With the upgrade from Config Mgr 2007 to 2012 you no longer have the ability to obtain software by visiting
to get something. This is awesome and painful depending on your view. With several hundred techs at my company, they have become spoiled by having a local cache of software or drivers so many techs will go to the share to get something vs following a process to obtain software that has license tracking involved as an example.
While I get the need for local cache, they don't always follow process for whatever reason such as diagnose the agent. Then there are the "Self Declared Power Users" that stumbled on the share and find 'Adobe Creative Suite 6 Design and Web Premium' and decide they need that and try to install it. Luckily we have other checks and balances in play but it causes problems for one reason or another. I'm definitely of the camp to liking the addition of a Content Library
in 2012. We have taken our DP storage from several hundred GB to less then 100GB especially around drivers as those amounted to over half the data.
Since our techs were spoiled and its always hard to take something away, I asked our SCCM Admin Cory Becht to see what he can do. Cory to the rescue! He developed a package downloader HTA for 2012 that we want to share with you. Technically Cory released it on myITforum back in February 2013 but I'd like to talk about it.
What the tool does is downloads a package and runs a program associated with it. More specifically, this script will query and display available packages and applications when needing to bypass the Configuration Manager 2012 agent. It will access the Content Library of the distribution point and download all the required files and then execute the specified command line. In some cases we have a program called 'CopyFolders.EXE' that just prompts for a folder to copy the package contents to. This is good for the OSD PE media and our Admin PE (Think DaRT) tool among other things that we use ConfigMgr to distribute content.
I wont rehash the howto instructions but do want to point out the following basic configurations for it:
- Script users will need specific RBAC security settings
- Configure Script variables for your environment
- A new SQL view needs to be created on the SCCM Database and script users given SELECT rights
One of my concerns was the abuse of this script to get around processes, so I requested that the HTA send an email notification to our groups mailbox when someone uses it. We use this to follow up as well as as a check/balance on the health of SCCM and the agents. If we see one tech using it a large amount, it prompts a conversation with them or their supervisor into why that's happening. Sometimes it is a valid problem needing resolution and sometimes its not. Depending on your size this can clutter a mailbox so definitively use some filters. We see about 70 a day on average with the majority from techs getting our OSD PE or Admin PE tools.
Packages and even programs are made available in the tool on a case by case basis, so for each one you want to make available you will need to add the following in the description of a Program you want available in the tool:
Or as shown in the Console
Something I would strongly urge is to put the script in SharePoint or somewhere central so they are calling the most current version. We had initial problems due to older versions being ran vs the newer bug fixed version. When it is ran, it will determine all the packages that are available to the user or machine and then show what is available within the tool.
- I don’t have a CAS, therefore running it against the CAS database is unknown.
- Works with IPv4 only.
- Utilizes BITS and bitsadmin.exe program to do the download of the files as I don’t have PowerShell everywhere. XP doesn’t include it by default and is in the XP Support Tools
- Uses HTTP and not HTTPS to access content from the DP.
- Lesson Learned: Make sure IIS doesn't have a Hidden Segment or File Extension filter entry that prevents a package download. The request filters will prevent downloading of certain paths or extensions. I have a script running on my distribution points to configure the request filtering automatically.
This tool does not do drivers and Cory is still working on that part, its the biggest request we receive from the techs and rightly so. Many machine problems are resolved by updating drivers. We are using v2 internally and will make it available once we move to v3 or possibly move to an Alternate Content Provider such as 1E NOMAD
or Adaptiva OneSite
. Cory moved away from BITS to web services as BITS caused much of our reported problems with the tool and web services is a ton faster, especially on slow connections.
This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script. Always test, test, test before rolling anything into a production environment.
Here is the direct download
over at MyITForums. If you make any modifications I'd like to hear about them as we could incorporate them upstream.