Tuesday, October 25, 2016

Auto Approve Cross Forest Machines

Are you working with machines from another forest that you need to approve in SCCM?


As a good security practice you should only Auto Approve machines in your own domain.
If you are merging or pulling in other machines you don't want to manually approve the machines.  Here is a simple process:


Create a powershell  to approve machines in a given collection
Import-Module 'C:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'


cd PR1:


Get-CMDevice -CollectionID "PR1299F3" |select name |ForEach-Object {Approve-CMDevice -DeviceName $_.name }




Next create a collection for all these machines to come into. Let's assume the machines coming in were in a Workgroup or Domain call ABC:



select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_CM_RES_COLL_SMS00001 on   SMS_CM_RES_COLL_SMS00001.ResourceId = SMS_R_System.ResourceId   where SMS_CM_RES_COLL_SMS00001.IsApproved= '0' and SMS_R_System.ResourceDomainORWorkgroup = "ABC"




All we are doing here is creating a collection of the machines we want to approve and then running the PowerShell to approve them.


This allows you to approve those special machines as the enter the infrastructure without Admins having to manually approve them.