================================= 559 | # Get SCOM directory for binaries 560 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 561 | $SCOMPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory 562 | $SCOMPath = $SCOMPath.TrimEnd("\") 563 | $SCOMSDKPath = "$SCOMPath\SDK Binaries" 564 | 565 | #Load SDK binaries 566 | $dummy = [System.Reflection.Assembly]::LoadFrom("$SCOMSDKPath\Microsoft.EnterpriseManagement.Core.dll") 567 | $dummy = [System.Reflection.Assembly]::LoadFrom("$SCOMSDKPath\Microsoft.EnterpriseManagement.OperationsManager.dll") 568 | $dummy = [System.Reflection.Assembly]::LoadFrom("$SCOMSDKPath\Microsoft.EnterpriseManagement.Runtime.dll") 569 | 570 | # Connect to management group 571 | $MG = [Microsoft.EnterpriseManagement.ManagementGroup]::Connect("localhost") 572 | $Admin = $MG.GetAdministration() 573 | 574 | # Define generic collection list which is required parameter for the SDK delete command 575 | $AgentManagedComputerType = [Microsoft.EnterpriseManagement.Administration.AgentManagedComputer]; 576 | $GenericListType = [System.Collections.Generic.List``1] 577 | $GenericList = $GenericListType.MakeGenericType($AgentManagedComputerType) 578 | $AMCList = new-object $GenericList.FullName 579 | 580 | # Get the AgentManagedComputer from the name in the most efficient way possible 581 | # This SDK method does not require the performance hit of Get-SCOMAgent or looping through each agent to find the right one 582 | Write-Host "Getting agent details for agent: ($AgentName)" 583 | $query = "Name= '$AgentName'" 584 | $AgentCriteria = New-Object Microsoft.EnterpriseManagement.Administration.AgentManagedComputerCriteria($query) 585 | $Agent = ($Admin.GetAgentManagedComputers($AgentCriteria))[0] 586 | $AgentCount = $Agent.Count 587 | 588 | # Log messages to console 589 | IF ($AgentCount -eq 1) 590 | { 591 | $AgentDisplayName = $Agent.DisplayName 592 | Write-Host "Found agent: ($AgentDisplayName)" 593 | } 594 | ELSE 595 | { 596 | Write-Host "ERROR: An Agent with name ($AgentName) not found!" 597 | Write-Host "Terminating" 598 | $momapi.LogScriptEvent($ScriptName,1016,2,"`n ERROR: Agent not found with agent name ($AgentName). Terminating script") 599 | EXIT 600 | } 601 | 602 | # Add our agent to the collection 603 | $AMCList.Add($Agent) 604 | 605 | # Delete the agent in the collection 606 | Write-Host "Deleting Agent" 607 | $Admin.DeleteAgentManagedComputers($AMCList) 608 | Write-Host "Agent Deleted" 609 | #================================================================================= 610 | # End Main Script 611 | 612 | 613 | # Log an event for script ending and total execution time. 614 | $EndTime = Get-Date 615 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 616 | $momapi.LogScriptEvent($ScriptName,1016,0,"`n Script has completed. `n Deleted ($AgentName). `n Runtime is ($ScriptTime) seconds.") 617 | 618 | 619 | 620 | AgentName 621 | $Config/AgentName$ 622 | 623 | 624 | $Config/TimeoutSeconds$ 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | System!System.BaseData 633 | System!System.BaseData 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 | 646 | 647 | 648 | SCOM.Management.InstallAgent.WA.ps1 649 | 650 | #================================================================================= 651 | # Script to Push Install SCOM agents via PowerShell 652 | # 653 | # Takes a single parameter of a computer FQDN 654 | # Should be run on a management server 655 | # 656 | # v 1.0 657 | #================================================================================= 658 | param($AgentName) 659 | 660 | # For testing manually in PowerShell: 661 | # $AgentName = 'WS2012.opsmgr.net' 662 | 663 | #================================================================================= 664 | # Constants section - modify stuff here: 665 | 666 | # Assign script name variable for use in event logging 667 | $ScriptName = "SCOM.Management.InstallAgent.WA.ps1" 668 | #================================================================================= 669 | 670 | # Gather script start time 671 | $StartTime = Get-Date 672 | 673 | # Gather who the script is running as 674 | $whoami = whoami 675 | 676 | #Load the MOMScript API and discovery propertybag 677 | $momapi = New-Object -comObject "Mom.ScriptAPI" 678 | 679 | #Log script event that we are starting task 680 | $momapi.LogScriptEvent($ScriptName,1017,0, "Starting script. AgentName is ($AgentName). Running as ($whoami)") 681 | 682 | #Connect to local SCOM Management Group Section 683 | #================================================================================= 684 | # Clear any previous errors 685 | if($Error) 686 | { 687 | $Error.Clear() 688 | } 689 | 690 | # Import the OperationsManager PowerShell module and connect to the management group 691 | Try 692 | { 693 | $SCOMPowerShellKey = "HKLM:\SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\Powershell\V2" 694 | $SCOMModulePath = Join-Path (Get-ItemProperty $SCOMPowerShellKey).InstallDirectory "OperationsManager" 695 | Import-module $SCOMModulePath 696 | } 697 | Catch 698 | { 699 | $momapi.LogScriptEvent($ScriptName,1017,2, "Unable to load the OperationsManager module, Error is: $error") 700 | } 701 | Try 702 | { 703 | New-DefaultManagementGroupConnection 704 | } 705 | Catch 706 | { 707 | $momapi.LogScriptEvent($ScriptName,1017,2, "Unable to connect to the management server. Error when calling New-DefaultManagementGroupConnection. Error is: $error") 708 | } 709 | #================================================================================= 710 | 711 | 712 | # Begin Main Script 713 | #================================================================================= 714 | # Get local SCOM management server name 715 | $LocalHost = [System.Net.Dns]::GetHostEntry([string]$env:computername).HostName 716 | Write-Host "Running on management server ($LocalHost)" 717 | Write-Host "Getting Management Server object" 718 | # Get SCOM Management Server object 719 | $PrimaryMgmtServer = Get-SCOMManagementServer -Name $LocalHost 720 | Write-Host "Attempting to Install Agent" 721 | # Clear any previous errors 722 | if($Error) 723 | { 724 | $Error.Clear() 725 | } 726 | # Install SCOM Agent 727 | Install-SCOMAgent -DNSHostName $AgentName -PrimaryManagementServer $PrimaryMgmtServer 728 | if($Error) 729 | { 730 | Write-Host "Error ocurred: ($Error)" 731 | $momapi.LogScriptEvent($ScriptName,1017,2, "Error installing agent. Error is: $Error") 732 | } 733 | Write-Host "Push install attempted. Check Alerts view for any failures, Pending Actions, or the Agent Logs on the management servers." 734 | #================================================================================= 735 | # End Main Script 736 | 737 | 738 | # Log an event for script ending and total execution time. 739 | $EndTime = Get-Date 740 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 741 | $momapi.LogScriptEvent($ScriptName,1017,0,"`n Script has completed. Runtime is ($ScriptTime).") 742 | 743 | 744 | 745 | AgentName 746 | $Config/AgentName$ 747 | 748 | 749 | $Config/TimeoutSeconds$ 750 | 751 | 752 | 753 | 754 | 755 | 756 | 757 | System!System.BaseData 758 | System!System.BaseData 759 | 760 | 761 | 762 | 763 | 764 | 765 | 766 | 767 | 768 | 769 | 770 | 771 | 772 | 773 | 774 | 775 | 776 | 777 | 778 | 779 | SCOM.Management.LAWorkspaceAdd.WA.ps1 780 | 781 | #================================================================================= 782 | # Script to ADD Log Analytics Workspace 783 | #================================================================================= 784 | param($WorkspaceID,$WorkspaceKey,$ProxyURL,[int]$AzureCloudType) 785 | 786 | 787 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 788 | #================================================================================= 789 | # $WorkspaceID = "WorkspaceID" 790 | # $WorkspaceKey = "WorkspaceKey" 791 | # $ProxyURL = "" 792 | # $AzureCloudType = "0" 793 | #================================================================================= 794 | 795 | 796 | # Constants section - modify stuff here: 797 | #================================================================================= 798 | # Assign script name variable for use in event logging 799 | $ScriptName = "SCOM.Management.LAWorkspaceAdd.WA.ps1" 800 | #================================================================================= 801 | 802 | 803 | # Starting Script section 804 | #================================================================================= 805 | # Gather who the script is running as 806 | $whoami = whoami 807 | 808 | #Load the MOMScript API and discovery propertybag 809 | $momapi = New-Object -comObject "Mom.ScriptAPI" 810 | 811 | #Log script event that we are starting task 812 | $momapi.LogScriptEvent($ScriptName,1347,0, "`n Starting script. `n Running as ($whoami)") 813 | #================================================================================= 814 | 815 | 816 | # Begin Main Script 817 | #================================================================================= 818 | Write-Host "Task Starting. Running as $whoami" 819 | #Load agent scripting object 820 | Write-Host "Loading agent scripting objects." 821 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 822 | #Check to see if this agent supports Log Analytics Workspaces 823 | $AgentSupportsLA = $AgentCfg | Get-Member -Name 'GetCloudWorkspaces' 824 | IF (!$AgentSupportsLA) 825 | { 826 | Write-Host "FATAL ERROR: This agent version does not support Cloud Workspaces. You must upgrade this agent. Terminating." 827 | EXIT 828 | } 829 | 830 | #Evaluate AzureCloudType parameter 831 | IF ($AzureCloudType -eq 0) 832 | { 833 | $AzureCloudType = 0 #This is commercial Azure Cloud and default 834 | Write-Host "Azure Cloud Type = 0 which is default Azure Commercial." 835 | } 836 | ELSEIF ($AzureCloudType -eq 1) 837 | { 838 | Write-Host "Azure Cloud Type = 1 which is Azure for US Government." 839 | } 840 | ELSE 841 | { 842 | Write-Host "An invalid Azure Cloud Type was passed. This value must be 0 or 1. `nSetting Azure Cloud Type = 0 which is default Azure Commercial." 843 | $AzureCloudType = 0 844 | } 845 | 846 | #Evaluate if this MMA supports AzureCloudType 847 | $CloudWorkspaceSupport = $AgentCfg | Get-Member -Name "AddCloudWorkspace" 848 | [string]$CloudWorkspaceSupDef = $CloudWorkspaceSupport.Definition 849 | IF ($CloudWorkspaceSupDef -notmatch "AzureCloudType") 850 | { 851 | #This MMA does not support AzureCloudType parameter 852 | Write-Host "This MMA/Agent version does not support the AzureCloudType parameter. `nIf you require AzureCloudType then the MMA/Agent must be upgraded. `nAttempting to add Log Analytics Workspace with no AzureCloudType." 853 | #Add LA Workspace 854 | Write-Host "Adding Log Analytics Workspace: ($WorkspaceID)" 855 | $Error.Clear() 856 | $AgentCfg.AddCloudWorkspace($WorkspaceID,$WorkspaceKey) 857 | } 858 | ELSE 859 | { 860 | #This MMA supports AzureCloudType parameter 861 | #Add LA Workspace 862 | Write-Host "Adding Log Analytics Workspace: ($WorkspaceID)" 863 | $Error.Clear() 864 | $AgentCfg.AddCloudWorkspace($WorkspaceID,$WorkspaceKey,$AzureCloudType) 865 | } 866 | 867 | IF ($Error) 868 | { 869 | Write-Host "There was a critical error adding Log Analytics Workspace. Error is: $Error" 870 | EXIT 871 | } 872 | Write-Host "Log Analytics Workspace Added." 873 | #Add Proxy URL 874 | IF ($ProxyURL) 875 | { 876 | Write-Host "A proxy URL was specified: ($ProxyURL). Adding Log Analytics Proxy configuration to agent." 877 | $AgentCfg.SetProxyUrl($ProxyURL) 878 | Write-Host "Proxy Added." 879 | } 880 | #Restart Agent 881 | Write-Host "Restarting Agent now...." 882 | #================================================================================= 883 | # End Main Script 884 | 885 | # Restart Agent 886 | #================================================================================= 887 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 888 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 889 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 890 | $Process.ShowWindow = 0 891 | $Process.CreateFlags = 16777216 892 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 893 | #================================================================================= 894 | 895 | 896 | 897 | WorkspaceID 898 | $Config/WorkspaceID$ 899 | 900 | 901 | WorkspaceKey 902 | $Config/WorkspaceKey$ 903 | 904 | 905 | ProxyURL 906 | $Config/ProxyURL$ 907 | 908 | 909 | AzureCloudType 910 | $Config/AzureCloudType$ 911 | 912 | 913 | $Config/TimeoutSeconds$ 914 | 915 | 916 | 917 | 918 | 919 | 920 | 921 | System!System.BaseData 922 | System!System.BaseData 923 | 924 | 925 | 926 | 927 | 928 | 929 | 930 | 931 | 932 | 933 | 934 | 935 | 936 | 937 | SCOM.Management.LAWorkspaceRemove.WA.ps1 938 | 939 | #================================================================================= 940 | # Script to REMOVE LA Workspace 941 | #================================================================================= 942 | param($WorkspaceID) 943 | 944 | #================================================================================= 945 | # Constants section - modify stuff here: 946 | 947 | # Assign script name variable for use in event logging 948 | $ScriptName = "SCOM.Management.LAWorkspaceRemove.WA.ps1" 949 | #================================================================================= 950 | 951 | # Gather who the script is running as 952 | $whoami = whoami 953 | 954 | #Load the MOMScript API and discovery propertybag 955 | $momapi = New-Object -comObject "Mom.ScriptAPI" 956 | 957 | #Log script event that we are starting task 958 | $momapi.LogScriptEvent($ScriptName,1347,0, "`n Starting script. `n Running as ($whoami)") 959 | 960 | # Begin Main Script 961 | #================================================================================= 962 | Write-Host "Task Starting. Running as $whoami" 963 | #Load agent scripting object 964 | Write-Host "Loading agent scripting objects." 965 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 966 | #Check to see if this agent supports LA 967 | $AgentSupportsLA = $AgentCfg | Get-Member -Name 'GetCloudWorkspaces' 968 | IF (!$AgentSupportsLA) 969 | { 970 | Write-Host "FATAL ERROR: This agent version does not support Cloud Workspaces. You must upgrade this agent. Terminating." 971 | EXIT 972 | } 973 | #Verifying that LA Workspace Exists 974 | $Workspace = $AgentCfg.GetCloudWorkspace($WorkspaceID) 975 | IF ($Workspace) 976 | { 977 | Write-Host "Found configured LA Workspace: ($WorkspaceID)" 978 | } 979 | ELSE 980 | { 981 | Write-Host "FATAL ERROR: LA Workspace not found! Workspace ID: ($WorkspaceID)" 982 | EXIT 983 | } 984 | #Remove LA Workspace 985 | Write-Host "Attempting to remove LA Workspace" 986 | $Error.Clear() 987 | $AgentCfg.RemoveCloudWorkspace($WorkspaceID) 988 | IF ($Error) 989 | { 990 | Write-Host "There was a critical error removing LA Workspace. Error is: $Error" 991 | EXIT 992 | } 993 | #Restart Agent 994 | Write-Host "LA Workspace Removed" 995 | Write-Host "Restarting Agent now." 996 | #================================================================================= 997 | # End Main Script 998 | 999 | # Restart Agent 1000 | #================================================================================= 1001 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 1002 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 1003 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 1004 | $Process.ShowWindow = 0 1005 | $Process.CreateFlags = 16777216 1006 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 1007 | #================================================================================= 1008 | 1009 | 1010 | 1011 | WorkspaceID 1012 | $Config/WorkspaceID$ 1013 | 1014 | 1015 | $Config/TimeoutSeconds$ 1016 | 1017 | 1018 | 1019 | 1020 | 1021 | 1022 | 1023 | System!System.BaseData 1024 | System!System.BaseData 1025 | 1026 | 1027 | 1028 | 1029 | 1030 | 1031 | 1032 | 1033 | 1034 | 1035 | 1036 | 1037 | 1038 | 1039 | SCOM.Management.ApprovePendingAction.WA.ps1 1040 | 1041 | #================================================================================= 1042 | # Script to Approve Pending Actions 1043 | # 1044 | # This script will approve a pending action based on passing the agent name 1045 | # Takes a single parameter of a computer FQDN 1046 | # 1047 | # v 1.0 1048 | #================================================================================= 1049 | param($AgentName) 1050 | 1051 | 1052 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 1053 | #================================================================================= 1054 | # $AgentName = 'WS2012R2.opsmgr.net' 1055 | #================================================================================= 1056 | 1057 | 1058 | # Constants section 1059 | #================================================================================= 1060 | # Assign script name variable for use in event logging 1061 | # ScriptName should be the same as the ID of the module that the script is contained in 1062 | $ScriptName = "SCOM.Management.ApprovePendingAction.WA.ps1" 1063 | $EventID = "1093" 1064 | #================================================================================= 1065 | 1066 | 1067 | # Starting Script section - All scripts get this 1068 | #================================================================================= 1069 | # Gather the start time of the script 1070 | $StartTime = Get-Date 1071 | #Set variable to be used in logging events 1072 | $whoami = whoami 1073 | # Load MOMScript API 1074 | $momapi = New-Object -comObject MOM.ScriptAPI 1075 | #Log script event that we are starting task 1076 | $momapi.LogScriptEvent($ScriptName,$EventID,0, "Starting script. `nAgentName is ($AgentName). `nRunning as ($whoami).") 1077 | Write-Host "Starting script to approve Pending Action. `nAgentName is ($AgentName). `nRunning as ($whoami)." 1078 | #================================================================================= 1079 | 1080 | 1081 | # Connect to local SCOM Management Group Section - If required 1082 | #================================================================================= 1083 | # I have found this to be the most reliable method to load SCOM modules for scripts running on Management Servers 1084 | # Clear any previous errors 1085 | $Error.Clear() 1086 | # Import the OperationsManager module and connect to the management group 1087 | $SCOMPowerShellKey = "HKLM:\SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\Powershell\V2" 1088 | $SCOMModulePath = Join-Path (Get-ItemProperty $SCOMPowerShellKey).InstallDirectory "OperationsManager" 1089 | Import-module $SCOMModulePath 1090 | TRY 1091 | { 1092 | New-DefaultManagementGroupConnection -managementServerName "localhost" 1093 | } 1094 | CATCH 1095 | { 1096 | IF ($Error) 1097 | { 1098 | $momapi.LogScriptEvent($ScriptName,$EventID,1,"`n FATAL ERROR: Unable to load OperationsManager module or unable to connect to Management Server. `n Terminating script. `n Error is: ($Error).") 1099 | EXIT 1100 | } 1101 | } 1102 | #================================================================================= 1103 | 1104 | 1105 | # Begin Main Script 1106 | #================================================================================= 1107 | $Error.Clear() 1108 | $Pending = Get-SCOMPendingManagement | where {$_.agentname -eq $AgentName} 1109 | IF ($Pending) 1110 | { 1111 | Write-Host "Found a Pending Action for ($AgentName). `nAttempting Approval now." 1112 | $Pending | Approve-SCOMPendingManagement 1113 | IF ($Error) 1114 | { 1115 | Write-Host "Error attempting approval. `nError is ($Error)" 1116 | } 1117 | ELSE 1118 | { 1119 | Write-Host "Successfully approved pending action for ($AgentName)." 1120 | } 1121 | } 1122 | ELSE 1123 | { 1124 | Write-Host "Unable to find a Pending Action for ($AgentName). `nTerminating." 1125 | } 1126 | #================================================================================= 1127 | # End Main Script 1128 | 1129 | 1130 | # Log an event for script ending and total execution time. 1131 | $EndTime = Get-Date 1132 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 1133 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript has completed. `nRuntime is ($ScriptTime) seconds.") 1134 | 1135 | 1136 | 1137 | AgentName 1138 | $Config/AgentName$ 1139 | 1140 | 1141 | $Config/TimeoutSeconds$ 1142 | 1143 | 1144 | 1145 | 1146 | 1147 | 1148 | 1149 | System!System.BaseData 1150 | System!System.BaseData 1151 | 1152 | 1153 | 1154 | 1155 | 1156 | 1157 | 1158 | 1159 | 1160 | 1161 | 1162 | 1163 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$ 1164 | 1165 | 1166 | CustomSD 1167 | SYSTEM\CurrentControlSet\Services\EventLog\Operations Manager\CustomSD 1168 | 1 1169 | 1170 | 1 1171 | 1172 | 1173 | 1174 | 86400 1175 | 1176 | 1177 | 1178 | 1179 | 1180 | Values/CustomSD 1181 | 1182 | 1183 | DoesNotContainSubstring 1184 | 1185 | A;;0x3;;;NU 1186 | 1187 | 1188 | 1189 | 1190 | 1191 | 1192 | 1193 | Values/CustomSD 1194 | 1195 | 1196 | ContainsSubstring 1197 | 1198 | A;;0x3;;;NU 1199 | 1200 | 1201 | 1202 | 1203 | 1204 | 1205 | 1206 | 1207 | 1208 | 1209 | 1210 | 1211 | 1212 | 1213 | 1214 | 1215 | 1216 | 1217 | 1218 | 1219 | 1220 | 1221 | 1222 | 1223 | 1224 | 1225 | 1226 | 1227 | Discovery 1228 | 1229 | 1230 | 1231 | 1232 | 1233 | 1234 | 1235 | 1236 | 1237 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1238 | 1239 | 1240 | AgentRegKeyExists 1241 | SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups 1242 | 0 1243 | 1244 | 0 1245 | 1246 | 1247 | 1248 | PSInstalled 1249 | SOFTWARE\Microsoft\PowerShell 1250 | 0 1251 | 1252 | 0 1253 | 1254 | 1255 | 1256 | DotNetVersion 1257 | SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release 1258 | 1 1259 | 1260 | 1 1261 | 1262 | 1263 | 1264 | Architecture 1265 | SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE 1266 | 1 1267 | 1268 | 1 1269 | 1270 | 1271 | 1272 | APMInstalled 1273 | SYSTEM\CurrentControlSet\Services\System Center Management APM 1274 | 0 1275 | 1276 | 0 1277 | 1278 | 1279 | 1280 | 43195 1281 | $MPElement[Name="SCOM.Management.Agent.Class"]$ 1282 | 1283 | 1284 | 1285 | $MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1286 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1287 | 1288 | 1289 | $MPElement[Name="System!System.Entity"]/DisplayName$ 1290 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1291 | 1292 | 1293 | $MPElement[Name="SCOM.Management.Agent.Class"]/PSInstalled$ 1294 | $Data/Values/PSInstalled$ 1295 | 1296 | 1297 | $MPElement[Name="SCOM.Management.Agent.Class"]/DotNetVersion$ 1298 | $Data/Values/DotNetVersion$ 1299 | 1300 | 1301 | $MPElement[Name="SCOM.Management.Agent.Class"]/Architecture$ 1302 | $Data/Values/Architecture$ 1303 | 1304 | 1305 | $MPElement[Name="SCOM.Management.Agent.Class"]/APMInstalled$ 1306 | $Data/Values/APMInstalled$ 1307 | 1308 | 1309 | 1310 | 1311 | 1312 | 1313 | Values/AgentRegKeyExists 1314 | 1315 | 1316 | Equal 1317 | 1318 | 1319 | true 1320 | 1321 | 1322 | 1323 | 1324 | 1325 | 1326 | 1327 | Discovery 1328 | 1329 | 1330 | 1331 | 1332 | 1333 | 1334 | 1335 | 1336 | 1337 | 1338 | 1339 | 1340 | 1341 | 1342 | 1343 | 1344 | 1345 | 1346 | 1347 | 1348 | 1349 | 1350 | 1351 | 1352 | 1353 | 86393 1354 | 1355 | SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1 1356 | 1357 | #================================================================================= 1358 | # Script to gather agent properties via PowerShell 1359 | # 1360 | # Author: Kevin Holman 1361 | # 1362 | # Version: 3.3 1363 | #================================================================================= 1364 | param($SourceId,$ManagedEntityId,$ComputerName,$MGName,[string]$IP) 1365 | 1366 | 1367 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 1368 | #================================================================================= 1369 | # $SourceId = '{00000000-0000-0000-0000-000000000000}' 1370 | # $ManagedEntityId = '{00000000-0000-0000-0000-000000000000}' 1371 | # $Computername = 'server.domain.com' 1372 | # $MGName = 'SCOMA' 1373 | # $IP = '123.123.123.123' 1374 | #================================================================================= 1375 | 1376 | 1377 | # Constants section - modify stuff here: 1378 | #================================================================================= 1379 | # Assign script name variable for use in event logging 1380 | $ScriptName = "SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1" 1381 | $EventID = "1006" 1382 | 1383 | #SCOM Management Servers or Gateways that we wish to test the port availability to using FQDN seperated by a comma such as "scom1.opsmgr.net","scom2.opsmgr.net","scom3.opsmgr.net" 1384 | [array]$Parents = "" 1385 | #================================================================================= 1386 | 1387 | 1388 | # Starting Script section - All scripts get this 1389 | #================================================================================= 1390 | # Gather the start time of the script 1391 | $StartTime = Get-Date 1392 | #Set variable to be used in logging events 1393 | $whoami = whoami 1394 | # Load MOMScript API 1395 | $momapi = New-Object -comObject MOM.ScriptAPI 1396 | #Log script event that we are starting task 1397 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript is starting. `nManagement Group: ($MGName). `nRunning as ($whoami).") 1398 | #================================================================================= 1399 | 1400 | 1401 | # Discovery Script section 1402 | #================================================================================= 1403 | # Load SCOM Discovery module 1404 | $DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId) 1405 | #================================================================================= 1406 | 1407 | 1408 | # Begin MAIN script section 1409 | #================================================================================= 1410 | # Get SCOM Agent Path Section 1411 | #======================================================================= 1412 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 1413 | $SCOMAgentPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory 1414 | $SCOMAgentPath = $SCOMAgentPath.TrimEnd("\") 1415 | #======================================================================= 1416 | 1417 | # Get SCOM Agent Version Section 1418 | #======================================================================= 1419 | # Test to see if the file exists that we need for versioning 1420 | $AgentFileExists = Test-Path -Path $SCOMAgentPath\Tools\TMF\OMAgentTraceTMFVer.Dll 1421 | IF (!($AgentFileExists)) 1422 | { 1423 | #Try to get the agent path from the HealthService location 1424 | $HealthServiceRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\HealthService" 1425 | $HSImagePath = (Get-ItemProperty $HealthServiceRegKey).ImagePath 1426 | $HSImagePath = $HSImagePath.Replace('"',"") 1427 | $SCOMAgentPath = Split-Path -Path $HSImagePath 1428 | } 1429 | 1430 | $SCOMAgentVersionFile = Get-Item $SCOMAgentPath\Tools\TMF\OMAgentTraceTMFVer.Dll 1431 | $SCOMAgentVersion = $SCOMAgentVersionFile.VersionInfo.FileVersion 1432 | $SCOMAgentVersionSplit = $SCOMAgentVersion.Split(".") 1433 | [int]$MajorSCOMAgentVersion = $SCOMAgentVersionSplit[0] 1434 | 1435 | #Check for SCOM 2019 Post UR3 Hotfix 1436 | IF ($SCOMAgentVersion -eq "10.19.10177.0") 1437 | { 1438 | #This is SCOM 2019 UR3. Check for Hotfix 1439 | $SCOMAgentVersionFile = Get-Item $SCOMAgentPath\MOMModules2.dll 1440 | $SCOMAgentVersion = $SCOMAgentVersionFile.VersionInfo.FileVersion 1441 | } 1442 | 1443 | [string]$SCOMAgentURVersion = switch -wildcard ($SCOMAgentVersion) 1444 | { 1445 | # SCOM 2012 1446 | "7.1.10184.0" {"2012 R2 RTM"} 1447 | "7.1.10195.0" {"2012 R2 UR2"} 1448 | "7.1.10204.0" {"2012 R2 UR3"} 1449 | "7.1.10211.0" {"2012 R2 UR4"} 1450 | "7.1.10213.0" {"2012 R2 UR5"} 1451 | "7.1.10218.0" {"2012 R2 UR6"} 1452 | "7.1.10229.0" {"2012 R2 UR7"} 1453 | "7.1.10241.0" {"2012 R2 UR8"} 1454 | "7.1.10268.0" {"2012 R2 UR9"} 1455 | "7.1.10285.0" {"2012 R2 UR11"} 1456 | "7.1.10292.0" {"2012 R2 UR12"} 1457 | "7.1.10302.0" {"2012 R2 UR13"} 1458 | "7.1.10305.0" {"2012 R2 UR14"} 1459 | 1460 | # SCOM 2016 1461 | "8.0.10918.0" {"2016 RTM"} 1462 | "8.0.10931.0" {"2016 UR1"} 1463 | "8.0.10949.0" {"2016 UR2"} 1464 | "8.0.10970.0" {"2016 UR3"} 1465 | "8.0.10977.0" {"2016 UR4"} 1466 | "8.0.10990.0" {"2016 UR5"} 1467 | "8.0.11004.0" {"2016 UR6"} 1468 | "8.0.11025.0" {"2016 UR7"} 1469 | "8.0.11037.0" {"2016 UR8"} 1470 | "8.0.11049.0" {"2016 UR9"} 1471 | "8.0.11057.0" {"2016 UR10"} 1472 | 1473 | # SEMI ANNUAL Channel 1474 | "8.0.13053.0" {"1801"} 1475 | "8.0.13067.0" {"1807"} 1476 | 1477 | # SCOM 2019 1478 | "10.19.10003.0" {"2019 TP"} 1479 | "10.19.10014.0" {"2019 RTM"} 1480 | "10.19.10140.0" {"2019 UR1"} 1481 | "10.19.10153.0" {"2019 UR2"} 1482 | "10.19.10177.0" {"2019 UR3"} 1483 | "10.19.10185.0" {"2019 UR3 with KB5005527"} 1484 | "10.19.10200.0" {"2019 UR4"} 1485 | "10.19.10211.0" {"2019 UR5"} 1486 | "10.19.10253.0" {"2019 UR6"} 1487 | 1488 | # Azure MMA (Deprecated) 1489 | "10.20.*" {"Azure MMA (Deprecated)"} 1490 | 1491 | # SCOM 2022 1492 | "10.22.10056.0" {"2022 RTM"} 1493 | "10.22.10110.0" {"2022 UR1"} 1494 | "10.22.10208.0" {"2022 UR2"} 1495 | "10.22.10870.0" {"2022 UR3"} 1496 | 1497 | # SCOM 2025 1498 | "10.25.10079.0" {"2025 RTM"} 1499 | 1500 | # If nothing else found then default to version number 1501 | default {$SCOMAgentVersion} 1502 | } 1503 | #======================================================================= 1504 | 1505 | # Load Agent Scripting Module 1506 | #======================================================================= 1507 | $AgentCfg = New-Object -ComObject "AgentConfigManager.MgmtSvcCfg" 1508 | #======================================================================= 1509 | 1510 | # Get Agent Management groups section 1511 | #======================================================================= 1512 | #Get management groups 1513 | $MGs=$AgentCfg.GetManagementGroups() 1514 | 1515 | #Loop through each and create a comma seperated list 1516 | FOREACH ($MG in $MGs) 1517 | { 1518 | $MGList=$MGList + $MG.managementGroupName + ", " 1519 | } 1520 | $MGlist=$MGlist.TrimEnd(", ") 1521 | #======================================================================= 1522 | 1523 | # Get Agent LA Workspaces section 1524 | #======================================================================= 1525 | # This section depends on AgentConfigManager.MgmtSvcCfg object in previous section 1526 | [string]$LAList='' 1527 | # Agent might not support LA 1528 | $AgentSupportsLA = $AgentCfg | Get-Member -Name 'GetCloudWorkspaces' 1529 | IF (!$AgentSupportsLA) 1530 | { 1531 | #This agent version does not support Cloud Workspaces. 1532 | } 1533 | ELSE 1534 | { 1535 | $LAWorkspaces = $AgentCfg.GetCloudWorkspaces() 1536 | FOREACH ($LAWorkSpace in $LAWorkSpaces) 1537 | { 1538 | $LAList = $LAList + $LAWorkspace.workspaceId + ", " 1539 | } 1540 | IF ($LAList) 1541 | { 1542 | $LAList = $LAList.TrimEnd(", ") 1543 | } 1544 | 1545 | #Get ProxyURL 1546 | [string]$ProxyURL = $AgentCfg.proxyUrl 1547 | } 1548 | #======================================================================= 1549 | 1550 | # Get Agent AD Integration Setting 1551 | #======================================================================= 1552 | # This section depends on AgentConfigManager.MgmtSvcCfg object in previous section 1553 | # Check Agent version for 2012 or a later version as these use different commands 1554 | IF ($MajorSCOMAgentVersion -lt 8) 1555 | { 1556 | # Assume SCOM 2012 agent 1557 | $ADIntEnabled = $AgentCfg.GetActiveDirectoryIntegrationEnabled() 1558 | } 1559 | Else 1560 | { 1561 | # Assume SCOM 2016 agent or later 1562 | $ADIntEnabled = $AgentCfg.ActiveDirectoryIntegrationEnabled 1563 | } 1564 | #======================================================================= 1565 | 1566 | # Get PowerShell Version section 1567 | #======================================================================= 1568 | $PSVer = $PSVersionTable.PSVersion 1569 | [string]$PSMajor = $PSVer.Major 1570 | [string]$PSMinor = $PSVer.Minor 1571 | $PSVersion = $PSMajor + "." + $PSMinor 1572 | #======================================================================= 1573 | 1574 | # Get PowerShell CLR Version section 1575 | #======================================================================= 1576 | $CLRVer = $PSVersionTable.CLRVersion 1577 | [string]$CLRMajor = $CLRVer.Major 1578 | [string]$CLRMinor = $CLRVer.Minor 1579 | $CLRVersion = $CLRMajor + "." + $CLRMinor 1580 | #======================================================================= 1581 | 1582 | # Get Agent Assignments section 1583 | #====================================================================== 1584 | 1585 | $HSParametersRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\HealthService\Parameters" 1586 | IF ($HSStateDir = (Get-ItemProperty $HSParametersRegKey).'State Directory') 1587 | { 1588 | $FilePath = "$HSStateDir\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 1589 | } 1590 | ELSE 1591 | { 1592 | $FilePath = "$SCOMAgentPath\Health Service State\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 1593 | } 1594 | 1595 | IF (Test-Path -Path $FilePath) 1596 | { 1597 | [xml]$ConfigFileXML = Get-Content -Path $FilePath 1598 | 1599 | #Get Primary MS 1600 | $PrimaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "True"} 1601 | $PrimaryMS = ($PrimaryArr.AuthenticationName).Split(".")[0] 1602 | 1603 | #Get list of Secondary MS 1604 | $SecondaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "False"} 1605 | [string]$SecondaryMSList = @() 1606 | FOREACH ($SecondaryXML in $SecondaryArr) 1607 | { 1608 | $SecondaryMS = ($SecondaryXML.AuthenticationName).Split(".")[0] 1609 | $SecondaryMSList = $SecondaryMSList + $SecondaryMS + ", " 1610 | } 1611 | $FailoverList = $SecondaryMSList.TrimEnd(", ") 1612 | } 1613 | ELSE 1614 | { 1615 | #Log script event that we cannot find config file 1616 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "Cannot find agent config file at path ($FilePath)") 1617 | } 1618 | #======================================================================= 1619 | 1620 | # Get Action Account section 1621 | #======================================================================= 1622 | #Check and see if OS is Nano server for use later where we must take different actions for Nano servers 1623 | $isNano = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels" 1624 | $isNano = $isNano.NanoServer 1625 | IF ($isNano -ne $null) 1626 | { 1627 | $isNano = $true 1628 | } 1629 | ELSE 1630 | { 1631 | $isNano = $false 1632 | } 1633 | 1634 | # Get the action account this script is running under. We will assume that is the default agent action account 1635 | TRY 1636 | { 1637 | $user = "" 1638 | $domain = "" 1639 | IF($isNano) 1640 | { 1641 | $user = $env:username 1642 | $domain = $env:userdnsdomain 1643 | } 1644 | ELSE 1645 | { 1646 | $oNetwork = new-object -comobject "WScript.Network" 1647 | $user = $oNetwork.UserName 1648 | $domain = $oNetwork.UserDomain 1649 | } 1650 | IF(($user.Length -eq 0) -or ($user -eq "SYSTEM")) 1651 | { 1652 | $ActionAccount = $user 1653 | } 1654 | ELSE 1655 | { 1656 | $ActionAccount = $domain + "\" + $user 1657 | } 1658 | } 1659 | CATCH 1660 | { 1661 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "`nFailed to retrieve the User name and domain for the action account. `nError is ($Error).") 1662 | } 1663 | #======================================================================= 1664 | 1665 | # Get OSName section 1666 | #======================================================================= 1667 | [string]$OSName = (Get-WmiObject -Class Win32_OperatingSystem).Caption 1668 | #======================================================================= 1669 | 1670 | # Get OSVersion section 1671 | #======================================================================= 1672 | $OSRegKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" 1673 | [string]$OSCurrentVersion = (Get-ItemProperty $OSRegKey).CurrentVersion 1674 | [string]$OSCurrentBuildNumber = (Get-ItemProperty $OSRegKey).CurrentBuildNumber 1675 | [string]$OSCurrentCurrentMajorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMajorVersionNumber 1676 | [string]$OSCurrentCurrentMinorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMinorVersionNumber 1677 | 1678 | # If Windows 10 or WS2016 use new reg keys else use old keys 1679 | IF ($OSCurrentCurrentMajorVersionNumber) 1680 | { 1681 | [string]$OSVersion = $OSCurrentCurrentMajorVersionNumber + "." + $OSCurrentCurrentMinorVersionNumber + "." + $OSCurrentBuildNumber 1682 | } 1683 | ELSE 1684 | { 1685 | [string]$OSVersion = $OSCurrentVersion + "." + $OSCurrentBuildNumber 1686 | } 1687 | #======================================================================= 1688 | 1689 | # Get Certificate Section 1690 | #======================================================================= 1691 | $CertRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings" 1692 | IF(Test-Path $CertRegKey) 1693 | { 1694 | [array]$CertValue = (Get-ItemProperty $CertRegKey).ChannelCertificateSerialNumber 1695 | IF($Certvalue) 1696 | { 1697 | $CertLoaded = $True 1698 | [string]$CertThumbPrint = (Get-ItemProperty $CertRegKey).ChannelCertificateHash 1699 | $Cert = Get-ChildItem -path cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq $CertThumbPrint} 1700 | IF ($Cert) 1701 | { 1702 | [datetime]$CertExpiresDateTime = $Cert.NotAfter 1703 | [string]$CertExpires = $CertExpiresDateTime.ToShortDateString() 1704 | $CertIssuerArr = $Cert.Issuer 1705 | $CertIssuerSplit = $CertIssuerArr.Split(",") 1706 | [string]$CertIssuer = $CertIssuerSplit[0].TrimStart("CN=") 1707 | } 1708 | ELSE 1709 | { 1710 | $CertIssuer = "NotFound" 1711 | $CertExpires = "NotFound" 1712 | } 1713 | 1714 | } 1715 | ELSE 1716 | { 1717 | $CertLoaded = $False 1718 | } 1719 | } 1720 | ELSE 1721 | { 1722 | $CertLoaded = $False 1723 | } 1724 | #======================================================================= 1725 | 1726 | # Build IP List from Windows Computer Property 1727 | #======================================================================= 1728 | #We want to remove Link local IP 1729 | [string]$IPList = "" 1730 | $IPSplit = $IP.Split(",") 1731 | FOREACH ($IPAddr in $IPSplit) 1732 | { 1733 | [string]$IPAddr = $IPAddr.Trim() 1734 | write-host $IPAddr 1735 | IF (!($IPAddr.StartsWith("fe80") -or $IPAddr.StartsWith("169.254"))) 1736 | { 1737 | $IPList = $IPList + $IPAddr + "," 1738 | } 1739 | } 1740 | $IPList = $IPList.TrimEnd(",") 1741 | #======================================================================= 1742 | 1743 | # Get port connection availability to an array of parents 1744 | #======================================================================= 1745 | [string]$PortList = "" 1746 | IF ($Parents) 1747 | { 1748 | FOREACH ($Parent in $Parents) 1749 | { 1750 | [string]$PortAvail = "" 1751 | $ip=([System.Net.Dns]::GetHostAddresses($Parent)).IPAddressToString; 1752 | $tcp=New-Object net.sockets.tcpclient;$tcp.Connect($Parent,5723); 1753 | $out=$tcp.Connected; 1754 | # write-host "`nPort 5723 test result for ($Parent) on IP ($ip) : ($out)" 1755 | 1756 | IF ($out) 1757 | { 1758 | $PortAvail = "Open" 1759 | } 1760 | ELSE 1761 | { 1762 | $PortAvail = "Blocked" 1763 | } 1764 | 1765 | $ParentSplit = $Parent.Split(".") 1766 | [string]$ServerName = $ParentSplit[0] 1767 | $PortList = $PortList + $ServerName + ": " + $PortAvail + ", " 1768 | } 1769 | $PortList = $Portlist.TrimEnd(", ") 1770 | } 1771 | #======================================================================= 1772 | 1773 | 1774 | # Discovery Script section - Discovery scripts get this 1775 | #================================================================================= 1776 | $instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='SCOM.Management.Agent.Class']$") 1777 | $instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $Computername) 1778 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/AgentVersion$", $SCOMAgentVersion) 1779 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/UpdateRollup$", $SCOMAgentURVersion) 1780 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ADIntEnabled$", $ADIntEnabled) 1781 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ManagementGroups$", $MGList) 1782 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/LAWorkspaces$", $LAList) 1783 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ProxyURL$", $ProxyURL) 1784 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/PSVersion$", $PSVersion) 1785 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CLRVersion$", $CLRVersion) 1786 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/PrimaryMS$", $PrimaryMS) 1787 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/FailoverList$", $FailoverList) 1788 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/ActionAccount$", $ActionAccount) 1789 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/OSName$", $OSName) 1790 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/OSVersion$", $OSVersion) 1791 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/InstallPath$", $SCOMAgentPath) 1792 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertLoaded$", $CertLoaded) 1793 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertExpires$", $CertExpires) 1794 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertThumbPrint$", $CertThumbPrint) 1795 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/CertIssuer$", $CertIssuer) 1796 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/IP$", $IPList) 1797 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Agent.Class']/Connection$", $PortList) 1798 | $DiscoveryData.AddInstance($instance) 1799 | 1800 | # Return Discovery Items Normally 1801 | $DiscoveryData 1802 | # Return Discovery Bag to the command line for testing (does not work from ISE) 1803 | # $momapi.Return($DiscoveryData) 1804 | #================================================================================= 1805 | 1806 | 1807 | # End of script section 1808 | #================================================================================= 1809 | #Log an event for script ending and total execution time. 1810 | $EndTime = Get-Date 1811 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 1812 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript has completed. `nAgent Version: ($SCOMAgentVersion). `nAgent Rollup: ($SCOMAgentURVersion). `nADIntEnabled: ($ADIntEnabled). `nManagement Group list: ($MGList). `Log Analytics Workspace list: ($LAList). `nProxyURL: ($ProxyURL). `nPowerShell Version: ($PSVersion). `nCLR Version: ($CLRVersion). `n Primary MS: ($PrimaryMS). `nSecondary MS Failover list: ($FailoverList). `nAction Account: ($ActionAccount). `nOS Name: ($OSName). `nOS Version: ($OSVersion). `nSCOM Agent Path: ($SCOMAgentPath). `nCertLoaded: ($CertLoaded). `nCert Expiration: ($CertExpires). `nCert Thumbprint: ($CertThumbPrint). `nCert Issuer: ($CertIssuer). `nIP ($IPList). `nConnection: ($PortList). `nScript runtime: ($ScriptTime) seconds.") 1813 | #================================================================================= 1814 | # End of script 1815 | 1816 | 1817 | 1818 | SourceId 1819 | $MPElement$ 1820 | 1821 | 1822 | ManagedEntityId 1823 | $Target/Id$ 1824 | 1825 | 1826 | ComputerName 1827 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1828 | 1829 | 1830 | MGName 1831 | $Target/ManagementGroup/Name$ 1832 | 1833 | 1834 | IP 1835 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/IPAddress$ 1836 | 1837 | 1838 | 600 1839 | 1840 | 1841 | 1842 | Discovery 1843 | 1844 | 1845 | 1846 | 1847 | 1848 | 1849 | 1850 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1851 | 1852 | 1853 | ServerRegKeyExists 1854 | SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups 1855 | 0 1856 | 1857 | 0 1858 | 1859 | 1860 | 1861 | WebConsoleRegKeyExists 1862 | SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\WebConsole 1863 | 0 1864 | 1865 | 0 1866 | 1867 | 1868 | 1869 | OSName 1870 | SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName 1871 | 1 1872 | 1873 | 1 1874 | 1875 | 1876 | 1877 | DotNetVersion 1878 | SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release 1879 | 1 1880 | 1881 | 1 1882 | 1883 | 1884 | 1885 | 14400 1886 | $MPElement[Name="SCOM.Management.Server.Class"]$ 1887 | 1888 | 1889 | 1890 | $MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1891 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1892 | 1893 | 1894 | $MPElement[Name="System!System.Entity"]/DisplayName$ 1895 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 1896 | 1897 | 1898 | $MPElement[Name="SCOM.Management.Server.Class"]/OSName$ 1899 | $Data/Values/OSName$ 1900 | 1901 | 1902 | $MPElement[Name="SCOM.Management.Server.Class"]/DotNetVersion$ 1903 | $Data/Values/DotNetVersion$ 1904 | 1905 | 1906 | 1907 | 1908 | 1909 | 1910 | 1911 | 1912 | Values/ServerRegKeyExists 1913 | 1914 | 1915 | Equal 1916 | 1917 | 1918 | true 1919 | 1920 | 1921 | 1922 | 1923 | 1924 | 1925 | 1926 | Values/WebConsoleRegKeyExists 1927 | 1928 | 1929 | Equal 1930 | 1931 | 1932 | true 1933 | 1934 | 1935 | 1936 | 1937 | 1938 | 1939 | 1940 | 1941 | 1942 | Discovery 1943 | 1944 | 1945 | 1946 | 1947 | 1948 | 1949 | 1950 | 1951 | 1952 | 1953 | 1954 | 1955 | 1956 | 1957 | 1958 | 1959 | 1960 | 1961 | 1962 | 1963 | 1964 | 1965 | 1966 | 1967 | 1968 | 1969 | 86400 1970 | 1971 | SCOM.Management.Server.Class.PowerShell.Properties.Discovery.ps1 1972 | 1973 | #================================================================================= 1974 | # Script to gather SCOM Server Component properties via PowerShell 1975 | # 1976 | # Author: Kevin Holman 1977 | # 1978 | # Version: 3.3 1979 | #================================================================================= 1980 | param($SourceId,$ManagedEntityId,$ComputerName,$MGName) 1981 | 1982 | 1983 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 1984 | #================================================================================= 1985 | # $SourceId = '{00000000-0000-0000-0000-000000000000}' 1986 | # $ManagedEntityId = '{00000000-0000-0000-0000-000000000000}' 1987 | # $Computername = 'server.domain.com' 1988 | # $MGName = 'SCOM1' 1989 | #================================================================================= 1990 | 1991 | 1992 | # Constants section - modify stuff here: 1993 | #================================================================================= 1994 | # Assign script name variable for use in event logging 1995 | $ScriptName = "SCOM.Management.Server.Class.PowerShell.Properties.Discovery.ps1" 1996 | $EventID = "1006" 1997 | #================================================================================= 1998 | 1999 | 2000 | # Starting Script section - All scripts get this 2001 | #================================================================================= 2002 | # Gather the start time of the script 2003 | $StartTime = Get-Date 2004 | #Set variable to be used in logging events 2005 | $whoami = whoami 2006 | # Load MOMScript API 2007 | $momapi = New-Object -comObject MOM.ScriptAPI 2008 | #Log script event that we are starting task 2009 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).") 2010 | #================================================================================= 2011 | 2012 | 2013 | # Discovery Script section - Discovery scripts get this 2014 | #================================================================================= 2015 | # Load SCOM Discovery module 2016 | $DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId) 2017 | #================================================================================= 2018 | 2019 | 2020 | # Begin Main Script 2021 | #================================================================================= 2022 | # Begin Role Version Section 2023 | #======================================================================= 2024 | # Function to map a file version to a UR level 2025 | function URVersion($Version) 2026 | { 2027 | switch($Version) 2028 | { 2029 | # SCOM 2012 2030 | "7.1.10226.0" {"2012 R2 RTM"} 2031 | "7.1.10184.0" {"2012 R2 RTM"} #Gateway 2032 | "7.1.10226.1011" {"2012 R2 UR1"} 2033 | "7.1.10188.0" {"2012 R2 UR1"} #Gateway 2034 | "7.1.10226.1015" {"2012 R2 UR2"} 2035 | "7.1.10195.0" {"2012 R2 UR2"} #Gateway 2036 | "7.1.10226.1037" {"2012 R2 UR3"} 2037 | "7.1.10204.0" {"2012 R2 UR3"} #Gateway 2038 | "7.1.10226.1046" {"2012 R2 UR4"} 2039 | "7.1.10211.0" {"2012 R2 UR4"} #Gateway 2040 | "7.1.10226.1052" {"2012 R2 UR5"} 2041 | "7.1.10213.0" {"2012 R2 UR5"} #Gateway 2042 | "7.1.10226.1064" {"2012 R2 UR6"} 2043 | "7.1.10218.0" {"2012 R2 UR6"} #Gateway 2044 | "7.1.10226.1090" {"2012 R2 UR7"} 2045 | "7.1.10229.0" {"2012 R2 UR7"} #Gateway 2046 | "7.1.10226.1118" {"2012 R2 UR8"} 2047 | "7.1.10241.0" {"2012 R2 UR8"} #Gateway 2048 | "7.1.10226.1177" {"2012 R2 UR9"} 2049 | "7.1.10268.0" {"2012 R2 UR9"} #Gateway 2050 | "7.1.10226.1239" {"2012 R2 UR11"} 2051 | "7.1.10285.0" {"2012 R2 UR11"} #Gateway 2052 | "7.1.10226.1304" {"2012 R2 UR12"} 2053 | "7.1.10292.0" {"2012 R2 UR12"} #Gateway 2054 | "7.1.10226.1360" {"2012 R2 UR13"} 2055 | "7.1.10302.0" {"2012 R2 UR13"} #Gateway 2056 | "7.1.10226.1387" {"2012 R2 UR14"} 2057 | "7.1.10305.0" {"2012 R2 UR14"} #Gateway 2058 | "7.1.10226.1413" {"2012 R2 UR14 with KB5006871"} 2059 | 2060 | # SCOM 2016 2061 | "7.2.11719.0" {"2016 RTM"} 2062 | "8.0.10918.0" {"2016 RTM"} #Gateway 2063 | "7.2.11759.0" {"2016 UR1"} 2064 | "7.2.11822.0" {"2016 UR2"} 2065 | "8.0.10949.0" {"2016 UR2"} #Gateway 2066 | "7.2.11878.0" {"2016 UR3"} 2067 | "8.0.10970.0" {"2016 UR3"} #Gateway 2068 | "7.2.11938.0" {"2016 UR4"} 2069 | "8.0.10977.0" {"2016 UR4"} #Gateway 2070 | "7.2.12016.0" {"2016 UR5"} 2071 | "8.0.10990.0" {"2016 UR5"} #Gateway 2072 | "7.2.12066.0" {"2016 UR6"} 2073 | "8.0.11004.0" {"2016 UR6"} #Gateway 2074 | "7.2.12150.0" {"2016 UR7"} 2075 | "8.0.11025.0" {"2016 UR7"} #Gateway 2076 | "7.2.12213.0" {"2016 UR8"} 2077 | "8.0.11037.0" {"2016 UR8"} #Gateway 2078 | "7.2.12265.0" {"2016 UR9"} 2079 | "8.0.11049.0" {"2016 UR9"} #Gateway 2080 | "7.2.12324.0" {"2016 UR10"} 2081 | "8.0.11057.0" {"2016 UR10"} #Gateway 2082 | "7.2.12335.0" {"2016 UR10 with KB5006871"} 2083 | "7.2.12345.0" {"2016 UR10 with KB5028684"} 2084 | "7.2.12348.0" {"2016 UR10 with KB5037360"} 2085 | 2086 | # SEMI ANNUAL Channel 2087 | "7.3.13142.0" {"1801"} 2088 | "8.0.13053.0" {"1801"} #Gateway 2089 | "7.3.13261.0" {"1807"} 2090 | "8.0.13067.0" {"1807"} #Gateway 2091 | 2092 | # SCOM 2019 2093 | "10.19.10014.0" {"2019 TP"} 2094 | "10.19.10050.0" {"2019 RTM"} 2095 | "10.19.10311.0" {"2019 UR1"} 2096 | "10.19.10349.0" {"2019 UR1 with Hotfix"} 2097 | "10.19.10407.0" {"2019 UR2"} 2098 | "10.19.10153.0" {"2019 UR2"} #Gateway 2099 | "10.19.10505.0" {"2019 UR3"} 2100 | "10.19.10177.0" {"2019 UR3"} #Gateway 2101 | "10.19.10550.0" {"2019 UR3 with KB5006871"} 2102 | "10.19.10552.0" {"2019 UR3 with KB5005527"} 2103 | "10.19.10185.0" {"2019 UR3 with KB5005527"} #Gateway 2104 | "10.19.10569.0" {"2019 UR4"} 2105 | "10.19.10200.0" {"2019 UR4"} #Gateway 2106 | "10.19.10574.0" {"2019 UR4 with KB5016576"} 2107 | "10.19.10576.0" {"2019 UR4 with KB5016576"} 2108 | "10.19.10606.0" {"2019 UR5"} 2109 | "10.19.10211.0" {"2019 UR5"} #Gateway 2110 | "10.19.10615.0" {"2019 UR5 with KB5029601"} 2111 | "10.19.10616.0" {"2019 UR5 with KB5029512"} 2112 | "10.19.10618.0" {"2019 UR5 with KB5028684"} 2113 | "10.19.10649.0" {"2019 UR6"} 2114 | "10.19.10253.0" {"2019 UR6"} #Gateway 2115 | "10.19.10652.0" {"2019 UR6 with KB5037360"} 2116 | 2117 | # SCOM 2022 2118 | "10.22.10118.0" {"2022 RTM"} 2119 | "10.22.10337.0" {"2022 UR1"} 2120 | "10.22.10448.0" {"2022 UR1 with KB5024286"} 2121 | "10.22.10565.0" {"2022 UR1 with KB5029512"} 2122 | "10.22.10575.0" {"2022 UR1 with KB5029601"} 2123 | "10.22.10560.0" {"2022 UR1 with KB5028684"} 2124 | "10.22.10610.0" {"2022 UR2"} 2125 | "10.22.10618.0" {"2022 UR2 with KB5033752"} 2126 | "10.22.10684.0" {"2022 UR2 with KB5037360"} 2127 | "10.22.11642.0" {"2022 UR3"} 2128 | 2129 | # SCOM 2025 2130 | "10.25.10132.0" {"2025 RTM"} 2131 | } 2132 | } 2133 | 2134 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 2135 | $SCOMPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory 2136 | $SCOMPath = $SCOMPath.TrimEnd("\") 2137 | $SCOMCorePath = $SCOMPath.TrimEnd("Server") 2138 | $SCOMCorePath = $SCOMCorePath.TrimEnd("\") 2139 | 2140 | # Check to see if this is a Gateway 2141 | IF ($SCOMCorePath -match "Gateway") 2142 | { 2143 | $MS = $false 2144 | $ServerURFile = Get-Item $SCOMPath\HealthService.dll 2145 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2146 | $ServerURFileVersionSplit = $ServerURFileVersion.Split(".") 2147 | $MajorSCOMVersion = $ServerURFileVersionSplit[0] + "." + $ServerURFileVersionSplit[1] 2148 | 2149 | $MOMWsManModulesFile = Get-Item $SCOMPath\MOMWsManModules.dll 2150 | $MOMWsManModulesFileVersion = $MOMWsManModulesFile.VersionInfo.FileVersion 2151 | 2152 | $MOMCommonFile = Get-Item $SCOMPath\Microsoft.Mom.Common.dll 2153 | $MOMCommonFileVersion = $MOMCommonFile.VersionInfo.FileVersion 2154 | 2155 | IF ($ServerURFileVersion -eq "8.0.10949.0" -and $MOMWsManModulesFileVersion -eq "8.0.10918.0") 2156 | { 2157 | #This is SCOM 2016 UR2 2158 | $ServerURFileVersion = "8.0.10949.0" 2159 | } 2160 | ELSEIF ($ServerURFileVersion -eq "8.0.10949.0" -and $MOMWsManModulesFileVersion -eq "8.0.10970.0") 2161 | { 2162 | #This is SCOM 2016 UR3 and was patched from UR2 to UR3 2163 | $ServerURFileVersion = "8.0.10970.0" 2164 | } 2165 | ELSEIF ($ServerURFileVersion -eq "8.0.10918.0" -and $MOMWsManModulesFileVersion -eq "8.0.10970.0") 2166 | { 2167 | #This is SCOM 2016 UR3 and was patched from RTM to UR3 directly 2168 | $ServerURFileVersion = "8.0.10970.0" 2169 | } 2170 | ELSEIF ($ServerURFileVersion -eq "10.19.10014.0" -and $MOMCommonFileVersion -eq "10.19.10050.0") 2171 | { 2172 | #This is SCOM 2019 RTM 2173 | $ServerURFileVersion = "10.19.10050.0" 2174 | } 2175 | ELSEIF ($ServerURFileVersion -eq "10.19.10140.0" -and $MOMCommonFileVersion -eq "10.19.10050.0") 2176 | { 2177 | #This is SCOM 2019 UR1 2178 | $ServerURFileVersion = "10.19.10311.0" 2179 | } 2180 | ELSEIF ($ServerURFileVersion -eq "10.19.10177.0") 2181 | { 2182 | #This is SCOM 2019 UR3. Check for Post UR3 hotfix 2183 | $MOMModules2File = Get-Item $SCOMPath\MOMModules2.dll 2184 | $MOMModules2FileVersion = $MOMModules2File.VersionInfo.FileVersion 2185 | $ServerURFileVersion = $MOMModules2FileVersion 2186 | } 2187 | ELSEIF ($ServerURFileVersion -eq "10.19.10253.0") 2188 | { 2189 | #This is SCOM 2019 UR6. Check for Post UR6 hotfix 2190 | $SSHLIBFile = Get-Item $SCOMPath\sshlib.dll 2191 | $SSHLIBVersion = $SSHLIBFile.VersionInfo.FileVersion 2192 | IF ($SSHLIBVersion -eq "10.19.1255.0") 2193 | { 2194 | #This is KB5037360 patch on Gateway 2195 | $ServerURFileVersion = "10.19.10652.0" 2196 | } 2197 | } 2198 | ELSEIF ($MajorSCOMVersion -eq "10.22") 2199 | { 2200 | #This is SCOM 2022 2201 | $ServerURFile = Get-Item $SCOMPath\Microsoft.SystemCenter.Telemetry.EventData.dll 2202 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2203 | } 2204 | 2205 | # Set these to null since we do not expect a web console or a console on a GW 2206 | $WebConsoleURFileVersion = "" 2207 | $ConsoleURFileVersion = "" 2208 | } 2209 | ELSE #This is a Management Server not a Gateway 2210 | { 2211 | $MS = $true 2212 | $ServerURFile = Get-Item $SCOMPath\Microsoft.EnterpriseManagement.RuntimeService.dll 2213 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2214 | $ServerURFileVersionSplit = $ServerURFileVersion.Split(".") 2215 | $MajorSCOMVersion = $ServerURFileVersionSplit[0] + "." + $ServerURFileVersionSplit[1] 2216 | 2217 | IF ($MajorSCOMVersion -eq "7.1") #SCOM2012 2218 | { 2219 | Try 2220 | { 2221 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.EnterpriseManagement.Management.DataProviders.dll 2222 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2223 | } 2224 | Catch 2225 | { 2226 | $WebConsoleURFileVersion = "" 2227 | } 2228 | 2229 | #Need to see if this is Post SCOM2012 UR14 hotfix for web console 2230 | IF ($WebConsoleURFileVersion -eq "7.1.10226.1387") 2231 | { 2232 | #This is SCOM 2012 UR14. Check to see if hotfix is applied 2233 | $WebConsoleHotfixFile = Get-Item $SCOMCorePath\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin\ARViewer.dll 2234 | $WebConsoleHotfixFileVersion = $WebConsoleHotfixFile.VersionInfo.FileVersion 2235 | $WebConsoleURFileVersion = $WebConsoleHotfixFileVersion 2236 | } 2237 | 2238 | Try 2239 | { 2240 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.Management.DataProviders.dll 2241 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2242 | } 2243 | Catch 2244 | { 2245 | $ConsoleURFileVersion = "" 2246 | } 2247 | } 2248 | 2249 | IF ($MajorSCOMVersion -eq "7.2") #SCOM2016 2250 | { 2251 | Try 2252 | { 2253 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.EnterpriseManagement.Monitoring.DataProviders.dll 2254 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2255 | } 2256 | Catch 2257 | { 2258 | $WebConsoleURFileVersion = "" 2259 | } 2260 | 2261 | #Need to see if this is Post SCOM2016 UR10 hotfix for web console 2262 | IF ($WebConsoleURFileVersion -eq "7.2.12324.0") 2263 | { 2264 | #This is SCOM 2016 UR10. Check to see if hotfix is applied 2265 | $WebConsoleHotfixFile = Get-Item $SCOMCorePath\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin\ARViewer.dll 2266 | $WebConsoleHotfixFileVersion = $WebConsoleHotfixFile.VersionInfo.FileVersion 2267 | $WebConsoleURFileVersion = $WebConsoleHotfixFileVersion 2268 | } 2269 | 2270 | Try 2271 | { 2272 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.Monitoring.DataProviders.dll 2273 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2274 | } 2275 | Catch 2276 | { 2277 | $ConsoleURFileVersion = "" 2278 | } 2279 | } 2280 | 2281 | IF ($MajorSCOMVersion -eq "7.3") #SCOM 1801 or 1807 Semi Annual Channel 2282 | { 2283 | $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessLayer.dll 2284 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2285 | 2286 | Try 2287 | { 2288 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.Mom.Common.dll 2289 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2290 | } 2291 | Catch 2292 | { 2293 | $WebConsoleURFileVersion = "" 2294 | } 2295 | Try 2296 | { 2297 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Common.dll 2298 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2299 | } 2300 | Catch 2301 | { 2302 | $ConsoleURFileVersion = "" 2303 | } 2304 | } 2305 | 2306 | IF ($MajorSCOMVersion -eq "10.19") #SCOM 2019 2307 | { 2308 | #We need to use a different file for versioning for SCOM 2019 2309 | $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessLayer.dll 2310 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2311 | 2312 | #Check to see if this is UR1 plus Hotfix special case 2313 | $ServerUR1HotfixFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessService.OperationsManager.dll 2314 | $ServerUR1HotfixFileVersion = $ServerUR1HotfixFile.VersionInfo.FileVersion 2315 | IF ($ServerUR1HotfixFileVersion -eq "10.19.10349.0") 2316 | { 2317 | $ServerURFileVersion = $ServerUR1HotfixFileVersion 2318 | } 2319 | 2320 | #Check to see if this is SCOM 2019 UR3 plus hotfix 2321 | IF ($ServerURFileVersion -eq "10.19.10505.0") 2322 | { 2323 | #This is SCOM 2019 UR3. Check for KB5005527 2324 | $ServerUR3HotfixFile = Get-Item $SCOMCorePath\Server\Eula\Omversion.dll 2325 | $ServerUR3HotfixFileVersion = $ServerUR3HotfixFile.VersionInfo.FileVersion 2326 | $ServerURFileVersion = $ServerUR3HotfixFileVersion 2327 | } 2328 | 2329 | #Check to see if this is SCOM 2019 UR6 plus hotfix 2330 | IF ($ServerURFileVersion -eq "10.19.10649.0") 2331 | { 2332 | #This is SCOM 2019 UR6. Check for KB5037360 2333 | $ServerUR6HotfixFile = Get-Item $SCOMCorePath\Server\Tools\TMF\OMTraceTMFVer.Dll 2334 | $ServerUR6HotfixFileVersion = $ServerUR6HotfixFile.VersionInfo.FileVersion 2335 | $ServerURFileVersion = $ServerUR6HotfixFileVersion 2336 | } 2337 | 2338 | 2339 | Try 2340 | { 2341 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\Dashboard\OMVersion.dll 2342 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2343 | } 2344 | Catch 2345 | { 2346 | $WebConsoleURFileVersion = "" 2347 | } 2348 | 2349 | #Need to see if this isPost UR3 hotfix for web console 2350 | IF ($WebConsoleURFileVersion -eq "10.19.10505.0") 2351 | { 2352 | #This is SCOM 2019 UR3. Check for KB5006871 2353 | $WebConsoleHotfixFile = Get-Item $SCOMCorePath\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin\ARViewer.dll 2354 | $WebConsoleHotfixFileVersion = $WebConsoleHotfixFile.VersionInfo.FileVersion 2355 | $WebConsoleURFileVersion = $WebConsoleHotfixFileVersion 2356 | } 2357 | 2358 | Try 2359 | { 2360 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Components.dll 2361 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2362 | } 2363 | Catch 2364 | { 2365 | $ConsoleURFileVersion = "" 2366 | } 2367 | 2368 | #Need to see if this is Post UR4 hotfix for console 2369 | IF ($ConsoleURFileVersion -eq "10.19.10569.0") 2370 | { 2371 | #This is SCOM 2019 UR4. Check for KB5016576 2372 | $ConsoleHotfixFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.UI.Authoring.dll 2373 | $ConsoleHotfixFileVersion = $ConsoleHotfixFile.VersionInfo.FileVersion 2374 | $ConsoleURFileVersion = $ConsoleHotfixFileVersion 2375 | } 2376 | 2377 | #Need to see if this is Post UR6 hotfix for console 2378 | IF ($ConsoleURFileVersion -eq "10.19.10649.0") 2379 | { 2380 | #This is SCOM 2019 UR6. Check for KB5037360 2381 | $ConsoleHotfixFile = Get-Item $SCOMCorePath\Console\Tools\TMF\OMTraceTMFVer.Dll 2382 | $ConsoleHotfixFileVersion = $ConsoleHotfixFile.VersionInfo.FileVersion 2383 | $ConsoleURFileVersion = $ConsoleHotfixFileVersion 2384 | } 2385 | 2386 | 2387 | } 2388 | 2389 | 2390 | IF ($MajorSCOMVersion -eq "10.22") #SCOM 2022 2391 | { 2392 | #Detect SCOM UR Version 2393 | #We need to use a different file for versioning for SCOM 2022 2394 | $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.Mom.Common.dll 2395 | $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion 2396 | 2397 | #Check to see if this is SCOM 2022 UR2 plus hotfix 2398 | IF ($ServerURFileVersion -eq "10.22.10610.0") 2399 | { 2400 | #This is SCOM 2022 UR2. Check for KB5037360 2401 | $ServerUR2HotfixFile = Get-Item $SCOMCorePath\Server\Tools\TMF\OMTraceTMFVer.Dll 2402 | $ServerUR2HotfixFileVersion = $ServerUR2HotfixFile.VersionInfo.FileVersion 2403 | $ServerURFileVersion = $ServerUR2HotfixFileVersion 2404 | } 2405 | 2406 | 2407 | Try 2408 | { 2409 | $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\Dashboard\OMVersion.dll 2410 | $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion 2411 | } 2412 | Catch 2413 | { 2414 | $WebConsoleURFileVersion = "" 2415 | } 2416 | 2417 | Try 2418 | { 2419 | $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Components.dll 2420 | $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion 2421 | } 2422 | Catch 2423 | { 2424 | $ConsoleURFileVersion = "" 2425 | } 2426 | 2427 | #Check to see if this is SCOM 2022 UR2 plus hotfix 2428 | IF (($ConsoleURFileVersion -eq "10.22.10605.0") -or ($ConsoleURFileVersion -eq "10.22.10610.0")) 2429 | { 2430 | #This is SCOM 2022 UR2. Check for KB5033752 and KB5037360 2431 | $ConsoleUR2HotfixFile = Get-Item $SCOMCorePath\Console\Tools\TMF\OMTraceTMFVer.Dll 2432 | $ConsoleUR2HotfixFileVersion = $ConsoleUR2HotfixFile.VersionInfo.FileVersion 2433 | $ConsoleURFileVersion = $ConsoleUR2HotfixFileVersion 2434 | } 2435 | 2436 | } 2437 | } 2438 | $ServerURLevel = URVersion $ServerURFileVersion 2439 | $WebConsoleURLevel = URVersion $WebConsoleURFileVersion 2440 | $ConsoleURLevel = URVersion $ConsoleURFileVersion 2441 | #======================================================================= 2442 | 2443 | # Get Log Analytics Workspaces section 2444 | #======================================================================= 2445 | # Load SCOM Agent scripting module 2446 | $AgentCfg = New-Object -ComObject "AgentConfigManager.MgmtSvcCfg" 2447 | # Try Catch since agent might not support method and throw error or might be empty 2448 | try 2449 | { 2450 | $LAWorkspaces=$AgentCfg.GetCloudWorkspaces() 2451 | foreach($LAWorkspace in $LAWorkspaces) 2452 | { 2453 | $LAList=$LAList + $LAWorkspace.workspaceId + ", " 2454 | } 2455 | $LAList=$LAList.TrimEnd(", ") 2456 | } 2457 | catch 2458 | { 2459 | $LAList='' 2460 | } 2461 | #======================================================================= 2462 | 2463 | # Get PowerShell Version section 2464 | #======================================================================= 2465 | $PSVer = $PSVersionTable.PSVersion 2466 | [string]$PSMajor = $PSVer.Major 2467 | [string]$PSMinor = $PSVer.Minor 2468 | $PSVersion = $PSMajor + "." + $PSMinor 2469 | #======================================================================= 2470 | 2471 | # Get PowerShell CLR Version section 2472 | #======================================================================= 2473 | $CLRVer = $PSVersionTable.CLRVersion 2474 | [string]$CLRMajor = $CLRVer.Major 2475 | [string]$CLRMinor = $CLRVer.Minor 2476 | $CLRVersion = $CLRMajor + "." + $CLRMinor 2477 | #======================================================================= 2478 | 2479 | # Get Assignments section if not a Management Server 2480 | #======================================================================= 2481 | [string]$PrimaryMS = "" 2482 | [string]$FailoverList = "" 2483 | 2484 | #Only continue if this is a Gateway 2485 | IF ($MS -eq $false) 2486 | { 2487 | $HSParametersRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\HealthService\Parameters" 2488 | IF ($HSStateDir = (Get-ItemProperty $HSParametersRegKey).'State Directory') 2489 | { 2490 | $FilePath = "$HSStateDir\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 2491 | } 2492 | ELSE 2493 | { 2494 | $FilePath = "$SCOMPath\Health Service State\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml" 2495 | } 2496 | 2497 | IF (Test-Path -Path $FilePath) 2498 | { 2499 | [xml]$ConfigFileXML = Get-Content -Path $FilePath 2500 | 2501 | #Get Primary MS 2502 | $PrimaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "True"} 2503 | $PrimaryMS = $PrimaryArr.AuthenticationName 2504 | 2505 | #Get list of Secondary MS 2506 | $SecondaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "False"} 2507 | [string]$SecondaryMSList = @() 2508 | FOREACH ($SecondaryXML in $SecondaryArr) 2509 | { 2510 | $SecondaryMS = $SecondaryXML.AuthenticationName 2511 | $SecondaryMSList = $SecondaryMSList + $SecondaryMS + ", " 2512 | } 2513 | $FailoverList = $SecondaryMSList.TrimEnd(", ") 2514 | } 2515 | ELSE 2516 | { 2517 | #Log script event that we cannot find config file 2518 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "Cannot find config file at path ($FilePath)") 2519 | } 2520 | } 2521 | #======================================================================= 2522 | 2523 | # Get Action Account section 2524 | #======================================================================= 2525 | # Get the action account this script is running under. We will assume that is the default action account 2526 | try 2527 | { 2528 | $user = "" 2529 | $domain = "" 2530 | $oNetwork = new-object -comobject "WScript.Network" 2531 | $user = $oNetwork.UserName 2532 | $domain = $oNetwork.UserDomain 2533 | If(($user.Length -eq 0) -or ($user -eq "SYSTEM")) 2534 | { 2535 | $ActionAccount = $user 2536 | } 2537 | Else 2538 | { 2539 | $ActionAccount = $domain + "\" + $user 2540 | } 2541 | } 2542 | catch 2543 | { 2544 | $momapi.LogScriptEvent($ScriptName,$EventID,2, "Failed to retrieve the User name and domain for the action account, error: ", $error.Description) 2545 | } 2546 | #======================================================================= 2547 | 2548 | # Get OSVersion section 2549 | #======================================================================= 2550 | $OSRegKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" 2551 | [string]$OSCurrentVersion = (Get-ItemProperty $OSRegKey).CurrentVersion 2552 | [string]$OSCurrentBuildNumber = (Get-ItemProperty $OSRegKey).CurrentBuildNumber 2553 | [string]$OSCurrentCurrentMajorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMajorVersionNumber 2554 | [string]$OSCurrentCurrentMinorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMinorVersionNumber 2555 | 2556 | # If Windows 10 or WS2016 use new reg keys else use old keys 2557 | IF ($OSCurrentCurrentMajorVersionNumber) 2558 | { 2559 | [string]$OSVersion = $OSCurrentCurrentMajorVersionNumber + "." + $OSCurrentCurrentMinorVersionNumber + "." + $OSCurrentBuildNumber 2560 | } 2561 | ELSE 2562 | { 2563 | [string]$OSVersion = $OSCurrentVersion + "." + $OSCurrentBuildNumber 2564 | } 2565 | #======================================================================= 2566 | 2567 | # Get Certificate Section 2568 | #======================================================================= 2569 | $CertRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings" 2570 | IF(Test-Path $CertRegKey) 2571 | { 2572 | [array]$CertValue = (Get-ItemProperty $CertRegKey).ChannelCertificateSerialNumber 2573 | IF($Certvalue) 2574 | { 2575 | $CertLoaded = $True 2576 | [string]$CertThumbPrint = (Get-ItemProperty $CertRegKey).ChannelCertificateHash 2577 | $Cert = Get-ChildItem -path cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq $CertThumbPrint} 2578 | IF ($Cert) 2579 | { 2580 | [datetime]$CertExpiresDateTime = $Cert.NotAfter 2581 | [string]$CertExpires = $CertExpiresDateTime.ToShortDateString() 2582 | $CertIssuerArr = $Cert.Issuer 2583 | $CertIssuerSplit = $CertIssuerArr.Split(",") 2584 | [string]$CertIssuer = $CertIssuerSplit[0].TrimStart("CN=") 2585 | } 2586 | ELSE 2587 | { 2588 | $CertIssuer = "NotFound" 2589 | $CertExpires = "NotFound" 2590 | } 2591 | 2592 | } 2593 | ELSE 2594 | { 2595 | $CertLoaded = $False 2596 | } 2597 | } 2598 | ELSE 2599 | { 2600 | $CertLoaded = $False 2601 | } 2602 | #======================================================================= 2603 | 2604 | # Get TLS12Enforced Section 2605 | #======================================================================= 2606 | #Set the value to good by default then look for any bad or missing settings 2607 | $TLS12Enforced = $True 2608 | 2609 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client") 2610 | { 2611 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").Enabled 2612 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").DisabledByDefault 2613 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2614 | { 2615 | $TLS12Enforced = $False 2616 | } 2617 | } 2618 | ELSE 2619 | { 2620 | $TLS12Enforced = $False 2621 | } 2622 | 2623 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server") 2624 | { 2625 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server").Enabled 2626 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server").DisabledByDefault 2627 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2628 | { 2629 | $TLS12Enforced = $False 2630 | } 2631 | } 2632 | ELSE 2633 | { 2634 | $TLS12Enforced = $False 2635 | } 2636 | 2637 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client") 2638 | { 2639 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").Enabled 2640 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").DisabledByDefault 2641 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2642 | { 2643 | $TLS12Enforced = $False 2644 | } 2645 | } 2646 | ELSE 2647 | { 2648 | $TLS12Enforced = $False 2649 | } 2650 | 2651 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server") 2652 | { 2653 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server").Enabled 2654 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server").DisabledByDefault 2655 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2656 | { 2657 | $TLS12Enforced = $False 2658 | } 2659 | } 2660 | ELSE 2661 | { 2662 | $TLS12Enforced = $False 2663 | } 2664 | 2665 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client") 2666 | { 2667 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").Enabled 2668 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").DisabledByDefault 2669 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2670 | { 2671 | $TLS12Enforced = $False 2672 | } 2673 | } 2674 | ELSE 2675 | { 2676 | $TLS12Enforced = $False 2677 | } 2678 | 2679 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server") 2680 | { 2681 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server").Enabled 2682 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server").DisabledByDefault 2683 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2684 | { 2685 | $TLS12Enforced = $False 2686 | } 2687 | } 2688 | ELSE 2689 | { 2690 | $TLS12Enforced = $False 2691 | } 2692 | 2693 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client") 2694 | { 2695 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").Enabled 2696 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").DisabledByDefault 2697 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2698 | { 2699 | $TLS12Enforced = $False 2700 | } 2701 | } 2702 | ELSE 2703 | { 2704 | $TLS12Enforced = $False 2705 | } 2706 | 2707 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server") 2708 | { 2709 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server").Enabled 2710 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server").DisabledByDefault 2711 | IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1) 2712 | { 2713 | $TLS12Enforced = $False 2714 | } 2715 | } 2716 | ELSE 2717 | { 2718 | $TLS12Enforced = $False 2719 | } 2720 | 2721 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client") 2722 | { 2723 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").Enabled 2724 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").DisabledByDefault 2725 | IF ($Enabled -ne 1 -or $DisabledByDefault -ne 0) 2726 | { 2727 | $TLS12Enforced = $False 2728 | } 2729 | } 2730 | ELSE 2731 | { 2732 | $TLS12Enforced = $False 2733 | } 2734 | 2735 | IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server") 2736 | { 2737 | $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server").Enabled 2738 | $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server").DisabledByDefault 2739 | IF ($Enabled -ne 1 -or $DisabledByDefault -ne 0) 2740 | { 2741 | $TLS12Enforced = $False 2742 | } 2743 | } 2744 | ELSE 2745 | { 2746 | $TLS12Enforced = $False 2747 | } 2748 | 2749 | IF (Test-Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319") 2750 | { 2751 | $SchUseStrongCrypto = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto 2752 | IF ($SchUseStrongCrypto -ne 1) 2753 | { 2754 | $TLS12Enforced = $False 2755 | } 2756 | } 2757 | ELSE 2758 | { 2759 | $TLS12Enforced = $False 2760 | } 2761 | 2762 | IF (Test-Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319") 2763 | { 2764 | $SchUseStrongCrypto = (Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto 2765 | IF ($SchUseStrongCrypto -ne 1) 2766 | { 2767 | $TLS12Enforced = $False 2768 | } 2769 | } 2770 | ELSE 2771 | { 2772 | $TLS12Enforced = $False 2773 | } 2774 | #======================================================================= 2775 | 2776 | # Get SQL Driver ODBC Section 2777 | #======================================================================= 2778 | $RegPath = "HKLM:SOFTWARE\Microsoft\Microsoft ODBC Driver 17 for SQL Server\CurrentVersion" 2779 | 2780 | IF (Test-Path $RegPath) 2781 | { 2782 | [string]$SQLODBC = (Get-ItemProperty $RegPath)."Version" 2783 | } 2784 | ELSE 2785 | { 2786 | [string]$SQLODBC = "Not Installed" 2787 | } 2788 | #======================================================================= 2789 | 2790 | # Get SQL Driver MSOLEDBSQL Section 2791 | #======================================================================= 2792 | $RegPath = "HKLM:SOFTWARE\Microsoft\Microsoft OLE DB Driver for SQL Server\CurrentVersion" 2793 | 2794 | IF (Test-Path $RegPath) 2795 | { 2796 | [string]$SQLMSOLEDBSQL = (Get-ItemProperty $RegPath)."Version" 2797 | } 2798 | ELSE 2799 | { 2800 | [string]$SQLMSOLEDBSQL = "Not Installed" 2801 | } 2802 | #======================================================================= 2803 | 2804 | # Discovery Script section - Discovery scripts get this 2805 | #================================================================================= 2806 | $instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='SCOM.Management.Server.Class']$") 2807 | $instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $Computername) 2808 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ServerVersion$", $ServerURFileVersion) 2809 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ServerURLevel$", $ServerURLevel) 2810 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/WebConsoleVersion$", $WebConsoleURFileVersion) 2811 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/WebConsoleURLevel$", $WebConsoleURLevel) 2812 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ConsoleVersion$", $ConsoleURFileVersion) 2813 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ConsoleURLevel$", $ConsoleURLevel) 2814 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/LAWorkspaces$", $LAList) 2815 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/PSVersion$", $PSVersion) 2816 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CLRVersion$", $CLRVersion) 2817 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/OSVersion$", $OSVersion) 2818 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/PrimaryMS$", $PrimaryMS) 2819 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/FailoverList$", $FailoverList) 2820 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ActionAccount$", $ActionAccount) 2821 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/InstallPath$", $SCOMPath) 2822 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertLoaded$", $CertLoaded) 2823 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertExpires$", $CertExpires) 2824 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertThumbPrint$", $CertThumbPrint) 2825 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertIssuer$", $CertIssuer) 2826 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/TLS12Enforced$", $TLS12Enforced) 2827 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/SQLMSOLEDBSQL$", $SQLMSOLEDBSQL) 2828 | $instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/SQLODBC$", $SQLODBC) 2829 | $DiscoveryData.AddInstance($instance) 2830 | 2831 | # Return Discovery Items Normally 2832 | $DiscoveryData 2833 | # Return Discovery Bag to the command line for testing (does not work from ISE) 2834 | # $momapi.Return($DiscoveryData) 2835 | #================================================================================= 2836 | 2837 | 2838 | # End of script section 2839 | #================================================================================= 2840 | #Log an event for script ending and total execution time. 2841 | $EndTime = Get-Date 2842 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 2843 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script has completed. ServerVersion: ($ServerURFileVersion). `n Server UR Level: ($ServerURLevel). `n WebConsoleVersion: ($WebConsoleURFileVersion). `n Web Console UR Level: ($WebConsoleURLevel). `n ConsoleVersion: ($ConsoleURFileVersion). `n Console UR Level: ($ConsoleURLevel). `n LA Workspaces: ($LAList). `n PowerShell Version: ($PSVersion). `n CLR Version: ($CLRVersion). `n OSVersion: ($OSVersion). `n Primary MS: ($PrimaryMS). `n Secondary MS Failover list: ($FailoverList). `n Action Account: ($ActionAccount). `n Install path: ($SCOMPath). `n TLS 1.2 Enforced: ($TLS12Enforced). `n ODBC Driver: ($SQLODBC). `n Runtime was ($ScriptTime) seconds.") 2844 | #================================================================================= 2845 | # End of script 2846 | 2847 | 2848 | 2849 | 2850 | SourceId 2851 | $MPElement$ 2852 | 2853 | 2854 | ManagedEntityId 2855 | $Target/Id$ 2856 | 2857 | 2858 | ComputerName 2859 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 2860 | 2861 | 2862 | MGName 2863 | $Target/ManagementGroup/Name$ 2864 | 2865 | 2866 | 600 2867 | 2868 | 2869 | 2870 | 2871 | 2872 | Alert 2873 | 2874 | 2875 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$ 2876 | Application 2877 | 2878 | 2879 | 2880 | 2881 | 2882 | EventDisplayNumber 2883 | 2884 | Equal 2885 | 2886 | 100 2887 | 2888 | 2889 | 2890 | 2891 | 2892 | 2893 | PublisherName 2894 | 2895 | Equal 2896 | 2897 | TEST 2898 | 2899 | 2900 | 2901 | 2902 | 2903 | 2904 | 2905 | 2906 | 2907 | 0 2908 | 0 2909 | 2910 | 2911 | 2912 | $MPElement[Name="SCOM.Management.TestEvent100.Rule.AlertMessage"]$ 2913 | 2914 | $Data/EventDescription$ 2915 | 2916 | 2917 | 2918 | 2919 | 2920 | 2921 | 2922 | 2923 | 2924 | 2925 | 2926 | 2927 | 2928 | 2929 | 2930 | 2931 | 2932 | 2933 | Custom 2934 | 2935 | MGNAME 2936 | MSName.Domain.Com 2937 | 60 2938 | 2939 | 2940 | 2941 | Custom 2942 | 2943 | MGNAME 2944 | MSName.Domain.Com 2945 | 60 2946 | 2947 | 2948 | 2949 | Custom 2950 | 2951 | $Target/Property[Type="System!System.Entity"]/DisplayName$ 2952 | 120 2953 | 2954 | 2955 | 2956 | Custom 2957 | 2958 | $Target/Property[Type="SC!Microsoft.SystemCenter.UserActionManager"]/TargetDevicePrincipalName$ 2959 | 120 2960 | 2961 | 2962 | 2963 | Custom 2964 | 2965 | %systemroot%\System32\cmd.exe 2966 | 2967 | /c EVENTCREATE /T ERROR /ID 100 /L APPLICATION /SO TEST /D "This is a Test event 100" 2968 | 60 2969 | true 2970 | 2971 | 2972 | 2973 | Custom 2974 | 2975 | 2976 | 120 2977 | 2978 | 2979 | 2980 | Custom 2981 | 2982 | SCOM.Management.DisableADIntegration.Task.ps1 2983 | 2984 | #================================================================================= 2985 | # Script to disable AD integration 2986 | #================================================================================= 2987 | 2988 | #================================================================================= 2989 | # Constants section - modify stuff here: 2990 | 2991 | # Assign script name variable for use in event logging 2992 | $ScriptName = "SCOM.Management.DisableADIntegration.Task.ps1" 2993 | #================================================================================= 2994 | 2995 | # Gather who the script is running as 2996 | $whoami = whoami 2997 | 2998 | #Load the MOMScript API and discovery propertybag 2999 | $momapi = New-Object -comObject "Mom.ScriptAPI" 3000 | 3001 | #Log script event that we are starting task 3002 | $momapi.LogScriptEvent($ScriptName,1321,0, "Starting script. Running as ($whoami)") 3003 | 3004 | # Begin Main Script 3005 | #================================================================================= 3006 | Write-Host "Task Starting. Running as $whoami" 3007 | #Load agent scripting object 3008 | Write-Host "Loading agent scripting objects." 3009 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 3010 | #Disable AD integration 3011 | Write-Host "Disabling AD Integration" 3012 | $AgentCfg.DisableActiveDirectoryIntegration() 3013 | #Restart Agent 3014 | Write-Host "AD Integration Disabled." 3015 | Write-Host "Restarting Agent now." 3016 | #================================================================================= 3017 | # End Main Script 3018 | 3019 | # Restart Agent 3020 | #================================================================================= 3021 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 3022 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 3023 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 3024 | $Process.ShowWindow = 0 3025 | $Process.CreateFlags = 16777216 3026 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 3027 | #================================================================================= 3028 | 3029 | 3030 | 120 3031 | 3032 | 3033 | 3034 | Custom 3035 | 3036 | SCOM.Management.EnableADIntegration.Task.ps1 3037 | 3038 | #================================================================================= 3039 | # Script to enable AD integration 3040 | #================================================================================= 3041 | 3042 | #================================================================================= 3043 | # Constants section - modify stuff here: 3044 | 3045 | # Assign script name variable for use in event logging 3046 | $ScriptName = "SCOM.Management.EnableADIntegration.Task.ps1" 3047 | #================================================================================= 3048 | 3049 | # Gather who the script is running as 3050 | $whoami = whoami 3051 | 3052 | #Load the MOMScript API and discovery propertybag 3053 | $momapi = New-Object -comObject "Mom.ScriptAPI" 3054 | 3055 | #Log script event that we are starting task 3056 | $momapi.LogScriptEvent($ScriptName,1321,0, "Starting script. Running as ($whoami)") 3057 | 3058 | # Begin Main Script 3059 | #================================================================================= 3060 | Write-Host "Task Starting. Running as $whoami" 3061 | #Load agent scripting object 3062 | Write-Host "Loading agent scripting objects." 3063 | $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg 3064 | #Enable AD integration 3065 | Write-Host "Enabling AD Integration" 3066 | $AgentCfg.EnableActiveDirectoryIntegration() 3067 | #Restart Agent 3068 | Write-Host "AD Integration Enabled." 3069 | Write-Host "Restarting Agent now." 3070 | #================================================================================= 3071 | # End Main Script 3072 | 3073 | # Restart Agent 3074 | #================================================================================= 3075 | #We need a reliable way to restart the SCOM Agent out of band so that tasks can complete with success 3076 | $Command = "Start-Sleep -s 5;Restart-Service HealthService" 3077 | $Process = ([wmiclass]"root\cimv2:Win32_ProcessStartup").CreateInstance() 3078 | $Process.ShowWindow = 0 3079 | $Process.CreateFlags = 16777216 3080 | ([wmiclass]"root\cimv2:Win32_Process").Create("powershell.exe $Command")|Out-Null 3081 | #================================================================================= 3082 | 3083 | 3084 | 120 3085 | 3086 | 3087 | 3088 | Custom 3089 | 3090 | Operations Manager 3091 | \\servername\sharename 3092 | 60 3093 | 3094 | 3095 | 3096 | Maintenance 3097 | 3098 | 3099 | 3100 | Custom 3101 | 3102 | %systemroot%\System32\cmd.exe 3103 | 3104 | /c ""c:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe" /A "NT AUTHORITY\SYSTEM"" 3105 | 60 3106 | true 3107 | 3108 | 3109 | 3110 | Custom 3111 | 3112 | %systemroot%\System32\cmd.exe 3113 | 3114 | /c "c:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe" /L 3115 | 60 3116 | true 3117 | 3118 | 3119 | 3120 | Custom 3121 | 3122 | 3123 | 300 3124 | 3125 | 3126 | 3127 | Maintenance 3128 | 3129 | SCOM.Management.InstallSoftwareFromShare.Task.vbs 3130 | "msiexec.exe /p \\servername\sharename\filename /qn" 3131 | 3132 | on error resume next 3133 | 3134 | set oShellEnv = oShell.Environment("Process") 3135 | computerName = oShellEnv("ComputerName") 3136 | 3137 | CommandAndFilePath = WScript.Arguments(0) 3138 | 3139 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 3140 | 3141 | Set objProcess = objWMIService.Get("Win32_Process") 3142 | Set objProgram = objProcess.Methods_( _ 3143 | "Create").InParameters.SpawnInstance_ 3144 | objProgram.CommandLine = CommandAndFilePath 3145 | 3146 | Set strShell = objWMIService.ExecMethod( _ 3147 | "Win32_Process", "Create", objProgram) 3148 | 3149 | Wscript.Echo "Software Install Executed" 3150 | 3151 | 300 3152 | 3153 | 3154 | 3155 | Custom 3156 | 3157 | WorkspaceID 3158 | WorkspaceKey 3159 | 3160 | 0 3161 | 300 3162 | 3163 | 3164 | 3165 | Custom 3166 | 3167 | WorkspaceID 3168 | 300 3169 | 3170 | 3171 | 3172 | Custom 3173 | 3174 | MGNAME 3175 | 60 3176 | 3177 | 3178 | 3179 | Custom 3180 | 3181 | MGNAME 3182 | 60 3183 | 3184 | 3185 | 3186 | Custom 3187 | 3188 | SCOM.Management.RestartHealthService.Task.vbs 3189 | 3190 | 3191 | Option Explicit 3192 | On Error Resume Next 3193 | Dim ScriptName, oAPI, objWMIService, oShell, oShellEnv, computerName, strCommand, objProcess, objProgram, strShell 3194 | 3195 | ScriptName = "SCOM.Management.RestartHealthService.Task.vbs" 3196 | 3197 | 'Load momscript API 3198 | Set oAPI = CreateObject("MOM.ScriptAPI") 3199 | 'Log script event that we are starting 3200 | Call oAPI.LogScriptEvent(ScriptName, 1313, 2, "A command to restart the agent was sent. We will attempt to stop and then restart the Healthservice now.") 3201 | 3202 | 'Begin Healthservice Restart 3203 | Set oShell = WScript.CreateObject("WScript.Shell") 3204 | set oShellEnv = oShell.Environment("Process") 3205 | computerName = oShellEnv("ComputerName") 3206 | 'Echo that we are about to start for task output 3207 | WScript.echo "Beginning Restart attempt for HealthService on " & computerName 3208 | strCommand = "cmd /c net stop HealthService & cmd /c net start HealthService" 3209 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 3210 | Set objProcess = objWMIService.Get("Win32_Process") 3211 | Set objProgram = objProcess.Methods_( _ 3212 | "Create").InParameters.SpawnInstance_ 3213 | objProgram.CommandLine = strCommand 3214 | Set strShell = objWMIService.ExecMethod( _ 3215 | "Win32_Process", "Create", objProgram) 3216 | 'Echo that we are restarting for task output 3217 | WScript.echo "Restarting HealthService on " & computerName 3218 | 'End Healthservice Restart 3219 | 3220 | 60 3221 | 3222 | 3223 | 3224 | Custom 3225 | 3226 | SCOM.Management.RestartHealthServiceHS.Task.vbs 3227 | 3228 | 3229 | Option Explicit 3230 | On Error Resume Next 3231 | Dim ScriptName, oAPI, objWMIService, oShell, oShellEnv, computerName, strCommand, objProcess, objProgram, strShell 3232 | 3233 | ScriptName = "SCOM.Management.RestartHealthServiceHS.Task.vbs" 3234 | 3235 | 'Load momscript API 3236 | Set oAPI = CreateObject("MOM.ScriptAPI") 3237 | 'Log script event that we are starting 3238 | Call oAPI.LogScriptEvent(ScriptName, 1313, 2, "A command to restart the agent was sent. We will attempt to stop and then restart the Healthservice now.") 3239 | 3240 | 'Begin Healthservice Restart 3241 | Set oShell = WScript.CreateObject("WScript.Shell") 3242 | set oShellEnv = oShell.Environment("Process") 3243 | computerName = oShellEnv("ComputerName") 3244 | 'Echo that we are about to start for task output 3245 | WScript.echo "Beginning Restart attempt for HealthService on " & computerName 3246 | strCommand = "cmd /c net stop HealthService & cmd /c net start HealthService" 3247 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 3248 | Set objProcess = objWMIService.Get("Win32_Process") 3249 | Set objProgram = objProcess.Methods_( _ 3250 | "Create").InParameters.SpawnInstance_ 3251 | objProgram.CommandLine = strCommand 3252 | Set strShell = objWMIService.ExecMethod( _ 3253 | "Win32_Process", "Create", objProgram) 3254 | 'Echo that we are restarting for task output 3255 | WScript.echo "Restarting HealthService on " & computerName 3256 | 'End Healthservice Restart 3257 | 3258 | 60 3259 | 3260 | 3261 | 3262 | Custom 3263 | 3264 | ServiceName 3265 | 60 3266 | 3267 | 3268 | 3269 | Custom 3270 | 3271 | 3272 | 60 3273 | 3274 | 3275 | 3276 | Custom 3277 | 3278 | SCOM.Management.SetManuallyInstalledFalse.Task.ps1 3279 | 3280 | #================================================================================= 3281 | # Script to Set HealthService Manually Installed to False 3282 | #================================================================================= 3283 | Param($AgentName) 3284 | 3285 | # $AgentName = "WS2012R2.opsmgr.net" 3286 | 3287 | 3288 | #================================================================================= 3289 | # Constants section - modify stuff here: 3290 | 3291 | # Assign script name variable for use in event logging 3292 | $ScriptName = "SCOM.Management.SetManuallyInstalledFalse.Task.ps1" 3293 | #================================================================================= 3294 | 3295 | # Gather who the script is running as 3296 | $whoami = whoami 3297 | 3298 | #Load the MOMScript API and discovery propertybag 3299 | $momapi = New-Object -comObject "Mom.ScriptAPI" 3300 | 3301 | #Log script event that we are starting task 3302 | $momapi.LogScriptEvent($ScriptName,1317,0, "Starting script. Running as ($whoami)") 3303 | 3304 | # Begin Main Script 3305 | #================================================================================= 3306 | Write-Host "Task Starting. Running as $whoami" 3307 | 3308 | IF ($AgentName) 3309 | { 3310 | Write-Host "Agent Name is ($AgentName)." 3311 | } 3312 | ELSE 3313 | { 3314 | Write-Host "FATAL ERROR: Agent Name was not passed to script. Terminating" 3315 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: Agent Name was not passed to script. Terminating") 3316 | #EXIT 3317 | } 3318 | 3319 | #Connect to SQL 3320 | 3321 | $SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup" 3322 | $SQLServer = (Get-ItemProperty $SCOMRegKey).DatabaseServerName 3323 | $SQLDBName = (Get-ItemProperty $SCOMRegKey).DatabaseName 3324 | 3325 | $SqlQuery1 = "SELECT IsManuallyInstalled from MT_HealthService WHERE DisplayName = '$AgentName'" 3326 | 3327 | Write-Host "Connecting to SQL. SQL Server: ($SQLServer). SQL DB: ($SQLDBName)." 3328 | 3329 | $SqlConnection = New-Object System.Data.SqlClient.SqlConnection 3330 | $SqlConnection.ConnectionString = "Server=$SQLServer;Database=$SQLDBName;Integrated Security=True" 3331 | $SqlCmd = New-Object System.Data.SqlClient.SqlCommand 3332 | $SqlCmd.CommandText = $SqlQuery1 3333 | $SqlCmd.Connection = $SqlConnection 3334 | $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter 3335 | $SqlAdapter.SelectCommand = $SqlCmd 3336 | $ds = New-Object System.Data.DataSet 3337 | $SqlAdapter.Fill($ds) | Out-Null 3338 | 3339 | $RowCount = $ds.Tables[0].Rows.Count 3340 | 3341 | IF ($RowCount -lt 1) 3342 | { 3343 | Write-Host "FATAL ERROR: We did not retrieve an IsManuallyInstalled value from SQL for ($AgentName). Terminating" 3344 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: We did not retrieve an InsManuallyInstalled value from SQL for ($AgentName). Terminating") 3345 | #EXIT 3346 | } 3347 | 3348 | $IsManInstValue = $ds.Tables[0].Rows[0].IsManuallyInstalled 3349 | 3350 | IF ($IsManInstValue -ne $true) 3351 | { 3352 | Write-Host "FATAL ERROR: IsManuallyInstalled value from SQL for ($AgentName) is ($IsManInstValue). Terminating" 3353 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: IsManuallyInstalled value from SQL for ($AgentName) is ($IsManInstValue). Terminating") 3354 | #EXIT 3355 | } 3356 | 3357 | # Update Table in SQL 3358 | Write-Host "IsManuallyInstalled value found from SQL was ($IsManInstValue). Attempting to Update SQL now." 3359 | 3360 | $SqlQuery2 = "UPDATE MT_HealthService 3361 | SET IsManuallyInstalled=0 WHERE IsManuallyInstalled=1 AND BaseManagedEntityId IN 3362 | (select BaseManagedEntityID from BaseManagedEntity where BaseManagedTypeId = 'AB4C891F-3359-3FB6-0704-075FBFE36710' AND DisplayName = '$AgentName')" 3363 | 3364 | $SqlCmd.CommandText = $SqlQuery2 3365 | $SqlCmd.Connection = $SqlConnection 3366 | $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter 3367 | $SqlAdapter.SelectCommand = $SqlCmd 3368 | $ds = New-Object System.Data.DataSet 3369 | $SqlAdapter.Fill($ds) | Out-Null 3370 | 3371 | # Check value Again 3372 | 3373 | $SqlCmd.CommandText = $SqlQuery1 3374 | $SqlCmd.Connection = $SqlConnection 3375 | $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter 3376 | $SqlAdapter.SelectCommand = $SqlCmd 3377 | $ds = New-Object System.Data.DataSet 3378 | $SqlAdapter.Fill($ds) | Out-Null 3379 | $SqlConnection.Close() 3380 | 3381 | $IsManInstValue = $ds.Tables[0].Rows[0].IsManuallyInstalled 3382 | 3383 | IF ($IsManInstValue -ne $false) 3384 | { 3385 | Write-Host "FATAL ERROR: Attempt to set IsManuallyInstalled value failed. Current value for ($AgentName) is ($IsManInstValue). Terminating" 3386 | $momapi.LogScriptEvent($ScriptName,1317,2, "FATAL ERROR: Attempt to set IsManuallyInstalled value failed. Current value for ($AgentName) is ($IsManInstValue). Terminating") 3387 | #EXIT 3388 | } 3389 | 3390 | Write-Host "Successfully set IsManuallyInstalled value. New value for ($AgentName) is ($IsManInstValue)." 3391 | #================================================================================= 3392 | # End Main Script 3393 | 3394 | 3395 | 3396 | AgentName 3397 | $Target/Property[Type="System!System.Entity"]/DisplayName$ 3398 | 3399 | 3400 | 120 3401 | 3402 | 3403 | 3404 | Custom 3405 | 3406 | $Target/Property[Type='SC!Microsoft.SystemCenter.HealthServiceWatcher']/HealthServiceName$ 3407 | 120 3408 | 3409 | 3410 | 3411 | 3412 | 3413 | Custom 3414 | 3415 | 3416 | 3417 | 3418 | 3419 | 3420 | 3421 | 3422 | 3423 | Custom 3424 | 3425 | SCOM.Management.EventLogSecurity.Monitor.Recovery.ps1 3426 | 3427 | #================================================================================= 3428 | # Script to recover the security configuration of the Operations Manager event log 3429 | # 3430 | # Author: Kevin Holman 3431 | # 3432 | # Version: 1.0 3433 | # 3434 | #================================================================================= 3435 | 3436 | 3437 | # Manual Testing section - put stuff here for manually testing script - typically parameters: 3438 | #================================================================================= 3439 | #================================================================================= 3440 | 3441 | 3442 | # Constants section - modify stuff here: 3443 | #================================================================================= 3444 | # Assign script name variable for use in event logging 3445 | $ScriptName = "SCOM.Management.EventLogSecurity.Monitor.Recovery.ps1" 3446 | $EventID = "3800" 3447 | 3448 | $RegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Operations Manager" 3449 | $NewValue = "O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)" 3450 | #================================================================================= 3451 | 3452 | 3453 | # Starting Script section 3454 | #================================================================================= 3455 | # Gather the start time of the script 3456 | $StartTime = Get-Date 3457 | #Set variable to be used in logging events 3458 | $whoami = whoami 3459 | # Load MOMScript API 3460 | $momapi = New-Object -comObject MOM.ScriptAPI 3461 | #================================================================================= 3462 | 3463 | 3464 | # Begin MAIN script section 3465 | #================================================================================= 3466 | #Log script event that we are starting task 3467 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nRecovery script for Operations Manager event log security is starting. `nRunning as ($whoami).") 3468 | write-host "Recovery script for Operations Manager event log security is starting. Running as ($whoami)." 3469 | 3470 | #Get the Event Log Security before modification 3471 | [string]$EvtSecBefore = (Get-ItemProperty -Path $RegPath -Name CustomSD).CustomSD 3472 | 3473 | #Log event 3474 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nThe registry value before modification is: `n($EvtSecBefore). `nSetting new security configuration now.") 3475 | write-host "The registry value before modification is: `n($EvtSecBefore). `nSetting new security configuration now." 3476 | 3477 | #Set new security 3478 | Set-ItemProperty -Path $RegPath -Name CustomSD -Value $NewValue 3479 | 3480 | #Get the Event Log Security after modification 3481 | [string]$EvtSecAfter = (Get-ItemProperty -Path $RegPath -Name CustomSD).CustomSD 3482 | 3483 | #Log event 3484 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nThe registry value after modification is: `n($EvtSecAfter).") 3485 | write-host "The registry value after modification is: `n($EvtSecAfter)." 3486 | 3487 | 3488 | # End of script section 3489 | #================================================================================= 3490 | #Log an event for script ending and total execution time. 3491 | $EndTime = Get-Date 3492 | $ScriptTime = ($EndTime - $StartTime).TotalSeconds 3493 | $momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript Completed. `nScript Runtime: ($ScriptTime) seconds.") 3494 | write-host "Script Completed. Script Runtime: ($ScriptTime) seconds." 3495 | #================================================================================= 3496 | # End of script 3497 | 3498 | 240 3499 | 3500 | 3501 | 3502 | 3503 | 3504 | 3505 | 3506 | Res.SCOM.Management.ConsolePing.Task 3507 | ShellHandler 3508 | 3509 | 3510 | %windir%\system32\ping.exe 3511 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 3512 | 3513 | 3514 | 3515 | Res.SCOM.Management.ComputerManagement.Task 3516 | ShellHandler 3517 | 3518 | 3519 | %windir%\system32\mmc.exe 3520 | %windir%\system32\compmgmt.msc 3521 | /computer:$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ 3522 | 3523 | 3524 | 3525 | Res.SCOM.Management.RDP.Task 3526 | ShellHandler 3527 | 3528 | 3529 | %windir%\system32\mstsc.exe 3530 | /v: 3531 | $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$ /f 3532 | 3533 | 3534 | 3535 | 3536 | 3537 | Custom 3538 | 3539 | 3540 | 255 3541 | 3542 | 3543 | 3544 | 3545 | Operations 3546 | 3547 | false 3548 | 3549 | 3550 | 3551 | State 3552 | SCOM.Management.Agent.Class-*-7d5bddb4-c5c3-ee48-c42a-4c8d047825d0-*-Health 3553 | 3554 | 3555 | Maintenance Mode 3556 | InMaintenanceMode 3557 | 3558 | 3559 | Name 3560 | Name 3561 | 3562 | 3563 | Path 3564 | Path 3565 | 3566 | 3567 | Display Name 3568 | System.Entity/DisplayName 3569 | 3570 | 3571 | Agent Version 3572 | SCOM.Management.Agent.Class/AgentVersion 3573 | 3574 | 3575 | Update Rollup 3576 | SCOM.Management.Agent.Class/UpdateRollup 3577 | 3578 | 3579 | AD INT Enabled 3580 | SCOM.Management.Agent.Class/ADIntEnabled 3581 | 3582 | 3583 | Management Groups 3584 | SCOM.Management.Agent.Class/ManagementGroups 3585 | 3586 | 3587 | LA Workspaces 3588 | SCOM.Management.Agent.Class/LAWorkspaces 3589 | 3590 | 3591 | PS Installed 3592 | SCOM.Management.Agent.Class/PSInstalled 3593 | 3594 | 3595 | PS VER 3596 | SCOM.Management.Agent.Class/PSVersion 3597 | 3598 | 3599 | CLR.NET VER 3600 | SCOM.Management.Agent.Class/CLRVersion 3601 | 3602 | 3603 | OS Version 3604 | SCOM.Management.Agent.Class/OSVersion 3605 | 3606 | 3607 | OS Name 3608 | SCOM.Management.Agent.Class/OSName 3609 | 3610 | 3611 | Primary MS 3612 | SCOM.Management.Agent.Class/PrimaryMS 3613 | 3614 | 3615 | Failover List 3616 | SCOM.Management.Agent.Class/FailoverList 3617 | 3618 | 3619 | Action Account 3620 | SCOM.Management.Agent.Class/ActionAccount 3621 | 3622 | 3623 | InstallPath 3624 | SCOM.Management.Agent.Class/InstallPath 3625 | 3626 | 3627 | APM Installed 3628 | SCOM.Management.Agent.Class/APMInstalled 3629 | 3630 | 3631 | 3632 | 3633 | 3634 | Operations 3635 | 3636 | false 3637 | 3638 | 3639 | 3640 | State 3641 | SCOM.Management.Server.Class-*-f67c58eb-c269-0b3a-d1ee-8c11bb668210-*-Health 3642 | 3643 | 3644 | Maintenance Mode 3645 | InMaintenanceMode 3646 | 3647 | 3648 | Name 3649 | Name 3650 | 3651 | 3652 | Path 3653 | Path 3654 | 3655 | 3656 | Display Name 3657 | System.Entity/DisplayName 3658 | 3659 | 3660 | Server Version 3661 | SCOM.Management.Server.Class/ServerVersion 3662 | 3663 | 3664 | Server UR Level 3665 | SCOM.Management.Server.Class/ServerURLevel 3666 | 3667 | 3668 | WebConsole Version 3669 | SCOM.Management.Server.Class/WebConsoleVersion 3670 | 3671 | 3672 | WebConsole UR Level 3673 | SCOM.Management.Server.Class/WebConsoleURLevel 3674 | 3675 | 3676 | Console Version 3677 | SCOM.Management.Server.Class/ConsoleVersion 3678 | 3679 | 3680 | Console UR Level 3681 | SCOM.Management.Server.Class/ConsoleURLevel 3682 | 3683 | 3684 | LA Workspaces 3685 | SCOM.Management.Server.Class/LAWorkspaces 3686 | 3687 | 3688 | PS VER 3689 | SCOM.Management.Server.Class/PSVersion 3690 | 3691 | 3692 | CLR.NET VER 3693 | SCOM.Management.Server.Class/CLRVersion 3694 | 3695 | 3696 | OS Version 3697 | SCOM.Management.Server.Class/OSVersion 3698 | 3699 | 3700 | OS Name 3701 | SCOM.Management.Server.Class/OSName 3702 | 3703 | 3704 | Primary MS 3705 | SCOM.Management.Server.Class/PrimaryMS 3706 | 3707 | 3708 | Failover List 3709 | SCOM.Management.Server.Class/FailoverList 3710 | 3711 | 3712 | Action Account 3713 | SCOM.Management.Server.Class/ActionAccount 3714 | 3715 | 3716 | InstallPath 3717 | SCOM.Management.Server.Class/InstallPath 3718 | 3719 | 3720 | 3721 | 3722 | 3723 | Operations 3724 | 3725 | false 3726 | 3727 | 3728 | 3729 | State 3730 | Microsoft.SystemCenter.AgentWatcher-*-3a9dc906-03f3-d5ee-dde3-dd9b9f8d2f9c-*-Health 3731 | 3732 | 3733 | In Maintenance Mode 3734 | InMaintenanceMode 3735 | 3736 | 3737 | Name 3738 | Name 3739 | 3740 | 3741 | Path 3742 | Path 3743 | 3744 | 3745 | Display Name 3746 | System.Entity/DisplayName 3747 | 3748 | 3749 | Health Service ID 3750 | Microsoft.SystemCenter.HealthServiceWatcher/HealthServiceId 3751 | 3752 | 3753 | Health Service Name 3754 | Microsoft.SystemCenter.HealthServiceWatcher/HealthServiceName 3755 | 3756 | 3757 | 3758 | 3759 | 3760 | Operations 3761 | 3762 | false 3763 | 3764 | IsAgent 3765 | 1 3766 | 3767 | 3768 | 3769 | 3770 | State 3771 | Microsoft.SystemCenter.HealthService-*-ab4c891f-3359-3fb6-0704-075fbfe36710-*-Health 3772 | 3773 | 3774 | Maintenance Mode 3775 | InMaintenanceMode 3776 | 3777 | 3778 | Name 3779 | Name 3780 | 3781 | 3782 | Path 3783 | Path 3784 | 3785 | 3786 | Display Name 3787 | System.Entity/DisplayName 3788 | 3789 | 3790 | Authentication Name 3791 | Microsoft.SystemCenter.HealthService/AuthenticationName 3792 | 3793 | 3794 | Maximum Queue Size 3795 | Microsoft.SystemCenter.HealthService/MaximumQueueSize 3796 | 3797 | 3798 | Maximum Size Of All Transferred Files 3799 | Microsoft.SystemCenter.HealthService/MaximumSizeOfAllTransferredFiles 3800 | 3801 | 3802 | Request Compression 3803 | Microsoft.SystemCenter.HealthService/RequestCompression 3804 | 3805 | 3806 | Create Listener 3807 | Microsoft.SystemCenter.HealthService/CreateListener 3808 | 3809 | 3810 | Port 3811 | Microsoft.SystemCenter.HealthService/Port 3812 | 3813 | 3814 | Is Root Health Service Emulator 3815 | Microsoft.SystemCenter.HealthService/IsRHS 3816 | 3817 | 3818 | Is Management Server 3819 | Microsoft.SystemCenter.HealthService/IsManagementServer 3820 | 3821 | 3822 | Is Agent 3823 | Microsoft.SystemCenter.HealthService/IsAgent 3824 | 3825 | 3826 | Is Gateway 3827 | Microsoft.SystemCenter.HealthService/IsGateway 3828 | 3829 | 3830 | Is Manually Installed 3831 | Microsoft.SystemCenter.HealthService/IsManuallyInstalled 3832 | 3833 | 3834 | Installed By 3835 | Microsoft.SystemCenter.HealthService/InstalledBy 3836 | 3837 | 3838 | Install Time 3839 | Microsoft.SystemCenter.HealthService/InstallTime 3840 | 3841 | 3842 | Version 3843 | Microsoft.SystemCenter.HealthService/Version 3844 | 3845 | 3846 | Action Account Identity 3847 | Microsoft.SystemCenter.HealthService/ActionAccountIdentity 3848 | 3849 | 3850 | Send Heartbeats to Management Servers 3851 | Microsoft.SystemCenter.HealthService/HeartbeatEnabled 3852 | 3853 | 3854 | Heartbeat Interval (seconds) 3855 | Microsoft.SystemCenter.HealthService/HeartbeatInterval 3856 | 3857 | 3858 | Managed Through Active Directory 3859 | Microsoft.SystemCenter.HealthService/ActiveDirectoryManaged 3860 | 3861 | 3862 | Proxying Enabled 3863 | Microsoft.SystemCenter.HealthService/ProxyingEnabled 3864 | 3865 | 3866 | Patch List 3867 | Microsoft.SystemCenter.HealthService/PatchList 3868 | 3869 | 3870 | Agent communication protocol 3871 | Microsoft.SystemCenter.HealthService/Protocol 3872 | 3873 | 3874 | Agent initiates connection to parent agents 3875 | Microsoft.SystemCenter.HealthService/InitiatesConnectionToParent 3876 | 3877 | 3878 | Authentication service URI 3879 | Microsoft.SystemCenter.HealthService/ThirdPartyAuthenticationUri 3880 | 3881 | 3882 | User Action Manager 3883 | Microsoft.SystemCenter.UserActionManager 3884 | 3885 | 3886 | Agent Manager 3887 | Microsoft.SystemCenter.AgentManager 3888 | 3889 | 3890 | Crash Listener 3891 | Microsoft.SystemCenter.CM.AEM.CrashListener 3892 | 3893 | 3894 | CEIP Data Listener Instance 3895 | Microsoft.SystemCenter.CM.SQM.SQMListener 3896 | 3897 | 3898 | 3899 | 3900 | 3901 | Operations 3902 | 3903 | false 3904 | 3905 | 3906 | 3907 | State 3908 | Microsoft.SystemCenter.UserActionManager-*-1a9742b2-cf8d-5ddf-f6bd-0fbb1c5a5565-*-Health 3909 | 3910 | 3911 | Maintenance Mode 3912 | InMaintenanceMode 3913 | 3914 | 3915 | Name 3916 | Name 3917 | 3918 | 3919 | Path 3920 | Path 3921 | 3922 | 3923 | Display Name 3924 | System.Entity/DisplayName 3925 | 3926 | 3927 | Target Device Principal Name 3928 | Microsoft.SystemCenter.UserActionManager/TargetDevicePrincipalName 3929 | 3930 | 3931 | Target Device Network Name 3932 | Microsoft.SystemCenter.UserActionManager/TargetDeviceNetworkName 3933 | 3934 | 3935 | Primary Management Server 3936 | Microsoft.SystemCenter.UserActionManager/ManagementServerName 3937 | 3938 | 3939 | Pending State Type 3940 | Microsoft.SystemCenter.UserActionManager/PendingStateType 3941 | 3942 | 3943 | Last Modified Time 3944 | Microsoft.SystemCenter.UserActionManager/LastModified 3945 | 3946 | 3947 | Failure Type 3948 | Microsoft.SystemCenter.UserActionManager/FailureType 3949 | 3950 | 3951 | 3952 | 3953 | 3954 | 3955 | 3956 | 3957 | 3958 | 3959 | 3960 | 3961 | 3962 | 3963 | 3964 | 3965 | 3966 | 3967 | 3968 | 3969 | 3970 | 3971 | 3972 | 3973 | SCOM Management 3974 | This is a SCOM Management MP to collect data on agents and servers and provide tasks which are useful for management and administration -- Kevin Holman 3975 | 3976 | 3977 | Management Group - ADD 3978 | 3979 | 3980 | Management Group - ADD 3981 | 3982 | 3983 | SCOM Agent Management Class 3984 | 3985 | 3986 | SCOM Management Agent Class Discovery 3987 | 3988 | 3989 | SCOM Management Agent PowerShell Properties Discovery 3990 | 3991 | 3992 | Action Account 3993 | 3994 | 3995 | AD INT Enabled 3996 | 3997 | 3998 | Agent Version 3999 | 4000 | 4001 | APM Installed 4002 | 4003 | 4004 | Architecture 4005 | 4006 | 4007 | CertExpires 4008 | 4009 | 4010 | CertIssuer 4011 | 4012 | 4013 | CertLoaded 4014 | 4015 | 4016 | CLR.NET VER 4017 | 4018 | 4019 | Connection 4020 | 4021 | 4022 | .NET Version 4023 | 4024 | 4025 | Failover List 4026 | 4027 | 4028 | InstallPath 4029 | 4030 | 4031 | IP 4032 | 4033 | 4034 | Management Groups 4035 | 4036 | 4037 | Log Analytics Workspaces 4038 | 4039 | 4040 | OS Name 4041 | 4042 | 4043 | OS Version 4044 | 4045 | 4046 | Primary MS 4047 | 4048 | 4049 | ProxyURL 4050 | 4051 | 4052 | PS Installed 4053 | 4054 | 4055 | PS VER 4056 | 4057 | 4058 | Cert ThumbPrint 4059 | 4060 | 4061 | Update Rollup 4062 | 4063 | 4064 | Agent - DELETE 4065 | 4066 | 4067 | SCOM Agents 4068 | 4069 | 4070 | Test Alerts 4071 | 4072 | 4073 | Approve Pending Agent 4074 | 4075 | 4076 | SCOM Management Base Class 4077 | 4078 | 4079 | Computer Management 4080 | 4081 | 4082 | Ping 4083 | 4084 | 4085 | Create Test Event 4086 | 4087 | 4088 | Agent - DELETE 4089 | 4090 | 4091 | Agent - AD INT DISABLE 4092 | 4093 | 4094 | Agent - AD INT ENABLE 4095 | 4096 | 4097 | SCOM EventLogSecurity Network Service Elevation of Privilege Monitor 4098 | 4099 | 4100 | EventLogSecurityGood 4101 | 4102 | 4103 | EventLogSecurityBad 4104 | 4105 | 4106 | Export Event Log 4107 | 4108 | 4109 | Healthservice - FLUSH 4110 | 4111 | 4112 | SCOM HealthService 4113 | 4114 | 4115 | SCOM HealthService Watcher 4116 | 4117 | 4118 | HSLockDown - Add SYSTEM 4119 | 4120 | 4121 | HSLockDown - LIST Accounts 4122 | 4123 | 4124 | Agent - INSTALL 4125 | 4126 | 4127 | Execute Software From Share 4128 | 4129 | 4130 | Log Analytics Workspace - ADD 4131 | 4132 | 4133 | Log Analytics Workspace - REMOVE 4134 | 4135 | 4136 | SCOM Pending Actions 4137 | 4138 | 4139 | Remote Desktop 4140 | 4141 | 4142 | Management Group - REMOVE 4143 | 4144 | 4145 | Management Group - REMOVE 4146 | 4147 | 4148 | Healthservice - RESTART 4149 | 4150 | 4151 | Healthservice - RESTART 4152 | 4153 | 4154 | Execute any Service Restart 4155 | 4156 | 4157 | SCOM Management 4158 | 4159 | 4160 | Execute any PowerShell 4161 | 4162 | 4163 | SCOM Server Management Class 4164 | 4165 | 4166 | SCOM Management Server Class Discovery 4167 | 4168 | 4169 | SCOM Management Server PowerShell Properties Discovery 4170 | 4171 | 4172 | Action Account 4173 | 4174 | 4175 | CertExpires 4176 | 4177 | 4178 | CertIssuer 4179 | 4180 | 4181 | CertLoaded 4182 | 4183 | 4184 | CLR.NET VER 4185 | 4186 | 4187 | Console UR Level 4188 | 4189 | 4190 | Console Version 4191 | 4192 | 4193 | .NET Version 4194 | 4195 | 4196 | Failover List 4197 | 4198 | 4199 | InstallPath 4200 | 4201 | 4202 | SQL MSOLEDBSQL 4203 | 4204 | 4205 | Log Analytics Workspaces 4206 | 4207 | 4208 | OS Name 4209 | 4210 | 4211 | OS Version 4212 | 4213 | 4214 | Primary MS 4215 | 4216 | 4217 | PS VER 4218 | 4219 | 4220 | Server UR Level 4221 | 4222 | 4223 | Server Version 4224 | 4225 | 4226 | Cert ThumbPrint 4227 | 4228 | 4229 | TLS 1.2 Registry Enforced 4230 | 4231 | 4232 | SQL ODBC 4233 | 4234 | 4235 | WebConsole UR Level 4236 | 4237 | 4238 | WebConsole Version 4239 | 4240 | 4241 | SCOM Servers 4242 | 4243 | 4244 | SET IsManuallyInstalled to FALSE 4245 | 4246 | 4247 | SCOM Management Alert on Test Event 100 Rule 4248 | 4249 | 4250 | Test Alert on Test Event 100 4251 | This is a test alert fired by event ID 100: 4252 | Event Description: 4253 | {0} 4254 | 4255 | 4256 | Agent - DELETE 4257 | 4258 | 4259 | 4260 | 4261 | 4262 | 4263 | Summary 4264 | This monitor inspects the Operations Manager Event log security access, and is unhealthy when Network Service is detected to have a high level of priviledge. 4265 | The monitor inspects the registry at HKLM:SYSTEM\CurrentControlSet\Services\EventLog\Operations Manager\CustomSD 4266 | If the string (A;;0x3;;;NU) is found, this means Network Service has a high level of rights and should be removed per KB4601269. 4267 | See: 4268 | https://support.microsoft.com/en-us/topic/update-for-event-log-channel-in-system-center-operations-manager-2019-kb4601269-19bfccbe-dbda-1371-9871-f2a32157028a 4269 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1728 4270 | 4271 | 4272 | 4273 | 4274 | 4275 | 4276 | 4277 | 4278 | 4279 | 4280 | 4281 | --------------------------------------------------------------------------------