Preparing for SCCM – enabling Secure Key Exchange

I found this interesting forum post on the msft forums. This code will help you change all your sites to require secure key exchange.

here’s the post: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2796017&SiteID=17

on error resume next
' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemServices= swbemLocator.ConnectServer(".", "rootsms")
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")
For Each Location In providerLoc
If location.ProviderForLocalSite = True Then
Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "rootsmssite_" + Location.SiteCode)
siteCode = Location.SiteCode
Exit For
End If
Next

Set swbemContext = CreateObject("WbemScripting.SWbemNamedValueSet")
swbemContext.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle

' How to list the site security mode from the site control file.
Call SetSecureKeyExchange(swbemServices, swbemContext, siteCode, 0)
Sub SetSecureKeyExchange(swbemServices, _
swbemContext, _
siteCode, _
enableDisableFlag)

' Load site control file and get the SMS_SCI_SiteDefinition section.
swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext Query = "SELECT * FROM SMS_SCI_SiteDefinition " & _
"WHERE ItemName = 'Site Definition' " & _
"AND SiteCode = '" & siteCode & "'"

' Get the Site Definition properties.
Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)

'Only one instance is returned from the query.
For Each SCIComponent In SCIComponentSet
'Loop through the array of embedded SMS_EmbeddedProperty instances.
For Each vProperty In SCIComponent.Props
' Setting: Allow unknown child sites aka check the box
' require secure key exchange
If vProperty.PropertyName = "Allow unknown child sites" Then
wscript.echo "Site Code: " & SiteCode
wscript.echo vProperty.PropertyName
wscript.echo "Current value: " & vProperty.Value
wscript.echo "Resetting value to: " & enableDisableFlag

' modify the value
vProperty.Value = enableDisableFlag

' Save the properties
SCIComponent.Put_ , swbemContext
End If
Next
Next

'Commit any changes to the actual site control file.
Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
InParams.SiteCode = siteCode
swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext

' Release the copy of the site control file.
swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").Value
End Sub

Leave a Reply