Help me understand how this works

So at work i was asked to set all our applications on SCCM 2012 SP2 to have a rule that say only install if Windows 8.1 64bit.
After some scratching around seemed no cmdlets or wmi query to get around this was to use “Microsoft.SystemsManagementServer.DesiredConfigurationManagement”. A .net class i’m guessing. Now the below has just worked. I know its not formatted and commented but as its just worked i wanted to understand more before i go through and tidy it up. I know i will need to collect all apps but i will try with a CSV file.

It does look very complicated !

$oOperands = new-object "Microsoft.ConfigurationManagement.DesiredConfigurationManagement.CustomCollection``1[[Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.RuleExpression]]"
$oOperator = [Microsoft.ConfigurationManagement.DesiredConfigurationManagement.ExpressionOperators.ExpressionOperator]::OneOf
$oOSExpression = new-object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.OperatingSystemExpression `
-ArgumentList $oOperator, $oOperands   
$oAnnotation = new-object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.Annotation     
$oAnnotation.DisplayName = new-object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.LocalizableString `
-ArgumentList "DisplayName", "Operating system One of {All Windows 8.1 (64-bit)}", $null
$oNoncomplianceSeverity = [Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.NoncomplianceSeverity]::None
$newrule = new-object "Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.Rule" -ArgumentList (
            ("Rule_" + [Guid]::NewGuid().ToString()),


$App = Get-CMApplication -Name "7-Zip"
$i = 0
$DeploymentTypeName = Get-CMDeploymentType -DeploymentTypeName "7-Zip - Local Install" -ApplicationName "7-zip"
	$AppXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($app.SDMPackageXML)

	$app.SDMPackageXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::Serialize($AppXML)

That, to me, is a very odd request. When you get Windows 10 in your environment, you’ll have to manipulate rules on all packages again. You typically set those settings on a package if the software only supports Windows 8.X. I mean if you don’t want to support anything but 8.x, then remove the SCCM client from any other OS, but that seems a bit odd too as you would want to manage all systems. Personally, I think you should post to a SCCM forum and describe what you are trying to accomplish and WHY you would want to do that. I’m sure you will get a similar response on a SCCM forum of “WHY would you do that?”.

Please explain Rob.
Odd request to help me understand the code or odd request to set all apps to only deploy to windows 8.1 ?
Its been requested, i’m just the “do-er”.

It’s odd because if you only wanted Windows 8 machines to see packages, you would use a collection that only contains Windows 8.X machines and advertise to only those machines. What you are trying to update is stipulating that every software installation can only run on a single OS, which is not how that functionality is purposed, it’s simply a pre-requisite for an individual software that will not run on Window 7 or only on 32-bit devices. Can you accomplish this with a script? Yes. Is changing this on every package\program in SCCM the right way to do what you are trying to do. I don’t think so. If I’m your manager and I tell you I read a security article that says AD accounts are not secure, I want you to delete all of them. Would you just do it? I just want you to understand that you are just causing yourself more work later. For instance, if you were using the software center and don’t like that Windows 7 can see the packages, you update your collections and advertisements to clients. So, I’m utterly curious what the actual goal is to why you would make a global change to all packages?

As far as the code is concerned, you shouldn’t need DSC to set a package rule. I’ve done similar things with WMI in SCCM to add rules to packages. I don’t know what your SCCM hierarchy is, but you typically have a top-level (root) server and SCCM replicates changes down to other sites\DP’s. You would only need to make the change on that single server. This is VBScript, but could assist you in finding a Powershell solution:

Before you do it, I would highly suggest finding out why it’s been requested and discussing solutions on an SCCM thread.

Thanks Rob, What you’re saying makes sense.
We’ve tied alot of the apps to AD groups for users and devices. This confuses things a little more.