Thursday, 21 December 2023

Create a MECM maintenance window using PowerShell

Introduction

There are of course many changes required on a laptop or a desktop.  We need to apply security updates or deploy a new piece of software - we may even need to run a task sequence to upgrade the operating system.  But can we control when these changes occur?  Afterall, it would be very inconvenient for a set of updates to install on a salesperson's laptop while doing a presentation.  The installation may slow the device down or force a reboot; and this can look very unprofessional indeed.

The good news is that we can create maintenance windows on collections of devices.

Creating a maintenance window without PowerShell.

If we right click on a collection in the MECM console and select Properties, we are then able to select the Maintenance Windows node.  Here I have the Maintenance Windows node of my Sales Devices collection.  As can be seen there are no maintenance windows defined, meaning that deployments can run anytime on these devices - if the users have not specified their own maintenance window in Software Center.


We can then click on the yellow asterisk (*) and configure our maintenance window for this collection of devices.

Here I have created a five hour maintenance windows for every Tuesday between 18:00 and 23:00 UTC and for Software Updates.


Clicking on OK and then Apply will ensure that software updates only occur during this time frame on this collection's devices.

Note:  Deployments still may occur outside of the maintenance windows if the deployment has overran its deployment deadline, depending on how the administrator has configured the deployment.

Create a Maintenance Window with PowerShell

Starting with MECM 2307 we are able to create maintenance windows using PowerShell.  In this exercise we shall create the above maintenance window from the PS command console.

First we open the MECM console and click on the top white down arrow in the upper left blue box.  We select the Connect via Windows PowerShell option.


If prompted with "Do you want to run software from this untrusted publisher?" select A for Always.


We use the New-CMMaintenanceWindow PowerShell cmdlet.  Here are the options for using the collection name as the input object. 

 New-CMMaintenanceWindow [-CollectionName] <string> -Name <string> -Schedule <IResultObject#SMS_ScheduleToken> [-ApplyTo    {Any | SoftwareUpdatesOnly | TaskSequencesOnly}] [-ApplyToSoftwareUpdateOnly] [-ApplyToTaskSequenceOnly] [-IsEnabled    <bool>] [-IsUtc <bool>] 

It does look rather complicated, so let's just create one by first using the new-cmschedule cmd line to define the SMS_ScheduleToken input.  To create the above schedule token we would type the following

$ScheduleMW= New-CMSchedule -DayOfWeek Tuesday -DurationCount 5 -DurationInterval Hours -start "21/12/2023 17:00"


Having created the Schedule token we can now use the New-CMMaintenanceWindow cmdlet to create the Maintenance Window on our collection.  The Maintenance Window will be similar to the Software Updates window created above, but will have a start time of 17:00 rather than 18:00.  Its name will be MW for Sales Team,

The command line is as follows:

New-CMMaintenanceWindow -CollectionName "Sales Devices" -Name "MW for Sales Team" -Schedule $ScheduleMW -ApplyTo SoftwareUpdatesOnly -IsUtc 1


As can be seen we do get a very satisfying results return indicating that our maintenance window is created.  And if we check on the properties of the collection itself, we can confirm that the new maintenance windows is created and is correct.


Conclusion

As can be seen, we do not have to rely on the MECM console interface to create a maintenance window.  We can use the New-CMMaintenanceWindow PowerShell cmdlet to create the maintenance window from a script file or from the PowerShell console.  I hope you have enjoyed this article and I wish you similar success with your own testing of the New-CMMaintenanceWindows PowerShell cmdlet.

ConfigMgr Setup and the SQL RMO error

Introduction My test rig was in need of a rebuild and being somewhat adventurous I decided to build it with Windows Server 2025 (Eval) and t...