Set-CMOutOfBandManagementComponent
Set-CMOutOfBandManagementComponent
Sets the site system server that hosts the out of band management role in System Center 2012 Configuration Manager.
Syntax
Parameter Set: SearchBySiteCodeMandatory
Set-CMOutOfBandManagementComponent -SiteCode <String> [-AddAmtUserAccount <String[]> ] [-AllowPingResponse <Boolean> ] [-AmtAccountOU <String> ] [-AmtProvisioningAccounts <Dictionary[]<String>> ] [-AmtProvisioningRemovalAccount <String> ] [-AmtProvisioningRemovalPassword <SecureString> ] [-AmtProvisioningSchedule <IResultObject> ] [-AuditLogSettingName {AgentPresenceManager | CircuitBreakerManager | EndpointAccessControl | EventManager | FirmwareUpdateManager | NetworkAdministration | NetworkTime | RedirectionManager | RemoteControlOperations | SecurityAdministration | SecurityAuditLog | StorageAdministration | WirelessConfiguration}[] ] [-CertificateTemplate <String> ] [-CertificationAuthorityName <String> ] [-EnableBypassBiosPassword <Boolean> ] [-EnableCrlChecking <Boolean> ] [-EnableIDERedirection <Boolean> ] [-EnableWebInterface <Boolean> ] [-EnableWiredNetworkAccess <Boolean> ] [-EnrollmentPoint <String> ] [-IssuingCertificationAuthority <String> ] [-KerberosClockToleranceMinutes <Int32> ] [-MebxAccount <String> ] [-MebxPassword <SecureString> ] [-PowerState <PowerStateType> {AlwaysOnS0S5 | HostIsOnS0} ] [-RemoveAmtUserAccount <String[]> ] [-SiteSystemServerName <String[]> ] [-UniversalSecurityGroup <String> ] [-WiredProfileObject <WiredProfile> ] [-WirelessProfile <WirelessProfile[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-CMOutOfBandManagementComponent cmdlet sets the site system computer that hosts the out of band management role in Microsoft System Center 2012 Configuration Manager. The out of band management role manages computers that have the Intel vPro chip set and a version of Intel Active Management Technology (AMT) that System Center 2012 Configuration Manager supports. Out of band management lets you connect to a computer’s AMT management controller when the computer is turned off, in hibernation, or otherwise unresponsive through the operating system.
Parameters
-AddAmtUserAccount<String[]>
Specifies an array of AMT user accounts to add.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AllowPingResponse<Boolean>
Indicates whether to allow ping responses.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AmtAccountOU<String>
Specifies an organizational unit (OU) for an AMT account.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AmtProvisioningAccounts<Dictionary[]<String>>
Specifies an array of key-value pairs.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AmtProvisioningRemovalAccount<String>
Specifies an AMT account.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AmtProvisioningRemovalPassword<SecureString>
Specifies a secure string that contains a password.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AmtProvisioningSchedule<IResultObject>
Specifies an input object. To obtain an input object, use the New-CMSchedule cmdlet.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AuditLogSettingName<AuditLogSettingType[]>
Specifies an array of audit log setting names. Acceptable values for this parameter are:
-- AgentPresenceManager
-- CircuitBreakerManager
-- EndpointAccessControl
-- EventManager
-- FirmwareUpdateManager
-- NetworkAdministration
-- NetworkTime
-- RedirectionManager
-- RemoteControlOperations
-- SecurityAdministration
-- SecurityAuditLog
-- StorageAdministration
-- WirelessConfiguration
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-CertificateTemplate<String>
Specifies a certificate template.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-CertificationAuthorityName<String>
Specifies the name of a certification authority.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableBypassBiosPassword<Boolean>
Indicates whether to bypass the BIOS password.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableCrlChecking<Boolean>
Indicates whether to enable certificate revocation list (CRL) checking.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableIDERedirection<Boolean>
Indicates whether to enable IDE redirection. Intel AMT uses IDE redirection to redirect serial and IDE communication from a managed client to a management console.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableWebInterface<Boolean>
Indicates whether to enable the web interface.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableWiredNetworkAccess<Boolean>
Indicates whether to enable wired network access.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnrollmentPoint<String>
Specifies an enrollment point in Configuration Manager.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-IssuingCertificationAuthority<String>
Specifies the issuing certification authority.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-KerberosClockToleranceMinutes<Int32>
Specifies a clock tolerance, in minutes, for Kerberos. Kerberos authentication depends on time synchronization.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-MebxAccount<String>
Specifies the name of an account for Management Engine BIOS Extensions (MEBx). The MEBx account provides authenticated access to the AMT firmware on AMT-based computers.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-MebxPassword<SecureString>
Specifies a secure string that contains the password for the MEBx account.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-PowerState<PowerStateType>
Specifies an AMT power state that describes system states as on, sleeping, hibernating, or off. Acceptable values for this parameter are:
-- AlwaysOnS0S5
-- HostIsOnS0
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-RemoveAmtUserAccount<String[]>
Specifies an array of AMT user accounts to remove.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-SiteCode<String>
Specifies a site code in Configuration Manager.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-SiteSystemServerName<String[]>
Specifies an array of names of site system servers in Configuration Manager.
Aliases |
Name |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-UniversalSecurityGroup<String>
Specifies the name of a universal security group.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-WiredProfileObject<WiredProfile>
Specifies a wired profile object.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-WirelessProfile<WirelessProfile[]>
Specifies an array of wireless profiles.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
Example 1: Set an out of band management component
This example sets the out of band management component by using the site code.
The first command uses the Get-CMTrustedRootCertificate cmdlet to get a certificate, and stores the certificate in the $Cert variable.
The second command uses the New-CMWiredProfileObject cmdlet to create a profile object, and stores the object in the $WiredP variable.
The third command uses the New-CMWirelessProfileObject cmdlet to create a wireless profile object, and stores the object in the $WirelessP variable.
The fourth command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component by using the $WiredP and $WirelessP variables.
PS C:\> $Cert = Get-CMTrustedRootCertificate -CertificationAuthorityServerName "CertAuth.Contoso.Com"
PS C:\> $WiredP = New-CMWiredProfileObject -TrustedRootCertificate $Cert -ClientAuthenticationMethod EapTtlsMschapv2 -ClientIssuingCertificationAuthority "ContosoCorpTPM.Contoso.Com" -ClientCertificationAuthorityName "Contoso TPM" -ClientCertificateTemplate "Contoso Certificate Access" - MachineAuth - TPM"
PS C:\> $WirelessP = New-CMWirelessProfileObject -ProfileName "Test -NetworkName Net1" -SecurityType WPA2Enterprise -EncryptionMethod AES -TrustedRootCertificate $Cert -ClientAuthenticationMethod EapTtlsMschapv2 -ClientIssuingCertificationAuthority "ContosoCorpTPM.Contoso.Com" -ClientCertificationAuthorityName "Contoso TPM" -ClientCertificateTemplate "Contoso Certificate Access" - MachineAuth - TPMv2"
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode "CM2" -EnableWiredNetworkAccess $True -WiredProfileObject $WiredP -WirelessProfile $WirelessP
Example 2: Set an out of band management component with an AMT provisioning account
This example sets an out of band management component by using an AMT provisioning account.
The first command creates a password string for the AMT provisioning account. The command uses a secure string to obscure the password.
The second command uses the New-CMAmtProvisioningAccount cmdlet to create an account, and stores the result in the $Apa variable.
The third command uses the New-CMSchedule cmdlet to create a schedule, and stores the result in the $Schedule variable.
The fourth command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component, by using the $Apa and $Schedule variables. The command specifies an account for the AmtProvisioningAccount parameter.
PS C:\> $SS= Read-Host -AsSecureString
PS C:\> $Apa = New-CMAmtProvisioningAccount -UserName "AimeeLott" -Password $SS -Description "New AMT Provisioning Account"
PS C:\> $Schedule = New-CMSchedule -DayOfWeek Saturday -RecurCount 2 -Start "2012/11/22 12:10:00"
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode CM2 -AmtProvisioningAccount $Apa -AmtProvisioningSchedule $Schedule -AmtProvisioningRemovalAccount "Western\AimeeLott" -AmtProvisioningRemovalPassword $SS
Example 3: Set an out of band management component with an AMT user account
This example sets an out of band management component by using an AMT user account.
The first command creates a password string for the AMT provisioning account. The command uses a secure string to obscure the password.
The second command uses the New-CMAmtProvisioningAccount cmdlet to create an account, and stores the result in the $Apa variable.
The third command uses the New-CMSchedule cmdlet to create a schedule, and stores the result in the $Schedule variable.
The fourth command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component, by using the $Apa and $Schedule variables. The command specifies an account name for the AmtUserAccount parameter.
PS C:\> $SS = Read-Host -AsSecureString
PS C:\> $Apa = New-CMAmtProvisioningAccount -UserName "AimeeLottSJones" -Password "$SS" -Description "New AMT Provisioning Account"
PS C:\> $Schedule= New-CMSchedule -DayOfWeek Saturday -RecurCount 2 -Start "2012/11/22 12:10:00"
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode "CM2" -AmtUserAccount "Western\SarahJones" -PowerState HostIsOnS0 -EnableWebInterface $True -EnableIDERedirection $False -AllowPingResponse $True -EnableBypassBiosPassword $False -KerberosClockToleranceMinutes 3 -AuditLogSettingName EndpointAccessControl,CircuitBreakerManager,AgentPresenceManager -AmtProvisioningAccount $Apa -AmtProvisioningSchedule $Schedule -AmtProvisioningRemovalAccount "Western\AimeeLott" -AmtProvisioningRemovalPassword $SS
Example 4: Set an out of band management component with an AMT account OU
This example sets an out of band management component by using an AMT account OU.
The command uses the Set-CMOutOfBandManagementComponent cmdlet to set an out of band management component, and specifies an organizational unit with the AmtAccountOU parameter.
PS C:\> Set-CMOutOfBandManagementComponent -SiteCode "CM2" -AmtAccountOU "LDAP://OU=Resources,DC=Western,DC=Contoso,DC=Com" -UniversalSecurityGroup "Administrators" -IssuingCertificationAuthority "Test.Western.Contoso.Com" -CertificationAuthorityName "Contoso Test" -CertificateTemplate "Test - Secure Web Server 2yr" -EnableCrlChecking $False