Unified Application Management: SCCM Integration

Unified Application Management: SCCM Integration

This feature is only available in Nerdio Manager Premium edition.

Nerdio Manager’s Unified Application Management engine is able to connect to remote System Center Configuration Manager (SCCM) instances, query SCCM applications, and import these applications directly into the UAM unified catalog.

In line with our philosophy of using native Windows features wherever possible, Nerdio Manager makes use of the Azure Arc agent to manage the remote SCCM server. To learn more about Azure Arc, please refer to this article.

Supported Configurations

In the initial release, configuration manager integration for Unified Application Management has the following limitations:

  • Installers should allow for system-wide or dual-installation modes. User-based installers are not supported.

  • The primary SCCM server may be directly used as a target, however as of v5.6, Nerdio Manager now supports the use of a proxy VM which can be used to perform discovery and uploads.

Standard Prerequisites

The account used to connect to your SCCM instance requires the following permissions, at a minimum:

  • Must have read permissions on the share where the application source files are located.

  • Must be a member of "Remote management" user group on the local SCCM server.

  • Must have the "Read only analyst" role assigned in SCCM, assigned to all scopes.

To deploy SCCM applications, these must be imported into an existing private WinGet repository. Please ensure that you have a private repository created before starting this process.

If your SCCM server instance is already registered with and managed by Azure Arc, or your server is an Azure virtual machine not managed by Arc, please skip to Link the SCCM Server or the Proxy VM in Nerdio Manager.

Proxy VM Prerequisites

If using a proxy VM, this VM must have the Configuration Manager (SCCM) console installed. In addition, the permissions shown below should be set on the Primary site server:

  • The account used to connect (service account) must have Read & Execute permissions to the folder path C:\program files\Microsoft Configuration Manager on the primary site server.

  • The account used to connect (service account) must have Read permissions to the share path SMS_[Site Name] on the primary site server.

Install the Azure Arc Agent

If you are new to using Azure Arc, follow the steps below to complete your setup. The Arc agent can be installed either directly to the SCCM primary site server, or to a proxy VM with direct line of sight access to the SCCM primary site server.

Notes:

  • Generic guidance for this process can also be found here. It is recommended you familiarize yourself with the processes before proceeding.

  • Ensure that the account you use has the required roles assigned, as shown here.

  • Arc management for servers hosted in Azure is only supported for evaluation and non-production scenarios. If your SCCM server is based in Azure, we recommend you link this server directly, without using Arc. If you must use the Arc agent, please review the prerequisites located here. Ensure all are completed and the configured changes persist to avoid connectivity issues.

To install the Arc Agent:

  1. In the Azure portal, search for Azure Arc.

  2. Under the Infrastructure sub-menu, select Machines.

  3. Select the Add/Create and then select Add a machine.

  4. Under the Add a single server option, select Generate script.

  5. Select or create a resource group for the server record to be added to.

  6. Complete the server details and connectivity method.

    Note: If a proxy server or private endpoint is required to allow connectivity from the SCCM server to Azure Arc, please enter those details.

  7. Once the details are complete and the script is shown, either copy or download the script.

  8. Navigate to the SCCM server or the proxy VM to continue the process.

    Note: Ensure the script is available.

  9. Log on the SCCM server or the proxy VM using a domain account with local administrative permissions.

    Note: Ensure that you also have your Azure subscription owner credentials available for the final step in this process.

  10. Open an administrative PowerShell, or PowerShell ISE, session and run the script.

  11. The rest of the process is automated. Once complete, you should see a console output similar to the below.

  12. Upon completion, a browser window opens automatically. Please authenticate with an account that has permissions listed here at minimum.

  13. Return to the Azure Arc console > Infrastructure > Machines and verify that the machine has been successfully added and shows as connected.

    You have successfully joined your SCCM server to Azure Arc management.

Link the SCCM Server or the Proxy VM in Nerdio Manager

The next step is to link the SCCM server or the proxy VM in Nerdio Manager.

To link the SCCM server or the proxy VM in Nerdio Manager:

  1. In Nerdio Manager, navigate to Settings > Azure environment.

  2. In the Linked resource groups tile, ensure the resource group that contains your SCCM server record is linked. If it is not linked, select Link to link it.

  3. Navigate to Settings > Nerdio environment.

  4. In the Unified Application Management tile, under SCCM servers, select Link.

  5. Enter the following information:

    • Execution Mode: From the drop-down list, select either With a proxy machine or Directly on SCCM server.

    • Proxy Machine or SCCM Server: From the drop-down list, select the proxy VM or SCCM server.

    • Server FQDN: For proxy VMs, type the FQDN of the primary site server ToI which the proxy VM connects to.

    • Username: Type the domain user to name to connect to the server.

    • Password: Type the password.

    • Automatic Synchronization: Toggle this option On set a regular sync interval for your SCCM applications.

      • Time Zone: From the drop-down list, select the time zone for the Start time.

      • Start Time: From the drop-down lists, select the time to start.

      • Repeat: From the drop-down list, select the recurring schedule, if desired.

  6. Once the SCCM server is connected, navigate to Applications > SCCM.

  7. Select Load metadata.

  8. When the confirmation pop-up displays, select OK.

    Note: This task adds a script extension to the SCCM server to inventory the applications. This task takes some time to complete. You can follow its progress in the SCCM Tasks. When the task completes, discovered applications are listed in this screen.

Troubleshooting Guidance

The status of tasks can be reviewed from the following log files on the SCCM server:

  • When loading metadata: C:\Windows\Temp\NMWLogs\SccmDiscoverApps.log

  • When exporting binaries: C:\Windows\Temp\NMWLogs\SccmExportBinaries.log

Initial Connection and Metadata Export Issues

Error/Message in Log

Possible Issue(s)

Connecting to remote server localhost failed with the following error message: Access is denied.

The user credentials are incorrect.

The user has not been added to the "Remote management" user group.

CMSite disk was not found.

The user has not been granted the "Read only analyst" role in SCCM, assigned to all scopes.

Application Import Process Issues

Error/Message in Log

Possible Issue(s)

C:\Windows\TEMP\NMW-export-<Application export string> files not found.

The user does not have read permissions on the share where the application source files are located.

Access to the path '\\[Server FQDN]\SMS_[SITE]\Client' is denied.

The proxy VM cannot access site services using the credentials provided. Esure that the service account has read access to the locations specified in the Proxy VM Prerequisites section above.

Import Single File SCCM Applications

Nerdio Manager allows you to import SCCM applications.

Note: This section provides guidance for importing single file applications. If your application requires multiple files, or is installed via a PowerShell script, please refer to Import Scripted SCCM Applications.

To import SCCM applications:

  1. Navigate to Applications > Integrations.

  2. Select the SCCM tab.

  3. Locate the application you wish to work with.

  4. From the action menu, select Import.

  5. Enter the following information in the General tab:

    • Repository: From the drop-down, select the repository.

  6. Enter the following information in the File tab:

    • Mode: From the drop-down list, select the package's source.

    • SCCM Package/File/URL: Depending on the Mode, select the desired SCCM package, File, or URL.

  7. Enter the following information in the Package tab:

    • Package ID: Type the unique ID of the package.

    • Package Version: Type the package version.

    • Default Locale:  From the drop-down, select the default locale.

    • Package Name: Type the package name in the default locale.

    • Description: Type a short description of the package.

    • Publisher: Type the package's vendor.

    • License: Type the license type.

    • Tags: Optionally, type the type the Azure tag(s) to apply to the application.

  8. Enter the following information in the Installer tab:

    • Type: From the drop-down list, select the type of the installer package.

    • Platform: From the drop-down list, select the platform of the machine.

    • Product Code: Type the product code.

      Note: The product code is a GUID that is the principal identification of an application or product. For example {B8427198-E89E-4373-A24F-C1661FC3064B}. The 32-bit and 64-bit versions of an application's package must have different product codes. See this Microsoft article for more information.

    • Scope: From the drop-down list, select the installation scope.

    • Installer Locale: From the drop-down list, select the installer locale.

    • Success codes: Type one or more additional non-zero installer success exit codes, other than the known default values by the Windows Package Manager.

  9. Enter the following information in the Install switches tab:

    • Interactive: Optionally, select this option and type the argument(s) for an interactive installation.

    • Silent: Optionally, select this option and type the argument(s) for a silent installation.

    • Silent with Progress: Optionally, select this option and type the argument(s) for a silent with progress installation.

    • Install Location: Type an install location if required and supported by the installer.

    • Log: Type a log command if required and supported by the installer.

    • Upgrade: Type an upgrade command if required and supported by the installer.

    • Custom: Type any custom install arguments if required and supported by the installer.

  10. Once you have entered the desired information, select Import.

Import Scripted SCCM Applications

Nerdio Manager supports the import of scripted deployment types comprised of one or more files such as PS App Deployment Toolkit (PSADT) packages.

Notes:

  • Scripted deployments must be imported to a Shell Apps repository and managed as Shell Apps applications. For more details on the Shell Apps feature, please refer to Unified Application Management: Shell Apps Overview and Usage.

  • This feature does not support the import of detection rules. Content imported into the detection rules section must be manually edited before deployment.

To import a scripted installation package:

  1. Navigate to Applications > Integrations.

  2. Select the SCCM tab.

  3. Locate the application you wish to work with.

  4. From the action menu, select Import.

  5. Enter the following information in the General tab:

    • Repository: From the drop-down, select the Shell Apps repository.

    • Deployment type: From the drop-down, select the desired SCCM deployment.

  6. Enter the following information in the Package tab:

    • Package Name: Type the package name in the default locale.
    • Description: Type a short description of the package.

    • Publisher: Type the package's vendor.

    • Public: Be sure to leave this Off for now.

      Note: Do not enable the Public option at this point. Packages should only be made available to the unified catalog once their details have been fully validated.

  7. Enter the following information in the File tab:

    • Enable: Toggle this option On.

    • Mode: From the drop-down list, select SCCM: Export .ZIP directly to repository.

    • SCCM package files: Select all files required for the successful installation of the application.

  8. Select Start Download.

    The download runs in background.

  9. In the Detect tab, specify a detection script in the format shown within the Usage Guidance drop-down.

    Note: The content returned from SCCM in the detection tab is for reference only, and cannot be used to successfully detect the application. Please clear this information and populate with a new detections script.

  10. Once the detect script is complete and carefully reviewed, select Script is verified (required).

  11. In the Install tab, specify an install script.

  12. Once the install script is complete and carefully reviewed, select Script is verified (required).

  13. In the Uninstall tab, specify an uninstall script.

  14. Once the uninstall script is complete and carefully reviewed, select Script is verified (required).

  15. Once the package files have been downloaded, select Import to add this application to your Shell Apps repository.

    Note: Large applications may take a long time to download. You may close the pop-up and return to the application later to continue the process. Do not close the Nerdio Manager console during the import process.

  16. Once the import process has completed, open the application and navigate to the Package tab.

  17. Toggle On the Public option.

    Note: This makes the application available for deployment from the unified catalog. Ensure that the application is thoroughly tested against a test pool prior to deploying to production users.

Manage SCCM Applications

Nerdio Manager allows you to manage SCCM applications.

To manage SCCM applications:

  1. Navigate to Applications > Integrations.

  2. Select the SCCM tab.

  3. Locate the application you wish to work with.

  4. From the action menu, select the desired action:

    • View metadata: Select this option to view the application's metadata.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.