I was at a clients today and came across the issue to do with Credentials for a proxy that are required to be sent as clear text. The exact tick box wording is:
- “Allow Basic Authentication (password is sent in cleartext)”
Anyway after hunting around to find a solution for SCCM 2012 and above installations, I came to the conclusion that it would be quicker to write a script to check the configuration and change if it has been removed by SCCM. This script runs as a scheduled task and I have included the XML for that also below.
The Script:
################################################################################
# Author : SCCMOG - Richie Schuster C5 #
# Website : www.sccmog.com #
# Usage : .\Set-WSUSCredsNonSSL #
# Version : 2.7 #
# Created : 2014/07/17 #
# Purpose : This script was created to be run as a scheduled task to reset the #
# : "Allow Basic Authentication" in the proxy server settingd of WSUS #
# : as SCCM removes this setting while performaing maintanance tasks. #
################################################################################
#Connect to WSUS Configuration
#Set WSUS server to connect to
$wsusserver = "SCCMOG-CM-01"
#Load required assemblies
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
#Connect to WSUS Remote
#$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$false)
#Connect to WSUS Local
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
#$WSUS | FL *
#$WSUS | Get-Member
$Config = $wsus.GetConfiguration()
$CurrentSetting = $Config.AllowProxyCredentialsOverNonSsl
If ($CurrentSetting -ne $true){
Write-Host "Incorrect... Correcting!" -ForegroundColor Yellow
$Config.AllowProxyCredentialsOverNonSsl = $true
$Config.Save()
Exit 0
}
Else {
Write-Host "Still Correct!" -ForegroundColor Green
Exit 0
}
################################################################################
The Scheduled Task XML to be imported:
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2017-03-06T20:11:59.7036984</Date>
<Author>LAB\SCCM-Admin</Author>
</RegistrationInfo>
<Triggers>
<TimeTrigger>
<Repetition>
<Interval>PT1M</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<StartBoundary>2017-03-06T20:13:05</StartBoundary>
<Enabled>true</Enabled>
</TimeTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>P3D</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>Powershell.exe</Command>
<Arguments>-Executionpolicy Bypass -file E:\Change\ToYourLocation\Set-WSUSCredsNonSSL.ps1</Arguments>
</Exec>
</Actions>
</Task>
