Skip to content

Latest commit

 

History

History
97 lines (79 loc) · 8.78 KB

README.md

File metadata and controls

97 lines (79 loc) · 8.78 KB

CMAppCreator

CMAppCreator's purpose is to add applications to a MEMCM/ConfigMgr environment in a standardized way, with minimal work effort (minimize on clicking dialogs present in the full adminconsole) and through a web app GUI. (yes I am fully aware of GUI's people have made in powershell and other tools which this does not replace, only add to the eco-system and giving something back to the ConfigMgr community :) ) The idea is to be able to quickly create a first test release of an application, meaning distribute, set certain common settings and deploy to a test user collection for immediate testing if wanted. Scenarios for usage is a group responsible for managing MEMCM/ConfigMgr obviously, but also to let departments that are not comfortable using the full console experience i.e. servicedesk/helpdesk, or using it for some external party perhaps. You can even use a smartphone for doing this task due to the app being mobile friendly :) The app impersonates the calling user (except for UNC file access) so make sure RBAC is configured correctly in MEMCM/ConfigMgr.

Note: I the author have used the app in production and tested it in a few different environments but I recommend you test it in your test environment first. I have also tried to do some error handling and squash some bugs but it can probably improve..

Features overview

  • Powershell App Deployment Tool detection (sets install, uninstall and repair commands automatically when configured source folder contains the PSADT toolkit)
  • MSI integration (extracts Productkey automatically and sets detection), extracts product name, manufacturer and product version and inserts them in the GUI (also, full list of MSI properties also presented and can be viewed separately)
  • Extracts icons from EXE files if selected (for usage in software center to end users) and automatically resizes the icon to fit
  • Extracts file properties from EXE when selected and tries to pickup manufacturer, product name and version and input them automatically
  • Imports .ICO or .PNG files automatically if encountered when selecting source folders from configured UNC path for usage in software center to end users
  • Optional: Distributes application to configured DP Group, deploys to selected user collection, possible to set as interactive for deployment type, and enable repair and admin approval for deployment
  • Detection methods (MSI and powershell supported)
  • Requirements rules (disk requirement rule is automatically calculated on selected source folder and doubles it), also configures estimated execution time based on this. Primary user rule added as well
  • Possible to set administrative categories and also set one or more user categories directly
  • Sets custom security scope for the application if configured to do so
  • Search functionality (you can search ConfigManager via the search button for any existing applications based on app name field, or do a quick google search based on app name field displayed in a popup window via the search button)
  • Rudimentary logging included

Preview of the app in action below:

Supported Configurations

This app has been built to support the following versions of Microsoft Endpoint Configuration Manager:

  • Microsoft Endpoint Configuration Manager (version 1910 and up has been tested only)

Make sure that .NET Framework 4.7.2 or higher is available on the member server you intend to host this web app on. Note: The app can be deployed to another server other then the MEMCM infrastructure, since all MEMCM calls are impersonated by the calling user (with the exception of UNC file access which is handled by a required service account)

For the frontend the app is built using asp.net webforms, utilizing Bootstrap 4 for styling, jQuery for javascript and font awesome for a few icons. These are all configured against their respective CDN, so the server hosting the app requires internet connectivity. For the backend, WiX toolset SDK DLLs is used for MSI integration, and a couple of the MEMCM / ConfigMgr adminconsole DLL's utilizing the ConfigMgr SDK functionalities (DLL's not provided here you have to add them yourself from your environment)

Installation instructions

To successfully run this web app, you'll need to have IIS installed on a member server with ASP.NET enabled, .NET Framework 4.7.2 or higher and internet connectivity for downloading of Bootstrap4/jQuery/fontawesome libraries from their CDNs. Easiest way to get going is to install CMAppCreator on the same server where your Management Point role is hosted. You'll also need to have a service account for the application pool in IIS. The service account requires no rights in MEMCM/ConfigMgr, only read-access to the UNC file share for source files.

1 - Create folder structure

  • Option 1: Download the project (goto Project -> Manage Nuget Packages and then click to Restore packages), set a valid path for the referenced ConfigMgr DLLs under References in the file structure (point 3) and compile and publish the solution in Visual Studio (you can download the free version called Visual Studio Community Edition)
  • Option 2: Download the release zip file
  1. Create a folder in C:\inetpub called CMAppCreator. Inside that folder, copy the files that you published from Visual Studio (or downloaded from releases).
  2. Locate below files from your ConfigMgr admin-console installation location and copy them to C:\inetpub\CMAppCreator\bin.
  • AdminUI.AppManFoundation.dll
  • AdminUI.DcmObjectWrapper.dll
  • AdminUI.FeaturesUtilities.dll
  • AdminUI.WqlQueryEngine.dll
  • Microsoft.ConfigurationManagement.ApplicationManagement.dll
  • Microsoft.ConfigurationManagement.ApplicationManagement.MsiInstaller.dll
  • Microsoft.ConfigurationManagement.ManagementProvider.dll
  • Microsoft.ConfigurationManager.CommonBase.dll

2 - Add an Application Pool in IIS

  1. Open IIS management console, right click on Application Pools and select Add Application Pool.
  2. Enter CMAppCreator as name, select the .NET CLR version .NET CLR Version v4.0.30319 and click OK.
  3. Select the new CMAppCreator application pool and select Advanced Settings.
  4. In the Process Model section, specify the service account that will have access to the UNC file share in the Identity field and click OK.

3 - Add an Application to Default Web Site

  1. Open IIS management console, expand Sites, right click on Default Web Site and select Add Application.
  2. As for Alias, enter CMAppCreator.
  3. Select CMAppCreator as application pool.
  4. Set the physical path to C:\inetpub\CMAppCreator and click OK.

4 - Disable anonymous authentication and enable windows authentication

  1. Select CMAppCreator in IIS management console
  2. Under IIS, select Authentication
  3. Disable Anonymous Authentication and enable Windows Authentication

5 - Restrict access to specific AD group (optional)

  1. Select CMAppCreator in IIS management console
  2. Under ASP.NET, select .NET Authorization Rules
  3. Add Allow Rule
  4. Select Specified roles or user groups and enter name of AD group

6 - Enable write rights to logfile for ServiceAccount

Locate the file Eventlog.log, and make sure the service acccount has write access to it

7 - Set Application Settings

  1. Edit web.config and locate CM_App_Creator.Properties.Settings.
  2. Enter values for each application settings:
  • SiteServer The server where the SMS Provider is installed
  • SiteCode The site code of your site
  • DPGroupName DP Group you want to send content to
  • UNCPath FQDN path to your UNC file share containing source files
  • CMAppFolder Folder in ConfigMgr where to move created applications (if omitted apps are created in root folder)
  • SecurityScope A custom security scope ID (if omitted default scope is used)
  • FolderNameDetection Folder pattern (trigger) when "Set Content Path" button should be visible, i.e. if you have folders named inst_r1, inst_r2 containing the source files and so on you set the name inst_ (if omitted "Set Content Path" button is always visible except for the root folder in UNC path
  • CollectionPrefix A prefix for user collections i.e. setting it to "Test" will only display collections starting with that name (if omitted all user collections are displayed)
  • DefaultLanguage Language set for deployment type and language set in the Software Center tab, i.e en-US
  • DisplayContactAndExecutionTime Show or hide the section containing app owner, app contact and estimated execution time, valid values are True or False
  • AddBranding Enables branding for deployment type
  • BrandingText The actual text that is to be set in comments for deployment type.