Script to check Allow Basic Authentication
I posted this in the Software Updates Management forum earlier today and Wally recommended that I post it here so that I could receive notification on a sample script that will resolve the problem.
My SCCM server sits behind a proxy server that requires a username and password. the password is passed in clear text. WSUS has a check box to allow for this: Allow Basic Authentication, but SCCM does not have the same, so everytime SCCM updates the WSUS proxy settings, the check box is cleared.
How can I tell SCCM to use the Allow Basic Authentication?
Thanks!!
Tom
Thanks in Advance!! Look forward to testing the script.
Tom
Answers
Hi Tom,
Yes, I spoke with Wally earlier today and recommended you post here.
Here's a basic script to change the value. I'll clean this up and post it to Script Center in a couple of weeks, but I'm pretty busy right now trying to finish up the SDK for release.
You'll obviously want to test this and make sure it meets your needs ... not much going on, except connecting to the Site Control file and changing the AllowProxyCredentialsOverNonSsl value. If the value doesn't exist, the script creates it - it doesn't exist by default.
Some known limitations:
1. I've only tested the scripts on a local server. I haven't tested it with a remote provider and the script currently doesn't connect remotely (although you could easily change the connection code).
2. This script doesn't take into account multiple SUP servers. My basic test site doesn't have multiple SUP servers and I didn't think about that until someone pointed it out.
3. I only wrote it in VBScript, because that's what someone else wanted. I don't have the C# ready, but if you need that, it's a pretty basic conversion. However, I might not be able to do the conversion right away.
Wow, pasting the script here really messes with the whitespace! I tried to add some whitespace back, but you'll definitely want to take this and paste it into your favorite editor to clean it up.
Code Snippet' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")For Each Location In providerLoc
If location.ProviderForLocalSite = True Then
Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
siteCode = Location.SiteCode
Exit For
End If
NextSet swbemContext = CreateObject("WbemScripting.SWbemNamedValueSet")
swbemContext.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle' Call subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.
Call ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices, swbemContext, siteCode, "1")
' Subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.
Sub ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices, _
swbemContext, _
siteCode, _
enableDisableFlag)' Load site control file and get the SMS Software Update Point system resource section.
swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext
Query = "SELECT * FROM SMS_SCI_SysResUse " & _
"WHERE RoleName = 'SMS Software Update Point' " & _
"AND SiteCode = '" & siteCode & "'"
' Get the SMS Software Update Point properties.
Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)Dim propertyFound
propertyFound = falseFor Each SCIComponent In SCIComponentSet
' Loop through the array of embedded SMS_EmbeddedProperty instances.
' Search for AllowProxyCredentialsOverNonSsl PropertyFor Each property In SCIComponent.Props
' Setting: AllowProxyCredentialsOverNonSsl
If property.PropertyName = "AllowProxyCredentialsOverNonSsl" Then
' Set the propertyFound variable to true, since we found the AllowProxyCredentialsOverNonSsl property.
propertyFound = true' Display the current value.
wscript.echo " "
wscript.echo property.PropertyName
wscript.echo "Current value: " & property.Value
wscript.echo "Resetting value to: " & enableDisableFlag' Modify the value using the enableDisableFlag value passed in.
property.Value = enableDisableFlag
' Save the properties.
SCIComponent.Put_ , swbemContextEnd If
Next
' If the AllowProxyCredentialsOverNonSsl property was not found, create the property and set the necessary value(s).
If propertyFound = false Then
' Create a new embedded property for AllowProxyCredentialsOverNonSsl
Dim newEmbeddedProperty
Set newEmbeddedProperty = swbemServices.Get("SMS_EmbeddedProperty").Spawninstance_()
newEmbeddedProperty.PropertyName = "AllowProxyCredentialsOverNonSsl"
newEmbeddedProperty.Value = enableDisableFlag
' Create a working copy of the existing properties and expand the array for the new property.
Dim newPropertySet
newPropertySet = SCIComponent.Props
redim preserve newPropertySet(Ubound(newPropertySet) + 1)
' Add the newly created property to the working copy of the existing properties.
Set newPropertySet(Ubound(newPropertySet)) = newEmbeddedProperty
' Replace the existing properties with the working copy (existing properties + the new property).
SCIComponent.Props = newPropertySet
' Save the properties.
SCIComponent.Put_ , swbemContextEnd If
Next
'Commit any changes to the actual site control file.
Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
InParams.SiteCode = siteCode
swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext
' Release the copy of the site control file.
swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").ValueEnd Sub
Let me know if you have any questions. I'd welcome any feedback!
Good luck!
Jim Bradbury
All Replies
Hi Tom,
Yes, I spoke with Wally earlier today and recommended you post here.
Here's a basic script to change the value. I'll clean this up and post it to Script Center in a couple of weeks, but I'm pretty busy right now trying to finish up the SDK for release.
You'll obviously want to test this and make sure it meets your needs ... not much going on, except connecting to the Site Control file and changing the AllowProxyCredentialsOverNonSsl value. If the value doesn't exist, the script creates it - it doesn't exist by default.
Some known limitations:
1. I've only tested the scripts on a local server. I haven't tested it with a remote provider and the script currently doesn't connect remotely (although you could easily change the connection code).
2. This script doesn't take into account multiple SUP servers. My basic test site doesn't have multiple SUP servers and I didn't think about that until someone pointed it out.
3. I only wrote it in VBScript, because that's what someone else wanted. I don't have the C# ready, but if you need that, it's a pretty basic conversion. However, I might not be able to do the conversion right away.
Wow, pasting the script here really messes with the whitespace! I tried to add some whitespace back, but you'll definitely want to take this and paste it into your favorite editor to clean it up.
Code Snippet' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")For Each Location In providerLoc
If location.ProviderForLocalSite = True Then
Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
siteCode = Location.SiteCode
Exit For
End If
NextSet swbemContext = CreateObject("WbemScripting.SWbemNamedValueSet")
swbemContext.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle' Call subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.
Call ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices, swbemContext, siteCode, "1")
' Subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.
Sub ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices, _
swbemContext, _
siteCode, _
enableDisableFlag)' Load site control file and get the SMS Software Update Point system resource section.
swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext
Query = "SELECT * FROM SMS_SCI_SysResUse " & _
"WHERE RoleName = 'SMS Software Update Point' " & _
"AND SiteCode = '" & siteCode & "'"
' Get the SMS Software Update Point properties.
Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)Dim propertyFound
propertyFound = falseFor Each SCIComponent In SCIComponentSet
' Loop through the array of embedded SMS_EmbeddedProperty instances.
' Search for AllowProxyCredentialsOverNonSsl PropertyFor Each property In SCIComponent.Props
' Setting: AllowProxyCredentialsOverNonSsl
If property.PropertyName = "AllowProxyCredentialsOverNonSsl" Then
' Set the propertyFound variable to true, since we found the AllowProxyCredentialsOverNonSsl property.
propertyFound = true' Display the current value.
wscript.echo " "
wscript.echo property.PropertyName
wscript.echo "Current value: " & property.Value
wscript.echo "Resetting value to: " & enableDisableFlag' Modify the value using the enableDisableFlag value passed in.
property.Value = enableDisableFlag
' Save the properties.
SCIComponent.Put_ , swbemContextEnd If
Next
' If the AllowProxyCredentialsOverNonSsl property was not found, create the property and set the necessary value(s).
If propertyFound = false Then
' Create a new embedded property for AllowProxyCredentialsOverNonSsl
Dim newEmbeddedProperty
Set newEmbeddedProperty = swbemServices.Get("SMS_EmbeddedProperty").Spawninstance_()
newEmbeddedProperty.PropertyName = "AllowProxyCredentialsOverNonSsl"
newEmbeddedProperty.Value = enableDisableFlag
' Create a working copy of the existing properties and expand the array for the new property.
Dim newPropertySet
newPropertySet = SCIComponent.Props
redim preserve newPropertySet(Ubound(newPropertySet) + 1)
' Add the newly created property to the working copy of the existing properties.
Set newPropertySet(Ubound(newPropertySet)) = newEmbeddedProperty
' Replace the existing properties with the working copy (existing properties + the new property).
SCIComponent.Props = newPropertySet
' Save the properties.
SCIComponent.Put_ , swbemContextEnd If
Next
'Commit any changes to the actual site control file.
Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
InParams.SiteCode = siteCode
swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext
' Release the copy of the site control file.
swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").ValueEnd Sub
Let me know if you have any questions. I'd welcome any feedback!
Good luck!
Jim Bradbury
Thanks Jim
I scheduled this to run just before my WSUS sync was scheduled to run and it worked great!
VB Script was fine.
Tom
Great news! I'm glad the script worked for you!
Jim
- Hello,
We tried this script in our environnement. I works well for the synchronization with Microsoft Updates, however when we want to download the updates to create packages, we have the same issue and the script doesn't fix this.
Any idea?
Thanks
Damien
Damien Fauve - Has anyone found an answer for this issue? I am experiencing the same symptoms. Even if you use the WSUS Console to set up to Allow Basic Auth, I can get the metadata but not able to download and create packages. The download fails.
Thanks. Jason - Having the same issue. I have used the VB above and the WSUS Console and still failing to download the packages during approval. Please Help.
