This is a Management Pack that eases the administrative burdens in SCOM. It allows you to have a lot of handy discovered properties, and includes tasks that allow you to delegate administrative actions to your users. It also serves as a good example MP on how to write classes, discoveries, and most importantly many task examples for command line, VBscript, and PowerShell.
I didn’t write all these – a bunch of ideas came from Jimmy Harper, Matt Taylor, and Tim McFadden and their MP’s. This was more to combine lots of useful administration in one place.
This MP creates a folder in the console with some views for Agents and Servers:
First – useful discovered properties:
The “real” Agent Version
The Update Rollup level of the agent
Any Management Groups that the agent belongs to. This is nice to see for old management groups that get left behind.
Any OMS Workspaces the agent reports to.
A check if PowerShell is installed and what version. This is important because PowerShell 2.0 is required on all agents if you want to move to SCOM 2016.
CLR .NET runtime version available to PowerShell
OS Version and Name
Primary and Failover management servers. I am getting this straight from the agents config XML file, sometimes agents might not be configured as you think – this is from the authoritative source…. what’s in that specific agents config.
The default Agent Action account. Helpful to find any agents where someone installed incorrectly.
The agent install path.
Also I added server discovery of properties (Management Servers and Gateways):
Next up – the tasks:
One of the problems with tasks, is that they are scoped to a specific class. Some cool tasks are attached to Windows Computer, some to HealthService, some to specific app classes. Or – people write tasks and scope to System.Entity. This places the task in ALL views. That’s handy, but if everyone did that we’d have an unusable console for tasks.
Computer Management – duh.
Create Test Event – this task creates event 100 with source TEST in the app event log, and there is a rule in the MP to generate an info alert. This will let you test end to end agent function, and notifications.
Execute any PowerShell – this task accepts one parameter – “ScriptBody” which allows you to pass any PowerShell statements and they will execute locally on the agent and return output:
Execute any Service Restart – this will take a servicename as a parameter and restart the service on any agent on demand. You should NOT use this for the Healthservice – there is a special task for that:
Execute any Software from Share – this task will accept an executable or command line including an e4xecutable, and a share path which contains the software, and it will run it locally on the agent. This is useful to install missing UR updates, or any other software you want deployed. This will require that “Domain Computers” have read access to the files on the share.
Export Event Log – this task will export any local event log and save the export to a share. It will require that the “Domain Computers” have write access to the share.
HealthService – Flush – This task will stop the agent service, delete the health service store, cache, and config, and start the service back up, provoking a complete refresh of the agents config, management packs, and ESE database store.
HealthService – Restart – This is a special task which will reliably bounce the HealthService on agents using an “out of band” script process. Many scripts to bounce the agent service fail because when the service stops, the script to start it back up is destroyed from memory.
Management Group – ADD and Management Group – REMOVE – these are script based tasks to add or remove a management group from an agent
Ping – (Console Task)
Remote Desktop – (Console Task)
Agent HealthService Watcher Tasks:
The “Agent – Delete” task is really cool. It allows an operator with access to the task to be able to clean up (DELETE) agents from the SCOM console – without having access to the Administrator role. This task will run on the management servers and delete agents (this is a Delete – not an uninstall) This is handy for cleaning up old agents that are not present anymore.
SCOM Server Tasks:
I have included “Agent - Install” and “Agent – Delete” tasks, targeting the management servers. These will allow you to push install AND delete SCOM agents from the Operators console. You simply need to Override the task and proved the computers FQDN:
In order for this task to work – it will attempt to push the agent as the SCOM Management Server Action account. You will need to grant that account administrative rights on your server in order to be able to use this.
Do you have other useful agent management tasks that you think should be in a pack like this? Or discovered properties that are useful as well? I welcome your feedback.
Warning: Some of these tasks can be considered “risky” to deliver to your Operators, like exposing the ability to execute any PowerShell, restart any service, and install any software from a share. If those are things you don’t ever want exposed in your SCOM environment – then delete those tasks from the MP, or do not expose them in your non-administrator scoped console access.
Download the MP here: https://gallery.technet.microsoft.com/SCOM-Agent-Management-b96680d5