to get something. This is awesome and painful depending on your view. With several hundred techs at my company, they have become spoiled by having a local cache of software or drivers so many techs will go to the share to get something vs following a process to obtain software that has license tracking involved as an example.
While I get the need for local cache, they don’t always follow process for whatever reason such as diagnose the agent. Then there are the “Self Declared Power Users” that stumbled on the share and find ‘Adobe Creative Suite 6 Design and Web Premium’ and decide they need that and try to install it. Luckily we have other checks and balances in play but it causes problems for one reason or another. I’m definitely of the camp to liking the addition of a Content Library in 2012. We have taken our DP storage from several hundred GB to less then 100GB especially around drivers as those amounted to over half the data.
Since our techs were spoiled and its always hard to take something away, I asked our SCCM Admin Cory Becht to see what he can do. Cory to the rescue! He developed a package downloader HTA for 2012 that we want to share with you. Technically Cory released it on myITforum back in February 2013 but I’d like to talk about it.
What the tool does is downloads a package and runs a program associated with it. More specifically, this script will query and display available packages and applications when needing to bypass the Configuration Manager 2012 agent. It will access the Content Library of the distribution point and download all the required files and then execute the specified command line. In some cases we have a program called ‘CopyFolders.EXE’ that just prompts for a folder to copy the package contents to. This is good for the OSD PE media and our Admin PE (Think DaRT) tool among other things that we use ConfigMgr to distribute content.
I wont rehash the howto instructions but do want to point out the following basic configurations for it:
- Script users will need specific RBAC security settings
- Configure Script variables for your environment
- A new SQL view needs to be created on the SCCM Database and script users given SELECT rights
One of my concerns was the abuse of this script to get around processes, so I requested that the HTA send an email notification to our groups mailbox when someone uses it. We use this to follow up as well as as a check/balance on the health of SCCM and the agents. If we see one tech using it a large amount, it prompts a conversation with them or their supervisor into why that’s happening. Sometimes it is a valid problem needing resolution and sometimes its not. Depending on your size this can clutter a mailbox so definitively use some filters. We see about 70 a day on average with the majority from techs getting our OSD PE or Admin PE tools.
Packages and even programs are made available in the tool on a case by case basis, so for each one you want to make available you will need to add the following in the description of a Program you want available in the tool:
<code style="color: black; word-wrap: normal;"> LISTMANUAL=’SomeCommand.exe’ </code>
Or as shown in the Console
- I don’t have a CAS, therefore running it against the CAS database is unknown.
- Works with IPv4 only.
- Utilizes BITS and bitsadmin.exe program to do the download of the files as I don’t have PowerShell everywhere. XP doesn’t include it by default and is in the XP Support Tools
- Uses HTTP and not HTTPS to access content from the DP.
- Lesson Learned: Make sure IIS doesn’t have a Hidden Segment or File Extension filter entry that prevents a package download. The request filters will prevent downloading of certain paths or extensions. I have a script running on my distribution points to configure the request filtering automatically.