Sample Script to Update FEP Service Policy
Very occasionally, you may found that an FEP policy called “FEP Service policy” gets applied instead of the policy with highest precedence.
“FEP Service Policy” is an undocumented policy. “FEP Service Policy” is not created by default when you install FEP 2010 (with or without Update Rollup 1). It is created when the last FEP policy associated with one collection is deleted. The purpose of this policy is to make sure FEP clients always have one policy applied. Upon FEP policy modification, the old advertisements/assignments related to that policy will be deleted and a new advertisement/assignment will be created. If there’s a delay between the deletion and the creation of the assignment on the CM/FEP clients, these clients will end up applying the “FEP Service Policy”.
In most cases, applying “FEP Service Policy” accidently is fine. As the correct FEP policy will be applied at the next cycle. But some customers may find it unacceptable as it means they lose control on their clients at the intermit time. Because they don’t have control on “FEP Service Policy” as it’s not shown on UI and they cannot update it. For these customers, I wrote the following script for them to configure the “FEP Service Policy”.
The usage of this script is to:
1) Run FEPServicePolicy.vbs export FEPServicePolicy.xml to export the policy file
2) Update FEPServicePolicy.xml as needed.
3) Run FEPServicePolicy.vbs import FEPServicePolicy.xml to import the updated policy file.
If the script shows there’s no “FEP Service Policy”, you can trigger the creation of “FEP Service Policy” by:
1) Create a fake collection
2) Create a FEP Policy and assign to that collection.
3) Delete that policy.
Sample Scripts:
'Usage: FEPServicePolicy <export|import> <policyfilename>
'Parse Parameters
if (WScript.arguments.count<>2) then
Wscript.echo "Usage: FEPServicePolicy <export|import> <policyfilename>"
wscript.quit
end if
Command = Wscript.arguments(0)
FileName = Wscript.arguments(1)
ProgramName = "FEP Service Policy"
Dim PackageID
Wscript.Echo "Impurt Parameters: " & Command & " " & FileName
Wscript.Echo "Connecting to SMS WMI namespace.."
Set Conn = Connect
Wscript.Echo "Getting the PackageID for the FEP Service Policy Program"
Set Programs = Conn.ExecQuery("select * from SMS_Program where ProgramName='FEP Service Policy'")
if Programs.Count <> 1 Then
Wscript.Echo "FEO Service Policy not found or instances are more than 1. Fatal Error, quit."
Wscript.quit
End If
For Each objItem In Programs
PackageID = objItem.PackageID
Wscript.Echo "Found Program. PackageID = " & PackageID
Next
if Command = "export" Then
Wscript.Echo "Export the existing FEP service Policy"
Export Conn, FileName
Wscript.quit
end if
If Command = "import" Then
Wscript.Echo "Import the FEP service Policy from file " & FileName
Import Conn, FileName
Wscript.quit
end if
Function Export(connection, exportFileName)
Dim oFilesys, oFileLog, sFilename, sPath
Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFiletxt = oFilesys.CreateTextFile(exportFileName, True)
Set FEPServicePolicyProgram = connection.Get("SMS_Program.PackageID='" & PackageID & "',ProgramName='" & ProgramName & "'")
hexarray = FEPServicePolicyProgram.ISVData
'wscript.echo UBound(hexarray)
For i = 0 To UBound(hexarray)
'oFiletxt.Write(HexToString(HEX(hexarray(i))))
oFiletxt.Write(Chr("&h" & (HEX(hexarray(i)))))
Next
oFiletxt.Close
Wscript.Echo "Export succeed"
End Function
Function Import(connection, importFileName)
Dim oFilesys, oFileLog, sFilename, sPath
Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFilereader = oFilesys.OpenTextFile(importFileName,1,False)
contents = oFilereader.ReadAll
Length = Len(contents)
'Wscript.Echo Length
dim hexarray()
ReDim hexarray(Length)
For i = 1 To Length
sub_string = Mid(contents,i,1)
'hexarray(i-1) = CInt("&h" & StringToHex(sub_string))
hexarray(i-1) = CInt("&h" & Hex(Asc(sub_string)))
'Wscript.Echo hexarray(i-1)
Next
Set FEPServicePolicyProgram = connection.Get("SMS_Program.PackageID='" & PackageID & "',ProgramName='" & ProgramName & "'")
FEPServicePolicyProgram.ISVData=hexarray
FEPServicePolicyProgram.Put_
oFilereader.Close
WScript.Echo "Import succeed"
End Function
Function Connect()
On Error Resume Next
Dim net
Dim localConnection
Dim swbemLocator
Dim swbemServices
Dim providerLoc
Dim location
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
' Connect to the server.
Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
If Err.Number<>0 Then
Wscript.Echo "Couldn't connect: " + Err.Description
Connect = null
Exit Function
End If
' Determine where the provider is and connect.
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")
For Each location In providerLoc
If location.ProviderForLocalSite = True Then
Set swbemServices = swbemLocator.ConnectServer(location.Machine, "root\sms\site_" + location.SiteCode)
If Err.Number<>0 Then
Wscript.Echo "Couldn't connect:" + Err.Description
Connect = Null
Exit Function
End If
Set Connect = swbemServices
Wscript.Echo "Successfully comment to root\sms\site_" & location.SiteCode
Exit Function
End If
Next
Set Connect = null ' Failed to connect.
End Function
-- This script is provided AS IS. Please test it out before apply to production.
Comments
- Anonymous
January 06, 2014
Hi Min Fang, you said: 2) Update FEPServicePolicy.xml as needed. Could you give more details of this step? what i need to modify actually? my current issue is we have to many "Assign FEP policy FEP Service Policy" advertisements due to the frequent policy modification. It cause we have too many clients in policy distribution pending collection. Thanks QMJ