SCCM WSUS Proxy – Allow Basic Authentication

I was at a clients today and came across the issue to do with Credentials for a proxy that are required to be sent as clear text. The exact tick box wording is:

  • “Allow Basic Authentication (password is sent in cleartext)”

Anyway after hunting around to find a solution for SCCM 2012 and above installations, I came to the conclusion that it would be quicker to write a script to check the configuration and change if it has been removed by SCCM. This script runs as a scheduled task and I have included the XML for that also below.

The Script:

################################################################################
# Author  : SCCMOG - Richie Schuster C5                                        #
# Website : www.sccmog.com                                                     #
# Usage   : .\Set-WSUSCredsNonSSL                                              #
# Version : 2.7                                                                #
# Created : 2014/07/17                                                         #
# Purpose : This script was created to be run as a scheduled task to reset the #
#         : "Allow Basic Authentication" in the proxy server settingd of WSUS  #
#         : as SCCM removes this setting while performaing maintanance tasks.  #
################################################################################


#Connect to WSUS Configuration
#Set WSUS server to connect to
$wsusserver = "SCCMOG-CM-01"

#Load required assemblies
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

#Connect to WSUS Remote
#$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$false)
#Connect to WSUS Local
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

#$WSUS | FL *
#$WSUS | Get-Member

$Config = $wsus.GetConfiguration()
$CurrentSetting = $Config.AllowProxyCredentialsOverNonSsl

If ($CurrentSetting -ne $true){
    Write-Host "Incorrect... Correcting!" -ForegroundColor Yellow
    $Config.AllowProxyCredentialsOverNonSsl = $true
    $Config.Save()
    Exit 0
    }
Else {
    Write-Host "Still Correct!" -ForegroundColor Green
    Exit 0
    }

################################################################################

The Scheduled Task XML to be imported:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2017-03-06T20:11:59.7036984</Date>
    <Author>LAB\SCCM-Admin</Author>
  </RegistrationInfo>
  <Triggers>
    <TimeTrigger>
      <Repetition>
        <Interval>PT1M</Interval>
        <StopAtDurationEnd>false</StopAtDurationEnd>
      </Repetition>
      <StartBoundary>2017-03-06T20:13:05</StartBoundary>
      <Enabled>true</Enabled>
    </TimeTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>Powershell.exe</Command>
      <Arguments>-Executionpolicy Bypass -file E:\Change\ToYourLocation\Set-WSUSCredsNonSSL.ps1</Arguments>
    </Exec>
  </Actions>
</Task>

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2016 SCCMOG | All Rights Reserved

css.php