I started a thread regarding a deployment warning system a couple of days ago, just following up to share the results and code with the rest of the group. I used 2 scripts to accomplish everything, 1 to setup the WMI event subscriber and 1 to actually do the check and notification. One thing that I was hung up on was the local system account of the site server needed to have the code signing certificates imported for the SCCM PS modules, found that detailed here:
http://blogs.technet.com/b/microsoft_denmark_premier_field_engineering_config_manager_blog/archive/2013/01/30/running-configuration-manager-2012-powershell-scripts-as-a-service-account-or-local-system.aspx You'll also need PowerEvents from https://powerevents.codeplex.com/. Here is the quick version of the event subscription creation script, adjust your script location in the command and number of seconds to your liking: #You are required to have imported the power event module: https://powerevents.codeplex.com/ #Make sure to update the location of your script file that will be run by the even consumer. #Change the site code in the eventnamespace parameter to match your actual site code. $myfilter = New-WMIEventFilter -Name NewDeploymentCheck -EventNamespace root\sms\site_001 -query "select * from __InstanceCreationEvent within 60 where TargetInstance ISA 'SMS_DeploymentSummary'" $myconsumer = New-WmiEventConsumer -Name SCCMDeploymentMonitor -ConsumerType CommandLine -CommandLineTemplate "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command D:\Scripts\DeploymentMonitoringScript.ps1 %TargetInstance.DeploymentID%" New-WmiFilterToConsumerBinding -Filter $myfilter -Consumer $myconsumer Here is the script that actually gets started and passed the DeploymentID as a parameter. Net result is that we are getting an email notification when anyone creates a deployment targeting more than 500 users/devices. I'll probably expand on this in the future to include warnings when more than x number of clients are added to collections with pre-existing required deployments, but this is a good start: <# SCCM Deployment Warning Script Written by: Matt Atkinson ([email protected]) Purpose: Send an email alert whenever a deployment targeting more than a certain number of computers/users is created Notes: Make sure that you set your warning threshold number, and the list of email recipients to receive the warning, your email server, port, location for the SCCM powershell module, and your SCCM site code. Change log: v1.0: Initial Script v1.1: Swapped some if else statements for switch statements, added curly braces for assignment unique ID. #> param( [string]$AssignmentUniqueID ) #AssignmentUniqueID is passed to the script without curly braces, so we need to add them $AssignmentUniqueID = "`{$AssignmentUniqueID`}" ##Import the powershell module for configuration manager import-module "D:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\configurationmanager.psd1" ## Declare variables #Number of computers to be the warning threshold. If the deployment goes to more than this number of computers, warning will be sent $WarningThreshold = 0 #Comma separated list of email addresses to send warning to $EmailAddresses = "[email protected], [email protected]" #Email server $EmailServer = "smtp.server.com" #Email server port (adjust as needed) $EmailPort = "25" #SCCM Site Code $CMSiteCode = "001" #Switch to the CMSite PSDrive Set-location $CMSiteCode #Get the application name $Application = (Get-CMDeployment -DeploymentId $AssignmentUniqueID).SoftwareName #Get the config type (required or available) $DesiredConfigType = (Get-CMDeployment -DeploymentId "$AssignmentUniqueID").DesiredConfigType #Switch for the desired config (Install or Uninstall) Switch ($DesiredConfigType) { 1{$DesiredConfigType = "Installed"} 2{$DesiredConfigType = "Uninstalled"} } #Switch for the deployment intent (Available or Required) $DeploymentIntent = (Get-CMDeployment -DeploymentId "$AssignmentUniqueID").DeploymentIntent Switch ($DeploymentIntent) { 1{$DeploymentIntent = "Required"} 2{$DeploymentIntent = "Available"} } #Get the collection that is targeted $TargetCollection = (Get-CMDeployment -DeploymentId $AssignmentUniqueID).CollectionName #Get the member count of the collection after testing whether it is a user or device collection If ((Get-CMDeviceCollection -Name "$TargetCollection") -ne $null) { $MemberCount = (Get-CMDeviceCollection -name "$TargetCollection").MemberCount $ClientType = "Devices" } Else { $MemberCount = (Get-CMUserCollection -name "$TargetCollection").MemberCount $ClientType = "Users" } If ($MemberCount -ge $WarningThreshold) { Send-MailMessage -SmtpServer $EmailServer -Port $EmailPort -From "SCCM Warning System" -To "$EmailAddresses" -Subject "SCCM Deployment Notice $Application Being $DesiredConfigType on $MemberCount $ClientType" -Body "Application Name: $Application `n Is Being: $DesiredConfigType`n On: $MemberCount $ClientType" } -Matt ________________________________ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.
