About:
How to enable and run scripts in SCCM
Steps:
- Open the SCCM Console
- Go to your Administration / Site / Hierarchy Setting
- Ensure that you have the Consent to use Pre-Release features enabled. You’ll also notice a new option for script approval there
- Click Ok
- Go to Administration / Updates and Servicing / Features
- Right-click Create and run scripts select Turn On
- On the warning, click Yes
- On the warning, click Yes
- Close the Console and reopen it
- You’ll have a new Script Node under Software Library
SCCM SECURITY ROLE PERMISSION
To approve, create and deploy scripts, your user must have the required SMS Script permission. You have those rights only in the Full Administrator role or when creating a custom security role.
Note
The run script rights are under Collections / ResID:RunScript
CREATE A SCRIPT
Let’s create our first script.
- In the Software Library / Scripts node
- Right-Click Scripts and select Create Script
- Give your script a name, select your language (PowerShell only…for now)
- Click Import if you already have a saved script or use the available text box to write your script
- In the Summary screen, click Next
- In the Summary screen, click Next
- In the Completion screen, click Close
- In the Completion screen, click Close
- Your script is created and needs to be approved before it can be deployed
- Your script is created and needs to be approved before it can be deployed
APPROVE SCRIPT
We now need to approve the script. If you can’t approve your own script, see the previous section to disable the option in your Hierarchy Settings. That’s an interesting feature that assures that you are controlling the script that can be deployed.
- Right-Click your script and select Approve/Deny
- Right-Click your script and select Approve/Deny
- Review the script and make sure that it’s ok
- Review the script and make sure that it’s ok
- Select Approve and put a comment if needed
- In the Summary screen, click Next
- In the Summary screen, click Next
- In the Completion screen, click Close
- In the Completion screen, click Close
RUN SCRIPT
A script can be run on a collection or on a single device. Once the script is deployed it’s given 1-hour windows to run on the computer. If it’s offline during that period, the script will need to be run again. Make sure that the clients have the necessary requirements. (See Prerequisites section at the top of this post)
- Select your collection or device and select Run Script
- Select your collection or device and select Run Script
- Select your script. Only approved scripts are listed
- Select your script. Only approved scripts are listed
- Review your settings and click Next
- Review your settings and click Next
- Click Close
- Click Close
MONITORING
We’ll now check if the script has run successfully on our device :
- Monitor the script deployment statistics under Monitoring / Client Operation
- You can see that 1 client has run it and has 1 success
- Monitor the script execution statistics un Monitoring / Script Status
- You can see the Script Execution State, the Exit Code and the Output
VERIFICATION
- The client downloads the script locally in C:\Windows\CCM\ScriptStore
The name of the script contains the script GUID. It can be found in the SCCM Console by adding the Script GUID column
- Log file for the script will be located in C:\Windows\CCM\logs\Scipts.log