I was at a clients today and came across the issue to do with Credentials for a proxy that are required to be sent as clear text. The exact tick box wording is:
- “Allow Basic Authentication (password is sent in cleartext)”
Anyway after hunting around to find a solution for SCCM 2012 and above installations, I came to the conclusion that it would be quicker to write a script to check the configuration and change if it has been removed by SCCM. This script runs as a scheduled task and I have included the XML for that also below.
The Script:
################################################################################ # Author : SCCMOG - Richie Schuster C5 # # Website : www.sccmog.com # # Usage : .\Set-WSUSCredsNonSSL # # Version : 2.7 # # Created : 2014/07/17 # # Purpose : This script was created to be run as a scheduled task to reset the # # : "Allow Basic Authentication" in the proxy server settingd of WSUS # # : as SCCM removes this setting while performaing maintanance tasks. # ################################################################################ #Connect to WSUS Configuration #Set WSUS server to connect to $wsusserver = "SCCMOG-CM-01" #Load required assemblies [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") #Connect to WSUS Remote #$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$false) #Connect to WSUS Local $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer() #$WSUS | FL * #$WSUS | Get-Member $Config = $wsus.GetConfiguration() $CurrentSetting = $Config.AllowProxyCredentialsOverNonSsl If ($CurrentSetting -ne $true){ Write-Host "Incorrect... Correcting!" -ForegroundColor Yellow $Config.AllowProxyCredentialsOverNonSsl = $true $Config.Save() Exit 0 } Else { Write-Host "Still Correct!" -ForegroundColor Green Exit 0 } ################################################################################
The Scheduled Task XML to be imported:
<?xml version="1.0" encoding="UTF-16"?> <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>2017-03-06T20:11:59.7036984</Date> <Author>LAB\SCCM-Admin</Author> </RegistrationInfo> <Triggers> <TimeTrigger> <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <StartBoundary>2017-03-06T20:13:05</StartBoundary> <Enabled>true</Enabled> </TimeTrigger> </Triggers> <Principals> <Principal id="Author"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>P3D</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Actions Context="Author"> <Exec> <Command>Powershell.exe</Command> <Arguments>-Executionpolicy Bypass -file E:\Change\ToYourLocation\Set-WSUSCredsNonSSL.ps1</Arguments> </Exec> </Actions> </Task>