Advertisement

Enable CMG for users WFH without local admin right and they can't come to office using custom script

Ziherka 12:46 AM
Enable CMG for users WFH without local admin right and they can't come to office using custom script Part 1 video, where we enable Cloud Managemet Gateway


In this video we will enable SCCM agent to use CMG for users who are working from home over public internet with no VPN connectivity to on-prem and they cannot come to office to connect the PC and get the SCCM policy so that SCCM agent knows the URL of CMG.
We will give a script to users which will run with local admin credentials and re-install SCCM agent on machine using cloud MP as users do not have local admin rights

Script below:--

Part 1 : Convert Password to Encrypted string.

[Byte[]] $key = (1..16)
$password = "Passw0rd" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -key $key
$password


Part 2 : Use Encrypted string created in Part 1 and Trigger ccmsetup command in separate powershell session in local admin context.

$encrypted = "76492d1116743f0423413b16050a5345MgB8ADYAZwAxAHUAMAB2ADgAcgBMAHYATgAvAGoAYgBTACsAOQBzAGgAaABBAEEAPQA9AHwAOQA1AGUAMAA5ADEANQBjADQAOQBiAGUAMQBhADYAYwA2ADcAMgBmAGEAZgB
lAGIANQA0ADUANABjADMANQBlADEAMQA5ADIAMQBkADIAMwBhADAAOQBjAGIANAAxAGEANAA2AGEAYwBmADMAYQBiAGIAZQBhADEAOAAxADgANQA="
$user = ".\localadmin"
[Byte[]] $key = (1..16)
$password = ConvertTo-SecureString -string $encrypted -key $key
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$password
$ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo
$ProcessInfo.FileName = "powershell.exe"
$ProcessInfo.CreateNoWindow = $true
$a= $env:windir
$filepath = $a + '\ccmsetup'
$ProcessInfo.WorkingDirectory = $filepath
$ProcessInfo.RedirectStandardError = $true
$ProcessInfo.RedirectStandardOutput = $true
$ProcessInfo.UseShellExecute = $false
$ProcessInfo.Arguments = "ccmsetup.exe /mp:cm1.corp.contoso.com SMSSITECODE=CHQ"
$ProcessInfo.Username = $Credential.GetNetworkCredential().username
$ProcessInfo.Domain = $Credential.GetNetworkCredential().Domain
$ProcessInfo.Password = $Credential.Password
$Process = New-Object System.Diagnostics.Process
$Process.StartInfo = $ProcessInfo
$Process.Start() | Out-Null
$Process.WaitForExit()
#Grab the output
$GetProcessResult = $Process.StandardOutput.ReadToEnd()
$GetProcessResult

sccm,azure,cloud,management,gateway,connection,point,microsoft,sccm cloud management gateway,cloud management gateway,connection point,http,https,e-http,ehttp,certificates,pki,internal ca,ca,certificate authority,intune,cb,manage clients over internet,ibcm,how to,demo,step by step,step-by-steps,steps,training,lab,windows,windows 10,current branch,paas,wfh,custom script,install,no local admin,local admin,install scm client,install sccm client,configmgr,

Tags
Reactions

Post a Comment

0 Comments