.png)
Automating Tasks on Client Computers
Updated: January 1, 2011
Applies To: Forefront Endpoint Protection
You can use the Configuration Manager Windows Management Instrumentation (WMI) provider to automate FEP tasks on client computers.
FEP tasks run from a software package named Microsoft Corporation FEP – Operations 1.0. In the Configuration Manager console, you can right-click a computer or group of computers, point to FEP Operations, and then select one of three actions:
-
Full Scan—Runs a full antimalware scan on the selected computers.
-
Quick Scan—Runs a quick antimalware scan on the selected computers.
-
Run Definition Update—Runs a definition update cycle on the selected computers.
When you run a task on a client computer or set of computers, FEP performs the following steps:
-
Creates a dynamic collection
-
Adds the selected computers to the collection
-
Creates a mandatory assigned advertisement of the requested task from the FEP Operations software package
In order to create a script similar to the example in this topic, you must have the following prerequisite software:
-
Windows PowerShell (either version 1.0 or 2.0).
-
Before you run operational tasks from a script, you should first verify that the FEP operations package (named Microsoft Corporation FEP – Operations 1.0) is distributed to your Configuration Manager distribution points.
 Note: |
|---|
| Cleanup of old operations components (the dynamic collections and advertisements used to distribute the tasks) is done only when performing tasks from the Configuration Manager console. |
The following example script demonstrates how to run a full scan task on a computer.
function RunFullScan(
$ConfigMgrServer, # ConfigMgr WMI site provider to connect to. e.g. MyServer
$SiteCode, # ConfigMgr site code. e.g. ABC
$Computers) # A computer or list of computer NetBios names on which the scan should be run. For example: (“ComputerA”, “ComputerB”)
{
$Operation = "Full Scan" # Change the scan type by changing the phrase in the quotes to either Quick Scan or Update Definitions.
$UtcNow =[System.DateTime]::UtcNow
$ConfigMgrNamespace = "root\sms\site_$SiteCode"
$ConfigMgrProviderPath = "\\" + (Join-Path $ConfigMgrServer $ConfigMgrNamespace)
# Create a collection for the task
$newCollection = ([WmiClass]($ConfigMgrProviderPath + ":SMS_Collection")).CreateInstance()
$newCollection.Name = "$Operation at $UtcNow (UTC)"
$newCollection.RefreshType = 1 # Manual
$newCollection.OwnedByThisSite = $true
$newCollection.Put()
$newCollection.Get() # refresh the object
# Add the collection as a subcollection to FEP Operations
$OperationCollection = Get-WmiObject -class "SMS_Collection" -filter "Name='Operations'" -namespace $ConfigMgrNamespace -computername $ConfigMgrServer
$CollectionToSubCollection = ([WmiClass]($ConfigMgrProviderPath + ":SMS_CollectToSubCollect")).CreateInstance()
$CollectionToSubCollection.parentCollectionID = $OperationCollection.CollectionID
$CollectionToSubCollection.subCollectionID = $newCollection.CollectionID
$CollectionToSubCollection.Put()
# Add computers to collection (Direct Rule)
foreach ($Computer in $Computers)
{
# For more information about the SMS_R_SYSTEM Server WMI class, see http://go.microsoft.com/fwlink/?LinkId=208534 on MSDN.
$Client = Get-WmiObject -class "SMS_R_System" -filter ("NetbiosName = '{0}'" -f $Computer) -namespace $ConfigMgrNamespace -computername $ConfigMgrServer
$SmsCollectionRuleDirect = ([WmiClass]($ConfigMgrProviderPath + ":SMS_CollectionRuleDirect")).CreateInstance()
$SmsCollectionRuleDirect.ResourceID = $Client.ResourceID
$SmsCollectionRuleDirect.ResourceClassName = "SMS_R_System"
$newCollection.AddMembershipRules($SmsCollectionRuleDirect)
}
# Create Quick Scan advertisement
$now = Get-Date -Format "yyyyMMddhhmmss.ffffff+***"
# Get the FEP operations package
$package = Get-WmiObject -class "SMS_Package" -filter "MifName='FEP - Operations'" -namespace $ConfigMgrNamespace -computername $ConfigMgrServer
# Create a new advertisement for the FEP operation package.
# For more information about the SMS_Advertisement Server WMI class, see http://go.microsoft.com/fwlink/?LinkId=208535 on MSDN.
$newAdvertisement = ([WmiClass]($ConfigMgrProviderPath + ":SMS_Advertisement")).CreateInstance()
$newAdvertisement.CollectionID = $CollectionID
$newAdvertisement.PackageID = $package.PackageID
$newAdvertisement.ProgramName = $Operation
$newAdvertisement.AdvertisementName = "Run $Operation at $UtcNow (UTC)"
$newAdvertisement.AdvertFlags = 0x02000000 -bor 0x00100000 # NO_DISPLAY | OVERRIDE_SERVICE_WINDOWS
$newAdvertisement.RemoteClientFlags = 0x00000800 -bor 0x00000010 -bor 0x00000040 # RERUN_ALWAYS | DOWNLOAD_FROM_LOCAL_DISPPOINT | DOWNLOAD_FROM_REMOTE_DISPPOINT
$newAdvertisement.PresentTime = $now
$newAdvertisement.Priority = 1 # High
# Create a mandatory assignment schedule
$AssignedSchedule = ([WmiClass]($ConfigMgrProviderPath + ":SMS_ST_NonRecurring")).CreateInstance()
$AssignedSchedule.StartTime = $now
$newAdvertisement.AssignedScheduleEnabled = $true
$newAdvertisement.AssignedSchedule = $AssignedSchedule
$newAdvertisement.Put()
$newAdvertisement.Get()
# Add the advertisement to the FEP operations advertisement folder
# Get the container node (notice to use localized name)
$AdvertisementFolder = Get-WmiObject -class "SMS_ObjectContainerNode" -filter "Name='FEP Operations'" -namespace $ConfigMgrNamespace -computername $ConfigMgrServer
# Create a container item for the advertisement
$newContainerItem = ([WmiClass]($ConfigMgrProviderPath + ":SMS_ObjectContainerItem")).CreateInstance()
$newContainerItem.ContainerNodeId = $AdvertisementFolder.ContainerNodeId
$newContainerItem.InstanceKey = $newAdvertisement.AdvertisementID
$newContainerItem.Put()
Write-Output "$Operation scheduled to computers: $Computers"
}
