Automating Management Pack Deployments for Non-Administrators

For many customers, getting more value from their SCOM investment means going beyond the basics and authoring custom management packs. As SCOM proliferates in more IT shops, organizations continue to invest in the platform which usually equates to one Administrator and a number of MP developers. Balancing day-to-day activities along with the special needs of management pack development has shaped these roles. For the already busy SCOM Administrator, there is relief through simple automation.

An example is how mature IT organizations follow some form of release process. When a new version of their code is deployed, a new management pack can be revisioned and shipped alongside. As the SCOM Administrator, you have to work with the developers to deploy the management pack and often, facilitate the iterations. Offloading this particular task is not trivial because non-Administrators would then have the ability to make system changes and other potentially harmful actions.

Ask yourself these questions:

  • Do you manage multiple SCOM environments such as sandbox, test and production?
  • Do you support MP Developers who don’t have import permissions in the management groups?
  • Do you spend more time than you wish scheduling releases for management pack updates?
  • Would you like to enable MP developers or deployment staff to securely import their management packs?

If you answered yes to any of these questions, chances are, you can benefit by implementing this simple process. Without importuning the Administrator each time, MP Developers can import their management packs by copying them to a drop share and having a scheduled task to run the install-managementpack PowerShell cmdlet. After they have been imported, the management packs are then moved to a processed folder.

Here’s what you need to make it work:

– A (domain) account with administrative permissions

– A scheduled task on the RMS

– A share on the RMS

– Operations Manager Shell component on RMS

– Downloaded sample scripts

1) Let’s start by downloading and unzipping the file. Inside is a directory structure, test MP, batch file and PowerShell script.

2) Copy the MyShareRoot folder to a location on the RMS. The RMS should already have PowerShell installed as a SCOM prerequisite however you may need to install the Operations Manager Shell component if it does not already exist.

3) Create a share for the MPDrop folder and assign permissions so users have the necessary access rights. For demonstration purposes, we chose to share with Everyone.

4) In the MyShareRoot folder, you need to edit three variables in ImportMPsSchedTask.cmd to match your environment. The BaseImportManagementPacks.ps1 PowerShell script does not need to be changed.

  1. ROOTMS should be the fully qualified name of your RMS
  2. IMPORTPATH should be the directory of the MPDrop folder (not the share but the shared folder)
  3. PROCESSPATH should be the folder where the imported MPs are copied after they are imported

5) Let’s the script to make sure everything works before creating the scheduled task. Login to the RMS as a user with the domain account listed above so we can validate the permissions. From a CMD prompt, change directory to the MyShareRoot directory. Run the ImportMPsSchedTask.cmd batch file. If this worked, the TestManagementPack.xml in the MPDrop directory will be imported to your management group and moved to the Processed subdirectory. If necessary, troubleshoot any issues with permissions or variables in the batch file before continuing.

6) Create a scheduled task to run ImportMPsSchedTask.cmd at a reasonable interval such as every 5 or 10 minutes. We won’t describe how to create the task but ensure it runs as a domain user with permissions to import management packs. In our sample, we used the Default Action Account which had the necessary permissions. Use the appropriate method which meets the security requirements of your environment.

You may want to set some ground rules as to what MPs can be imported as you wouldn’t want someone to import unwanted packs. If you encounter issues with importing management packs on a schedule, make sure users are not trying to import an .xml management pack on top of a sealed pack because this won’t work (i.e. when multiple MPs are placed in the drop folder). When this happens, the MPs will be stuck in the MPDrop folder until the offending one(s) are removed. You can run the ImportMPsSchedTask.cmd batch file to see any SCOM errors.

WME offers an upgraded version of this process which adds Windows error logging, import history logging, alerting, MP exclusions, log file cleanup and feature to remove blocking MPs so others can continue.

You can download the source file here:

Auto MP Drop Import



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.