SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr? SCCM CB fast channel has an option to push PowerShell scripts to devices. These PowerShell scripts can be pushed almost in real-time.

The video tutorial attached above explains this real-time push of the RUN PowerShell script. In this post, we will see “SCCM Run Scripts options and architecture”.

You can refer to SCCM CB Run PowerShell Script Directly from the Collection post to get more details about the run PowerShell script option.

Post PowerShell script deployment feature architecture and troubleshooting guide. The new communication channel between SCCM server components and clients. More details about Real-Time Graphical Representation SCCM Run Script Results.

Patch My PC

SCCM 1810 Updates – Improvements in SCCM Run Scripts

There are many improvements for SCCM run script deployment in the recent releases of SCCM. One of the latest releases is SCCM 1810, and the following are some of the upgrades which Microsoft brought in.

With SCCM 1810,  you can view detailed script output in raw or structured JSON format. The following SCCM script performance and troubleshooting improvements apply from SCCM 1810 version onwards:

  • Updated SCCM 1810 clients return output less than 80 KB to the site over a fast communication channel. This change increases the performance of viewing script or query output.
  • Additional logs for troubleshooting, as I mentioned in the CMPivot post.
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

What is the process of pushing PowerShell scripts using the SCCM Right Click Option?

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

SCCM CB 1706 supports pushing normal PowerShell scripts using this method. But, the SCCM team included two new features in the Run  Script option in SCCM CB preview releases. SCCM Run Scripts architecture details are explained.

  1. Enable Create and Run Script feature
  2. Import PowerShell Script
  3. Approve or Decline the PowerShell Script
  4. Right-click on Device collection and run the script
  5. Get the status of PowerShell script execution via the Monitoring workspace
  • Read parameters from the PowerShell script.
  • PowerShell script parameters capabilities improved to detect mandatory and optional parameters and prompt you to enter mandatory and optional parameters.

Why is the “Script” node not visible in the SCCM CB console?

Create and Run Script is a pre-release feature of SCCM CB 1706. Script node is visible in the Software Library workspace. So, if you have not enabled this feature from “Administration – Updates & Servicing – Features, “Navigate through the console path \Administration\ Overview\Updates and Servicing\Features. Right-click on the “Create and Run Script” feature and select Turn On.

Adaptiva
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

How to Import PowerShell Script to SCCM CB?

As I explained in the video, navigate the SCCM console Software Library workspace (“\Software Library\Overview\Scripts”) and click on the Scripts node. Right-click on the script node and select Create Script option. Script wizard will guide you through importing PowerShell script to SCCM CB.

Provide the appropriate Script name “Create Files and Folders”. The supported script language is ONLY PowerShell now. Maybe, we will have some other supported options soon. Don’t expect SCCM to check the PowerShell script syntax errors before importing to SCCM.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

How to Approve PowerShell Script via Fast Channel Push method?

To avoid accidental PowerShell script push to devices, the SCCM team included an approval flow into the Run Script engine. By default, you can’t approve your PowerShell script.

To enable the approval script option to yourself, you must disable the following option from Hierarchy settings properties “Do Not Allow Script authors to approve their scripts“.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

You can right-click on the script you want to execute and select Approve/Deny button. Approve or Deny script wizard will walk you through the script Approval process. You can see more details in the video guide here.

How to Execute the PowerShell Script via SCCM CB Fast Channel using the Push method? SCCM Run Scripts?

Once SCCM approves the Script, that script will be available for execution. The initiation of the PowerShell script is done from “\Assets and Compliance\Overview \Device Collections” in the SCCM CB console.

Select the device collection you want to target to execute the PowerShell script and right-click on the group – select the Run Script  (SCCM Run Scripts) option.

Run script wizard won’t show all the PowerShell scripts imported into SCCM. The Run Script wizard will only show the scripts which are APPROVED by admins. You can select one approved script at a time from SCCM Console.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

End-User Experience of Run PowerShell Script via Fast Channel Push method?

Once the script is initiated for a collection, all the devices with the correct SCCM client version (SCCM CB 1706 and above) will get the push notification for executing a script (SCCM Run Scripts). The SCCM client Windows 10 devices will immediately execute the script on the device.

As you can see in the video here, I initiated a files and Folder creation script for Windows 10 devices. SCCM client got notification from notification server and immediately executed the script on Windows 10 machine.

The script created 20 files and folders in the C drive root of the Windows 10 device.  I have another post explaining troubleshooting of running a script, “What is Fast channel push notification“.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

How to Monitor the Execution of PowerShell Scripts through Push channel?

Once the PowerShell script is executed on Windows 10 machine, the client will send the result to the SCCM notification server. You can see the results in “\Monitoring \Overview\ Client Operations“. Operation Name is “Run Script (SCCM Run Scripts)“, and each task will be active for 1 hour if I’m not wrong.

SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr
SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr

References

  • Video Guide to Troubleshoot SCCM CB Fast Channel Push Notification Issues – here
  • Fast Channel Client Notification in SCCM  – Here
  • Fast channel notification and MP replica issues – Here
  • What’s New With ConfigMgr’s Client Notification Feature – Here

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………

13 thoughts on “SCCM CB Run PowerShell Script Directly from Collection Configuration Manager ConfigMgr”

  1. Hello, after updating to Hotfix for 2010 this week, I am getting a Operation Name – Run Script in the Monitoring/Client Operations view.
    I do not initiate it but it appeared after update was successful. It runs and then runs again over and over. I can not figure out what it is? it is no collection, not clients etc.

    Run Script 3/10/2021 4:07:00 PM Expired 0 0 0 0 0 SMS00001 NT AUTHORITY\SYSTEM
    Run Script 3/11/2021 8:18:00 AM Active 0 0 0 0 0 SMS00001 NT AUTHORITY\SYSTEM

    Reply
      • Hi Thanks Anoop,
        Nothing appears in – \Monitoring\Overview\Script Status
        No items found.

        Yes installed March 9, that is when I started getting the run scripts (note we are in production as we do not have Lab) –
        Configuration Manager 2010 Hotfix Rollup (KB4600089) 3/3/2021 12:00:00 AM Installed No No 5.00.9040.1044 5.00.9040.1044 3/9/2021 4:12:00 PM Fixes issues explained in KB4600089 Configuration Manager site server updates Configuration Manager console updates Configuration Manager client updates 5.00.9040.9999 5.00.9040.0000

        Thanks, I understand the SMS00001 = All System Collection

        on my MP in the BGBServer.log I see a few errors but unfortunately for me they make no sense.

        ERROR: Failed to get message from disconnected client queue: System.InvalidOperationException: The collection argument is empty and has been marked as complete with regards to additions.~~ at System.Collections.Concurrent.BlockingCollection`1.Take()~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbHttpListener.GetDisconnectedClient() SMS_NOTIFICATION_SERVER 3/11/2021 8:24:44 AM 13832 (0x3608)
        ERROR: Failed to get message from server to client queue: System.InvalidOperationException: The collection argument is empty and has been marked as complete with regards to additions.~~ at System.Collections.Concurrent.BlockingCollection`1.Take()~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbHttpListener.RetrieveServerToClientMessage() SMS_NOTIFICATION_SERVER 3/11/2021 8:24:44 AM 10456 (0x28D8)
        Created disconnectedClient Queue and serverToClientMessage Queue SMS_NOTIFICATION_SERVER 3/11/2021 8:24:44 AM 10456 (0x28D8)
        ERROR: The read operation failed. Exception: System.IO.IOException: Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ — End of inner exception stack trace —~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)~~ at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)~~ at Microsoft.ConfigurationManager.BgbServerChannel.BgbTcpListener.ReceiveSignInMessage(TcpConnectionInfo connection) SMS_NOTIFICATION_SERVER 3/11/2021 8:26:08 AM 9980 (0x26FC)

      • Ah sorry … Even I can see two active Run Script events .. I have no clue what are those … I can’t find anything at client device – script.log as well. It’s a bit weird.

      • Thanks sir.
        I noticed this occurred the last time I ran the previous Hot Fix in January. It is strange. I was able to somehow stop back then but gosh I have no clue now how I did it. But after update on the 9th it reappeared.
        If you figure out something let me know, thanks.

  2. HI.

    I’ve got a tricky question.
    Situation : Several VLANs with isolation. Remote Management not Allowed.

    Idea : use SCCM to run scripts on all clients…and retrieve script execution results (Lots of gathering like services, installed softwares, certificates, …)

    Problem : 4MB result size limit.

    Is there any way to increase it ?

    Reply
  3. Hi Anoop, wonderful article and very useful. I can imagine now, several things we can perform easily(Uninstallation, Toast messages, etc).
    How this deal with Execution Policy? There´s a need to change it?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.