none
Script to check Allow Basic Authentication RRS feed

  • Question

  •  

    I posted this in the Software Updates Management forum earlier today and Wally recommended that I post it here so that I could receive notification on a sample script that will resolve the problem.

     

    My SCCM server sits behind a proxy server that requires a username and password.  the password is passed in clear text.  WSUS has a check box to allow for this: Allow Basic Authentication, but SCCM does not have the same, so everytime SCCM updates the WSUS proxy settings, the check box is cleared.

     

    How can I tell SCCM to use the Allow Basic Authentication?

     

    Thanks!!

     

    Tom

     

    Thanks in Advance!!  Look forward to testing the script.

     

    Tom

    Friday, February 1, 2008 11:24 PM

Answers

  • Hi Tom,

     

    Yes, I spoke with Wally earlier today and recommended you post here.

     

    Here's a basic script to change the value.  I'll clean this up and post it to Script Center in a couple of weeks, but I'm pretty busy right now trying to finish up the SDK for release.

     

    You'll obviously want to test this and make sure it meets your needs ... not much going on, except connecting to the Site Control file and changing the AllowProxyCredentialsOverNonSsl value. If the value doesn't exist, the script creates it - it doesn't exist by default.

     

    Some known limitations:

    1. I've only tested the scripts on a local server. I haven't tested it with a remote provider and the script currently doesn't connect remotely (although you could easily change the connection code).

    2. This script doesn't take into account multiple SUP servers.  My basic test site doesn't have multiple SUP servers and I didn't think about that until someone pointed it out.

    3. I only wrote it in VBScript, because that's what someone else wanted. I don't have the C# ready, but if you need that, it's a pretty basic conversion. However, I might not be able to do the conversion right away.

     

    Wow, pasting the script here really messes with the whitespace! I tried to add some whitespace back, but you'll definitely want to take this and paste it into your favorite editor to clean it up. 

     

    Code Snippet

    ' Setup a connection to the local provider.
    Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
    Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
    Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")

     

    For Each Location In providerLoc
        If location.ProviderForLocalSite = True Then
            Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
            siteCode = Location.SiteCode
            Exit For
        End If
    Next

     

    Set swbemContext = CreateObject("WbemScripting.SWbemNamedValueSet")
    swbemContext.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle

     

    ' Call subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.

    Call ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices, swbemContext, siteCode, "1")

     

    ' Subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.
    Sub ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices,         _
                                                        swbemContext,          _
                                                        siteCode,              _
                                                        enableDisableFlag)

     

        ' Load site control file and get the SMS Software Update Point system resource section.
        swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext
           
        Query = "SELECT * FROM SMS_SCI_SysResUse " & _
                "WHERE RoleName = 'SMS Software Update Point' " & _
                "AND SiteCode = '" & siteCode & "'"
       
        ' Get the SMS Software Update Point properties.
        Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)

     

        Dim propertyFound
        propertyFound = false

     

        For Each SCIComponent In SCIComponentSet

            ' Loop through the array of embedded SMS_EmbeddedProperty instances.
            ' Search for AllowProxyCredentialsOverNonSsl Property

     

            For Each property In SCIComponent.Props
                                      
                ' Setting: AllowProxyCredentialsOverNonSsl
                If property.PropertyName = "AllowProxyCredentialsOverNonSsl" Then
               
                   ' Set the propertyFound variable to true, since we found the AllowProxyCredentialsOverNonSsl property.
                   propertyFound  = true

     

                   ' Display the current value.
                   wscript.echo " "
                   wscript.echo property.PropertyName
                   wscript.echo "Current value: " &  property.Value
                   wscript.echo "Resetting value to: " & enableDisableFlag    

     

                   ' Modify the value using the enableDisableFlag value passed in.
                   property.Value = enableDisableFlag
                   
                   ' Save the properties.
                SCIComponent.Put_ , swbemContext                      

     

                End If       
                  
            Next  


            ' If the AllowProxyCredentialsOverNonSsl property was not found, create the property and set the necessary value(s).
            If propertyFound = false Then
               
                ' Create a new embedded property for AllowProxyCredentialsOverNonSsl
                Dim newEmbeddedProperty
             Set newEmbeddedProperty = swbemServices.Get("SMS_EmbeddedProperty").Spawninstance_()
             newEmbeddedProperty.PropertyName = "AllowProxyCredentialsOverNonSsl"       
             newEmbeddedProperty.Value = enableDisableFlag      
            
             ' Create a working copy of the existing properties and expand the array for the new property.
             Dim newPropertySet
             newPropertySet = SCIComponent.Props       
             redim preserve newPropertySet(Ubound(newPropertySet) + 1)
            
             ' Add the newly created property to the working copy of the existing properties.
             Set newPropertySet(Ubound(newPropertySet)) = newEmbeddedProperty
               
             ' Replace the existing properties with the working copy (existing properties + the new property).
             SCIComponent.Props = newPropertySet
            
             ' Save the properties.
             SCIComponent.Put_ , swbemContext 

     

            End If
           
        Next
                             
        'Commit any changes to the actual site control file.
        Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
        InParams.SiteCode = siteCode
        swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext
         
        ' Release the copy of the site control file.
        swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").Value

     

    End Sub

     

     

    Let me know if you have any questions. I'd welcome any feedback! 

     

    Good luck!

     

    Jim Bradbury

    Saturday, February 2, 2008 2:54 AM

All replies

  • Hi Tom,

     

    Yes, I spoke with Wally earlier today and recommended you post here.

     

    Here's a basic script to change the value.  I'll clean this up and post it to Script Center in a couple of weeks, but I'm pretty busy right now trying to finish up the SDK for release.

     

    You'll obviously want to test this and make sure it meets your needs ... not much going on, except connecting to the Site Control file and changing the AllowProxyCredentialsOverNonSsl value. If the value doesn't exist, the script creates it - it doesn't exist by default.

     

    Some known limitations:

    1. I've only tested the scripts on a local server. I haven't tested it with a remote provider and the script currently doesn't connect remotely (although you could easily change the connection code).

    2. This script doesn't take into account multiple SUP servers.  My basic test site doesn't have multiple SUP servers and I didn't think about that until someone pointed it out.

    3. I only wrote it in VBScript, because that's what someone else wanted. I don't have the C# ready, but if you need that, it's a pretty basic conversion. However, I might not be able to do the conversion right away.

     

    Wow, pasting the script here really messes with the whitespace! I tried to add some whitespace back, but you'll definitely want to take this and paste it into your favorite editor to clean it up. 

     

    Code Snippet

    ' Setup a connection to the local provider.
    Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
    Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
    Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")

     

    For Each Location In providerLoc
        If location.ProviderForLocalSite = True Then
            Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
            siteCode = Location.SiteCode
            Exit For
        End If
    Next

     

    Set swbemContext = CreateObject("WbemScripting.SWbemNamedValueSet")
    swbemContext.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle

     

    ' Call subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.

    Call ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices, swbemContext, siteCode, "1")

     

    ' Subroutine to enable/disable ConfigureAllowProxyCredentialsOverNonSsl site control file setting.
    Sub ConfigureAllowProxyCredentialsOverNonSslSetting(swbemServices,         _
                                                        swbemContext,          _
                                                        siteCode,              _
                                                        enableDisableFlag)

     

        ' Load site control file and get the SMS Software Update Point system resource section.
        swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext
           
        Query = "SELECT * FROM SMS_SCI_SysResUse " & _
                "WHERE RoleName = 'SMS Software Update Point' " & _
                "AND SiteCode = '" & siteCode & "'"
       
        ' Get the SMS Software Update Point properties.
        Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)

     

        Dim propertyFound
        propertyFound = false

     

        For Each SCIComponent In SCIComponentSet

            ' Loop through the array of embedded SMS_EmbeddedProperty instances.
            ' Search for AllowProxyCredentialsOverNonSsl Property

     

            For Each property In SCIComponent.Props
                                      
                ' Setting: AllowProxyCredentialsOverNonSsl
                If property.PropertyName = "AllowProxyCredentialsOverNonSsl" Then
               
                   ' Set the propertyFound variable to true, since we found the AllowProxyCredentialsOverNonSsl property.
                   propertyFound  = true

     

                   ' Display the current value.
                   wscript.echo " "
                   wscript.echo property.PropertyName
                   wscript.echo "Current value: " &  property.Value
                   wscript.echo "Resetting value to: " & enableDisableFlag    

     

                   ' Modify the value using the enableDisableFlag value passed in.
                   property.Value = enableDisableFlag
                   
                   ' Save the properties.
                SCIComponent.Put_ , swbemContext                      

     

                End If       
                  
            Next  


            ' If the AllowProxyCredentialsOverNonSsl property was not found, create the property and set the necessary value(s).
            If propertyFound = false Then
               
                ' Create a new embedded property for AllowProxyCredentialsOverNonSsl
                Dim newEmbeddedProperty
             Set newEmbeddedProperty = swbemServices.Get("SMS_EmbeddedProperty").Spawninstance_()
             newEmbeddedProperty.PropertyName = "AllowProxyCredentialsOverNonSsl"       
             newEmbeddedProperty.Value = enableDisableFlag      
            
             ' Create a working copy of the existing properties and expand the array for the new property.
             Dim newPropertySet
             newPropertySet = SCIComponent.Props       
             redim preserve newPropertySet(Ubound(newPropertySet) + 1)
            
             ' Add the newly created property to the working copy of the existing properties.
             Set newPropertySet(Ubound(newPropertySet)) = newEmbeddedProperty
               
             ' Replace the existing properties with the working copy (existing properties + the new property).
             SCIComponent.Props = newPropertySet
            
             ' Save the properties.
             SCIComponent.Put_ , swbemContext 

     

            End If
           
        Next
                             
        'Commit any changes to the actual site control file.
        Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
        InParams.SiteCode = siteCode
        swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext
         
        ' Release the copy of the site control file.
        swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").Value

     

    End Sub

     

     

    Let me know if you have any questions. I'd welcome any feedback! 

     

    Good luck!

     

    Jim Bradbury

    Saturday, February 2, 2008 2:54 AM
  • Thanks Jim

    I scheduled this to run just before my WSUS sync was scheduled to run and it worked great!

     

    VB Script was fine.

     

    Tom

     

    Monday, February 4, 2008 10:42 PM
  • Great news!  I'm glad the script worked for you!

     

    Jim

    Tuesday, February 5, 2008 6:44 AM
  • Hello,

    We tried this script in our environnement. I works well for the synchronization with Microsoft Updates, however when we want to download the updates to create packages, we have the same issue and the script doesn't fix this.

    Any idea?

    Thanks

    Damien
    Damien Fauve
    Monday, March 2, 2009 8:31 PM
  • Has anyone found an answer for this issue?  I am experiencing the same symptoms.  Even if you use the WSUS Console to set up to Allow Basic Auth, I can get the metadata but not able to download and create packages.  The download fails. 

    Thanks. Jason
    Wednesday, October 21, 2009 6:21 PM
  • Having the same issue.  I have used the VB above and the WSUS Console and still failing to download the packages during approval.  Please Help.
    Wednesday, October 21, 2009 6:41 PM