On my “RBA Role Based Administration different Scenarios” at the Config Manager Community Day in Switzerland I show a Script to generate some stuff for the RBA.
Here are the Link to the Session Slides: http://static.news.digicomp.ch/1403082751/rba-role-based-administration-verschiedene-szenarien_mirko-colemberg.pdf
In this Script just some examples to use:
- – Load the CM Module
- – Create Device Collection Folder
- – Create Device Collections
- – Create User Collection Folders
- – Create User Collections
- – Create Application Folders
- – Create Package Folders
- – Create Security Scopes
- The Merge between Scopes, Collection and UserGroups CMD-let are not working for UserGroups from AD
it’s only Working for Users at this time.
Add-CMSecurityRoleToAdministrativeUser
Add-CMSecurityScopeToAdministrativeUser
From the RAB-Viewer exported Role.xml file you can use the Import-CMSecurityRole cmd-let
<#
.SYNOPSIS
Creates CM12 Folder, Collections, Scopes structur for a Test LAB
.DESCRIPTION
This script creates CM12 Collection Folders with collections and Folders in Applications and Packages
All for Developer, QA and Production
There are some manual steps requiered to finish a LAB.
.NOTES
File Name : RBA_Basic_folder.ps1
Author : Mirko Colemberg - mirko@colemberg.ch
Requires : PowerShell V2 CM12 CMD-lets
.LINK
#>
#Set Sitecode for this Script
$SiteCode = "S01"
Install-WindowsFeature RSAT-ADDS
#Load the CM12 Module
C:
cd \
cd ‘.\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin’
Import-Module .\ConfigurationManager.psd1
$SiteCode = Get-PSDrive -PSProvider CMSITE
Set-Location "$($SiteCode.Name):\"
#Set Variables
$DDeveloper = "Developer Devices CMCE"
$UDeveloper = "Developer Users CMCE"
$DQA = "QA Devices CMCE"
$UQA = "QA Users CMCE"
$DProduction = "Production Devices CMCE"
$UProduction = "Production Users CMCE"
$DomainOUPath1 = "ADATUM\"
#Create Device Collection Folder
cd\
Set-Location .\DeviceCollection
New-Item “SWD CMCE”
cd '.\SWD CMCE'
New-Item “Developer CMCE”
New-Item “QA CMCE”
New-Item “Production CMCE”
#Create Device Collections
$NewDDeveloper = New-CMDeviceCollection -Name "$DDeveloper" -LimitingCollectionName "All Systems"; #CollectionType = 2; RefreshType = 4
Add-CMDeviceCollectionQueryMembershipRule -CollectionName $DDeveloper -RuleName $DDeveloper -QueryExpression ('select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Location = "' + $DDeveloper + '"')
$NewDQA = New-CMDeviceCollection -Name "$DQA" -LimitingCollectionName "All Systems"; #CollectionType = 2; RefreshType = 4
Add-CMDeviceCollectionQueryMembershipRule -CollectionName $DQA -RuleName $DQA -QueryExpression ('select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Location = "' + $DQA + '"')
$NewDProduction = New-CMDeviceCollection -Name "$DProduction" -LimitingCollectionName "All Systems"; #CollectionType = 2; RefreshType = 4
Add-CMDeviceCollectionQueryMembershipRule -CollectionName $DProduction -RuleName $DProduction -QueryExpression ('select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Location = "' + $DProduction + '"')
#Move Device Collections
cd\
Move-CMObject -FolderPath ".\DeviceCollection\SWD CMCE\Developer CMCE" -InputObject $NewDDeveloper
cd\
Move-CMObject -FolderPath ".\DeviceCollection\SWD CMCE\QA CMCE" -InputObject $NewDQA
cd\
Move-CMObject -FolderPath ".\DeviceCollection\SWD CMCE\Production CMCE" -InputObject $NewDProduction
#Create User Collection Folders
cd\
Set-Location .\UserCollection
New-Item "SWD CMCE"
cd '.\SWD CMCE'
New-Item “Developer CMCE”
New-Item “QA CMCE”
New-Item “Production CMCE”
#Create User Collections
$NewUDeveloper = New-CMuserCollection -Name "$UDeveloper" -LimitingCollectionName "All Users";
Add-CMUserCollectionQueryMembershipRule -CollectionName $UDeveloper -RuleName $UDeveloper -QueryExpression ('select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where SMS_R_User.UserGroupName = "ADATUM\\Developer Users"')
$NewUQA = New-CMuserCollection -Name "$UQA" -LimitingCollectionName "All Users";
Add-CMUserCollectionQueryMembershipRule -CollectionName $UQA -RuleName $UQA -QueryExpression ('select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where SMS_R_User.UserGroupName = "ADATUM\\QA Users"')
$NewUProduction = New-CMuserCollection -Name "$UProduction" -LimitingCollectionName "All Users";
Add-CMUserCollectionQueryMembershipRule -CollectionName $UProduction -RuleName $UProduction -QueryExpression ('select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where SMS_R_User.UserGroupName = "ADATUM\\Production Users"')
#Move User Collections
cd\
Move-CMObject -FolderPath ".\UserCollection\SWD CMCE\Developer CMCE" -InputObject $NewUDeveloper
cd\
Move-CMObject -FolderPath ".\UserCollection\SWD CMCE\QA CMCE" -InputObject $NewUQA
cd\
Move-CMObject -FolderPath ".\UserCollection\SWD CMCE\Production CMCE" -InputObject $NewUProduction
#Create Application Folders
cd\
Set-Location .\Application
New-Item “Developer CMCE”
New-Item “QA CMCE”
New-Item “Production CMCE”
#Create Package Folders
cd\
Set-Location .\Package
New-Item “Developer CMCE”
New-Item “QA CMCE”
New-Item “Production CMCE”
#Create Security Scopes
New-CMSecurityScope -name "Developer CMCE"
New-CMSecurityScope -name "QA CMCE"
New-CMSecurityScope -name "Production CMCE"
- The Script is “as is” test it first in your Lab, before us in Production!
- Hope it Helps
- Mirko
Leave a Reply