In Cumulative Update 3 for System Center Configuration Manager 2012 R2, Microsoft introduced Management Point Affinity and Justin Chalfant had a nice write-up on the new feature.  One thing that was left undocumented was an acceptable way to set MP Affinity; the blog only mentions the use of Group Policy, Compliance Scripts, etc.

<

div class=”ExternalClass6524A099EAD241FE9444FCC5BDBC0B9E”>

I worked out the details of a ConfigMgr Configuration Item (for Compliance).  The challenge is that the registry key is a Multi-String Value (an array of strings) and that ConfigMgr’s Configuration Item cannot natively handle this registry data type.  I decided to use a VBScript since it is the least common denominator of our scripting choices.

Below is the Discovery/detection script and the Remediation script.  I’ve also included step-by-step screen shots and the final exported Configuration Item if you just want to import it and not create the object yourself.

The exported file can be downloaded from [read-more-redirect urltext=”CatapultSystems.com” url=”https://www.catapultsystems.com/blogs/management-point-affinity-allowedmps-compliance-setting-in-configmgr-2012-r2-cu3″] OneDrive @ https://onedrive.live.com/redir?resid=E3B0C73435A2F778%212827 \ ConfigMgr Client AllowedMPs.cab

Scripts

For testing or one-off situations, run this command line to set the list of allowed MPs.

reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM /v AllowedMPs /t REG_MULTI_SZ /d

“https://MP1.lab.localhttp://MP2.lab.localMP3.lab.local”

This is the Configuration Item Discovery script.  Be sure to update strDataDesired with your actual value for the group of computers which will be targeted.

On Error Resume Next

strDataDesired = “https://MP1.lab.local|http://MP2.lab.local|MP3.lab.local|”

Set StdOut = WScript.StdOut

Set objWMIreg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv”)

objWMIreg.GetMultiStringValue &H80000002,“SOFTWARE\Microsoft\CCM”,“AllowedMPs”,arrData

If VarType(arrData) = 8204 Then

    For Each strData In arrData

        strDataDetected = strDataDetected & strData & “|”

    Next

End If

 

If strDataDesired <> strDataDetected Then

    StdOut.WriteLine “reset needed”

Else

    StdOut.WriteLine “as expected”

End If

This is the Configuration Item Remediation script.  Be sure to update arrDataDesired with your actual value for the group of computers which will be targeted.

On Error Resume Next

arrDataDesired = array(“https://MP1.lab.local”,“http://MP2.lab.local”,“MP3.lab.local”)

Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv”)

oReg.SetMultiStringValue &H80000002,“SOFTWARE\Microsoft\CCM”,“AllowedMPs”,arrDataDesired

After adding these scripts to a Configuration Item to a Configuration Baseline and Deploy it to a collection of computers.  You’ll need a different Configuration Setting, Baseline, Deployment, and Collection for each list of AllowedMPs you need.

Screen Shots

Create a new Configuration Item and give it an appropriate name accounting for the group of computers / list of MPs that will be allowed.

image

Select the operating systems this will be allowed to run on.

image

Configure the Setting type as Script and Data type as String

image

Type the script to detect the registry key value.  Ensure that the strDataDesired variable is updated to match the list of allowed MPs.  Notice the | (pipe) as the last character.

image

Type the script to remediate the registry key value.  Ensure that the arrDataDesired variable is updated to match the list of allowed MPs.

image

Select the Compliance Rules tab, give it a name, set the Rule type to Value, The value returned by the specified script to Equals  as expected.

Enable “Run the specified remediation script..”

Optionally enable “Report noncompliance…” and set the severity to an appropriate value such as Warning

image

Next, Next, Next, …

image

That completes the creation of the Configuration Item.  Add it to a Configuration Baseline and Deploy it to a collection of computers.  You’ll need a different Configuration Setting, Baseline, Deployment, and Collection for each list of AllowedMPs you need.

[/read-more-redirect]

Management Point Affinity (AllowedMPs) Compliance Setting in ConfigMgr 2012 R2 CU3
Tagged on: