FredBainbridge

ConfigMgr Scripts Node

ConfigMgr and the Scripts Node

Monitoring / Reporting

As far as I can tell there are no status messages created when the scripts node is utilized. That had me very depressed at first until a colleague (Jeff Scripter) found where in SQL all the information was being stored. Ends up it is way better than burdensome status messages anyway. Everything is easily accessible via three simple Views.

View Description
vSMS_Scripts This has the script objects themselves stored here. Each Script you see in the ConfigMgr console should be represented here.
vSMS_ScriptsExecutionStatus This has runtime information about any script that has run, including hostname, time, output and exit code.
vSMS_ScriptsExecutionTask If the script was “deployed” to a collection, it will be recorded here. The collection ID, and number of devices in the collection at deploy time can be found here.
vSMS_ScriptsParameters If any scripts have defined parameters, you can find them here.

Securing Scripts

Anyone who is going to utilize this to either author or run scripts needs to have proper membership in the SMS Scripts security role.

MSFT Documentation on Script Node

Word of warning. Anyone will be able to run any script they have access to, against any device or device collection they have access to. Be very mindful of this. If you have a script to shutdown a device and run it via the Scripts node and this script is available as an option to someone who can see all managed devices, you are a few mis-clicks away from a world of hurt.

All in all though, this is a great start for a new feature. Hopefully someday this can be controlled in a bit more granular way (a peer review process for deployments would be an excellent start).


Share