SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr? SCCM CB fast channel has an option to push PowerShell scripts to devices. These PowerShell scripts can be pushed almost in real-time. This real-time push of the RUN PowerShell script is explained in the video tutorial attached above. In this post, we will see “SCCM Run Scripts options and architecture”.

You can refer to SCCM CB Run PowerShell Script Directly from the Collection post to get more details about the run PowerShell script option.

post PowerShell script deployment feature architecture and troubleshooting guide. The new communication channel between SCCM server components and clients. More details about Real-Time Graphical Representation SCCM Run Script Results.

SCCM 1810 Updates – Improvements in SCCM Run Scripts

There are many improvements for SCCM run scripts deployment in the recent releases of SCCM. One of the latest releases is SCCM 1810 and the following are some of the improvements which Microsoft brought in.

Patch My PC

With SCCM 1810,  you can now view detailed script output in raw or structured JSON format. The following SCCM script performance and troubleshooting improvements apply from SCCM 1810 version onwards:

  • Updated SCCM 1810 clients return output less than 80 KB to the site over a fast communication channel. This change increases the performance of viewing script or query output.
  • Additional logs for troubleshooting as I mentioned in the CMPivot post.
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

What is the process of pushing PowerShell scripts using SCCM Right Click Option?

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
  1. Enable Create and Run Script feature
  2. Import PowerShell Script
  3. Approve or Decline the PowerShell Script
  4. Right click on Device collection and run the script
  5. Get the status of PowerShell script execution via Monitoring workspace

SCCM CB 1706 supports pushing normal PowerShell scripts using this method. But, SCCM team included two new features in Run  Script option in SCCM CB preview releases. SCCM Run Scripts architecture details are explained.

  • Read parameters from the PowerShell script.
  • PowerShell script parameters capabilities improved to detect mandatory and optional parameters and prompt you to enter mandatory and optional parameters.

Why is “Script” node not visible in SCCM CB console?

Create and Run Script is a pre release feature of SCCM CB 1706. Script node is visible in Software Library workspace. So, if you have not enabled this feature from “Administration – Updates & Servicing – Features”. Navigate through the console path \Administration\ Overview\Updates and Servicing\Features. Right click on “Create and Run Script” feature and select Turn On.

1E Nomad
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

How to Import PowerShell Script to SCCM CB?

As I explained in the video here, navigate via SCCM console Software Library workspace (“\Software Library\Overview\Scripts”) and click on Scripts node. Right click on script node and select Create Script option. Script wizard will guide you to import PowerShell script to SCCM CB.

Provide appropriate Script name “Create Files and Folders”. The supported script language is ONLY PowerShell now. May be, we will have some other supported options in the near future. Don’t expect SCCM to check the PowerShell script syntax errors before importing to SCCM.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

How to Approve PowerShell Script via Fast Channel Push method?

To avoid accidental PowerShell script push to devices, SCCM team included an approval flow into the Run Script engine. By default, you can’t approve your own PowerShell script.

To enable the approval script option to yourself, you have to disable the following option from Hierarchy settings properties “Do Not Allow Script authors to approve their own scripts“.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

You can right click on the script you want to execute and select Approve/Deny button. Approve or Deny script wizard will walk you through the script Approval process. You can see more details in the video guide here.

How to Execute the PowerShell Script via SCCM CB Fast Channel using Push method? SCCM Run Scripts?

Once the Script is approved from SCCM then, that script will be available for execution. The initiation of PowerShell script is done from “\Assets and Compliance\Overview \Device Collections” in SCCM CB console. Select the device collection you want to target for the execution of the PowerShell script and right click on the collection – select Run Script  (SCCM Run Scripts) option.

Run script wizard won’t show all the PowerShell scripts imported into SCCM. The Run Script wizard will only show the scripts which are APPROVED by admins. You can select one approved script at a time from SCCM Console.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

End User Experience of Run PowerShell Script via Fast Channel Push method?

Once the script is initiated for a collection, all the devices with proper SCCM client version (SCCM CB 1706 and above) will get the push notification for executing a script (SCCM Run Scripts). The SCCM client Windows 10 devices will immediately execute the script on the device.

As you can see in the video here, I initiated a files and Folders creation script to Windows 10 device. SCCM client got notification from notification server and immediately executed the script on Windows 10 machine. The script created 20 files and folders in C drive Root of Windows 10 device.  I have an another post explains about troubleshooting of running a script  “What is Fast channel push notification“.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

How to Monitor the Execution of PowerShell Script through Push channel?

Once the PowerShell script is executed on Windows 10 machine then, the client will send the result to SCCM notification server. You can see the results in “\Monitoring \Overview\ Client Operations“. Operation Name is “Run Script (SCCM Run Scripts)“, and each task will be active for 1 hour if I’m not wrong.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

References :-

  • Video Guide to Troubleshoot SCCM CB Fast Channel Push Notification Issues – here
  • Fast Channel Client Notification in SCCM  – Here
  • Fast channel notification and MP replica issues – Here
  • What’s New With ConfigMgr’s Client Notification Feature – Here

10 thoughts on “SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr”

  1. Hello, after updating to Hotfix for 2010 this week, I am getting a Operation Name – Run Script in the Monitoring/Client Operations view.
    I do not initiate it but it appeared after update was successful. It runs and then runs again over and over. I can not figure out what it is? it is no collection, not clients etc.

    Run Script 3/10/2021 4:07:00 PM Expired 0 0 0 0 0 SMS00001 NT AUTHORITY\SYSTEM
    Run Script 3/11/2021 8:18:00 AM Active 0 0 0 0 0 SMS00001 NT AUTHORITY\SYSTEM

    Reply
      • Hi Thanks Anoop,
        Nothing appears in – \Monitoring\Overview\Script Status
        No items found.

        Yes installed March 9, that is when I started getting the run scripts (note we are in production as we do not have Lab) –
        Configuration Manager 2010 Hotfix Rollup (KB4600089) 3/3/2021 12:00:00 AM Installed No No 5.00.9040.1044 5.00.9040.1044 3/9/2021 4:12:00 PM Fixes issues explained in KB4600089 Configuration Manager site server updates Configuration Manager console updates Configuration Manager client updates 5.00.9040.9999 5.00.9040.0000

        Thanks, I understand the SMS00001 = All System Collection

        on my MP in the BGBServer.log I see a few errors but unfortunately for me they make no sense.

        ERROR: Failed to get message from disconnected client queue: System.InvalidOperationException: The collection argument is empty and has been marked as complete with regards to additions.~~ at System.Collections.Concurrent.BlockingCollection`1.Take()~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbHttpListener.GetDisconnectedClient() SMS_NOTIFICATION_SERVER 3/11/2021 8:24:44 AM 13832 (0x3608)
        ERROR: Failed to get message from server to client queue: System.InvalidOperationException: The collection argument is empty and has been marked as complete with regards to additions.~~ at System.Collections.Concurrent.BlockingCollection`1.Take()~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbHttpListener.RetrieveServerToClientMessage() SMS_NOTIFICATION_SERVER 3/11/2021 8:24:44 AM 10456 (0x28D8)
        Created disconnectedClient Queue and serverToClientMessage Queue SMS_NOTIFICATION_SERVER 3/11/2021 8:24:44 AM 10456 (0x28D8)
        ERROR: The read operation failed. Exception: System.IO.IOException: Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ — End of inner exception stack trace —~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)~~ at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbTcpListener.ReceiveSignInMessage(TcpConnectionInfo connection) SMS_NOTIFICATION_SERVER 3/11/2021 8:26:08 AM 9980 (0x26FC)

      • Ah sorry … Even I can see two active Run Script events .. I have no clue what are those … I can’t find anything at client device – script.log as well. It’s a bit weird.

      • Thanks sir.
        I noticed this occurred the last time I ran the previous Hot Fix in January. It is strange. I was able to somehow stop back then but gosh I have no clue now how I did it. But after update on the 9th it reappeared.
        If you figure out something let me know, thanks.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.