Author Archives: kartikkopalle

Powershell Script to clear cache on SCOM Agents

 

$path = “C:\GreyAgents.txt”

$srvlist = Get-Content “$path”

$serviceName = “HealthService”

Foreach ($srv in $srvlist)
{
Write-host “Greyagents” : “$srv”

Invoke-Command -ComputerName $srv -Scriptblock{ Stop-Service -ServiceName ‘HealthService’}

Invoke-Command -ComputerName $srv -Scriptblock{ Remove-item -path “C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State” -Recurse}

Start-sleep -Seconds 10

Invoke-Command -ComputerName $srv -Scriptblock{ Start-Service -ServiceName ‘HealthService’}

Write-host “Cleared Cache Successfully”

}

 

 

Advertisements

Powershell Script to schedule Maintenance Mode in SCOM

 

$path = “C:\SCOMMaintenanceMode.txt”
$domain = “kartik.com”

 

$MyFile = Get-content “$path”
$MyFile
foreach($srv in $MyFile)
{
Write-host “ServerName : $srv”

$startTime = [DateTime]::Now
$endTime = $startTime.AddMinutes(20)

$srv += “.$domain”

$Class = get-SCOMclass | where-object {$_.Name -eq “Microsoft.Windows.Computer”};
$Instance = Get-SCOMClassInstance -Class $Class | Where-Object {$_.Displayname -eq “$srv”};
Start-SCOMMaintenanceMode -Instance $Instance -Reason “PlannedOther” -EndTime $endTime -Comment “Scheduled SCOM Maintenance Window”

}

 

Powershell Script to recycle HealthService on all GreyAgents in SCOM

$path = “C:\GreyAgents.txt”

$srvlist = Get-Content “$path”

$serviceName = “HealthService”

Foreach ($srv in $srvlist)
{
Write-host “Greyagents” : “$srv”

 

Invoke-Command -ComputerName $srv -Scriptblock{ Stop-Service -ServiceName ‘HealthService’}

 

Start-sleep -Seconds 10

 

Invoke-Command -ComputerName $srv -Scriptblock{ Start-Service -ServiceName ‘HealthService’}

Write-host “Health Service ReStarted Successfully”

}

 

List out Grey agents in SCOM with Powershell

# Create a file for output

$file=”C:\Greyagents.txt”

$startdate =Get-date

$runtime =”$(Get-date -format “M/dd/yyyy H:MM”)”

$CurrentDate = $CurrentDate.ToString(‘MM-dd-yyyy_hh-mm-Ss’)

#get the SystemCenter Agent Class

$agent = Get-SCOMClass | where-object{$_.name -eq “microsoft.systemcenter.agent”}

#Get the grey agents

$objects = Get-SCOMMonitoringObject -class:$agent | where {$_.IsAvailable –eq $false}

forEach($object in $objects)
{

# display list of grey agents in PS window

write-host “Greyagents:$object”

#if you want output to Notepad, execute this

$object.displayname+”,”+$Object.HealthState| Out-file $file -append

# if you want output to csv, execute this

$object|Select Displayname,Healthstate | Export-Csv -Path “C:\Greyagents\Greyagents_$currentdate.csv”

}

 

 

 

 

 

 

Useful Excel Tips

How to compare two columns in Excel

 

  1. Select the specific column
  2. Navigate to Home- Conditional Formatting
  3. Select New Rule
  4. Select the option ” Use a formula which cells to format
  5. Add the formula =countif($B:$B, $A1)
  6. Navigate to Format Cells and select Fill
  7. Select any colour to differentiate the results
  8. Now the matching values will have the selected colour

Useful Powershell commands for System Center Operations Manager

  1. Export Management Packs :

To Export all the available Management Packs

Export-SCOMManagementPack -Path “C:\MPArchive”

To Export the List to CSV

Get-SCOMManagementPack | Export-CSV C:\MP.csv

To Export a Specific Management Pack

Get-SCOMManagementPack -Name *ManagementPack Name* | Export-SCOMManagementPack -Path “C:\MPArchive”

To Export Monitors of a Specific Management Pack 

Get-SCOMManagementPack -Name *ManagementPack Name* | Get-SCOMMonitor | Export-csv spmonitor.csv

To Export Rules of a Specific Management Pack 

Get-SCOMManagementPack -Name *ManagementPack Name* | Get-SCOMRule | Export-csv sprule.csv

 

To get disabled discoveries in a Management Pack

Get-SCOMManagementPack -Name *sharepoint* | where-object {$_.sealed -eq $false} | export-csv disableddiscoveries.csv

 

To Get the critical errors in SCOM for a particular period

Get-SCOMAlert | Where-Object{$_.Timeraised -gt “5/13/2017”} | where-Object{$_.Severity -eq “error”} | measure | export-csv Warnings.csv

 

To get the list of all rules/Monitors from all Management Packs

Get-SCOMMonitor | select DisplayName, ManagementPackName, Enabled, ManagementGroup | Export-csv ConsolidatedMonitors.csv

 

 

 

 

 

 

 

Enterprise Mobility and Security – Software updates with Windows Intune

What’s Changed in Enterprise Mobility Suite:

Enterprise Mobility Suite is renamed as Enterprise Mobility and Security. The existing enterprise Mobility Suite becomes Enterprise Mobility + Security E3 with no change for existing customers. A new upcoming plan will be known as Enterprise Mobility + Security E5.

Intune and its changes:

New Management Capabilities which includes Windows Updates, Windows Firewall and Endpoint protection

Azure AD Premium and its changes:

The existing Azure Active Directory Premium becomes Azure Active Directory Premium P1 with no change for existing customers

Azure Active Directory Premium P2 which will be available in coming days includes all the capabilities of Azure Active Directory Premium P1 as well as Identity Protection and Privileged Identity Management capabilities

Azure RMS and its Changes:

Azure Rights Management Premium becomes Azure Information Protection Premium P1 with no change in existing customers and Azure Information Protection Premium P2 adds advanced capabilities


Managing Windows with Microsoft Intune Client software:

Get a trial version of EMS here

Instead of enrolling windows PC as a mobile device, we can now enroll and manage windows PC’s by installing a client software. This has got the new management capabilities which supports Software updates, windows firewall and Endpoint protection

 

The following management capabilities are added with Intune client software:

  1. Application Management : Deploying Applications
  2. Endpoint protection : Managing and monitor malware attacks
  3. Windows Firewall : Configuring windows firewall settings
  4. Hardware and software inventory
  5. Remote control : Remote assistance request
  6. Software updates : Managing software updates

In this discussion, I am showcasing the software updates capabilities with Windows Intune Client software

  1. Download the client software

Intune Client software can be downloaded from here Or from the Intune Admin Console as shown below

Login to Intune portal at https://manage.microsoft.com

1.png

2.png

3.png

2. Enroll the windows Machine

Once the Intune Client software is downloaded and installed, the windows machine reports to Intune

4

 

We can check the status of the machine in company portal too  at https://portal.manage.microsoft.com

5

6.png

Now we can manage the updates for this Windows Machine with Intune

Software Updates in Windows Intune:

This feature is similar to the software update feature in System Center Configuration Manager where we can keep the windows Machines up to date with the latest software updates. These updates can be from Microsoft/non-Microsoft. When we enroll a Windows Machine in Intune with Intune Client software, that Machine reports to Intune wherein we can see the no of updates required, manage the updates by approving/declining, see the status of the installation and compliance.

A sample Intune Dashboard showing software updates

7.png

Different Types of Updates: There are 7 different types of updates available out of which some are mandatory updates which doesn’t prompt for approval

8.png


Microsoft vs Non-Microsoft Updates:

Software Updates by Microsoft:  Before we configure Microsoft updates, we have to configure product categories and update classifications

Navigate to Intune console – > Admin -> Updates where we can select the category and classification as per our requirement

9.png

39.PNG

 Now, as we selected the product category and update classification, all the updates are synchronized to Intune console

11.png

Automatic approval rules – These rules automatically approve specified types of update and reduce your administrative overhead. For example, you might want to automatically approve all critical software updates.

12.png

Update Software not made from Microsoft:

We can also update the software which is not from Microsoft. To achieve this, we have to upload the software through upload wizard which will be saved in the cloud storage and later we can approve/decline and deploy to the specific collection as we do for Microsoft updates


Deploying a sample Microsoft update to enrolled computer:

Now, we installed a Intune client software, enrolled a computer to Intune console, selected the product category and classification, synchronised the updates to Intune. Let us try deploying a security update to the enrolled computer.

The enrolled computer has 96 software updates that need approval

13.1.png

Select any update and approve it

14.png

Create a collection ( group ) and deploy the update to the collection

16.png

Select the approval settings. These are similar to the settings in System Center Configuration Manager

17.png

Select the deadline to install the update

18.png

Open Microsoft Intune Center ( This is similar to Software Center in System Center Configuration Manager ) in the client machine and check for updates

20

You can see that the updates are getting installed

Check for the updates installation in control panel

21.png


Deploying a sample Non – Microsoft update to enrolled computer:

We can even deploy Non-Microsoft Applications and updates with Intune by uploading the application/update to the Intune storage and then deploying to the specific collection or a group. In this case, I have chosen Google chrome as a Non-Microsoft application which is to be deployed to the enrolled computer. We can also try with Java updates as Non-Microsoft updates if Java is installed in the machine

Navigate to Intune console -> updates -> All Updates and click on upload

23.png

24

Specify the location of update setup file

25.png

26.png

This is quite interesting section. This will allow to select the architecture and Operating system so that we can have these filters at deployment level

27.png

This section will gives the system the ability to check if the update/application is already installed in the targeted machine. This will avoid the re installation of the same application and avoids the overriding of previous versions

28.png

In this section we can specify command line arguments for custom installation

29.png

30.png

31.png

32.png

33.png

Approve

34.png

Deploy to the collection ( group )

36.png

Select the approval settings

37.png

Open Microsoft Intune Center in the client machine and check for the updates.

13.PNG

Confirm the installation in Control Panel

38.PNG