ConfigMgrCBDsc

This module contains DSC resources for the management and configuration of Microsoft System Center Configuration Manager Current Branch (ConfigMgrCB).

Current Branch starts after System Center 2012 with version 1511 Configuration Manager CurrentBranch.

Starting with version 1910 Configuration Manager is now part of Microsoft Endpoint Manager.

This module has been tested on the following versions:

• Configuration Manager 2006
• Configuration Manager 2002
• Configuration Manager 1906
• Configuration Manager 1902

Note

ConfigMgrCBDsc module uses the ConfigurationManager module that is installed with Configuration Manager. In order to use this module, the site needs to be registered and the certificate needs to be in the Trusted Publishers store. Import-ConfigMgrPowerShellModule, adds keys to the HKEY_Users hive and imports the signing certificate from the ConfigurationManager.psd1 to allow the module to function, as either LocalSystem, or PSDscRunAsCredential specified.

This occurs in Get, Test, and Set. The function that is called in the resources is Import-ConfigMgrPowerShellModule.

Code of Conduct

This project has adopted this Code of Conduct.

Releases

For each merge to the branch master a preview release will be deployed to PowerShell Gallery. Periodically a release version tag will be pushed which will deploy a full release to PowerShell Gallery.

Contributing

Please check out common DSC Community contributing guidelines.

Resources

• xSccmPreReqs: Provides a composite resource to install ADK, ADK WinPE, MDT, required Windows Features, modify Local Administrators group, and create the no_sms_on_drive files.
• xSccmSqlSetup: Provides a composite resource to install SQL for SCCM.
• xSccmInstall: Provides a composite resource to install SCCM.
• ClientSettings: Provides a resource to perform configuration of client settings.
• CMAccounts: Provides a resource to manage Configuration Manager accounts.
• CMIniFile This resource allows for the creation of the ini file used during the SCCM install, for CAS and Primary.
• CMCollections: Provides a resource for creating collections and collection queries, direct, and exclude membership rules.
• CMBoundaries: Provides a resource for creating and removing boundaries.
• CMForestDiscovery: Provides a resource to manage the Configuration Manager AD Forest Discovery method.
• CMClientStatusSettings: Provides a resource for modifying configuration manager client status settings.
• CMBoundariesGroup: Provides a resource for creating boundary groups and adding boundaries to the groups.
• CMManagementPoint: Provides a resource for creating and removing management points.
• CMAssetIntelligencePoint: Provides a resource for creating and managing the SCCM Asset Intelligence Synchronization Point role.
• CMFallbackStatusPoint: Provides a resource for creating and managing the SCCM Fallback Status Point role.
• CMSoftwareUpdatePoint: Provides a resource for creating and managing the SCCM Software Update Point role.
• CMDistributionPoint: Provides a resource for creating and managing the distribution point role.
• CMHeartbeatDiscovery: Provides a resource to manage the Configuration Manager Heartbeat Discovery method.
• CMSystemDiscovery: Provides a resource to manage the Configuration Manager System Discovery method.
• CMNetworkDiscovery: Provides a resource to manage the Configuration Manager Network Discovery method.
• CMServiceConnectionPoint: Provides a resource for creating and managing the SCCM Service Connection Point role.
• CMReportingServicePoint: Provides a resource for creating and managing the SCCM Reporting Service Point role.
• CMPxeDistributionPoint: Provides a resource for modifying a distribution point to changing to a PXE enabled distribution point.
• CMPullDistributionPoint: Provides a resource for modifying a distribution point and making the distribution point a Pull Distribution Point.
• CMSiteMaintenance: Provides a resource for modifying the Site Maintenance tasks.
• CMAdministrativeUser: Provides a resource for adding, removing, and configuring administrative users.
• CMDistributionGroup: Provides a resource for creating Distribution Point Groups and adding Distribution Points to the group.
• CMSiteSystemServer: Provides a resource for adding and modifying a Site System Server and its properties.
• CMStatusReportingComponent: Provides a resource for modifying the Status Reporting Component and its properties.
• CMCollectionMembershipEvaluationComponent: Provides a resource for modifying the SCCM Collection Membership Evaluation Component.
• CMDistributionPointGroupMembers: Provides a resource for adding Distribution Groups to Distribution Points. This resource will not create Distribution Points or Distribution Groups.
• CMSecurityScopes: Provides a resource for adding and removing Security Scopes. Note: If the Security Scope is currently in use and assigned, DSC will not remove the Security Scope.
• CMUserDiscovery: Provides a resource to manage the Configuration Manager User Discovery method.
• CMSecurityRoles: Provides a resource for adding and removing Security Roles. Note: If the Security Role is currently assigned to an administrator, DSC will not remove the Security Role.
• CMClientPushSettings: Provides a resource for modifying client push settings. Note: EnableSystemTypeConfigurationManager, EnableSystemTypeServer, EnableSystemTypeWorkstation can not be configured if client push is disabled.
• CMSoftwareDistributionComponent: Provides a resource for modifying software distribution component settings. Also provides the capability to add\remove Network Access Accounts.
• CMMaintenanceWindows: Provides a resource for creating and modifying maintenance windows for collections.
• CMFileReplication: Provides a resource for creating, modifying, or deleting file replication settings in Configuration Manager.

xSccmPreReqs

• [Boolean] InstallADK : Specifies whether to install ADK. Default Value: $true
• [Boolean] InstallMDT : Specifies whether to install MDT.
• [String] AdkSetupExePath : Specifies the path and filename to the ADK Setup.
• [String] AdkWinPeSetupPath : Specifies the path and filename to the ADK WinPE Setup.
• [String] MdtMsiPath : Specifies the path and filename to the MDT Setup.
• [String] InstallWindowsFeatures : Specifies to install Windows Features needed for the SCCM install.
• [String[]] SccmRole : Specifies the SCCM Roles that will be on the server. Default Value: CASorSiteServer
  • Values{CASorSiteServer | AssetIntelligenceSynchronizationPoint | CertificateRegistrationPoint | DistributionPoint | EndpointProtectionPoint | EnrollmentPoint | EnrollmentProxyPoint | FallbackServicePoint | ManagementPoint | ReportingServicesPoint | ServiceConnectionPoint | StateMigrationPoint | SoftwareUpdatePoint}
• [Boolean] AddWindowsFirewallRule : Specifies whether to add the Windows Firewall Rules needed for the install. Default Value: $false
• [String] WindowsFeatureSource : Specifies the source that will be used to install windows features if the files are not present in the local side-by-side store.
• [String[]] FirewallProfile : Specifies the Windows Firewall profile for the rules to be added.
• [String[]] FirewallTcpLocalPort : Specifies the TCP ports to be added to the windows firewall as allowed. Default Value: @('1433','1434','4022','445','135','139','49154-49157')
• [String[]] FirewallUdpLocalPort : Specifies the UDP ports to be added to the windows firewall as allowed. Default Value: @('137-138','1434','5355')
• [String] LocalAdministrators : Specifies the accounts and/or groups you want to add to the local administrators group.
• [String] NoSmsOnDrives : Specifies the drive letters of the drive you don't want SCCM to install on.
• [PSCredential] DomainCredential : Specifies credentials that have domain read permissions to add domain users or groups to the local administrators group.
• [String] AdkProductName : Specifies the Product Name for ADK. Default Value: 'Windows Assessment and Deployment Kit - Windows 10'
• [String] AdkProductID : Specifies the Product ID for ADK. Default Value: 'fb450356-9879-4b2e-8dc9-282709286661'
• [String] AdkWinPeProductName : Specifies the Product Name for ADK WinPE. Default Value: 'Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-ons - Windows 10'
• [String] AdkWinPeProductID : Specifies the Product ID for ADK WinPE. Default Value: 'd8369a05-1f4a-4735-9558-6e131201b1a2'
• [String] AdkInstallPath : Specifies the path to install ADK and ADK WinPE. Default Value: 'C:\Program Files (x86)\Windows Kits\10'
• [String] MdtProductName : Specifies the Product Name for MDT. Default Value: 'Microsoft Deployment Toolkit (6.3.8456.1000)'
• [String] MdtProductID : Specifies the Product ID for MDT. Default Value: '2E6CD7B9-9D00-4B04-882F-E6971BC9A763'
• [String] MdtInstallPath : Specifies the path to install MDT. Default Value: 'C:\Program Files\Microsoft Deployment Toolkit'

xSccmPreReqs Examples

• SccmPreReqs

xSccmInstall

Note

If you installed SCCM on version 1906 or earlier, the registry key on the SCCM server won't change on upgrade and you won't need to change the version here if you are using apply and auto correct.

• [String] SetupExePath (Required): Specifies the path to the setup.exe for SCCM.
• [String] IniFile (Required): Specifies the path of the ini file, to include the filename.
• [String] SccmServerType (Required): Specifies the SCCM Server type install, CAS or Primary.
  • Values: { CAS | Primary }
• [PSCredential] SccmInstallAccount (Required): Specifies the credentials to use for the SCCM install.
• [UInt32] Version (Required): Specifies the version of SCCM that will be installed.

xSccmInstall Examples

• SccmInstall

xSccmSqlSetup

• [String] SqlVersion (Required): Specify the version of SQL to be installed.
  • Values: { 2008 | 2008R2 | 2012 | 2014 | 2016 | 2017 | 2019 }
• [String] SqlInstallPath (Required): Specifies the path to the setup.exe file for SQL.
• [String] SqlInstanceName (Required): Specifies a SQL Server instance name.
• [PSCredential] SqlServiceCredential (Required): Specifies the credential for the service account used to run the SQL Service.
• [PSCredential] SqlAgentServiceCredential (Required): Specifies the credential for the service account used to run the SQL Agent Service.
• [String] SqlSysAdminAccounts (Required): Use this parameter to provision logins to be members of the sysadmin role.
• [String] : SQL features to install. Default Value: 'SQLENGINE,RS,CONN,BC,SSMS,ADV_SSMS'
• [String] InstallSharedDir : Specifies the installation directory for 64-bit shared components. Default Value: 'C:\Program Files\Microsoft SQL Server'
• [String] InstallSharedWowDir : Specifies the installation directory for 32-bit shared components. Supported only on a 64-bit system. Default Value: 'C:\Program Files (x86)\Microsoft SQL Server'
• [String] InstanceDir : Specifies the installation path for SQL Server instance files. Default Value: 'C:\Program Files\Microsoft SQL Server'
• [String] RSSvcStartupType : Specifies the startup mode for Reporting Services. Default Value: 'Automatic'
• [String] AgtSvcStartupType : Specifies the startup mode for the SQL Server Agent service. Default Value: 'Automatic'
• [String] RSInstallMode : Specifies the Install mode for Reporting Services. Default Value: 'DefaultNativeMode'
• [String] SqlCollation : Specifies the collation settings for SQL Server. Default Value: 'SQL_Latin1_General_CP1_CI_AS'
• [String] InstallSqlDataDir : Specifies the data directory for SQL Server data files. Default Value: 'C:'
• [String] SqlUserDBDir : Specifies the directory for the data files for user databases. Default Value: '<SQLInstanceID>\MSSQL\Data'
• [String] SqlUserDBLogDir : Specifies the directory for the log files for user databases. Default Value: '<SQLInstanceID>\MSSQL\Data'
• [String] SqlTempDBDir : Specifies the directory for the data files for tempdb. Default Value: '<SQLInstanceID>\MSSQL\Data'
• [String] SqlTempDBLogDir : Specifies the directory for the log files for tempdb. Default Value: '<SQLInstanceID>\MSSQL\Data'
• [String] UpdateEnabled : Specify whether SQL Server setup should discover and include product updates. Default Value: $false
• [String] SqlPort : Specifies the port SQL listens on. Default Value: 1433
• [String] InstallManagementStudio : Specify whether to install SQL Management Studio. Default Value: $false
• [String] SqlManagementStudioExePath : Specify that path and filename to the exe for Management Studio instal.
• [String] SqlManagementStudioName : Specify the name of SQL Server Management Studio. Default Value: 'SQL Server Management Studio'
• [String] SqlManagementStudioProductId : Specify the product if of the SQL Management Studio install being performed. Default Value: 'E3FD687D-6757-474B-8D83-5AA944B02C58'

xSccmSqlSetup Examples

• SccmSqlSetup
• SccmSqlSetupandManagemenStudio

CMAccounts

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] Account (Key): Specifies the Configuration Manager account name.
• [PSCredential] AccountPassword (Write): Specifies the password of the account being added to Configuration Manager.
• [String] Ensure (Write): Specifies whether the account is present or absent.
  • Values include: { Present | Absent }

CMAccounts Examples

• CMAccounts_Absent
• CMAccounts_Present

CMIniFile

• IniFileName (Key): Specifies the ini file name.
• IniFilePath (Key): Specifies the path of the ini file.
• Action (Required): Specifies whether to install a CAS or Primary.
  • Values include: { InstallCAS | InstallPrimarySite }
• CDLatest (Write): This value informs setup that you're using media from CD.Latest.
• ProductID (Required): Specifies the Configuration Manager installation product key, including the dashes.
• SiteCode (Required): Specifies three alphanumeric characters that uniquely identify the site in your hierarchy.
• SiteName (Required): Specifies the name for this site.
• SMSInstallDir (Required): Specifies the installation folder for the Configuration Manager program files.
• SDKServer (Required): Specifies the FQDN for the server that will host the SMS Provider.
• PreRequisiteComp (Required): Specifies whether setup prerequisite files have already been downloaded.
• PreRequisitePath (Required): Specifies the path to the setup prerequisite files.
• AdminConsole (Required): Specifies whether to install the Configuration Manager console.
• JoinCeip (Required): Specifies whether to join the Customer Experience Improvement Program (CEIP).
• MobileDeviceLanguage (Required): Specifies whether the mobile device client languages are installed.
• RoleCommunicationProtocol (Write): Specifies whether to configure all site systems to accept only HTTPS communication from clients, or to configure the communication method for each site system role.
  • Values include: { EnforceHTTPS | HTTPorHTTPS }
• ClientsUsePKICertificate (Write): Specifies whether clients will use a client PKI certificate to communicate with site system roles.
• ManagementPoint (Write): Specifies the FQDN of the server that will host the management point site system role.
• ManagementPointProtocol (Write): Specifies the protocol to use for the management point.
  • Values include: { HTTPS | HTTP }
• DistributionPoint (Write): Specifies the FQDN of the server that will host the distribution point site system role.
• DistributionPointProtocol (Write): Specifies the protocol to use for the distribution point.
  • Values include: { HTTPS | HTTP }
• DistributionPointInstallIis (Write): Specifies whether to install the IIS features when installing the Distribution Point.
• AddServerLanguages (Write): Specifies the server languages that will be available for the Configuration Manager console, reports, and Configuration Manager objects.
  • Values include: { DEU | FRA | RUS | CHS | JPN | CHT | CSY | ESN | HUN | ITA | KOR | NLD | PLK | PTB | PTG | SVE | TRK | ZHH }
• AddClientLanguages (Write): Specifies the languages that will be available to client computers.
  • Values include: { DEU | FRA | RUS | CHS | JPN | CHT | CSY | ESN | HUN | ITA | KOR | NLD | PLK | PTB | PTG | SVE | TRK | ZHH }
• DeleteServerLanguages (Write): Modifies a site after it's installed. Specifies the languages to remove, and which will no longer be available for the Configuration Manager console, reports, and Configuration Manager objects.
  • Values include: { DEU | FRA | RUS | CHS | JPN | CHT | CSY | ESN | HUN | ITA | KOR | NLD | PLK | PTB | PTG | SVE | TRK | ZHH }
• DeleteClientLanguages (Write): Modifies a site after it's installed. Specifies the languages to remove, and which will no longer be available to client computers.
  • Values include: { DEU | FRA | RUS | CHS | JPN | CHT | CSY | ESN | HUN | ITA | KOR | NLD | PLK | PTB | PTG | SVE | TRK | ZHH }
• SQLServerName (Required): Specifies the name of the server or clustered instance that's running SQL Server to host the site database.
• DatabaseName (Required): Specifies the name of the SQL Server database to create, or the SQL Server database to use, when setup installs the CAS database. This can also include the instance, instance<DatabaseName>.
• SqlSsbPort (Write): Specifies the SQL Server Service Broker (SSB) port that SQL Server uses.
• SQLDataFilePath (Write): Specifies an alternate location to create the database .mdb file.
• SQLLogFilePath (Write): Specifies an alternate location to create the database .ldf file.
• CCARSiteServer (Write): Specifies the CAS that a primary site attaches to when it joins the Configuration Manager hierarchy.
• CasRetryInterval (Write): Specifies the retry interval in minutes to attempt a connection to the CAS after the connection fails.
• WaitForCasTimeout (Write): Specifies the maximum timeout value in minutes for a primary site to connect to the CAS.
• CloudConnector (Required): Specifies the FQDN of the server that will host the service connection point site system role.
• CloudConnectorServer (Write): Specifies the FQDN of the server that will host the service connection point site system role.
• UseProxy (Write): Specifies whether the service connection point uses a proxy server.
• ProxyName (Write): Specifies the FQDN of the proxy server that the service connection point uses.
• ProxyPort (Write): Specifies the port number to use for the proxy port.
• SAActive (Write): Specify if you have active Software Assurance.
• CurrentBranch (Write): Specify whether to use Configuration Manager current branch or long-term servicing branch (LTSB).

CMIniFile Examples

• CMIniFile_CAS
• CMIniFile_Primary

CMCollections

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] CollectionName (Key): Specifies the name of the collection.
• [String] CollectionType (Key): Specifies the type of collection. { User | Device }.
• [String] LimitingCollectionName (Write): Specifies the name of a collection to use as the default scope for this collection.
• [String] Comment (Write): Specifies a comment for the collection.
• [String] Start (Write): Specifies the start date and start time for the collection refresh schedule Month/Day/Year, example 1/1/2020 02:00.
• [String] ScheduleType (Write): Specifies the schedule type for the collection refresh schedule.
  • Values include: { MonthlyByDay | MonthlyByWeek | Weekly | Days | Hours | Minutes | None }
• [UInt32] RecurInterval (Write): Specifies how often the ScheduleType is run.
• [String] MonthlyWeekOrder (Write): Specifies week order for MonthlyByWeek schedule type.
  • Values include: { First | Second | Third | Fourth | Last }
• [String] DayOfWeek (Write): Specifies the day of week name for MonthlyByWeek and Weekly schedules.
  • Values include: { Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday }
• [UInt32] DayOfMonth (Write): Specifies the day number for MonthlyByDay schedules. Note specifying 0 sets the schedule to run the last day of the month.
  • Values Range: 0 - 31
• [String] RefreshType (Write): Specifies how the collection is refreshed. { Manual | Periodic | Continuous | Both }.
• [EmbeddedInstance] QueryRules[] (Write): Specifies the name of the rule and the query expression that Configuration Manager uses to update collections.
• [String] ExcludeMembership[] (Write): Specifies the collection name to exclude.
• [String] DirectMembership[] (Write): Specifies the resource id or name for the direct membership rule.
• [String] IncludeMembership[] (Write): Specifies the collection to include members.
• [String] Ensure (Write): Specifies status of the collection is to be present or absent.
  • Values include: { Present | Absent }

CMCollections Examples

• CMCollections_Absent
• CMDeviceCollection_Present
• CMUserCollection_Present

CMBoundaries

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] Value (Key): Specifies the value for the boundary.
• [String] DisplayName (Required): Specifies the display name of the boundary.
• [String] Type (Required): Specifies the type of boundary.
  • Values include: { ADSite | IPSubnet | IPRange
• [String] Ensure (Write): Specifies whether the boundary is present or absent.
  • Values include: { Present | Absent }
• [String] BoundaryID (Read): Specifies the boundary id.

CMBoundaries Examples

• CMBoundaries_Absent
• CMBoundaries_Present

CMForestDiscovery

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] Enabled (Required): Specifies the enablement of the forest discovery method. If settings is set to $false no other value provided will be evaluated for compliance.
• [Boolean] EnableActiveDirectorySiteBoundaryCreation (Write): Indicates whether Configuration Manager creates Active Directory boundaries from AD DS discovery information.
• [Boolean] EnableSubnetBoundaryCreation (Write): Indicates whether Configuration Manager creates IP address range boundaries from AD DS discovery information.
• [String] ScheduleInterval (Write): Specifies the time when the scheduled event recurs in hours and days.
  • Values include: { Hours | Days }
• [String] ScheduleCount (Write): Specifies how often the recur interval is run. If hours are specified the max value is 23. Anything over 23 will result in 23 to be set. If days are specified the max value is 31. Anything over 31 will result in 31 to be set.

CMForestDiscovery Examples

• ForestDiscovery_Disabled
• ForestDiscovery_Enabled

CMClientStatusSettings

• [String] IsSingleInstance (Key): Specifies the resource is a single instance, the value must be 'Yes'. { Yes }.
• [String] SiteCode (Required): Specifies the Site Code for the Configuration Manager site.
• [UInt32] ClientPolicyDays (Write): Specifies the data collection interval for client policy client monitoring activities.
• [UInt32] HeartbeatDiscoveryDays (Write): Specifies the data collection interval for heartbeat discovery client monitoring activities.
• [UInt32] SoftwareInventoryDays (Write): Specifies the data collection interval for software inventory client monitoring activities.
• [UInt32] HardwareInventoryDays (Write): Specifies the data collection interval for hardware inventory client monitoring activities.
• [UInt32] StatusMessageDays (Write): Specifies the data collection interval for status message client monitoring activities.
• [UInt32] HistoryCleanupDays (Write): Specifies the data collection interval for status history cleanup client monitoring activities.

CMClientStatusSettings Examples

• CMClientStatusSettings

CMBoundaryGroups

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] BoundaryGroup (Key): Specifies the name of the Boundary Group.
• [EmbeddedInstance] Boundaries (Write): Specifies an array of Boundaries to add or remove from the Boundary Group.
• [String] BoundaryAction (Write): Specifies the Boundaries are to match, add, or remove Boundaries from the Boundary Group
  • Values include: { Match | Add | Remove }
• [String] SiteSystems[] _(Write): Specifies an array of Site Systems to match for the Boundary Group.
• [String] SiteSystemsToInclude[] _(Write): Specifies an array of Site Systems to add to the Boundary Group.
• [String] SiteSystemsToExclude[] _(Write): Specifies an array of Site Systems to remove from the Boundary Group.
• [String] SecurityScopes[] _(Write): Specifies an array of Security Scopes to match for the Boundary Group.
• [String] SecurityScopesToInclude[] _(Write): Specifies an array of Security Scopes to add to the Boundary Group.
• [String] SecurityScopesToExclude[] _(Write): Specifies an array of Security Scopes to remove from the Boundary Group.
• [String] Ensure (Write): Specifies status of the Boundary Group is to be present or absent.
  • Values include: { Present | Absent }

CMBoundaryGroups Examples

• CMBoundaryGroups_Absent
• CMBoundaryGroups_Present
• CMBoundaryGroups_Include
• CMBoundaryGroups_Exclude

CMManagementPoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the SiteServer to install the role on.
• [String] SqlServerFqdn (Write): Specifies the SQL server FQDN if using a SQL replica.
• [String] DatabaseName (Write): Specifies the name of the site database\replica that the management point uses.
• [String] ClientConnectionType (Write): Specifies the type of the client connection.
  • Values include: { Internet | Intranet | InternetAndIntranet }
• [Boolean] EnableCloudGateway (Write): Specifies if a cloud gateway is to be used for the management point.
• [Boolean] EnableSsl (Write): Specifies whether to enable SSL (HTTPS) traffic to the management point.
• [Boolean] GenerateAlert (Write): Indicates whether the management point generates health alerts.
• [Boolean] UseSiteDatabase (Write): Indicates whether the management point queries a site database.
• [Boolean] UseComputerAccount (Write): Indicates that the management point uses its own computer account.
• [String] SqlServerInstanceName (Write): Specifies the name of the SQL Server instance that clients use to communicate with the site system.
• [String] Username (Write): Specifies user account the management point uses to access site information.
• [String] Ensure (Write): Specifies whether the management point is present or absent.
  • Values include: { Present | Absent }

CMManagementPoint Examples

• CMManagementPoint_Absent
• CMManagementPoint_Present
• CMManagementPoint_UseDatabase_Present

CMAssetIntelligencePoint

• [String] IsSingleInstance (Key): Specifies the resource is a single instance, the value must be 'Yes'.
  • Values include: { Yes }.
• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Required): Specifies the Site Server to install or configure the role on. If the role is already installed on another server this setting will be ignored.
• [String] CertificateFile (Write): Specifies the path to a System Center Online authentication certificate (.pfx) file. If used, this must be in UNC format. Local paths are not allowed. Mutually exclusive with the RemoveCertificate parameter.
• [String] Start (Write): Specifies the start date and start time for the synchronization schedule Month/Day/Year, example 1/1/2020 02:00.
• [String] ScheduleType (Write): Specifies the schedule type for the synchronization schedule.
  • Values include: { MonthlyByDay | MonthlyByWeek | Weekly | Days | None }
• [UInt32] RecurInterval (Write): Specifies how often the ScheduleType is run.
  • Values Range: 0 - 31
• [String] MonthlyWeekOrder (Write): Specifies week order for MonthlyByWeek schedule type.
  • Values include: { First | Second | Third | Fourth | Last }
• [String] DayOfWeek (Write): Specifies the day of week name for MonthlyByWeek and Weekly schedules.
  • Values include: { Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday }
• [UInt32] DayOfMonth (Write): Specifies the day number for MonthlyByDay schedules. Note specifying 0 sets the schedule to run the last day of the month.
  • Values Range: 0 - 31
• [Boolean] Enable (Write): Specifies whether the installed asset intelligence role is enabled or disabled.
• [Boolean] EnableSynchronization (Write): Specifies whether to synchronize the asset intelligence catalog.
• [Boolean] RemoveCertificate (Write): Specifies whether to remove a configured certificate file. Mutually exclusive with the CertificateFile Parameter.
• [String] Ensure (Write): Specifies whether the asset intelligence synchronization point is present or absent.
  • Values include: { Present | Absent }

CMAssetIntelligencePoint Examples

• CMAssetIntelligencePoint_Absent
• CMAssetIntelligencePoint_Present

CMFallbackStatusPoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the Site Server to install or configure the role on.
• [UInt32] StateMessageCount (Write): Specifies the number of state messages that a fallback status point can send to Configuration Manager within a throttle interval.
• [UInt32] ThrottleSec (Write): Specifies the throttle interval in seconds.
• [String] Ensure (Write): Specifies whether the fallback status point is present or absent.
  • Values include: { Present | Absent }

CMFallbackStatusPoint Examples

• CMFallbackStatusPoint_Absent
• CMFallbackStatusPoint_Present

CMSoftwareUpdatePoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the Site Server to install or configure the role on.
• [Boolean] AnonymousWsusAccess (Write): Indicates that the software update point allows anonymous access. Mutually exclusive with WsusAccessAccount.
• [String] ClientConnectionType (Write): Specifies the type of the client connection.
  • Values include: { Internet | Intranet | InternetAndIntranet }
• [Boolean] EnableCloudGateway (Write): Specifies if a cloud gateway is to be used for the software update point. When enabling the cloud gateway, the client connectiontype must be either Internet or InterneAndIntranet. When enabling the cloud gateway, SSL must be enabled.
• [Boolean] UseProxy (Write): Indicates whether a software update point uses the proxy configured for the site system server.
• [Boolean] UseProxyForAutoDeploymentRule (Write): Indicates whether an auto deployment rule can use a proxy.
• [String] WsusAccessAccount (Write): Specifies an account used to connect to the WSUS server. When not used, specify the AnonymousWsusAccess parameter.
• [UInt32] WsusIisPort (Write): Specifies a port to use for unsecured access to the Wsus server.
• [UInt32] WsusIisSslPort (Write): Specifies a port to use for secured access to the Wsus server.
• [Boolean] WsusSsl (Write): Specifies whether the software update point uses SSL to connect to the Wsus server.
• [String] Ensure (Write): Specifies whether the software update point is present or absent.
  • Values include: { Present | Absent }

CMSoftwareUpdatePoint Examples

• CMSoftwareUpdatePoint_Absent
• CMSoftwareUpdatePoint_CMG
• CMSoftwareUpdatePoint_Present

CMDistributionPoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the SiteServer to install the role.
• [String] Description (Write): Specifies a description for the distribution point.
• [UInt32] MinimumFreeSpaceMB (Write): Specifies the amount of free space to reserve on each drive used by this distribution point. Only used when distribution point is not currently installed.
• [String] PrimaryContentLibraryLocation (Write): Specifies the primary content location. Configuration Manager copies content to the primary content location until the amount of free space reaches the value that you specified. Only used when distribution point is not currently installed.
• [String] SecondaryContentLibraryLocation (Write): Specifies the secondary content location. Only used when distribution point is not currently installed.
• [String] PrimaryPackageShareLocation (Write): Specifies the primary package share location. Configuration Manager copies content to the primary package share location until the amount of free space reaches the value that you specified. Only used when distribution point is not currently installed.
• [String] SecondaryPackageShareLocation (Write): Specifies the secondary package share location. Only used when distribution point is not currently installed.
• [DateTime] CertificateExpirationTimeUtc (Write): Specifies, in UTC format, the date and time when the certificate expires. Only used when distribution point is not currently installed.
• [String] ClientCommunicationType (Write): Specifies protocol clients or devices communicate with the distribution point.
  • Values include: { Http | Https }
• [String] BoundaryGroups[] (Write): Specifies an array of existing boundary groups by name.
• [String] BoundaryGroupStatus (Write): Specifies if the boundary group is to be added, removed, or match BoundaryGroups.
  • Values include: { Add | Remove | Match }
• [Boolean] AllowPreStaging (Write): Indicates whether the distribution point is enabled for prestaged content.
• [Boolean] EnableAnonymous (Write): Indicates that the distribution point permits anonymous connections from Configuration Manager clients to the content library.
• [Boolean] EnableBranchCache (Write): Indicates that clients that use Windows BranchCache are allowed to download content from an on-premises distribution point
• [Boolean] EnableLedbat (Write): Indicates whether to adjust the download speed to use the unused network Bandwidth or Windows LEDBAT.
• [String] Ensure (Write): Specifies if the DP is to be present or absent.
  • Values include: { Absent | Present }

CMDistributionPoint Examples

• CMDistributionPoint_Absent
• CMDistributionPoint_Present

CMHeartbeatDiscovery

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] Enabled (Required): Specifies the enablement of the heartbeat discovery method. If settings is set to $false no other value provided will be evaluated for compliance.
• [String] ScheduleInterval (Write): Specifies the time when the scheduled event recurs in hours and days.
  • Values include: { Hours | Days }
• [String] ScheduleCount (Write): Specifies how often the recur interval is run. If hours are specified the max value is 23. Anything over 23 will result in 23 to be set. If days are specified the max value is 31. Anything over 31 will result in 31 to be set.

CMHeartbeatDiscovery Examples

• CMHeartbeatDiscovery_Disabled
• CMHeartbeatDiscovery_Enabled

CMNetworkDiscovery

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] Enabled (Required): Specifies the enablement of the network discovery method.

CMNetworkDiscovery Examples

• CMNetworkDiscovery_Disabled
• CMNetworkDiscovery_Enabled

CMSystemDiscovery

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] Enabled (Key): Specifies the enablement of the system discovery method. If settings is set to $false no other value provided will be evaluated for compliance.
• [Boolean] EnableDeltaDiscovery (Write): Indicates whether Configuration Manager discovers resources created or modified in AD DS since the last discovery cycle.
• [UInt32] DeltaDiscoveryMins (Write): Specifies the number of minutes for the delta discovery.
• [Boolean] EnableFilteringExpiredLogon (Write): Indicates whether Configuration Manager discovers only computers that have logged onto a domain within a specified number of days.
• [UInt32] TimeSinceLastLogonDays (Write): Specify the number of days for EnableFilteringExpiredLogon.
• [Boolean] EnableFilteringExpiredPassword (Write): Indicates whether Configuration Manager discovers only computers that have updated their computer account password within a specified number of days.
• [UInt32] TimeSinceLastPasswordUpdateDays (Write): Specify the number of days for EnableFilteringExpiredPassword.
• [String] ADContainers[] (Write): Specifies an array of names of Active Directory containers to match to the discovery.
• [String] ADContainersToInclude[] (Write): Specifies an array of names of Active Directory containers to add to the discovery.
• [String] ADContainersToExclude[] (Write): Specifies an array of names of Active Directory containers to exclude to the discovery.
• [String] ScheduleInterval (Write): Specifies the time when the scheduled event recurs in hours and days.
  • Values include: { None| Days| Hours | Minutes }
• [UInt32] ScheduleCount (Write): Specifies how often the recur interval is run. If hours are specified the max value is 23. Anything over 23 will result in 23 to be set. If days are specified the max value is 31. Anything over 31 will result in 31 to be set.

CMSystemDiscovery Examples

• CMSystemDiscovery_Disabled
• CMSystemDiscovery_Enabled
• CMSystemDiscovery_Exclude
• CMSystemDiscovery_Include
• CMSystemDiscovery_ScheduleNone

CMServiceConnectionPoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Required): Specifies the Site Server to install or configure the role on.
• [String] Mode (Write): Specifies a mode for the service connection point.
  • Values include: { Online | Offline }
• [String] Ensure (Write): Specifies whether the service connection point is present or absent.
  • Values include: { Absent | Present }

CMServiceConnectionPoint Examples

• CMServiceConnectionPoint_Absent
• CMServiceConnectionPoint_Present

CMReportingServicePoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the Site Server to install or configure the role on.
• [String] DatabaseName (Write): Specifies the name of the Configuration Manager database that you want to use as the data source for reports from Microsoft SQL Server Reporting Services.
• [String] DatabaseServerName (Write): Specifies the name of the Configuration Manager database server that you want to use as the data source for reports from Microsoft SQL Server Reporting Services. To specify a database instance, use the format Server Name\Instance Name.
• [String] FolderName (Write): Specifies the name of the report folder on the report server. This parameter can only be used when installing the role.
• [String] ReportServerInstance (Write): Specifies the name of an instance of Microsoft SQL Server Reporting Services. This parameter can only be used when installing the role.
• [String] Username (Write): Specifies a Username for an account that Configuration Manager uses to connect with Microsoft SQL Server Reporting Services and that gives this user access to the site database.
• [String] Ensure (Write): Specifies whether the asset reporting service point is present or absent.
  • Values include: { Present | Absent }

CMReportingServicePoint Examples

• CMReportingServicePoint_Absent
• CMReportingServicePoint_Present

CMPxeDistributionPoint

• [String] SiteCode (Key): Specifies the SiteCode for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the SiteServer to install the role on.
• [Boolean] EnablePxe (Write): Indicates whether PXE is enabled on the distribution point.
• [Boolean] EnableNonWdsPxe (Write): Specifies whether to enable PXE responder without Windows Deployment services.
• [Boolean] EnableUnknownComputerSupport (Write): Indicates whether support for unknown computers is enabled.
• [Boolean] AllowPxeResponse (Write): Indicates whether the distribution point can respond to PXE requests.
• [UInt16] PxeServerResponseDelaySec (Write): Specifies, in seconds, how long the distribution point delays before it responds to computer requests.
• [String] UserDeviceAffinity (Write): Specifies how you want the distribution point to associate users with their devices for PXE deployments.
  • Values include: { DoNotUse | AllowWithManualApproval | AllowWithAutomaticApproval }
• [PSCredential] PxePassword (Write): Specifies, as a credential, the PXE password.
• [Boolean] IsMulticast (Read): Specifies if multicast is enabled.
• [String] DPStatus (Read): Specifies if the DP role is installed.

CMPxeDistributionPoint Examples

• CMPxeDistributionPoint_Disabled
• CMPxeDistributionPoint_Enabled

CMPullDistributionPoint

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteServerName (Key): Specifies the SiteServer to configure the Pull Distribution Point.
• [Boolean] EnablePullDP (Write): Specifies if the distribution point is to be set to enabled or disabled for pull distribution point.
• [EmbeddedInstance] SourceDistributionPoint[] (Write): Specifies the desired source distribution points and the DP ranking.
• [String] DPStatus (Read): Specifies if the DP role is installed.

CMPullDistributionPoint Examples

• CMPullDistributionPoint_Enabled
• CMPullDistributionPoint_Disabled

CMSiteMaintenance

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] TaskName (Key): Specifies the name of the maintenance task.
  • Values include: { Delete Aged Inventory History | Delete Aged Metering Data | Clear Undiscovered Clients | Delete Obsolete Alerts | Delete Aged Replication Data | Delete Aged Device Wipe Record | Delete Aged Enrolled Devices | Delete Aged User Device Affinity Data | Delete Duplicate System Discovery Data | Delete Aged Unknown Computers | Delete Expired MDM Bulk Enroll Package Records | Backup SMS Site Server | Delete Aged Status Messages | Delete Aged Metering Summary Data | Delete Inactive Client Discovery Data | Delete Aged Application Revisions | Delete Aged Replication Summary Data | Delete Obsolete Forest Discovery Sites And Subnets | Delete Aged Threat Data | Delete Aged Delete Detection Data | Delete Aged Distribution Point Usage Stats | Delete Orphaned Client Deployment State Records | Rebuild Indexes | Delete Aged Discovery Data | Summarize File Usage Metering Data | Delete Obsolete Client Discovery Data | Delete Aged Log Data | Delete Aged Application Request Data | Check Application Title with Inventory Information | Delete Aged EP Health Status History Data | Delete Aged Notification Task History | Delete Aged Passcode Records | Delete Aged Console Connection Data | Monitor Keys | Delete Aged Collected Files | Summarize Monthly Usage Metering Data | Delete Aged Computer Association Data | Delete Aged Client Download History | Delete Aged Exchange Partnership | Summarize Installed Software Data | Delete Aged Client Operations | Delete Aged Notification Server History | Update Application Available Targeting | Delete Aged Cloud Management Gateway Traffic Data | Update Application Catalog Tables }
• [Boolean] Enabled (Required): Specifies if the task is enabled or disabled.
• [String] DaysOfWeek[] (Write): Specifies an array of day names that determine the days of each week on which the maintenance task runs.
• [String] BeginTime (Write): Specifies the time at which a maintenance task starts.
• [String] LatestBeginTime (Write): Specifies the latest start time at which the maintenance task runs.
• [UInt32] DeleteOlderThanDays (Write): Specifies how many days to delete data that has been inactive for.
• [String] BackupLocation (Write): Specifies the backup location for Backup Site Server.
• [UInt32] RunInterval (Write): Species the run interval in minutes for Application Catalog Tables task only.
• [UInt32] TaskType (Read): Specifies the type of task.
• [UInt32] SiteType (Read): Specifies the a numeric value for the site type.

CMSiteMaintenance Examples

• CMSiteMaintenance_BackupTask_Enabled
• CMSiteMaintenance_Disabled
• CMSiteMaintenance_MaintenanceTask_Enabled
• CMSiteMaintenance_SummaryTask_Enabled
• CMSiteMaintenance_UpdateAppCatTablesTask_Enabled

CMAdministrativeUser

• [String] AdminName (Key): Specifies the name of the administrator account.
• [String] SiteCode (Required): Specifies the Site Code for the Configuration Manager site.
• [String] Roles[] (Write): Specifies an array of names for the roles desired to be assigned to an administrative user.
• [String] RolesToInclude[] (Write): Specifies an array of names for the roles desired to be added to an administrative user.
• [String] RolesToExclude[] (Write): Specifies an array of names for the roles desired to be removed from an administrative user.
• [String] Scopes[] (Write): Specifies an array of names for the scopes desired to be assigned to an administrative user.
• [String] ScopesToInclude[] (Write): Specifies an array of names for the scopes desired to be added to an administrative user.
• [String] ScopesToExclude[] (Write): Specifies an array of names for the scopes desired to be removed from an administrative user.
• [String] Collections[] (Write): Specifies an array of names for the collections desired to be assigned to an administrative user.
• [String] CollectionsToInclude[] (Write): Specifies an array of names for the collections desired to be added to an administrative user.
• [String] CollectionsToExclude[] (Write): Specifies an array of names for the collections desired to be removed from an administrative user.
• [String] Ensure (Write): Specifies whether the administrative user is present or absent.
  • Values include: { Present | Absent }

CMAdministrativeUser Examples

• CMAdministrativeUser_Absent
• CMAdministrativeUser_Present

CMDistributionGroup

• [String] DistributionGroup (Key): Specifies the Distribution Group name.
• [String] SiteCode (Required): Specifies the Site Code for the Configuration Manager site.
• [String] DistributionPoints[] (Write): Specifies an array of Distribution Points to match to the Distribution Group.
• [String] DistributionPointsToInclude[] (Write): Specifies an array of Distribution Points to add to the Distribution Group.
• [String] DistributionPointsToExclude[] (Write): Specifies an array of Distribution Points to remove from the Distribution Group.
• [String] SecurityScopes[] (Write): Specifies an array of Security Scopes to match to the Distribution Group.
• [String] SecurityScopesToInclude[] (Write): Specifies an array of Security Scopes to add to the Distribution Group.
• [String] SecurityScopesToExclude[] (Write): Specifies an array of Security Scopes to remove from the Distribution Group.
• [String] Ensure (Write): Specifies whether the Distribution Group is present or absent.
  • Values include: { Present | Absent }

CMDistributionGroup Examples

• CMDistributionGroup_Present
• CMDistributionGroup_Absent

CMSiteSystemServer

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SiteSystemServer (Key): Specifies the name of the site system server.
• [String] PublicFqdn (Write): Specifies the public FQDN of the site server. Setting PublicFqdn = '' will disable the PublicFqdn setting.
• [Boolean] FdmOperation (Write): Indicates whether the site system server is required to initiate connections to this site system.
• [Boolean] UseSiteServerAccount (Write): Indicates that the install uses the site server's computer account to install the site system.
• [String] AccountName (Write): Specifies the account name for installing the site system.
• [Boolean] EnableProxy (Write): Indicates whether to enable a proxy server to use when the server synchronizes information from the Internet.
• [String] ProxyServerName (Write): Specifies the name of a proxy server. Use a fully qualified domain name FQDN, short name, or IPv4/IPv6 address.
• [UInt32] ProxyServerPort (Write): Specifies the proxy server port number to use when connecting to the Internet.
• [String] ProxyAccessAccount (Write): Specifies the credentials to use to authenticate with the proxy server. Setting ProxyAccessAccount = '' will reset the proxy to use system account.
• [String] Ensure (Write): Specifies whether the system site server is present or absent.
  • Values include: { Present | Absent }

CMSiteSystemServer Examples

• CMSiteSystemServer_Present
• CMSiteSystemServer_Absent

CMStatusReportingComponent

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] ClientLogChecked (Write): Indicates whether a client log is checked.
• [Boolean] ClientLogFailureChecked (Write): Indicates whether a client log failure is checked.
• [String] ClientLogType (Write): Specifies a client log type.
  • Values include: { AllMilestones | AllMilestonesAndAllDetails | ErrorAndWarningMilestones | ErrorMilestones }
• [Boolean] ClientReportChecked (Write): Indicates whether a client report is checked.
• [Boolean] ClientReportFailureChecked (Write): Indicates whether a client failure is checked.
• [String] ClientReportType (Write): Specifies a client report type.
  • Values include: { AllMilestones | AllMilestonesAndAllDetails | ErrorAndWarningMilestones | ErrorMilestones }
• [Boolean] ServerLogChecked (Write): Indicates whether a server log is checked.
• [Boolean] ServerLogFailureChecked (Write): Indicates whether a server log failure is checked.
• [String] ServerLogType (Write): Specifies a server log type.
  • Values include: { AllMilestones | AllMilestonesAndAllDetails | ErrorAndWarningMilestones | ErrorMilestones }
• [Boolean] ServerReportChecked (Write): Indicates whether a server report is checked.
• [Boolean] ServerReportFailureChecked (Write): Indicates whether a server report failure is checked.
• [String] ServerReportType (Write): Specifies a server report type.
  • Values include: { AllMilestones | AllMilestonesAndAllDetails | ErrorAndWarningMilestones | ErrorMilestones }

CMStatusReportingComponent Examples

• CMStatusReportingComponent_Example

CMCollectionMembershipEvaluationComponent

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [UInt32] EvaluationMins (Required): Indicates the CM Collection Membership Evaluation Component interval in minutes.

CMCollectionMembershipEvaluationComponent Examples

• CMCollectionMembershipEvaluationComponent_Example

CMDistributionPointGroupMembers

• [String] DistributionPoint (Key): Specifies the Distribution Point to modify Distribution Point Group membership.
• [String] SiteCode (Required): Specifies the Site Code for the Configuration Manager site.
• [String] DistributionGroups[] (Write): Specifies an array of Distribution Groups to match on the Distribution Point.
• [String] DistributionGroupsToInclude[] (Write): Specifies an array of Distribution Groups to add to the Distribution Point.
• [String] DistributionGroupsToExclude[] (Write): Specifies an array of Distribution Groups to remove from the Distribution Point.
• [String] DPStatus (Read): Specifies if the DP role is installed.

CMDistributionPointGroupMembers Example

• CMDistributionPointGroupMembers

CMSecurityScopes

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SecurityScopeName (Key): Specifies the Security Scope name.
• [String] Description (Write): Specifies the description of the Security Scope.
• [String] Ensure (Write): Specifies whether the Security Scope is present or absent.
  • Values include: { Present | Absent }
• [Boolean] InUse (Read): Specifies if the Security Scope is currently in use.

CMSecurityScopes Examples

• CMSecurityScopes_Present
• CMSecurityScopes_Absent

CMUserDiscovery

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] Enabled (Key): Specifies the enablement of the User Discovery method. If settings is set to $false no other value provided will be evaluated for compliance.
• [Boolean] EnableDeltaDiscovery (Write): Indicates whether Configuration Manager discovers resources created or modified in AD DS since the last discovery cycle.
• [UInt32] DeltaDiscoveryMins (Write): Specifies the number of minutes for the delta discovery.
• [String] ADContainers[] (Write): Specifies an array of names of Active Directory containers to match to the discovery.
• [String] ADContainersToInclude[] (Write): Specifies an array of names of Active Directory containers to add to the discovery.
• [String] ADContainersToExclude[] (Write): Specifies an array of names of Active Directory containers to exclude to the discovery.
• [String] ScheduleInterval (Write): Specifies the time when the scheduled event recurs in hours and days.
  • Values include: { None| Days| Hours | Minutes }
• [UInt32] ScheduleCount (Write): Specifies how often the recur interval is run. If hours are specified the max value is 23. Anything over 23 will result in 23 to be set. If days are specified the max value is 31. Anything over 31 will result in 31 being set.

CMUserDiscovery Examples

• CMUserDiscovery_Disabled
• CMUserDiscovery_Enabled
• CMUserDiscovery_Exclude
• CMUserDiscovery_Include
• CMUserDiscovery_ScheduleNone

CMSecurityRoles

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] SecurityRoleName (Key): Specifies the Security Role name.
• [String] Description (Write): Specifies the description of the Security Role.
• [String] XmlPath (Write): Specifies the path the Security Role xml file to evaluate and import.
• [Boolean] OverWrite (Write): Specifies if the Security Roles does not match the xml this will overwrite the policy.
• [Boolean] Append (Write): Specifies additional settings in the xml will be appended to the current Security Role. If append is used a new xml file will be created merging current settings with the additional settings in the xml. Any settings that are currently configured and in the xml will match the settings specified in the xml file. The original XML file will be renamed and be updated with a date time stamp and renamed to .old.
• [String] Ensure (Write): Specifies whether the Security Role is present or absent.
  • Values include: { Present | Absent }
• [String] Operation (Read): Specifies the configurations of the Security Role.
• [String] UsersAssigned[] (Read): Specifies the accounts associated with the Security Role.

CMSecurityRoles Examples

• CMSecurityRoles_Present
• CMSecurityRoles_Absent

CMClientPushSettings

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [Boolean] EnableAutomaticClientPushInstallation (Write): Specifies whether Configuration Manager automatically uses client push for discovered computers.
• [Boolean] EnableSystemTypeConfigurationManager (Write): Specifies whether Configuration Manager pushes the client software to Configuration Manager site system servers.
• [Boolean] EnableSystemTypeServer (Write): Specifies whether Configuration Manager pushes the client software to servers.
• [Boolean] EnableSystemTypeWorkstation (Write): Specifies whether Configuration Manager pushes the client software to workstations.
• [Boolean] InstallClientToDomainController (Write): Specifies whether to use automatic site-wide client push installation to install the Configuration Manager client software on domain controllers.
• [String] InstallationProperty (Write): Specifies any installation properties to use when installing the Configuration Manager client. Note: No validation is performed on the string of text entered and will import as specified.
• [String] Accounts[] (Write): Specifies an array of accounts to exactly match for use with client push.
• [String] AccountsToInclude[] (Write): Specifies an array of accounts to add for use with client push.
• [String] AccountsToExclude[] (Write): Specifies an array of accounts to remove for use with client push.

CMClientPushSettings Examples

• CMClientPushSettings_Disabled
• CMClientPushSettings_Enabled
• CMClientPushSettings_Include

CMSoftwareDistributionComponent

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [UInt32] MaximumPackageCount (Write): Specifies a maximum number of packages for concurrent distribution.
  • Values Range: 1 - 50
• [UInt32] MaximumThreadCountPerPackage (Write): Specifies a maximum thread count per package for concurrent distribution.
  • Values Range: 1 - 999
• [UInt32] RetryCount (Write): Specifies the retry count for a package distribution.
  • Values Range: 1 - 1000
• [UInt32] DelayBeforeRetryingMins (Write): Specifies the retry delay, in minutes, for a failed package distribution.
  • Values Range: 1 - 1440
• [UInt32] MulticastRetryCount (Write): Specifies the retry count for a multicast distribution.
  • Values Range: 1 - 1000
• [UInt32] MulticastDelayBeforeRetryingMins (Write): Specifies the retry delay, in minutes, for a failed multicast distribution.
  • Values Range: 1 - 1440
• [Boolean] ClientComputerAccount (Write): Specifies if the computer account should be used instead of Network Access account. Note: Setting to true will remove all network access accounts.
• [String] AccessAccounts[] (Write): Specifies an array of accounts to exactly match for Network Access list with software distribution.
• [String] AccessAccountsToInclude[] (Write): Specifies an array of accounts to add for use with software distribution.
• [String] AccessAccountsToExclude[] (Write): Specifies an array of accounts to remove for use with software distribution.

CMSoftwareDistributionComponent Examples

• CMSoftwareDistributionComponent_AccessAccount
• CMSoftwareDistributionComponent_Computer

CMMaintenanceWindows

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] CollectionName (Key): Specifies the collection name for the maintenance window.
• [String] Name _(Key): Specifies the name for the maintenance window.
• [String] ServiceWindowsType (Write): Specifies what the maintenance window will apply to.
  • Values include: { Any | SoftwareUpdatesOnly | TaskSequencesOnly }
• [String] Start _(Key): Specifies the start date and start time for the maintenance window Month/Day/Year, example 1/1/2020 02:00.
• [String] ScheduleType (Write): Specifies the schedule type for the maintenance window.
  • Values include: { MonthlyByDay | MonthlyByWeek | Weekly | Days | None }
• [UInt32] RecurInterval (Write): Specifies how often the ScheduleType is run.
• [String] MonthlyWeekOrder (Write): Specifies week order for MonthlyByWeek schedule type.
  • Values include: { First | Second | Third | Fourth | Last }
• [String] DayOfWeek (Write): Specifies the day of week name for MonthlyByWeek and Weekly schedules.
  • Values include: { Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday }
• [UInt32] DayOfMonth (Write): Specifies the day number for MonthlyByDay schedules. Note specifying 0 sets the schedule to run the last day of the month.
  • Values Range: 0 - 31
• [UInt32] HourDuration (Write): Specifies the duration for the maintenance window in hours, max value 23.
  • Values Range: 0 - 23
• [UInt32] MinuteDuration (Write): Specifies the duration for the maintenance window in minutes, max value 59.
  • Values Range: 5 - 59
• [Boolean] IsEnabled (Write): Specifies if the maintenance window is enabled, default value is enabled.
• [String] Ensure (Write): Specifies whether the Security Scope is present or absent.
  • Values include: { Present | Absent }
• [String] Description (Read): Provides the description of the maintenance window.
• [String] CollectionStatus (Read): Specifies if the collection applying the maintenance window to exists.

CMMaintenanceWindows Examples

• CMMaintenanceWindows_Present
• CMMaintenanceWindows_Absent

CMFileReplication

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] DestinationSiteCode (Key): Specifies the destination site for the file replication route by using a site code.
• [UInt32] DataBlockSizeKB (Write): Specifies a data block size, in kilobytes. Used in conjunction with the PulseMode parameter.
  • Values Range: 1 - 256
• [UInt32] DelayBetweenDataBlockSec (Write): Delay, in seconds, between sending data blocks when PulseMode is used.
  • Values Range: 1 - 30
• [String] FileReplicationAccountName (Write): Specifies the account that Configuration Manager uses for file replication.
• [Boolean] UseSystemAccount (Write): Specifies if the replication service will use the site system account.
• [Boolean] Limited (Write): Indicates that bandwidth for a file replication route is limited.
• [Boolean] PulseMode (Write): Indicates that file replication uses data block size and delays between transmissions.
• [Boolean] Unlimited (Write): Indicates that bandwidth for a file replication route is unlimited.
• [EmbeddedInstance] RateLimitingSchedule[] (Write): Specifies, as an array of CimInstances, hour ranges and bandwidth percentages for limiting file replication.
• [EmbeddedInstance] NetworkLoadSchedule[] (Write): Specifies, as an array of CimInstances, hour ranges and bandwidth percentages for network load balancing schedule.
• [String] Ensure (Write): Specifies whether the file replication route is present or absent.
  • Values include: { Present | Absent }

CMFileReplication Examples

• CMFileReplication_Present
• CMFileReplication_Absent

ReverseDsc

Most organizations using this module already have an existing Configuration Manager environment. Creating a configuration and a PowerShell data file that contains all of the configurations of an environment, to either stand-up a lab environment or document a production environment, can be a time consuming task to undertake. ReverseDsc with-in the ConfigMgrCBDsc module will assist in documenting the current production or development environment and allow you to take that configuration and allow you to monitor your current settings or rebuild another environment with the core functionality quickly using the same settings that are currently set within the Configuration Manager environment.

Typically, with ReverseDsc you will get a configuration that has all of the data hard coded within the configuration. With this module, it will generate a data file and if desired a Configuration that will reference the data file to generate a mof file. This allows you to only have to modify the data file for each of your environments, production or Lab, and use the same configuration file for each environment.

Note

**No passwords are gathered by ReverseDsc. Items such as CMAccounts will only list the account and when the configuration is ran a prompt will be provided to provide the password for the account.

With the default configuration created, it does NOT use certificates and all passwords specified will be in plain text in the mof file when it is compiled. If desired, once the configuration is created you can add the necessary pieces to encrypt the passwords in the mof file.**

If looking to stand-up a brand new environment, an example of installing pre-reqs, SQL, and installing Configuration Manager can be found in examples: PrimaryInstall.ps1. Using the information in the example can assist with setting up a brand new environment and using the output from ReverseDsc to quickly stand up a new test environment.

Supported DSC Resources

Currently not all modules will gathered by ReverseDSC. Below will list all of the modules and specify if it is currently supported by ReverseDSC.

• DSC_CMAccounts: Fully Supported
• DSC_CMAdministrativeUser: Fully Supported
• DSC_CMAssetIntelligencePoint: Fully Supported
• DSC_CMBoundaries: Not Supported
• DSC_CMBoundaryGroups: Limited Support, will only create the boundary group and will not populate or gather the boundaries within the group.
• DSC_CMClientPushSettings: Fully Supported
• DSC_CMClientStatusSettings: Fully Supported
• DSC_CMCollectionMembershipEvaluationComponent: Fully Supported
• DSC_CMCollections: Fully Supported
• DSC_CMDistributionGroup: Fully Supported
• DSC_CMDistributionPoint: Fully Supported
• DSC_CMDistributionPointGroupMembers: Fully Supported
• DSC_CMFallbackStatusPoint: Fully Supported
• DSC_CMFileReplication: Not Supported
• DSC_CMForestDiscovery: Fully Supported
• DSC_CMHeartbeatDiscovery: Fully Supported
• DSC_CMIniFile: Not Supported
• DSC_CMMaintenanceWindows: Fully Supported
• DSC_CMManagementPoint: Fully Supported
• DSC_CMNetworkDiscovery: Fully Supported
• DSC_CMPullDistributionPoint: Fully Supported
• DSC_CMPxeDistributionPoint: Fully Supported
• DSC_CMReportingServicePoint: Fully Supported
• DSC_CMSecurityRoles: Not Supported
• DSC_CMSecurityScopes: Fully Supported
• DSC_CMServiceConnectionPoint: Fully Supported
• DSC_CMSiteMaintenance: Fully Supported
• DSC_CMSiteSystemServer: Fully Supported
• DSC_CMSoftwareDistributionComponent: Fully Supported
• DSC_CMSoftwareUpdatePoint: Fully Supported
• DSC_CMStatusReportingComponent: Fully Supported
• DSC_CMSystemDiscovery: Fully Supported
• DSC_CMUserDiscovery: Fully Supported
• xSccmInstall: Not Supported
• xSccmPreReqs: Not Supported
• xSccmSqlSetup: Not Supported

Importing the ReverseDsc module

The ConfigMgrCBDsc module will have to be installed to run ReverseDSC. ReverseDSC uses the helper function and each module to gather the information about the environment. After installing the module, next the ReverseDsc module will need to be imported, replace <version> with the version number of currently installed module:

Import-Module -Name 'C:\Program Files\WindowsPowerShell\Modules\ConfigMgrCBDsc\<version>\Modules\ConfigMgrCBDsc.ReverseDsc\ConfigMgrCBDsc.ReverseDsc.psd1'

After importing the module, Set-ConfigMgrCBDscReverse will be available.

Set-ConfigMgrCBDscReverse

• [String] SiteCode (Key): Specifies the Site Code for the Configuration Manager site.
• [String] Include (Write): Specifies which resources will be invoked, default setting: All.
  • Values include: { All|Accounts|AdministrativeUser|AssetIntelligencePoint|BoundaryGroups| ClientPush|ClientStatusSettings|CollectionEvaluationComponent|Collections| DistributionGroups|DistributionPoint|DistributionPointGroupMembers| FallbackPoints|ForestDiscovery|HeartbeatDiscovery|MaintenanceWindow|ManagementPoint| NetworkDiscovery|PullDistributionPoint|PxeDistributionPoint| ReportingServicesPoint|SecurityScopes|ServiceConnection|SiteMaintenance| SiteSystemServer|SoftwareDistributionComponent|SoftwareupdatePoint| StatusReportingComponent|SystemDiscovery|UserDiscovery|ConfigFileOnly }
• [String] Exclude (Write): Specifies which resources will be excluded from being evaluated. Only evaluated when Include = 'All'
  • Values include: { Accounts|AdministrativeUser|AssetIntelligencePoint|BoundaryGroups| ClientPush|ClientStatusSettings|CollectionEvaluationComponent|Collections| DistributionGroups|DistributionPoint|DistributionPointGroupMembers| FallbackPoints|ForestDiscovery|HeartbeatDiscovery|MaintenanceWindow|ManagementPoint| NetworkDiscovery|PullDistributionPoint|PxeDistributionPoint| ReportingServicesPoint|SecurityScopes|ServiceConnection|SiteMaintenance| SiteSystemServer|SoftwareDistributionComponent|SoftwareupdatePoint| StatusReportingComponent|SystemDiscovery|UserDiscovery }
• [String] DataFile (Write): Specifies where the data file will be saved. Filename must end with .psd1. Not specifying DataFile the output will be displayed in the output screen only if Include does not equal ConfigFileOnly.
• [String] ConfigOutputPath (Write): Specifies where the configuration file will be saved. Filename must end with .ps1.
• [String] MofOutPutPath (Write): Specifies where the mof file will be saved when running the configuration.

Set-ConfigMgrCBDscReverse Examples

Running ReverseDsc with all options and creating a configuration file.

$params = @{
    SiteCode         = 'Lab'
    Include          = 'All'
    DataFile         = 'C:\temp\datafile.psd1'
    ConfigOutputPath = 'C:\temp\CMConfig.ps1'
    MofOutputPath    = 'C:\temp\Mof'
}
Set-ConfigMgrCBDscReverse @params

Running ReverseDsc using exclude and not creating a configuration file. This will still create a DataFile containing all of the information retrieved.

$params = @{
    SiteCode = 'Lab'
    Include  = 'All'
    Exclude  = 'SiteSystemServer'
    DataFile = 'C:\temp\datafile.psd1'
}
Set-ConfigMgrCBDscReverse @params

Running ReverseDsc and only creating a configuration file. DataFile and MofOutputPath are still required. The reason is when the configuration is created, it hard codes the path into the configuration file.

$params = @{
    SiteCode         = 'Lab'
    Include          = 'ConfigFileOnly'
    DataFile         = 'C:\temp\DataFile.psd1'
    ConfigOutputPath = 'C:\temp\CMConfig.ps1'
    MofOutputPath    = 'C:\temp\Mof'
}
Set-ConfigMgrCBDscReverse @params

After creating a DataFile and configuration file, to compile the mof one additional command will need to be ran. After running the command below, any item that requires a password, example CMAccounts, will prompt to enter a password for those accounts. If running against and environment already up and running, the passwords are not evaluated and set if the account already exists with a password.

C:\temp\CMConfig.ps1