Categories: Uncategorized

Preparing for SCCM – enabling Secure Key Exchange

I found this interesting forum post on the msft forums. This code will help you change all your sites to require secure key exchange.

here’s the post: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2796017&SiteID=17

on error resume next
' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemServices= swbemLocator.ConnectServer(".", "rootsms")
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")
For Each Location In providerLoc
If location.ProviderForLocalSite = True Then
Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "rootsmssite_" + Location.SiteCode)
siteCode = Location.SiteCode
Exit For
End If
Next

Set swbemContext = CreateObject("WbemScripting.SWbemNamedValueSet")
swbemContext.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle

' How to list the site security mode from the site control file.
Call SetSecureKeyExchange(swbemServices, swbemContext, siteCode, 0)
Sub SetSecureKeyExchange(swbemServices, _
swbemContext, _
siteCode, _
enableDisableFlag)

' Load site control file and get the SMS_SCI_SiteDefinition section.
swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext Query = "SELECT * FROM SMS_SCI_SiteDefinition " & _
"WHERE ItemName = 'Site Definition' " & _
"AND SiteCode = '" & siteCode & "'"

' Get the Site Definition properties.
Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)

'Only one instance is returned from the query.
For Each SCIComponent In SCIComponentSet
'Loop through the array of embedded SMS_EmbeddedProperty instances.
For Each vProperty In SCIComponent.Props
' Setting: Allow unknown child sites aka check the box
' require secure key exchange
If vProperty.PropertyName = "Allow unknown child sites" Then
wscript.echo "Site Code: " & SiteCode
wscript.echo vProperty.PropertyName
wscript.echo "Current value: " & vProperty.Value
wscript.echo "Resetting value to: " & enableDisableFlag

' modify the value
vProperty.Value = enableDisableFlag

' Save the properties
SCIComponent.Put_ , swbemContext
End If
Next
Next

'Commit any changes to the actual site control file.
Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
InParams.SiteCode = siteCode
swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext

' Release the copy of the site control file.
swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").Value
End Sub

TomLasswell

Share
Published by
TomLasswell

Recent Posts

Autotask: PowerShell: Enable Client Portal for all users

This is a quick one, it's been forever since I've posted here. After moving back…

2 years ago

PowerShell :: Get Exchange Mailboxes Over XXGB

Simple command turned crazy. I ended up coming up with this due to the fact…

4 years ago

PowerShell: ConnectWise Documents API, Uploading a document or attachment to a ticket

Phew, this one took a minute to figure out. ConnectWise has a form based documents…

6 years ago

PowerShell: ConnectWise REST API Query Contacts by Email Address

I've found myself at a new job, recreating many of the processes that I spent…

6 years ago

First post in a long time — changing hosting providers

Wow, it's been a while since I've done a real post on this site. I've…

7 years ago

Powershell: AutoTask – Get Picklist Values

When using AutoTask's API it's required to lookup a various amount of picklist values that…

10 years ago