Set-CMOutOfBandManagementComponent

Set-CMOutOfBandManagementComponent

Sets the site system server that hosts the out of band management role in System Center 2012 Configuration Manager.

Syntax

Parameter Set: SearchBySiteCodeMandatory
Set-CMOutOfBandManagementComponent -SiteCode <String> [-AddAmtUserAccount <String[]> ] [-AllowPingResponse <Boolean> ] [-AmtAccountOU <String> ] [-AmtProvisioningAccounts <Dictionary[]<String>> ] [-AmtProvisioningRemovalAccount <String> ] [-AmtProvisioningRemovalPassword <SecureString> ] [-AmtProvisioningSchedule <IResultObject> ] [-AuditLogSettingName {AgentPresenceManager | CircuitBreakerManager | EndpointAccessControl | EventManager | FirmwareUpdateManager | NetworkAdministration | NetworkTime | RedirectionManager | RemoteControlOperations | SecurityAdministration | SecurityAuditLog | StorageAdministration | WirelessConfiguration}[] ] [-CertificateTemplate <String> ] [-CertificationAuthorityName <String> ] [-EnableBypassBiosPassword <Boolean> ] [-EnableCrlChecking <Boolean> ] [-EnableIDERedirection <Boolean> ] [-EnableWebInterface <Boolean> ] [-EnableWiredNetworkAccess <Boolean> ] [-EnrollmentPoint <String> ] [-IssuingCertificationAuthority <String> ] [-KerberosClockToleranceMinutes <Int32> ] [-MebxAccount <String> ] [-MebxPassword <SecureString> ] [-PowerState <PowerStateType> {AlwaysOnS0S5 | HostIsOnS0} ] [-RemoveAmtUserAccount <String[]> ] [-SiteSystemServerName <String[]> ] [-UniversalSecurityGroup <String> ] [-WiredProfileObject <WiredProfile> ] [-WirelessProfile <WirelessProfile[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-CMOutOfBandManagementComponent cmdlet sets the site system computer that hosts the out of band management role in Microsoft System Center 2012 Configuration Manager. The out of band management role manages computers that have the Intel vPro chip set and a version of Intel Active Management Technology (AMT) that System Center 2012 Configuration Manager supports. Out of band management lets you connect to a computer’s AMT management controller when the computer is turned off, in hibernation, or otherwise unresponsive through the operating system.

Parameters

-AddAmtUserAccount<String[]>

Specifies an array of AMT user accounts to add.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowPingResponse<Boolean>

Indicates whether to allow ping responses.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AmtAccountOU<String>

Specifies an organizational unit (OU) for an AMT account.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AmtProvisioningAccounts<Dictionary[]<String>>

Specifies an array of key-value pairs.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AmtProvisioningRemovalAccount<String>

Specifies an AMT account.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AmtProvisioningRemovalPassword<SecureString>

Specifies a secure string that contains a password.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AmtProvisioningSchedule<IResultObject>

Specifies an input object. To obtain an input object, use the New-CMSchedule cmdlet.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AuditLogSettingName<AuditLogSettingType[]>

Specifies an array of audit log setting names. Acceptable values for this parameter are:

-- AgentPresenceManager
-- CircuitBreakerManager
-- EndpointAccessControl
-- EventManager
-- FirmwareUpdateManager
-- NetworkAdministration
-- NetworkTime
-- RedirectionManager
-- RemoteControlOperations
-- SecurityAdministration
-- SecurityAuditLog
-- StorageAdministration
-- WirelessConfiguration

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CertificateTemplate<String>

Specifies a certificate template.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CertificationAuthorityName<String>

Specifies the name of a certification authority.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableBypassBiosPassword<Boolean>

Indicates whether to bypass the BIOS password.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableCrlChecking<Boolean>

Indicates whether to enable certificate revocation list (CRL) checking.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableIDERedirection<Boolean>

Indicates whether to enable IDE redirection. Intel AMT uses IDE redirection to redirect serial and IDE communication from a managed client to a management console.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableWebInterface<Boolean>

Indicates whether to enable the web interface.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableWiredNetworkAccess<Boolean>

Indicates whether to enable wired network access.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnrollmentPoint<String>

Specifies an enrollment point in Configuration Manager.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-IssuingCertificationAuthority<String>

Specifies the issuing certification authority.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-KerberosClockToleranceMinutes<Int32>

Specifies a clock tolerance, in minutes, for Kerberos. Kerberos authentication depends on time synchronization.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-MebxAccount<String>

Specifies the name of an account for Management Engine BIOS Extensions (MEBx). The MEBx account provides authenticated access to the AMT firmware on AMT-based computers.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-MebxPassword<SecureString>

Specifies a secure string that contains the password for the MEBx account.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-PowerState<PowerStateType>

Specifies an AMT power state that describes system states as on, sleeping, hibernating, or off. Acceptable values for this parameter are:

-- AlwaysOnS0S5
-- HostIsOnS0

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RemoveAmtUserAccount<String[]>

Specifies an array of AMT user accounts to remove.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SiteCode<String>

Specifies a site code in Configuration Manager.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SiteSystemServerName<String[]>

Specifies an array of names of site system servers in Configuration Manager.

Aliases

Name

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-UniversalSecurityGroup<String>

Specifies the name of a universal security group.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-WiredProfileObject<WiredProfile>

Specifies a wired profile object.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-WirelessProfile<WirelessProfile[]>

Specifies an array of wireless profiles.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Set an out of band management component

This example sets the out of band management component by using the site code.

The first command uses the Get-CMTrustedRootCertificate cmdlet to get a certificate, and stores the certificate in the $Cert variable.

The second command uses the New-CMWiredProfileObject cmdlet to create a profile object, and stores the object in the $WiredP variable.

The third command uses the New-CMWirelessProfileObject cmdlet to create a wireless profile object, and stores the object in the $WirelessP variable.

The fourth command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component by using the $WiredP and $WirelessP variables.

PS C:\> $Cert = Get-CMTrustedRootCertificate -CertificationAuthorityServerName "CertAuth.Contoso.Com"
PS C:\> $WiredP = New-CMWiredProfileObject -TrustedRootCertificate $Cert -ClientAuthenticationMethod EapTtlsMschapv2 -ClientIssuingCertificationAuthority "ContosoCorpTPM.Contoso.Com" -ClientCertificationAuthorityName "Contoso TPM" -ClientCertificateTemplate "Contoso Certificate Access" - MachineAuth - TPM"
PS C:\> $WirelessP = New-CMWirelessProfileObject -ProfileName "Test -NetworkName Net1" -SecurityType WPA2Enterprise -EncryptionMethod AES -TrustedRootCertificate $Cert -ClientAuthenticationMethod EapTtlsMschapv2 -ClientIssuingCertificationAuthority "ContosoCorpTPM.Contoso.Com" -ClientCertificationAuthorityName "Contoso TPM" -ClientCertificateTemplate "Contoso Certificate Access" - MachineAuth - TPMv2"
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode "CM2" -EnableWiredNetworkAccess $True -WiredProfileObject $WiredP -WirelessProfile $WirelessP

Example 2: Set an out of band management component with an AMT provisioning account

This example sets an out of band management component by using an AMT provisioning account.

The first command creates a password string for the AMT provisioning account. The command uses a secure string to obscure the password.

The second command uses the New-CMAmtProvisioningAccount cmdlet to create an account, and stores the result in the $Apa variable.

The third command uses the New-CMSchedule cmdlet to create a schedule, and stores the result in the $Schedule variable.

The fourth command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component, by using the $Apa and $Schedule variables. The command specifies an account for the AmtProvisioningAccount parameter.

PS C:\> $SS= Read-Host -AsSecureString
PS C:\> $Apa = New-CMAmtProvisioningAccount -UserName "AimeeLott" -Password $SS -Description "New AMT Provisioning Account"
PS C:\> $Schedule = New-CMSchedule -DayOfWeek Saturday -RecurCount 2 -Start "2012/11/22 12:10:00"
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode CM2 -AmtProvisioningAccount $Apa -AmtProvisioningSchedule $Schedule -AmtProvisioningRemovalAccount "Western\AimeeLott" -AmtProvisioningRemovalPassword $SS

Example 3: Set an out of band management component with an AMT user account

This example sets an out of band management component by using an AMT user account.

The first command creates a password string for the AMT provisioning account. The command uses a secure string to obscure the password.

The second command uses the New-CMAmtProvisioningAccount cmdlet to create an account, and stores the result in the $Apa variable.

The third command uses the New-CMSchedule cmdlet to create a schedule, and stores the result in the $Schedule variable.

The fourth command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component, by using the $Apa and $Schedule variables. The command specifies an account name for the AmtUserAccount parameter.

PS C:\> $SS = Read-Host -AsSecureString
PS C:\> $Apa = New-CMAmtProvisioningAccount -UserName "AimeeLottSJones" -Password "$SS" -Description "New AMT Provisioning Account"
PS C:\> $Schedule= New-CMSchedule -DayOfWeek Saturday -RecurCount 2 -Start "2012/11/22 12:10:00"
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode "CM2"  -AmtUserAccount "Western\SarahJones" -PowerState HostIsOnS0 -EnableWebInterface $True -EnableIDERedirection $False -AllowPingResponse $True -EnableBypassBiosPassword $False -KerberosClockToleranceMinutes 3 -AuditLogSettingName EndpointAccessControl,CircuitBreakerManager,AgentPresenceManager -AmtProvisioningAccount $Apa -AmtProvisioningSchedule $Schedule -AmtProvisioningRemovalAccount "Western\AimeeLott" -AmtProvisioningRemovalPassword $SS

Example 4: Set an out of band management component with an AMT account OU

This example sets an out of band management component by using an AMT account OU.

The command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component, and specifies an organizational unit with the AmtAccountOU parameter.

PS C:\> Set-CMOutOfBandManagementComponent -SiteCode "CM2" -AmtAccountOU "LDAP://OU=Resources,DC=Western,DC=Contoso,DC=Com" -UniversalSecurityGroup "Administrators" -IssuingCertificationAuthority "Test.Western.Contoso.Com" -CertificationAuthorityName "Contoso Test" -CertificateTemplate "Test - Secure Web Server 2yr" -EnableCrlChecking $False

Get-CMOutOfBandManagementComponent

New-CMSchedule

Get-CMTrustedRootCertificate

New-CMAmtProvisioningAccount

New-CMWiredProfileObject