OpsMgr: Enable Agent Proxy via Management Pack

Author : Ingmar Verheij

System Center Operations Manager (SCOM) agents are by default allowed to only return data from the same source. If the agent needs to submit data from another source, for instance in a cluster, the security feature ‘Agent Proxy’ needs to be enabled. By default this feature is disabled.

If you create (or import) a management pack that relies on this feature, for example when the management pack submits data from another source, you might want automate this.

Automate setting “Allow this agent to act as a proxy and discover managed object on other computers”

The process of enabling the “Agent Proxy” security feature can be done using a PowerShell script or an executable called SetAgentProxyEnabled. Although this automates the process of enabling the security feature it still requires an admin to execute the script or process manually.

Integrate in Management Pack

What if you write a management pack that discovers objects from another source (and therefore require the “Agent Proxy” feature)? You might want to set the feature for the admin on the agents where your management pack is active.

To achieve this we’re going to create a rule that runs on the root management server (RMS),

  • Open the System Center Operations Manager 2007 R2 Authoring Console
  • Open your management pack / create a new management pack
  • Go to Health Model
  • Select Rules
In the Rules view
  • Create a new custom rule
  • Choose an ID (for instance Demo.ManagementPack.Rule)
On the General tab
  • Give a descriptive name (for “instance Enable Agent Proxy on my agent”)
  • Select the target ‘Microsoft.SystemCenter.RootManagementServer’

 

On the Modules tab
  • Create a new Data Source with type ‘System.Scheduler’ and Module ID ‘Scheduler’
  • Edit the new created data source ‘Scheduler’
    • Click on Configure
    • Set the period to 1 – Hours
  • Create a new Action with type ‘Microsoft.Windows.PowerShellAction’ and Module ID ‘ExecuteScript’
  • Edit the new created Action ‘ExecuteScript’
    • ScriptName : ClassProxyEnabler.ps1
    • ScriptBody (see below)
    • TimeoutSeconds: 60

 

Last step

Now save the management pack and import the management pack into the Management Group.

The PowerShell script (based on the script from Jonathan Almquist, stripped down the logging and  parameters ) to set the “Agent Proxy” security feature.

DO NOT FORGET to change the $ClassName to the class object that target’s your class.

##--Add SCOM snapin
Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client

##--Connect to SCOM
New-ManagementGroupConnection -ConnectionString:localhost
Set-Location ‘OperationsManagerMonitoring::’

##--Set constants
$bTF = $true
$className = "Microsoft.Windows.Cluster.Node”

##--Get the class in which you want to set Agent Proxing
$class = Get-MonitoringClass | Where {$_.Name -eq $className }

##--Get all objects in that class
$objects = Get-MonitoringObject -monitoringClass:$class

##--Create an array of BME's
$arrBME = @()
Foreach ($object in $objects)
    {
    If ($object.FullName -notcontains "Microsoft.Windows.Computer:")
        {
        Do
            {
            $parent = $object.getParentPartialMonitoringObjects()
            Foreach ($oParent in $parent) {If ($oParent.FullName -match "Microsoft.Windows.Computer") {$object = $oParent}}
            }
        Until ($object.FullName -match "Microsoft.Windows.Computer")
        $arrBME += $object.Id.ToString()
        }
    }

##--Create an array of agents to help script performance.
$agentArray = @()
Foreach ($agent in Get-Agent)
    {
    $agentArray += $agent
    }

##--Walk through the array and set Agent Proxying for each agent
Foreach ($BME in $arrBME)
    {
    $i=0
    While ($i -ne $agentArray.count)
        {
        If ($BME -eq $agentArray[$i].Id.ToString())
            {
            ##--If already set to preference, skip with message.
            If ($agentArray[$i].ProxyingEnabled.Value -ne $bTF)
                {
                $agentArray[$i].set_proxyingEnabled($bTF)
                $agentArray[$i].applyChanges()
                $i = $agentArray.count
                }
            Else
                {
                $i = $agentArray.count
                }

            }
        Else
            {
            $i+=1
        }
    }
}