Configuration Manager Cmdlet Library changes for Current Branch 1710

Note

System Center Configuration Current Branch 1706 is the baseline for these changes. See Configuration Manager Cmdlet Library changes for Current Branch 1706 for more details.

Important changes

Documentation library updates

For the latest cmdlet library documentation, see ConfigurationManager module reference.

Removed cmdlets

The following cmdlets are no longer supported and have been removed:

  • Invoke-CMAmtProvisioningDiscovery
  • New-CMAmtProvisioningAccount
  • Set-CMPowerControl

Deprecated cmdlets

  • Invoke-CMEndpointProtectionScan and Save-CMEndpointProtectionDefinition have been superseded by Invoke-CMClientAction.

Disable PSDrive auto-creation

When the ConfigurationManager.psd1 module is loaded, PowerShell automatically attempts to create a connection to the last SMS Provider that was accessed using the Configuration Manager console. In some scenarios, this behavior may not be desirable. A per-user registry key has been added that can disable this behavior and require manual drive creation. To configure this, use the registry key: HKEY_CURRENT_USER\Software\Microsoft\ConfigMgr10\PowerShell and set the value DisableCMDriveAutoCreate to a DWORD of 1 (drive auto-creation is disabled) or 0 (default behavior). Deleting DisableCMDriveAutoCreate also enables default behavior.

Note

When drive auto-creation is disabled, the Configuration Manager console may report an error when launching a PowerShell window.

Known issues

These are known issues with the Cmdlet Library that are not resolved in this release.

Get-CMAadConditionalAccessPolicy and Set-CMAadConditionalAccessPolicy

64-bit PowerShell environment is required for these cmdlets.

Workaround

  • None

Import-CMSecurityRole

Cmdlet may fail with a DirectoryNotFoundException error locating the file SecuredRoles.xsd.

Workaround

Ensure that Import-Module is called against the ConfigurationManager.psd1 file, and not the logical path or module name.

Get-CMSiteUpdateInstallStatus

Cmdlet may fail with a WqlQueryException error.

Workaround

  • Use Invoke-CMWmiQuery to directly query the SMS_CM_UpdatePackTopLevelMonitoring class.
Example
# Note: The PackageGuid value can be determined by running Get-CMSiteUpdateInstallStatus -Verbose and viewing the query details.
Invoke-CMWmiQuery "SELECT * FROM SMS_UpdatePackTopLevelMonitoring WHERE PackageGuid='...' ORDER BY StageId ASC"

Set-CMSoftwareUpdatePoint

Changes to Schedule may not be reflected in the Configuration Manager console even though the underlying SMS Provider object has been changed.

Workaround

Quit and relaunch the Configuration Manager console.

New cmdlets

These are newly-added cmdlets for this release that add new functionality or enhance the functionality of existing cmdlets.

Device association cmdlets

Get-CMResultantCollection will get the collections associated with a device. Get-CMResultantDeployment will get the deployments targeted to a device.

Client inventory class management

New cmdlets have been added to support modifying inventory classes used for client inventory.

  • Get-CMInventoryClass
  • New-CMInventoryReportClass

Task sequences

New cmdlets have been added to support modifying task sequence steps.

  • Task sequence commands (Get, New, Remove, and Set verbs supported)
    • CMTaskSequenceStepApplyOperatingSystem
    • CMTaskSequenceStepApplyWindowsSetting

Resource tracking and recovery (BETA)

New cmdlets have been added to support tracking SMS Provider objects used by the PowerShell runtime, and to clean up these resources when they are no longer needed.

  • Disconnect-CMTrackedObject
  • Start-CMObjectTracking
  • Stop-CMObjectTracking

When Start-CMObjectTracking is run, the PowerShell runtime will track IResultObject objects created by Cmdlet Library cmdlets. Cmdlets that are not manually cleaned up with .Dispose() can be reclaimed by using Disconnect-CMTrackedObject against an individual object.

Example

# Reclaim all tracked objects
$o | Disconnect-CMTrackedObject```), or ```Disconnect-CMTrackedObject -All

Note that once an object is reclaimed, it can no longer be reused or passed to another cmdlet through the object pipeline.

Stop-CMObjectTracking can be used to turn off object tracking. Note that previously allocated objects will remain active.

Unclaimed resources can cause Quota Violation errors to be raised by the SMS Provider. These issues typically manifest from working with very large sets of SMS Provider objects or in very long running environments

Note

This is an experimental feature and may be subject to change or removal in a future release. This feature is opt-in and is not enabled by default.

Cmdlet changes

The following changes have been made to existing cmdlets for this release. Changes may be new functionality, bug fixes, or deprecations, and may be breaking. If you use one of the cmdlets or feature areas listed in this section, please carefully review the changes to understand how they may affect your use.

Compliance setting and rule cmdlets

Bugs that were fixed

RuleDescription value may not apply to the Rule. (Cmdlets that support rule creation or modification)

Cannot set value for "default" registry key (Add/Set-CMComplianceSettingRegistryKeyValue, New-CMDetectionClauseRegistryKeyValue).

NullReferenceException may be raised (New-CMComplianceRuleAssembly)

Missing DataType support (Add-CMComplientSettingREgistryKeyValue)

Add-CMApplicationCatalogWebsitePoint

Bugs that were fixed

Improved error handling and reporting.

Add/Set-CMDataWarehouseServicePoint

Non-breaking changes

DataWarehouseSqlPort supports port value from 1-65535. DaysOfWeek parameter now supports value of Daily.

Add/Set-CMExchangeServer

Bugs that were fixed

EmailAddress parameter value may not apply to the Exchange server configuration.

Add-CMMsiDeploymentType

Bugs that were fixed

ContentLocation parameter is required when using script detection. Added new UninstallContentLocation and UninstallOption parameters.

Non-breaking changes

Improved validation for ProductCode parameter.

Add-CMScriptDeploymentType

Non-breaking changes

Improved validation for ProductCode parameter. Added new UninstallContentLocation and UninstallOption parameters.

Get-CMDeploymentTypeDependencyGroup

Non-breaking changes

Cmdlet now supports pipelined value from Get-CMDeploymentType.

Get-CMSiteStatusMessage

Bugs that were fixed

Not all messages are returned when filtering with the Severity parameter.

Invoke-CMClientAction (formerly Invoke-CMClientNotification)

Non-breaking changes

ActionType parameter that accepts all client notification types.

Note

RequestScriptExecution is not supported at this time.

Deprecations

NotificationType has been superseded by ActionType

New-CM*Deployment

Bugs that were fixed

Cmdlet allows combining CollectionId, CollectionName, and Collection parameters which can lead to undefined behavior.

New-CMBootableMedia

Bugs that were fixed

Unable to create media as SiteBased.

New-CMWirelessProfile

Bugs that were fixed

Cmdlet fails to run in a 64-bit PowerShell environment.

Cmdlet may return an error if specifying a value for the ClientCertificate parameter.

Remove-CMCorpOwnedDevice

Bugs that were fixed

Cannot remove device when using pipelined object.

Device name is not reported when using WhatIf or Confirm.

Remove-CMStateMigrationPoint

Breaking changes

Additional confirmation will be required if there is user data stored on the state migration point. Note: Force will bypass this confirmation.

Save-CMSoftwareUpdate

Non-breaking changes

Added RetryCount and RetryDelaySec parameters to reattempt downloads after a failure.

Set-CMAccessAccount

Bugs that were fixed

PassThru may not return an updated object.

Set-CMAntimalwarePolicy

Bugs that were fixed

Cannot use wildcard characters with AddExcludedFilePath parameter.

Unable to configure FallbackOrder for a given policy

Non-breaking changes

Added new parameters for managing threat lists: AddThreat, RemoveThreat, and CleanThreat. AddThreat accepts a hashtable with the key being the name, and the value being of type Microsoft.ConfigurationManagement.Cmdlets.EP.Commands.DefaultActionMediumAndLowType.

Deprecations

ThreatName and OverrideAction parameters have been superseded by AddThreat, RemoveThreat, and CleanThreat.

Set-CMClientSettingComputerAgent

Deprecations

HealthAttestationUrl parameter as it is no longer utilized by the product.

Set-CMClientSettingHardwareInventory

Non-breaking changes

AddInventoryReportClass, CleanInventoryReportClass, and RemoveInventoryReportClass parameters support modifying the hardware inventory collected by clients.

Set-CMMsiDeploymentType

Non-breaking changes

Improved validation for ProductCode parameter.

Set-CMScriptDeployment

Bugs that were fixed

Application object in SMS Provider may not automatically unlock if the cmdlet fails preventing further modifications until the lock expires.

Set-CMScriptDeploymentType

Non-breaking changes

Improved validation for ProductCode parameter.

Set-CMSoftwareUpdatePointComponent

Non-breaking changes

Added new ContentFileOption parameter for configuring update download behavior.

Set-CMSiteMaintenanceTask

Non-breaking changes

Improved error reporting

Set-CMWirelessProfile

Bugs that were fixed

Cmdlet fails to run in a 64-bit PowerShell environment.

MismatchedPSTypeName error may be raised when using the object pipeline.

ProxyAddress and ProxyPort does not validate using the same rules as the Configuration Manager console.

Specifying ProxyAddress without ProxyPort may cause an invalid configuration to be created.

SecurityAuthentication can be changed with configurations that do not support this.

EapType must be combined with SecurityAuthentication even when the latter is not changing.

Non-breaking changes

Added RootCertificate, ClientCertificate, and RememberCredentials parameters.

Improved functionality for configuring a MSCHAPv2 wireless policy.

Sync-CMSoftwareUpdate

Non-breaking changes

Cmdlet no longer requires any parameters to be specified.

Note

When no parameters are defined, -ForceSync $true is implied.