Share via


Sample Script to Update FEP Service Policy

Very occasionally, you may found that an FEP policy called “FEP Service policy” gets applied instead of the policy with highest precedence.

“FEP Service Policy” is an undocumented policy. “FEP Service Policy” is not created by default when you install FEP 2010 (with or without Update Rollup 1). It is created when the last FEP policy associated with one collection is deleted. The purpose of this policy is to make sure FEP clients always have one policy applied. Upon FEP policy modification, the old advertisements/assignments related to that policy will be deleted and a new advertisement/assignment will be created. If there’s a delay between the deletion and the creation of the assignment on the CM/FEP clients, these clients will end up applying the “FEP Service Policy”.

In most cases, applying “FEP Service Policy” accidently is fine. As the correct FEP policy will be applied at the next cycle. But some customers may find it unacceptable as it means they lose control on their clients at the intermit time. Because they don’t have control on “FEP Service Policy” as it’s not shown on UI and they cannot update it. For these customers, I wrote the following script for them to configure the “FEP Service Policy”.

The usage of this script is to:

1)                Run FEPServicePolicy.vbs export FEPServicePolicy.xml to export the policy file

2)                Update FEPServicePolicy.xml as needed.

3)                Run FEPServicePolicy.vbs import FEPServicePolicy.xml to import the updated policy file.

If the script shows there’s no “FEP Service Policy”, you can trigger the creation of “FEP Service Policy” by:

1)                Create a fake collection

2)                Create a FEP Policy and assign to that collection.

3)                Delete that policy.

 Sample Scripts:

'Usage: FEPServicePolicy <export|import> <policyfilename>

 

'Parse Parameters

if (WScript.arguments.count<>2) then

 Wscript.echo "Usage: FEPServicePolicy <export|import> <policyfilename>"

 wscript.quit

end if

 

Command = Wscript.arguments(0)

FileName = Wscript.arguments(1)

ProgramName = "FEP Service Policy"

Dim PackageID

 

Wscript.Echo "Impurt Parameters: " & Command & " " & FileName

Wscript.Echo "Connecting to SMS WMI namespace.."

Set Conn = Connect

Wscript.Echo "Getting the PackageID for the FEP Service Policy Program"

Set Programs = Conn.ExecQuery("select * from SMS_Program where ProgramName='FEP Service Policy'")

if Programs.Count <> 1 Then

   Wscript.Echo "FEO Service Policy not found or instances are more than 1. Fatal Error, quit."

   Wscript.quit

End If

For Each objItem In Programs

  PackageID = objItem.PackageID

  Wscript.Echo "Found Program. PackageID = " & PackageID

Next

 

if Command = "export" Then

 Wscript.Echo "Export the existing FEP service Policy"

 Export Conn, FileName

 Wscript.quit

end if

 

If Command = "import" Then

 Wscript.Echo "Import the FEP service Policy from file " & FileName

 Import Conn, FileName

 Wscript.quit

end if

 

Function Export(connection, exportFileName)

  Dim oFilesys, oFileLog, sFilename, sPath

  Set oFilesys = CreateObject("Scripting.FileSystemObject")

  Set oFiletxt = oFilesys.CreateTextFile(exportFileName, True)

  Set FEPServicePolicyProgram = connection.Get("SMS_Program.PackageID='" & PackageID & "',ProgramName='" & ProgramName & "'")

  hexarray = FEPServicePolicyProgram.ISVData

  'wscript.echo UBound(hexarray)

  For i = 0 To UBound(hexarray)

    'oFiletxt.Write(HexToString(HEX(hexarray(i))))

    oFiletxt.Write(Chr("&h" & (HEX(hexarray(i)))))

  Next

  oFiletxt.Close

  Wscript.Echo "Export succeed"

End Function

 

Function Import(connection, importFileName)

  Dim oFilesys, oFileLog, sFilename, sPath

  Set oFilesys = CreateObject("Scripting.FileSystemObject")

  Set oFilereader = oFilesys.OpenTextFile(importFileName,1,False)

  contents = oFilereader.ReadAll

  Length = Len(contents)

  'Wscript.Echo Length

  dim hexarray()

  ReDim hexarray(Length)

  For i = 1 To Length

                    sub_string = Mid(contents,i,1)

                    'hexarray(i-1) = CInt("&h" & StringToHex(sub_string))

                    hexarray(i-1) = CInt("&h" & Hex(Asc(sub_string)))

        'Wscript.Echo hexarray(i-1)

  Next

  Set FEPServicePolicyProgram = connection.Get("SMS_Program.PackageID='" & PackageID & "',ProgramName='" & ProgramName & "'")

  FEPServicePolicyProgram.ISVData=hexarray

  FEPServicePolicyProgram.Put_

  oFilereader.Close

  WScript.Echo "Import succeed"

End Function

 

Function Connect()

    On Error Resume Next

   

    Dim net

    Dim localConnection

    Dim swbemLocator

    Dim swbemServices

    Dim providerLoc

    Dim location

   

    Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")

 

    ' Connect to the server.

    Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")

    If Err.Number<>0 Then

        Wscript.Echo "Couldn't connect: " + Err.Description

        Connect = null

        Exit Function

    End If

   

 

    ' Determine where the provider is and connect.

    Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")

 

        For Each location In providerLoc

            If location.ProviderForLocalSite = True Then

                Set swbemServices = swbemLocator.ConnectServer(location.Machine, "root\sms\site_" + location.SiteCode)

                If Err.Number<>0 Then

                    Wscript.Echo "Couldn't connect:" + Err.Description

                    Connect = Null

                    Exit Function

                End If

                Set Connect = swbemServices

                                        Wscript.Echo "Successfully comment to root\sms\site_" & location.SiteCode

                Exit Function

            End If

        Next

    Set Connect = null ' Failed to connect.

End Function

-- This script is provided AS IS. Please test it out before apply to production.

Comments

  • Anonymous
    January 06, 2014
    Hi Min Fang, you said: 2)                Update FEPServicePolicy.xml as needed. Could you give more details of this step? what i need to modify actually? my current issue is we have to many "Assign FEP policy FEP Service Policy" advertisements due to the  frequent policy modification.  It cause we have too many clients in policy distribution pending collection. Thanks QMJ