Good morning Don.
First of all I would like to start of with saying a big thank you for your work on helping me learn and understand PowerShell. The PowerShell Nuggets helped me a lot and some other stuff (PS Summits) on YouTube was great to. Thanks to you and Jeffrey I learned a new skill and I’m now the only scripting guy in the company.
Because I didn’t know where to ask my question, as it is quite general, I post it here. I’ll try to summarize the best I can and start with describing the use case.
Our users have in MS Outlook PST-files mapped. Sometimes from the network (what we don’t want) and sometimes from a local drive on the laptop (what we prefer).
The ideal situation would be that we make an inventory first, so we check on the client where the PST-files are stored, send the local paths to the SQL database together with the host name and the SamAccountName. In a later fase we will then decide to fix this by moving them manually (service desk job) or automating it. And of course when it’s all done keep an eye on things with some kind of monitoring.
I am fully capable of writing these scripts that can do the job. We also have an SQL database running that already has some collected data stored from other PS scripts we’re running.
We use one service account for all our scripting tasks. On servers this is not an issue as we manage these in country and can manage their permissions. On clients (workstations/laptops) we don’t have permissions with our service account. So we asked group IT (of the mother company) to provide us permissions on the client for the script account. Unlucky for us, this isn’t accepted but they suggested a workaround.
The suggested workarounds for running scripts on the clients are to use the SCCM Client which is installed on all clients and configure a ‘Configuration item’ and a ‘Configuration baseline’ as shown here. This uses the SYSTEM account of the machine or the credentials from the user but it’s a lot of hassle to set up. So they came to the idea of using the SCCM Software library to deploy the script as a package.
Is this the best way to go? Because now we want to collect PST file locations but next week the boss might ask other stuff from the clients. So a flexible solution would be best. On top of this I was thinking that this might be something for DSC? I’m not really using it for the moment, but do you think that DSC is the best way to go? Regarding permissions… I just might have to give ‘domain users’ write on that one table so we can collect this info from the clients in SQL. Or is this to simple/dangerous?
Any tips you might have are really appreciated. I don’t want to start of something that isn’t thought trough properly. Thank you for your help.