There is long story behind why I think Run Scripts is my new favorite feature within Configuration Manager (SCCM/ConfigMgr/MEMCM). One day, I was troubleshooting a problem with a computer that’s located in another office from where I work. In order to go onsite, I needed to drive 20+ minutes there, spend another 5-minutes fixing the problem, and then drive another 20+ minutes back to my office. That seemed to be a waste of valuable time. Instead, using Remote Desktop (RDP) to access the computer made more sense.
When I attempted to use RDP to access the computer, however, it was failing, so I quickly determined that the problem was the firewall. It was blocking me from accessing the computer. In order to overcome this problem, I used Run Scripts to turn off the firewall, which then allowed me to use RDP. Below are the steps I took to turn off the firewall. Always remember, though, to put the firewall back on afterwards!
Turn Off a Windows Firewall by Using PowerShell
A quick Google search revealed that the following PowerShell command turns off all firewalls on a Windows computer, so I am going to use it in my script.
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
How to Create a Script in SCCM/ConfigMgr/MEMCM
Starting in the ConfigMgr console, under Software Library, select the Scripts node and then click on Create Script from the ribbon.
Enter the script’s name. In my case, I called it, “Turn off Firewall.” Then in the script text box, I copied/pasted the PowerShell script I showed you earlier. Click Next.
Back in the console, you notice that the script needs to be approved before it can be used.
How to Approve a Script
Note: By default, the person who created a script CANNOT approve their own script. Why? Most companies have change controls, so this helps with that, but it is a site setting option that can be changed. If you want to change this setting, check out the next section, “How to Change the Approval Settings.”
Below are the steps on how to approve a script.
Right-click on the script and select Approve/Deny.
Review the script and click Next.
Select Approve and enter a comment before clicking on the Next button.
Confirm the details and click Next.
How to Change the Approval Settings
In the console, under Administration | Overview | Site Configuration | Sites, select Hierarchy Settings from the ribbon.
Unselect the Script authors require additional script approver check box and then click on the OK button.
How to Use a Run Script on a Device
Select the device that you are going to run a script on by right-clicking on it and then selecting Run Script.
Select the script and click Next.
Confirm the summary and click Next.
Wait for the script to run. Generally, it takes less than 30-seconds. Once the script is completed, click Close.
How to Run a Script on a Collection
This is where the Run Scripts feature is extremely powerful! You need to be careful here otherwise this can cause you problems.
Locate the collection that you want to run the script against. Right-click on the collection and select Run Script.
Select the script and click Next.
Review the summary, paying particular attention to the number of resources you are targeting! Then click Next.
If the computer is offline, the script attempts to run for 1-hour before timing out. Click Close after reviewing the results.
Remember that you can always see the results within the Script Status node on the Monitoring node in the console.
Official Run Scripts Documentation
The documentation is always being updated, so for the most up-to-date details, please review the official documentation.
Believe me when I tell you that it took me far less time to research, write, approve and deploy the run script to my problem computer (approx. 5 minutes) than it would have taken me to drive across town to our other office! Ultimately, the Run Scripts feature saved me about 35-minutes of travel time. It also meant that the end-user wasn’t interrupted, so no down-time, and their problem was resolved behind the scenes.
Please remember that if you are running the same script as me, don’t forget to turn the firewall back on! One of the tricks that I use for this is a CI that detects if a firewall is off. See my blog post, How to Create a Compliance Setting to Detect If the Firewall Is Off, for more details.
If you have any questions, please feel free to contact me @GarthMJ.