Enable proxy for all agents in SCOM

Enabling the proxy setting for agents in SCOM is required for several management packs to function correctly. Although enabling this option on all agents is a potential a security risk, in reality most environments are secure and consequently this action will pose little risk. You should, however, understand and be aware of the risk of spoof data entering SCOM should this option be enabled.

To enable the proxy setting for all agents in SCOM, use the PowerShell script appropriate for your version. These scripts may be scheduled and executed throughout the day to ensure that new agents have this setting enabled.

2007 R2

<#
	Enables the proxy function for all agent-managed computers.
	This script is only compatible with SCOM 2007 R2.
	To exclude a computer or list of computers, add them to $Exclusions.
#>

$Rms = "Localhost"
$Exclusions = @("")

# Initiate the SCOM snap-in.
If ((Get-PsSnapin | Where-Object {$_.Name -eq 'Microsoft.EnterpriseManagement.OperationsManager.Client'}) -eq $null)
{
	Add-PsSnapin "Microsoft.EnterpriseManagement.OperationsManager.Client" -ErrorAction "SilentlyContinue" -ErrorVariable "Err"
}
If ((Get-PsDrive | Where-Object {$_.Name -eq 'Monitoring'}) -eq $null)
{
	New-PsDrive -Name "Monitoring" -PSProvider "OperationsManagerMonitoring" -Root "\" -ErrorAction "SilentlyContinue" -ErrorVariable "Err" | Out-Null
}

# Connect to the RMS.
Set-Location "OperationsManagerMonitoring::"
New-ManagementGroupConnection -ConnectionString $Rms | Out-Null
Set-Location "Monitoring:\$Rms"

# Obtain the list of agents to which the modification is to be made, excluding $Exclusions.
$AgentProxyNotEnabled = Get-Agent | Where-Object {$_.ProxyingEnabled -match 'false'}
$AgentProxyToBeEnabled = @()
ForEach ($NotEnabled in $AgentProxyNotEnabled)
{
	If (($Exclusions -NotContains $NotEnabled.PrincipalName) -and ($AgentProxyToBeEnabled.PrincipalName -NotContains $NotEnabled.PrincipalName))
	{
		$AgentProxyToBeEnabled += (, ($NotEnabled))
	}
}

# Apply the modification.
ForEach ($AgentToBeEnabled in $AgentProxyToBeEnabled)
{
	Write-Host "Enabling the proxy on $($AgentToBeEnabled.DisplayName)..."
	$AgentToBeEnabled.ProxyingEnabled = $True
	$AgentToBeEnabled.ApplyChanges()
}

2012

<#
	Enables the proxy function for all agent-managed computers.
	This script is only compatible with SCOM 2012.
	To exclude a computer or list of computers, add them to $Exclusions.
#>

$Exclusions = @("")

# Initiate the SCOM snap-in.
Import-Module OperationsManager

# Obtain the list of agents to which the modification is to be made, excluding $Exclusions.
$AgentProxyNotEnabled = Get-ScomAgent | Where-Object {$_.ProxyingEnabled -match 'false'}
$AgentProxyToBeEnabled = @()
ForEach ($NotEnabled in $AgentProxyNotEnabled)
{
	If (($Exclusions -NotContains $NotEnabled.PrincipalName) -and ($AgentProxyToBeEnabled.PrincipalName -NotContains $NotEnabled.PrincipalName))
	{
		$AgentProxyToBeEnabled += (, ($NotEnabled))
	}
}

# Apply the modification.
$AgentProxyToBeEnabled | Enable-ScomAgentProxy

Leave a Reply

Your e-mail address will not be published. Required fields are marked *