Today I published version 7.3 of the Deployment web service. Beside some small bug fixes and minor additions, three new features have been added:
1. SCCM Client Center support
A completely new web service part has been added that’s exposing a couple of functions (55 to be accurate) from the SCCM Client Center automation library written by Roger Zander, giving the possibility to execute certain tasks on a client like pushing Software updates, refreshing the machine policy etc. A full list of functions with all information on how to call them will be published in a separate blog post coming soon. But most of them should be self explaining. Just download the new version and open the page http://YourWebServer/Deployment/SMSCliCtrV2.asmx to see a complete list including a short description and the possibility to test each individual function.
Update: Please see Deployment Web service 7.3 - SCCM Client Center support for more details
2. Active Directory support for multiple Domains
An often requested feature was enabling the possibility to use the same web service executing actions on different domains. Especially if there are separate domains for resources like computers but with security groups in a different domain. Starting with version 7.3, there will be two more or less identical versions of the Active Directory part of the web service. the AD.asmx file is offering the standard functions, that work on the configured Domain only. ADEx.asmx contains the same set of functions, but each with an additional parameter to supply the domain name. The domain can be supplied by either “DC=YourDomain,DC=com” or “YourDomain.com”. As a lot of things are going more User centric, I’ve also added a couple functions that enable all the functionality currently available for computers now for users. So you can add or remove Users automatically to Groups, move them to a different OU, get or set specific attributes, or get the parent path of a User if you e.g. would like to place the new computer object in the same OU as a specific User object (as RIS/WDS can do). It’s now also possible to list the groups the Computer or User is member of and check if a Computer/User is member of a specific group. Finally an enhanced version of the DeleteComputer/DeleteUser has been added called DeleteComputerForced/DeleteUserForced, that will now also delete a Computer/User object, if it contains child objects. That could e.g. happen if you have BitLocker configured in your Domain. As all those functions are pretty dangerous, they are disabled on default. Please have a look on the next Blog post on how to disable/enable specific functions.
3. Basic security
Another often asked question was how to restrict users from calling certain functions from the web service. Due to its former all or nothing approach, the ongoing amount of functions became a bit of a problem as it meant to either allow access to all or none of the functions. The only way so far to restrict the usage of individual functions was to pass through the credentials of the calling User and by this use the security settings of the called server. Starting with version 7.3 it’s now possible to allow or deny access to each individual function. It’s still not a complex role based security model. Rather a simple list of names that are either allowed or blocked. But should allow you to easily adjust the available functions without the necessity to built and manage “another” security model. As even this simple implementation has a lot of possibilities, I will post some detailed explanation in another blog post.
Update: Please read Deployment Web Service 7.3 - Basic security for more information.
Download and Upgrade
As always, you can download the most recent version directly from CodePlex. While the former updates have been simple copy&paste replacements, where you could just exclude the web.config, there have been now a lot of changes in the web.config this time and I highly recommend using the web.config supplied in the download and re-add the changes you made in your own (or the other way round ). Please check especially the “AppSettings” and the “webServices” sections as they contain a couple new elements that should be part of your web.config. The rest remains a copy&paste.
As mentioned I will publish more details in the next couple of blog posts and will also update the documentation on CodePlex. Might just take a moment
Thanks to all the Beta testers and their feedback and also for more than 6000 downloads so far. I’m still surprised how large this project went.