從 Configuration Manager 主控台建立及執行 PowerShell 指令碼Create and run PowerShell scripts from the Configuration Manager console

適用於: Configuration Manager (最新分支)Applies to: Configuration Manager (current branch)

Configuration Manager 已整合執行 PowerShell 指令碼的能力。Configuration Manager has an integrated ability to run PowerShell scripts. PowerShell 的優勢是建立複雜自動化指令碼,其可供較大的社群了解與共用。PowerShell has the benefit of creating sophisticated, automated scripts that are understood and shared with a larger community. 指令碼簡化了建置自訂工具來管理軟體的程序,而且可以讓您快速完成無趣的日常工作,以便更輕鬆且一致地完成大量工作。The scripts simplify building custom tools to administer software and let you accomplish mundane tasks quickly, allowing you to get large jobs done more easily and more consistently.

注意

根據預設,Configuration Manager 不會啟用此選擇性功能。Configuration Manager doesn't enable this optional feature by default. 您必須先先啟用這項功能才能使用它。You must enable this feature before using it. 如需詳細資訊,請參閱從更新啟用選擇性功能For more information, see Enable optional features from updates.

使用 Configuration Manager 的這個整合功能,您就可以使用「執行指令碼」 功能來執行下列動作:With this integration in Configuration Manager, you can use the Run Scripts functionality to do the following things:

  • 建立與編輯搭配 Configuration Manager 使用的指令碼。Create and edit scripts for use with Configuration Manager.
  • 透過角色和安全性範圍來管理指令碼的使用方式。Manage script usage through roles and security scopes.
  • 在集合或個別內部部署受管理 Windows 電腦上執行指令碼。Run scripts on collections or individual on-premises managed Windows PCs.
  • 從用戶端裝置取得快速彙總的指令碼結果。Get rapid aggregated script results from client devices.
  • 監視指令碼執行和檢視指令碼輸出的報告結果。Monitor script execution and view reporting results from script output.

警告

  • 鑒於指令碼的強大,提醒您要謹慎使用。Given the power of scripts, we remind you to be intentional and careful with their usage. 我們有內建的額外保護措施可以協助您:隔離的角色和範圍。We have built in additional safeguards to assist you; segregated roles and scopes. 請務必先驗證指令碼的精確度再執行,並確認它們來自受信任的來源,以避免非預期的指令碼執行。Be sure to validate the accuracy of scripts before running them and confirm they are from a trusted source, to prevent unintended script execution. 留意擴充字元或其他模糊化,並自學保護指令碼安全。Be mindful of extended characters or other obfuscation and educate yourself about securing scripts. 深入了解 PowerShell 指令碼安全性Learn more about PowerShell script security
  • 某些反惡意程式碼軟體可能會不小心針對 Configuration Manager 執行指令碼或 CMPivot 功能觸發事件。Certain anti-malware software may inadvertently trigger events against the Configuration Manager Run Scripts or CMPivot features. 建議排除 %windir%\CCM\ScriptStore,讓反惡意程式碼軟體允許這些功能執行而不會受到干擾。It is recommended to exclude %windir%\CCM\ScriptStore so that the anti-malware software permits those features to run without interference.

先決條件Prerequisites

  • 若要執行 PowerShell 指令碼,用戶端必須執行 PowerShell 3.0 版或更新版本。To run PowerShell scripts, the client must be running PowerShell version 3.0 or later. 不過,如果您執行的指令碼包含較新版 PowerShell 中的功能,執行指令碼所在的用戶端上必須執行該版本的 PowerShell。However, if a script you run contains functionality from a later version of PowerShell, the client on which you run the script must be running that version of PowerShell.
  • Configuration Manager 用戶端必須執行至少 1706 版或更新版的用戶端,才能執行指令碼。Configuration Manager clients must be running the client from the 1706 release, or later in order to run scripts.
  • 若要使用指令碼,您必須是適當 Configuration Manager 安全性角色的成員。To use scripts, you must be a member of the appropriate Configuration Manager security role.
  • 若要匯入及撰寫指令碼,您的帳戶必須具備 SMS 指令碼建立權限。To import and author scripts - Your account must have Create permissions for SMS Scripts.
  • 若要核准或拒絕指令碼,您的帳戶必須具備 SMS 指令碼核准權限。To approve or deny scripts - Your account must have Approve permissions for SMS Scripts.
  • 若要執行指令碼,您的帳戶必須具備集合執行指令碼權限。To run scripts - Your account must have Run Script permissions for Collections.

如需有關 Configuration Manager 安全性角色的詳細資訊:For more information about Configuration Manager security roles:
執行指令碼的安全性範圍Security scopes for run scripts
執行指令碼的安全性角色Security roles for run scripts
以角色為基礎的系統管理基本概念Fundamentals of role-based administration.

限制Limitations

執行指令碼目前支援:Run Scripts currently supports:

  • 指令碼語言:PowerShellScripting languages: PowerShell
  • 參數類型:整數、字串和清單。Parameter types: integer, string, and list.

警告

使用參數時請特別小心,它會開啟有潛在 PowerShell 插入式攻擊風險的介面區。Be aware that when using parameters, it opens a surface area for potential PowerShell injection attack risk. 有許多方法可降低和處理此風險,例如使用規則運算式來驗證參數輸入,或使用預先定義的參數。There are various ways to mitigate and work around, such as using regular expressions to validate parameter input or using predefined parameters. 常見的最佳做法是不要在 PowerShell 指令碼中包含機密資訊 (不要包含密碼等)。Common best practice is not to include secrets in your PowerShell scripts (no passwords, etc.). 深入了解 PowerShell 指令碼安全性Learn more about PowerShell script security

執行指令碼作者和核准者Run Script authors and approvers

執行指令碼使用將「指令碼作者」 和「指令碼核准者」 當作不同角色的概念來實作和執行指令碼。Run Scripts uses the concept of script authors and script approvers as separate roles for implementation and execution of a script. 分離作者和核准者角色可以進行執行指令碼之強大工具的重要程序檢查。Having the author and approver roles separated allows an important process check for the powerful tool that Run Scripts is. 有額外的「指令碼執行者」 角色可執行指令碼,但無法建立或核准指令碼。There's an additional script runners role that allows execution of scripts, but not creation or approval of scripts. 請參閱建立指令碼的安全性角色See Create security roles for scripts.

指令碼角色控制項Scripts roles control

使用者預設無法核准自己所撰寫的指令碼。By default, users can't approve a script they've authored. 由於指令碼相當強大、用途廣泛且可部署至許多裝置,您可以將指令碼作者與指令碼核准者的角色分開。Because scripts are powerful, versatile, and potentially deployed to many devices, you can separate the roles between the person that authors the script and the person that approves the script. 這些角色可針對執行指令碼而未受監督的情況提供一層額外的安全性。These roles give an additional level of security against running a script without oversight. 為簡化測試,您可以關閉次要核准。You're able to turn off secondary approval, for ease of testing.

核准或拒絕指令碼Approve or Deny a script

指令碼必須先經過「指令碼核准者」 核准才能執行。Scripts must be approved, by the script approver role, before they can be run. 核准指令碼:To approve a script:

  1. 在 Configuration Manager 主控台中,按一下 [軟體程式庫] 。In the Configuration Manager console, click Software Library.
  2. 在 [軟體程式庫] 工作區中,按一下 [指令碼] 。In the Software Library workspace, click Scripts.
  3. 在 [指令碼] 清單中,選擇您想要核准或拒絕的指令碼,然後在 [首頁] 索引標籤上的 [指令碼] 群組中,按一下 [核准/拒絕] 。In the Script list, choose the script you want to approve or deny and then, on the Home tab, in the Script group, click Approve/Deny.
  4. 在 [核准或拒絕指令碼] 對話方塊中,選取 [核准] 或 [拒絕] 指令碼。In the Approve or deny script dialog box, select Approve, or Deny for the script. 您可以選擇性地輸入有關您決策的註解。Optionally, enter a comment about your decision. 如果您拒絕某個指令碼,它就無法在用戶端裝置上執行。If you deny a script, it can't be run on client devices.
    指令碼 - 核准Script - Approval
  5. 完成精靈。Complete the wizard. 在 [指令碼] 清單中,[核准狀態] 資料行會隨著您採取的動作而發生變更。In the Script list, you see the Approval State column change depending on the action you took.

允許使用者核准自己的指令碼Allow users to approve their own scripts

此核准主要用於指令碼開發的測試階段。This approval is primarily used for the testing phase of script development.

  1. 在 Configuration Manager 主控台中,按一下 [系統管理] 。In the Configuration Manager console, click Administration.
  2. 在 [系統管理] 工作區中,展開 [網站設定] ,然後按一下 [網站] 。In the Administration workspace, expand Site Configuration, and then click Sites.
  3. 在站台清單中,選擇您的站台,然後在 [首頁] 索引標籤上的 [站台] 群組中,按一下 [階層設定] 。In the list of sites, choose your site and then, on the Home tab, in the Sites group, click Hierarchy Settings.
  4. 在 [階層設定屬性] 對話方塊的 [一般] 索引標籤上,取消選取 [指令碼作者需要其他指令碼核准者] 。On the General tab of the Hierarchy Settings Properties dialog box, clear the checkbox Script authors require additional script approver.

重要

最佳做法不該允許指令碼作者核准自己的指令碼。As a best practice, you shouldn't allow a script author to approve their own scripts. 只有在實驗室設定中才允許這樣做。It should only be allowed in a lab setting. 請仔細考慮變更此設定對生產環境可能的影響。Carefully consider the potential impact of changing this setting in a production environment.

安全性範圍Security scopes

執行指令碼會使用安全性範圍,此為 Configuration Manager 的現有功能,透過代表使用者群組的指派標記,控制指令碼的撰寫與執行。Run Scripts uses security scopes, an existing feature of Configuration Manager, to control scripts authoring and execution through assigning tags that represent user groups. 如需使用安全性範圍的詳細資訊,請參閱為 Configuration Manager 設定以角色為基礎的系統管理For more information on using security scopes, see Configure role-based administration for Configuration Manager.

建立指令碼的安全性角色Create security roles for scripts

在 Configuration Manager 中,預設並未建立用來執行指令碼的三個安全性角色。The three security roles used for running scripts aren't created by default in Configuration Manager. 若要建立指令碼執行者、指令碼作者和指令碼核准者角色,請遵循下列所述步驟。To create the script runners, script authors, and script approvers roles, follow the outlined steps.

  1. 在 Configuration Manager 主控台中,移至 [系統管理] >[安全性] >[安全性角色] In the Configuration Manager console, go to Administration >Security >Security Roles
  2. 以滑鼠右鍵按一下角色,然後按一下 [複製] 。Right-click on a role and click Copy. 您複製的角色具有已指派的權限。The role you copy has permissions already assigned. 請確認您只取得所需的權限。Make sure you take only the permissions that you want.
  3. 為自訂角色提供名稱描述Give the custom role a Name and a Description.
  4. 為安全性角色指派下面所述的權限。Assign the security role the permissions outlined below.

安全性角色權限Security Role Permissions

角色名稱:指令碼執行者Role Name: Script Runners

  • 描述:這些權限可讓此角色僅執行先前由其他角色建立並核准的指令碼。Description: These permissions enable this role to only run scripts that were previously created and approved by other roles.
  • 權限: 確認下列項目已設定為 [是] 。Permissions: Ensure the following are set to Yes.
類別Category 權限Permission 狀況State
集合Collection 執行指令碼Run Script Yes
網站Site 讀取Read Yes
SMS 指令碼SMS Scripts 讀取Read Yes

角色名稱:指令碼作者Role Name: Script Authors

  • 描述:這些權限可讓此角色撰寫指令碼,但無法予以核准或執行。Description: These permissions enable this role to author scripts, but they can't approve or run them.
  • 權限:確認已設定下列權限。Permissions: Ensure the following permissions are set.
類別Category 權限Permission 狀況State
集合Collection 執行指令碼Run Script No
網站Site 讀取Read Yes
SMS 指令碼SMS Scripts 建立Create Yes
SMS 指令碼SMS Scripts 讀取Read Yes
SMS 指令碼SMS Scripts 刪除Delete Yes
SMS 指令碼SMS Scripts 修改Modify Yes

角色名稱:指令碼核准者Role Name: Script Approvers

  • 描述:這些權限可讓此角色核准指令碼,但無法予以建立或執行。Description: These permissions enable this role to approve scripts, but they can't create or run them.
  • 權限: 確認已設定下列權限。Permissions: Ensure the following permissions are set.
類別Category 權限Permission 狀況State
集合Collection 執行指令碼Run Script No
網站Site 讀取Read Yes
SMS 指令碼SMS Scripts 讀取Read Yes
SMS 指令碼SMS Scripts 核准Approve Yes
SMS 指令碼SMS Scripts 修改Modify Yes

指令碼作者角色的 SMS 指令碼權限範例Example of SMS Scripts permissions for the script authors role

指令碼作者角色的 SMS 指令碼權限範例

建立指令碼Create a script

  1. 在 Configuration Manager 主控台中,按一下 [軟體程式庫] 。In the Configuration Manager console, click Software Library.
  2. 在 [軟體程式庫] 工作區中,按一下 [指令碼] 。In the Software Library workspace, click Scripts.
  3. 在 [首頁] 索引標籤上的 [建立] 群組中,按一下 [建立指令碼] 。On the Home tab, in the Create group, click Create Script.
  4. 在 [建立指令碼] 精靈的 [指令碼] 頁面上,設定下列設定:On the Script page of the Create Script wizard, configure the following settings:
    • 指令碼名稱 - 輸入指令碼的名稱。Script Name - Enter a name for the script. 雖然可以使用相同名稱來建立多個指令碼,但使用重複名稱會讓您更難在 Configuration Manager 主控台中找出所需的指令碼。Although you can create multiple scripts with the same name, using duplicate names makes it harder for you to find the script you need in the Configuration Manager console.
    • 指令碼語言 - 目前僅支援 PowerShell 指令碼。Script language - Currently, only PowerShell scripts are supported.
    • 匯入 - 將 PowerShell 指令碼匯入到主控台。Import - Import a PowerShell script into the console. 指令碼會顯示在 [指令碼] 欄位中。The script is displayed in the Script field.
    • 清除 - 將目前的指令碼從 [指令碼] 欄位中移除。Clear - Removes the current script from the Script field.
    • 指令碼 - 顯示目前已匯入的指令碼。Script - Displays the currently imported script. 您可以視需要編輯此欄位中的指令碼。You can edit the script in this field as necessary.
  5. 完成精靈。Complete the wizard. 新指令碼會顯示在 [指令碼] 清單中,其狀態為 [等候核准] 。The new script is displayed in the Script list with a status of Waiting for approval. 您必須先核准此指令碼,才能在用戶端裝置上執行它。Before you can run this script on client devices, you must approve it.

重要

使用執行指令碼功能時,避免以指令碼處理裝置重新開機或是重新啟動 Configuration Manager 代理程式。Avoid scripting a device reboot or a restart of the Configuration Manager agent when using the Run Scripts feature. 這麼做可能會造成不斷重新開機的狀態。Doing so could lead to a continuous rebooting state. 如有需要,目前用戶端通知功能已有所加強,可重新啟動裝置。If needed, there are enhancements to the client notification feature that enable restarting devices. 擱置重新啟動欄可協助找出需要重新啟動的裝置。The pending restart column can help identify devices that need a restart.

指令碼參數Script parameters

將參數新增至指令碼可提高工作的彈性。Adding parameters to a script provides increased flexibility for your work. 您最多可以包括 10 個參數。You can include up to 10 parameters. 以下列出執行指令碼功能目前能夠使用的指令碼參數:「字串」 、「整數」 資料類型。The following outlines the Run Scripts feature's current capability with script parameters for; String, Integer data types. 也提供預設值的清單。Lists of preset values are also available. 如果您的指令碼有不支援的資料類型,您會收到警告。If your script has unsupported data types, you get a warning.

在 [建立指令碼] 對話方塊中,按一下 [指令碼] 下的 [指令碼參數] 。In the Create Script dialog, click Script Parameters under Script.

每個指令碼參數都有自己的對話方塊,以供新增進一步的詳細資料和驗證。Each of your script's parameters has its own dialog for adding further details and validation. 若指令碼中有預設參數,它將會列在參數 UI 中,而且您可以設定它。If there's a default parameter in the script, it will be enumerated in the parameter UI and you can set it. Configuration Manager 將不會覆寫預設值,因為它將不會直接修改指令碼。Configuration Manager won't overwrite the default value since it will never modify the script directly. 您可將此想像成「預先填寫的建議值」已在 UI 中提供,但 Configuration Manager 在執行階段未提供對「預設」值的存取。You can think of this as "pre-populated suggested values" are provided in the UI, but Configuration Manager doesn't provide access to "default" values at run-time. 編輯指令碼並輸入正確的值即可解決此問題。This can be worked around by editing the script to have the correct defaults.

重要

參數值不能包含單引號。Parameter values can't contain a single quote.

有一個已知問題,其會使包含或括在單引號中的參數值無法正確傳遞到指令碼。There is a known issue where parameter values that include or are enclosed in single quotes don't get passed to the script properly. 指定在指令碼中包含空格的預設參數值時,請改為使用雙引號。When specifying default parameter values containing a space within a script, use double quotes instead. 在建立或執行指令碼期間指定預設參數值時,無論值是否包含空格,將預設值括在雙引號或單引號中都不是必要操作。When specifying default parameter values during creation or execution of a Script, surrounding the default value in either double or single quotes is not necessary regardless of whether the value contains a space or not.

參數驗證Parameter validation

您指令碼中的每個參數都有 [Script Parameter Properties ] (指令碼參數內容) 對話方塊,讓您新增該參數的驗證。Each parameter in your script has a Script Parameter Properties dialog for you to add validation for that parameter. 新增驗證之後,如果輸入的參數值與驗證不符,應該會收到錯誤。After adding validation, you should get errors if you're entering a value for a parameter that doesn't meet its validation.

範例:FirstNameExample: FirstName

在此範例中,您可以設定字串參數 FirstName 的內容。In this example, you're able to set the properties of the string parameter, FirstName.

指令碼參數 - 字串

[指令碼參數屬性] 對話方塊的 [驗證] 區段包含下列可供您使用的欄位:The validation section of the Script Parameter Properties dialog contains the following fields for your use:

  • 最小長度FirstName 欄位的最小字元數。Minimum Length - minimum number of characters of the FirstName field.
  • 最大長度FirstName 欄位的最大字元數。Maximum Length- maximum number of characters of the FirstName field
  • RegEx:規則運算式 (Regular Expression) 的縮寫。RegEx - short for Regular Expression. 如需使用規則運算式的詳細資訊,請參閱下一節<使用規則運算式驗證> 。For more information on using the Regular Expression, see the next section, Using Regular Expression validation.
  • 自訂錯誤:可讓您自行新增錯誤訊息,以取代任何系統驗證錯誤訊息。Custom Error - useful for adding your own custom error message that supersedes any system validation error messages.

使用規則運算式驗證Using Regular Expression validation

規則運算式是一種簡明的程式設計形式,適用於針對編碼驗證檢查字元字串。A regular expression is a compact form of programming for checking a string of characters against an encoded validation. 例如,您可以在 RegEx 欄位中放入 [^A-Z],來檢查 FirstName 欄位中是否缺少大寫字母字元。For example, you could check for the absence of a capital alphabetic character in the FirstName field by placing [^A-Z] in the RegEx field.

此對話方塊的規則運算式處理是由 .NET Framework 支援。The regular expression processing for this dialog is supported by the .NET Framework. 如需使用規則運算式的指導,請參閱 .NET 規則運算式 (機器翻譯) 和規則運算式語言 (機器翻譯)。For guidance on using regular expressions, see .NET Regular Expression and Regular Expression Language.

指令碼範例Script examples

以下數個範例示範的指令碼,您可能想要使用它們的這項功能。Here are a couple examples that illustrate scripts you might want to use with this capability.

建立新資料夾和檔案Create a new folder and file

此指令碼會根據您的命名輸入來建立新資料夾和位於資料夾中的檔案。This script creates a new folder and a file within the folder, given your naming input.

Param(
[Parameter(Mandatory=$True)]
[string]$FolderName,
[Parameter(Mandatory=$True)]
[string]$FileName
)

New-Item $FolderName -type directory
New-Item $FileName -type file

取得 OS 版本Get OS Version

此指令碼會使用 WMI 來查詢機器的 OS 版本。This script uses WMI to query the machine for its OS version.

Write-Output (Get-WmiObject -Class Win32_operatingSystem).Caption

編輯或複製 PowerShell 指令碼Edit or copy PowerShell scripts

(隨 1902 版推出)(Introduced with version 1902)
您可以編輯複製與「執行指令碼」 功能搭配使用的現有 PowerShell 指令碼。You can Edit or Copy an existing PowerShell script used with the Run Scripts feature. 現在您可以直接編輯指令碼,而不必重新建立需要變更的指令碼。Instead of recreating a script that you need to change, now directly edit it. 這兩個動作都使用您建立新指令碼時所使用的相同精靈體驗。Both actions use the same wizard experience as when you create a new script. 當您編輯或複製指令碼時,Configuration Manager 不會保存核准狀態。When you edit or copy a script, Configuration Manager doesn't persist the approval state.

提示

請勿編輯正在用戶端上執行的指令碼。Don't edit a script that's actively running on clients. 它們會無法完成原始指令碼的執行,而您則可能無法從這些用戶端取得想要的結果。They won't finish running the original script, and you may not get the intended results from these clients.

編輯指令碼Edit a script

  1. 移至 [軟體程式庫] 工作區下的 [指令碼] 節點。Go to the Scripts node under the Software Library workspace.
  2. 選取要編輯的指令碼,然後按一下功能區中的 [編輯] 。Select the script to edit, then click Edit in the ribbon.
  3. 在 [指令碼詳細資料] 頁面中,變更或重新匯入指令碼。Change or reimport your script in the Script Details page.
  4. 按一下 [下一步] 以檢視 [摘要] ,然後在完成編輯時,按一下 [關閉] 。Click Next to view the Summary then Close when you're finished editing.

複製指令碼Copy a script

  1. 移至 [軟體程式庫] 工作區下的 [指令碼] 節點。Go to the Scripts node under the Software Library workspace.
  2. 選取要複製的指令碼,然後按一下功能區中的 [複製] 。Select the script to copy, then click Copy in the ribbon.
  3. 在 [指令碼名稱] 欄位中重新命名指令碼,並進行任何其他可能需要的編輯。Rename the script in the Script name field and make any additional edits you may need.
  4. 按一下 [下一步] 以檢視 [摘要] ,然後在完成編輯時,按一下 [關閉] 。Click Next to view the Summary then Close when you're finished editing.

執行指令碼Run a script

指令碼經核准後,就能針對單一裝置或集合執行。After a script is approved, it can be run against a single device or a collection. 指令碼一旦開始執行,就會透過在一個小時後逾時的高優先權系統快速啟動。Once execution of your script begins, it's launched quickly through a high priority system that times-out in one hour. 然後指令碼的結果會使用狀態訊息系統傳回。The results of the script are then returned using a state message system.

若要針對指令碼選取目標集合:To select a collection of targets for your script:

  1. 在 Configuration Manager 主控台中,按一下 [資產與合規性] 。In the Configuration Manager console, click Assets and Compliance.
  2. 在 [資產與相容性] 工作區中,按一下 [裝置集合] 。In the Assets and Compliance workspace, click Device Collections.
  3. 在 [裝置集合] 清單中,按一下要用來作為指令碼執行位置的裝置集合。In the Device Collections list, click the collection of devices on which you want to run the script.
  4. 選取您所需的集合,按一下 [執行指令碼] 。Select a collection of your choice, click Run Script.
  5. 在 [執行指令碼] 精靈的 [指令碼] 頁面上,從清單中選擇一個指令碼。On the Script page of the Run Script wizard, choose a script from the list. 此清單只會顯示已核准的指令碼。Only approved scripts are shown.
  6. 按一下 [下一步] 完成精靈。Click Next, and then complete the wizard.

重要

如果指令碼未執行 (例如因為目標裝置在該一個小時的時段內為關閉狀態),您便必須再次執行指令碼。If a script does not run, for example because a target device is turned off during the one hour time period, you must run it again.

Target machine executionTarget machine execution

當「系統」 或「電腦」 帳戶位在目標用戶端上時,會執行此指令碼。The script is executed as the system or computer account on the targeted client(s). 這個帳戶的網路存取權限很低。This account has limited network access. 您必須相應佈建指令碼對遠端系統及位置的任何存取。Any access to remote systems and locations by the script must be provisioned accordingly.

指令碼監視Script monitoring

在您於裝置集合上起始執行指令碼之後,請使用下列程序來監視作業。After you have initiated running a script on a collection of devices, use the following procedure to monitor the operation. 您可在執行期間即時監視指令碼,也可以之後再返回所指定 [執行指令碼] 執行的狀態和結果。You are able to monitor a script in real time as it executes, and later return to the status and results for a given Run Script execution. 指令碼狀態資料已在刪除過時用戶端作業維護工作期間或刪除指令碼時清除。Script status data is cleaned up as part of the Delete Aged Client Operations maintenance task or deletion of the script.

指令碼監視 - 指令碼執行狀態

  1. 在 Configuration Manager 主控台中,按一下 [監視] 。In the Configuration Manager console, click Monitoring.

  2. 在 [監視] 工作區中,按一下 [指令碼狀態] 。In the Monitoring workspace, click Script Status.

  3. 在 [指令碼狀態] 清單中,您可以檢視在用戶端裝置上執行之每個指令碼的結果。In the Script Status list, you view the results for each script you ran on client devices. 指令碼結束代碼 0 通常表示指令碼已成功執行。A script exit code of 0 generally indicates that the script ran successfully.

    指令碼監視器 - 截斷的指令碼

指令碼輸出Script output

用戶端的傳回指令碼輸出,透過將指令碼的結果輸送到 ConvertTo-Json Cmdlet 來格式化成 JSON。Client's return script output using JSON formatting by piping the script's results to the ConvertTo-Json cmdlet. JSON 格式會一致傳回可讀取的指令碼輸出。The JSON format consistently returns readable script output. 針對不會傳回物件作為輸出的指令碼,ConvertTo-Json Cmdlet 會將輸出轉換成用戶端傳回的簡易字串,而非 JSON。For scripts that do not return objects as output, the ConvertTo-Json cmdlet converts the output to a simple string that the client returns instead of JSON.

  • 得到未知結果的指令碼或離線的用戶端,皆不會出現在圖表或資料集中。Scripts that get an unknown result, or where the client was offline, won't show in the charts or data set.

  • 請避免傳回大型指令碼輸出,因為它會被截斷為 4 KB。Avoid returning large script output since it's truncated to 4 KB.

  • 將指令碼中的列舉物件轉換為字串值,以正確地以 JSON 格式加以顯示。Convert an enum object to a string value in scripts so they're properly displayed in JSON formatting.

    將列舉物件轉換為字串值

您可以使用原始或結構化的 JSON 格式來檢視詳細指令碼輸出。You can view detailed script output in raw or structured JSON format. 此格式可讓輸出變得更容易讀取與分析。This formatting makes the output easier to read and analyze. 如果指令碼傳回有效的 JSON 格式文字,或輸出可使用 ConvertTo-Json PowerShell Cmdlet 來轉換成 JSON,則請將詳細輸出作為 JSON 輸出原始輸出來檢視。If the script returns valid JSON-formatted text or the output can be converted to JSON using the ConvertTo-Json PowerShell cmdlet, then view the detailed output as either JSON Output or Raw Output. 否則,唯一的選項是指令碼輸出Otherwise the only option is Script Output.

範例:指令碼輸出可轉換成有效的 JSONExample: Script output is convertible to valid JSON

命令:$PSVersionTable.PSVersionCommand: $PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      16299  551

範例:指令碼輸出不是有效的 JSONExample: Script output isn't valid JSON

命令:Write-Output (Get-WmiObject -Class Win32_OperatingSystem).CaptionCommand: Write-Output (Get-WmiObject -Class Win32_OperatingSystem).Caption

Microsoft Windows 10 Enterprise

記錄檔Log files

  • 在用戶端上,根據預設位於 C:\Windows\CCM\logs:On the client, by default in C:\Windows\CCM\logs:

    • Scripts.logScripts.log
    • CcmMessaging.logCcmMessaging.log
  • 在 MP 上,預設位於 C:\SMS_CCM\Logs:On the MP, by default in C:\SMS_CCM\Logs:

    • MP_RelayMsgMgr.logMP_RelayMsgMgr.log
  • 在站台伺服器上,預設位於 C:\Program Files\Configuration Manager\Logs:On the site server, by default in C:\Program Files\Configuration Manager\Logs:

    • SMS_Message_Processing_Engine.logSMS_Message_Processing_Engine.log

另請參閱See Also