Skip to main content

Microsoft Endpoint Configuration Manager

This Integration is part of the Microsoft Endpoint Configuration Manager Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Overview#

The configuration manager provides the overall Configuration Management (CM) infrastructure and environment to the product development team (formerly known as SCCM).

This integration was integrated and tested with version 1906 of Microsoft Endpoint Configuration Manager.

Prerequisites#

  • This integration requires root access in order to execute commands. If you configured the server to run Docker images with a non-root internal user make sure to exclude the demisto/powershell-ubuntu Docker image as documented here
  • Installation and configuration for Windows Remote Management to support a PowerShell session is a prerequisite in order to support this integration. For more information, refer to the following Microsoft article.
  • PowerShell Remote sessions are created over port 5985 (Microsoft Web service management/WinRm). This port needs to be opened from XSOAR to the hosts on the local and network firewalls.
  • Authentication is NTLM-based.
  • The integration requires a valid domain user with the permission set needed to perform the required remote tasks.
  • Configuration Manager clients must be running the client from the 1706 release, or later in order to run scripts commands.
  • The integration runs PowerShell remoting over SSH, which requires OpenSSH. For more information, refer to the following Microsoft article. In order to use the integration, you need to be able to ssh from the Cortex XSOAR / engine machine to the ECM machine.
  • To use scripts, you must be a member of the appropriate Configuration Manager security role.
  • To use the ms-ecm-script-create command, your account must have Create permissions for SMS Scripts.
  • To use the ms-ecm-script-approve command, your account must have Approve permissions for SMS Scripts.
  • To use the ms-ecm-script-invoke command, your account must have Run Script permissions for Collections.
  • To use the ms-ecm-service-stop, ms-ecm-service-start, and ms-ecm-service-restart commands, your account must have permissions to use all scripts commands

Configure Microsoft Endpoint Configuration Manager in Cortex#

ParameterDescriptionRequired
ComputerNameECM Server URL. (e.g., 192.168.64.128)True
credentialsUsername. (i.e, DOMAIN\username)True
SiteCodeECM Site Code.True

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ms-ecm-user-last-log-on#


Gets the name of the last user who logged in to a given device.

Base Command#

ms-ecm-user-last-log-on

Input#

Argument NameDescriptionRequired
device_nameThe name of a device.Required

Context Output#

PathTypeDescription
MicrosoftECM.LastLogOnUser.IPAddressesstringThe IP addresses of the device.
MicrosoftECM.LastLogOnUser.LastLogonTimestampdateThe date of the last login to the device.
MicrosoftECM.LastLogOnUser.LastLogonUserNamestringThe name of the last user who logged in to the device.
MicrosoftECM.LastLogOnUser.DeviceNamestringThe name of the device.

Command Example#

!ms-ecm-user-last-log-on device_name=EC2AMAZ-2AKQ815

Context Example#

{
"MicrosoftECM": {
"LastLogOnUser": {
"DeviceName": "EC2AMAZ-2AKQ815",
"IPAddresses": [
"2.2.2.2",
"fe80::81c5:1670:9363:a40b"
],
"LastLogonTimestamp": "2020-11-12T06:07:29Z",
"LastLogonUserName": null
}
}
}

Human Readable Output#

Last log on user on EC2AMAZ-2AKQ815#

LastLogonUserNameLastLogonTimestampDeviceNameIPAddresses
2020-11-12T06:07:29ZEC2AMAZ-2AKQ815["2.2.2.2","fe80::81c5:1670:9363:a40b"]

ms-ecm-collection-list#


Gets a Configuration Manager collection.

Base Command#

ms-ecm-collection-list

Input#

Argument NameDescriptionRequired
collection_typeA type for the collection. Valid values are: "User" and "Device."Required
collection_idA collection ID. If you do not specify a collection, all collections in the hierarchy are returned. (You can retrieve the collection ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameA collection name. If you do not specify a collection, all collections in the hierarchy are returned. (You can retrieve the collection name via !ms-ecm-collection-list collection_type="Device")Optional

Context Output#

PathTypeDescription
MicrosoftECM.Collections.NamestringThe collection name.
MicrosoftECM.Collections.IDstringUnique auto-generated ID containing eight characters.
MicrosoftECM.Collections.TypestringThe type of the collection.
MicrosoftECM.Collections.CommentstringGeneral comment or note that documents the collection.
MicrosoftECM.Collections.CurrentStatusstringCurrent status of the collection.
MicrosoftECM.Collections.HasProvisionedMemberbooleanWhether this collection has provisioned members.
MicrosoftECM.Collections.IncludeExcludeCollectionsCountnumberThe number of collections that are included and excluded in this collection.
MicrosoftECM.Collections.IsBuiltInbooleanWhether the collection is built-in.
MicrosoftECM.Collections.IsReferenceCollectionbooleanWhether the collection is not limited by another collection.
MicrosoftECM.Collections.LastChangeTimedateDate and time of when the collection was last modified in any way.
MicrosoftECM.Collections.LastMemberChangeTimedateDate and time of when the collection membership was last modified.
MicrosoftECM.Collections.LastRefreshTimedateDate and time of when the collection membership was last refreshed.
MicrosoftECM.Collections.LimitToCollectionIDstringThe ID of the collection to limit the query results to.
MicrosoftECM.Collections.LimitToCollectionNamestringThe name of the collection to limit the query results to.
MicrosoftECM.Collections.LocalMemberCountnumberThe number of members visible at the local site.
MicrosoftECM.Collections.MemberClassNamestringName of the class having instances that are the members of the collection.
MicrosoftECM.Collections.MemberCountnumberThe number of collection members.
MicrosoftECM.Collections.UseClusterbooleanWhether this collection is a server group.
MicrosoftECM.Collections.CollectionRulesstringName of the defining membership criteria for the collection.

Command Example#

!ms-ecm-collection-list collection_name="All Systems" collection_type=Device

Context Example#

{
"MicrosoftECM": {
"Collections": {
"CollectionRules": [
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select * from sms_r_system\";\n\tQueryID = 1;\n\tRuleName = \"All Systems\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_UNKNOWNSYSTEM.ResourceID,SMS_R_UNKNOWNSYSTEM.ResourceType,SMS_R_UNKNOWNSYSTEM.Name,SMS_R_UNKNOWNSYSTEM.Name,SMS_R_UNKNOWNSYSTEM.Name from SMS_R_UnknownSystem\";\n\tQueryID = 2;\n\tRuleName = \"All Unknown Computers\";\n};\n"
],
"Comment": "All Systems",
"CurrentStatus": "READY",
"HasProvisionedMember": "True",
"ID": "SMS00001",
"IncludeExcludeCollectionsCount": "0",
"IsBuiltIn": "True",
"IsReferenceCollection": "True",
"LastChangeTime": "2019-04-17T14:07:58Z",
"LastMemberChangeTime": "2020-11-01T21:49:33Z",
"LastRefreshTime": "2020-11-19T04:00:19Z",
"LimitToCollectionID": "",
"LimitToCollectionName": "",
"LocalMemberCount": "5",
"MemberClassName": "SMS_CM_RES_COLL_SMS00001",
"MemberCount": "5",
"Name": "All Systems",
"Type": "Device",
"UseCluster": "False"
}
}
}

Human Readable Output#

Collection List#

CommentLastMemberChangeTimeLimitToCollectionNameHasProvisionedMemberLocalMemberCountIsBuiltInIsReferenceCollectionTypeCollectionRulesMemberCountMemberClassNameNameIDIncludeExcludeCollectionsCountUseClusterLastChangeTimeLimitToCollectionIDCurrentStatusLastRefreshTime
All Systems2020-11-01T21:49:33ZTrue5TrueTrueDevice
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select * from sms_r_system";
QueryID = 1;
RuleName = "All Systems";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_UNKNOWNSYSTEM.ResourceID,SMS_R_UNKNOWNSYSTEM.ResourceType,SMS_R_UNKNOWNSYSTEM.Name,SMS_R_UNKNOWNSYSTEM.Name,SMS_R_UNKNOWNSYSTEM.Name from SMS_R_UnknownSystem";
QueryID = 2;
RuleName = "All Unknown Computers";
};
5SMS_CM_RES_COLL_SMS00001All SystemsSMS000010False2019-04-17T14:07:58ZREADY2020-11-19T04:00:19Z

ms-ecm-device-list#


Lists a Configuration Manager device.

Base Command#

ms-ecm-device-list

Input#

Argument NameDescriptionRequired
collection_idSpecifies an ID for a device collection (You can retrieve the collection ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameSpecifies the name of a device collection (You can retrieve the collection name via !ms-ecm-collection-list collection_type="Device".)Optional
limitThe maximum number of devices to be returned. Default is "100".Optional

Context Output#

PathTypeDescription
MicrosoftECM.Devices.NamestringThe name of the device.
MicrosoftECM.Devices.ResourceIDnumberUnique Configuration Manager-supplied ID for the resource.

Command Example#

!ms-ecm-device-list collection_name="All Systems" limit=1

Context Example#

{
"MicrosoftECM": {
"Devices": {
"DeviceName": "EC2AMAZ-2AKQ815",
"ResourceID": 16777220
}
}
}

Human Readable Output#

Devices List#

DeviceNameResourceID
EC2AMAZ-2AKQ81516777220

ms-ecm-script-list#


Gets Configuration Manager PowerShell scripts.

Base Command#

ms-ecm-script-list

Input#

Argument NameDescriptionRequired
authorThe author of the script. (You can retrieve the name of the author of the script via the !ms-ecm-script-list command.)Optional
script_nameThe script name. (You can retrieve the script name via the !ms-ecm-script-list command.)Optional

Context Output#

PathTypeDescription
MicrosoftECM.Scripts.ApprovalStatestringThe approval state of the script.
MicrosoftECM.Scripts.ApproverstringThe approver of the script.
MicrosoftECM.Scripts.AuthorstringThe author of the script.
MicrosoftECM.Scripts.CommentstringA short comment about the script.
MicrosoftECM.Scripts.LastUpdateTimedateDate of the last script update.
MicrosoftECM.Scripts.ParameterliststringThe parameter list of the script.
MicrosoftECM.Scripts.ScriptstringThe code of the script.
MicrosoftECM.Scripts.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.Scripts.ScriptHashstringThe hash of the script.
MicrosoftECM.Scripts.ScriptHashAlgorithmstringThe algorithm with which the script hash was generated.
MicrosoftECM.Scripts.ScriptNamestringThe name of the script.
MicrosoftECM.Scripts.ScriptTypestringThe type of the script.
MicrosoftECM.Scripts.ScriptVersionnumberThe version of the script.

Command Example#

!ms-ecm-script-list script_name="XSOAR StartService"

Context Example#

{
"MicrosoftECM": {
"Scripts": {
"ApprovalState": "Approved",
"Approver": "DEMISTO\\sccmadmin",
"Author": "DEMISTO\\sccmadmin",
"Comment": "XSOAR StartService script",
"LastUpdateTime": "2020-11-19T14:28:36Z",
"Parameterlist": null,
"Script": "\ufffd\ufffdGet-Service 'dnscache' -ErrorAction Stop | Start-Service -PassThru -ErrorAction Stop",
"ScriptGuid": "1984C9F9-7DCE-4191-AE20-B21281CB635B",
"ScriptHash": "C19588A7660DF68072866BDFA37FE558A55DC350FD3BB0977245199CD4264752",
"ScriptHashAlgorithm": "SHA256",
"ScriptName": "XSOAR StartService",
"ScriptType": 0,
"ScriptVersion": "1"
}
}
}

Human Readable Output#

Scripts List#

ScriptHashScriptParameterlistScriptHashAlgorithmScriptGuidCommentApprovalStateScriptTypeScriptVersionLastUpdateTimeScriptNameAuthorApprover
C19588A7660DF68072866BDFA37FE558A55DC350FD3BB0977245199CD4264752��Get-Service 'dnscache' -ErrorAction Stop | Start-Service -PassThru -ErrorAction StopSHA2561984C9F9-7DCE-4191-AE20-B21281CB635BXSOAR StartService scriptApproved012020-11-19T14:28:36ZXSOAR StartServiceDEMISTO\sccmadminDEMISTO\sccmadmin

ms-ecm-script-create#


Creates a new Powershell script.

Base Command#

ms-ecm-script-create

Input#

Argument NameDescriptionRequired
script_file_entry_idThe entry ID of the script file.Optional
script_textThe text of the string.Optional
script_nameThe name of the script.Required

Context Output#

PathTypeDescription
MicrosoftECM.Scripts.ApprovalStatestringThe approval state of the script.
MicrosoftECM.Scripts.ApproverstringThe approver of the script.
MicrosoftECM.Scripts.AuthorstringThe author of the script.
MicrosoftECM.Scripts.CommentstringA short comment about the script.
MicrosoftECM.Scripts.LastUpdateTimedateDate of the last script update.
MicrosoftECM.Scripts.ParameterliststringThe parameter list of the script.
MicrosoftECM.Scripts.ScriptstringThe code of the script.
MicrosoftECM.Scripts.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.Scripts.ScriptHashstringThe hash of the script.
MicrosoftECM.Scripts.ScriptHashAlgorithmstringThe algorithm with which the script hash was generated.
MicrosoftECM.Scripts.ScriptNamestringThe name of the script.
MicrosoftECM.Scripts.ScriptTypestringThe type of the script.
MicrosoftECM.Scripts.ScriptVersionnumberThe version of the script.

Command Example#

!ms-ecm-script-create script_name="My new script" script_text="$PSVersionTable"

Context Example#

{
"MicrosoftECM": {
"Scripts": {
"ApprovalState": "Waiting for approval",
"Approver": "",
"Author": "DEMISTO\\sccmadmin",
"Comment": "",
"LastUpdateTime": "2020-11-19T14:50:44Z",
"Parameterlist": null,
"Script": "\ufffd\ufffd$PSVersionTable",
"ScriptGuid": "91B1B3C9-D6C5-4096-A24D-24838F8646C5",
"ScriptHash": "CE09E98D654CF613A0D219B744B56392E8356430534F309F715960E45A1417F8",
"ScriptHashAlgorithm": "SHA256",
"ScriptName": "My new script",
"ScriptType": 0,
"ScriptVersion": "1"
}
}
}

Human Readable Output#

Scripts List#

CommentParameterlistScriptHashAlgorithmScriptApproverAuthorScriptNameScriptHashLastUpdateTimeScriptVersionApprovalStateScriptGuidScriptType
SHA256��$PSVersionTableDEMISTO\sccmadminMy new scriptCE09E98D654CF613A0D219B744B56392E8356430534F309F715960E45A1417F82020-11-19T14:50:44Z1Waiting for approval91B1B3C9-D6C5-4096-A24D-24838F8646C50

ms-ecm-script-invoke#


Invokes a script in the Configuration Manager.

Base Command#

ms-ecm-script-invoke

Input#

Argument NameDescriptionRequired
script_guidThe script ID. (You can retrieve the script ID via the via !ms-ecm-script-list command.)Required
collection_idThe collection ID. (You can retrieve the collection ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe collection name. (You can retrieve the collection name via !ms-ecm-collection-list collection_type="Device".)Optional
device_nameA device name in Configuration Manager.Optional
poll_resultsWhether to poll for the script invocation results. Default is "false".Optional
timeoutThe timeout in seconds to poll for invocation results. Default is "30".Optional

Context Output#

PathTypeDescription
MicrosoftECM.ScriptsInvocationResults.OperationIdnumberThe script invocation operation ID.
MicrosoftECM.ScriptsInvocationResults.CollectionIdstringThe collection ID of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.CollectionNamestringThe collection name of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.DeviceNamestringThe name of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.ResourceIdnumberThe resource ID of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.LastUpdateTimedateThe last time the invocation result object was updated.
MicrosoftECM.ScriptsInvocationResults.ScriptExecutionStatestringThe state of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptExitCodenumberThe exit code of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptLastModifiedDatedateThe date of the script's last modification.
MicrosoftECM.ScriptsInvocationResults.ScriptNamestringThe name of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputstringThe output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputHashstringThe hash of the output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptVersionnumberThe version of the script when it was invoked.
MicrosoftECM.ScriptsInvocationResults.TaskIDstringThe unique identifier of the invocation.

Command Example#

!ms-ecm-script-invoke script_guid=394EDB29-5D89-4B9B-9745-A1F6DC8214E2 collection_name="All Systems" poll_results=true

Context Example#

{
"MicrosoftECM": {
"ScriptsInvocationResults": [
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-PHPTDJV",
"LastUpdateTime": "2020-11-19T14:51:20Z",
"OperationId": 16777872,
"ResourceId": 16777221,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "394EDB29-5D89-4B9B-9745-A1F6DC8214E2",
"ScriptLastModifiedDate": "2020-09-24T14:29:14Z",
"ScriptName": "Itay",
"ScriptOutput": "{\"PSVersion\":{\"Major\":5,\"Minor\":1,\"Build\":14393,\"Revision\":2828,\"MajorRevision\":0,\"MinorRevision\":2828},\"PSEdition\":\"Desktop\",\"PSCompatibleVersions\":[{\"Major\":1,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":2,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":3,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":4,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":5,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":5,\"Minor\":1,\"Build\":14393,\"Revision\":2828,\"MajorRevision\":0,\"MinorRevision\":2828}],\"BuildVersion\":{\"Major\":10,\"Minor\":0,\"Build\":14393,\"Revision\":2828,\"MajorRevision\":0,\"MinorRevision\":2828},\"CLRVersion\":{\"Major\":4,\"Minor\":0,\"Build\":30319,\"Revision\":42000,\"MajorRevision\":0,\"MinorRevision\":-23536},\"WSManStackVersion\":{\"Major\":3,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"PSRemotingProtocolVersion\":{\"Major\":2,\"Minor\":3,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"SerializationVersion\":{\"Major\":1,\"Minor\":1,\"Build\":0,\"Revision\":1,\"MajorRevision\":0,\"MinorRevision\":1}}",
"ScriptOutputHash": "EF8CDB402162E39E41C92FB87B8C54F8D3E5E8805ABC58E5BE6E31DBE94378CB",
"ScriptVersion": "1",
"TaskID": "{111F6FAA-5D5A-4693-9670-0A0184EC8766}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-TB8VCPN",
"LastUpdateTime": "2020-11-19T14:51:20Z",
"OperationId": 16777872,
"ResourceId": 16777222,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "394EDB29-5D89-4B9B-9745-A1F6DC8214E2",
"ScriptLastModifiedDate": "2020-09-24T14:29:14Z",
"ScriptName": "Itay",
"ScriptOutput": "{\"PSVersion\":{\"Major\":5,\"Minor\":1,\"Build\":14393,\"Revision\":2608,\"MajorRevision\":0,\"MinorRevision\":2608},\"PSEdition\":\"Desktop\",\"PSCompatibleVersions\":[{\"Major\":1,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":2,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":3,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":4,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":5,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":5,\"Minor\":1,\"Build\":14393,\"Revision\":2608,\"MajorRevision\":0,\"MinorRevision\":2608}],\"BuildVersion\":{\"Major\":10,\"Minor\":0,\"Build\":14393,\"Revision\":2608,\"MajorRevision\":0,\"MinorRevision\":2608},\"CLRVersion\":{\"Major\":4,\"Minor\":0,\"Build\":30319,\"Revision\":42000,\"MajorRevision\":0,\"MinorRevision\":-23536},\"WSManStackVersion\":{\"Major\":3,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"PSRemotingProtocolVersion\":{\"Major\":2,\"Minor\":3,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"SerializationVersion\":{\"Major\":1,\"Minor\":1,\"Build\":0,\"Revision\":1,\"MajorRevision\":0,\"MinorRevision\":1}}",
"ScriptOutputHash": "ADC6BF52B8EA29483BAB196925A0D52A2703A7386E289BBF6AA70E108399DA0F",
"ScriptVersion": "1",
"TaskID": "{111F6FAA-5D5A-4693-9670-0A0184EC8766}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-2AKQ815",
"LastUpdateTime": "2020-11-19T14:51:20Z",
"OperationId": 16777872,
"ResourceId": 16777220,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "394EDB29-5D89-4B9B-9745-A1F6DC8214E2",
"ScriptLastModifiedDate": "2020-09-24T14:29:14Z",
"ScriptName": "Itay",
"ScriptOutput": "{\"PSVersion\":{\"Major\":5,\"Minor\":1,\"Build\":14393,\"Revision\":2969,\"MajorRevision\":0,\"MinorRevision\":2969},\"PSEdition\":\"Desktop\",\"PSCompatibleVersions\":[{\"Major\":1,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":2,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":3,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":4,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":5,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},{\"Major\":5,\"Minor\":1,\"Build\":14393,\"Revision\":2969,\"MajorRevision\":0,\"MinorRevision\":2969}],\"BuildVersion\":{\"Major\":10,\"Minor\":0,\"Build\":14393,\"Revision\":2969,\"MajorRevision\":0,\"MinorRevision\":2969},\"CLRVersion\":{\"Major\":4,\"Minor\":0,\"Build\":30319,\"Revision\":42000,\"MajorRevision\":0,\"MinorRevision\":-23536},\"WSManStackVersion\":{\"Major\":3,\"Minor\":0,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"PSRemotingProtocolVersion\":{\"Major\":2,\"Minor\":3,\"Build\":-1,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"SerializationVersion\":{\"Major\":1,\"Minor\":1,\"Build\":0,\"Revision\":1,\"MajorRevision\":0,\"MinorRevision\":1}}",
"ScriptOutputHash": "7E59C0C20E04A920734651297E46C7E7C0284E41B69B4E4DC3888D1767BA807D",
"ScriptVersion": "1",
"TaskID": "{111F6FAA-5D5A-4693-9670-0A0184EC8766}"
}
]
}
}

Human Readable Output#

Script Invocation Results#

CollectionNameScriptExitCodeOperationIdScriptGuidLastUpdateTimeScriptOutputHashTaskIDScriptVersionScriptExecutionStateScriptOutputScriptNameScriptLastModifiedDateDeviceNameResourceIdCollectionId
All Systems016777872394EDB29-5D89-4B9B-9745-A1F6DC8214E22020-11-19T14:51:20ZEF8CDB402162E39E41C92FB87B8C54F8D3E5E8805ABC58E5BE6E31DBE94378CB{111F6FAA-5D5A-4693-9670-0A0184EC8766}1Succeeded{"PSVersion":{"Major":5,"Minor":1,"Build":14393,"Revision":2828,"MajorRevision":0,"MinorRevision":2828},"PSEdition":"Desktop","PSCompatibleVersions":[{"Major":1,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":2,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":3,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":4,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":5,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":5,"Minor":1,"Build":14393,"Revision":2828,"MajorRevision":0,"MinorRevision":2828}],"BuildVersion":{"Major":10,"Minor":0,"Build":14393,"Revision":2828,"MajorRevision":0,"MinorRevision":2828},"CLRVersion":{"Major":4,"Minor":0,"Build":30319,"Revision":42000,"MajorRevision":0,"MinorRevision":-23536},"WSManStackVersion":{"Major":3,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},"PSRemotingProtocolVersion":{"Major":2,"Minor":3,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},"SerializationVersion":{"Major":1,"Minor":1,"Build":0,"Revision":1,"MajorRevision":0,"MinorRevision":1}}Itay2020-09-24T14:29:14ZEC2AMAZ-PHPTDJV16777221SMS00001
All Systems016777872394EDB29-5D89-4B9B-9745-A1F6DC8214E22020-11-19T14:51:20ZADC6BF52B8EA29483BAB196925A0D52A2703A7386E289BBF6AA70E108399DA0F{111F6FAA-5D5A-4693-9670-0A0184EC8766}1Succeeded{"PSVersion":{"Major":5,"Minor":1,"Build":14393,"Revision":2608,"MajorRevision":0,"MinorRevision":2608},"PSEdition":"Desktop","PSCompatibleVersions":[{"Major":1,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":2,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":3,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":4,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":5,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":5,"Minor":1,"Build":14393,"Revision":2608,"MajorRevision":0,"MinorRevision":2608}],"BuildVersion":{"Major":10,"Minor":0,"Build":14393,"Revision":2608,"MajorRevision":0,"MinorRevision":2608},"CLRVersion":{"Major":4,"Minor":0,"Build":30319,"Revision":42000,"MajorRevision":0,"MinorRevision":-23536},"WSManStackVersion":{"Major":3,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},"PSRemotingProtocolVersion":{"Major":2,"Minor":3,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},"SerializationVersion":{"Major":1,"Minor":1,"Build":0,"Revision":1,"MajorRevision":0,"MinorRevision":1}}Itay2020-09-24T14:29:14ZEC2AMAZ-TB8VCPN16777222SMS00001
All Systems016777872394EDB29-5D89-4B9B-9745-A1F6DC8214E22020-11-19T14:51:20Z7E59C0C20E04A920734651297E46C7E7C0284E41B69B4E4DC3888D1767BA807D{111F6FAA-5D5A-4693-9670-0A0184EC8766}1Succeeded{"PSVersion":{"Major":5,"Minor":1,"Build":14393,"Revision":2969,"MajorRevision":0,"MinorRevision":2969},"PSEdition":"Desktop","PSCompatibleVersions":[{"Major":1,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":2,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":3,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":4,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":5,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},{"Major":5,"Minor":1,"Build":14393,"Revision":2969,"MajorRevision":0,"MinorRevision":2969}],"BuildVersion":{"Major":10,"Minor":0,"Build":14393,"Revision":2969,"MajorRevision":0,"MinorRevision":2969},"CLRVersion":{"Major":4,"Minor":0,"Build":30319,"Revision":42000,"MajorRevision":0,"MinorRevision":-23536},"WSManStackVersion":{"Major":3,"Minor":0,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},"PSRemotingProtocolVersion":{"Major":2,"Minor":3,"Build":-1,"Revision":-1,"MajorRevision":-1,"MinorRevision":-1},"SerializationVersion":{"Major":1,"Minor":1,"Build":0,"Revision":1,"MajorRevision":0,"MinorRevision":1}}Itay2020-09-24T14:29:14ZEC2AMAZ-2AKQ81516777220SMS00001

ms-ecm-script-approve#


Approves a Configuration Manager PowerShell script.

Base Command#

ms-ecm-script-approve

Input#

Argument NameDescriptionRequired
commentA comment about the approval of the script.Required
script_guidSpecifies the script ID. (You can retrieve the script ID via the !ms-ecm-script-list command.)Required

Context Output#

There is no context output for this command.

Command Example#

!ms-ecm-script-approve comment="Some comment" script_guid=394EDB29-5D89-4B9B-9745-A1F6DC8214E2

Human Readable Output#

Script was approved successfully#

ms-ecm-device-collection-create#


Creates a Configuration Manager collection.

Base Command#

ms-ecm-device-collection-create

Input#

Argument NameDescriptionRequired
commentA comment for the collection.Required
collection_nameA name for the collection.Required
limiting_collection_nameThe name of a collection to use as a scope for this collection (You can retrieve the name of the collection via !ms-ecm-collection-list collection_type="Device".)Required

Context Output#

PathTypeDescription
MicrosoftECM.Collections.NamestringThe collection name.
MicrosoftECM.Collections.IDstringUnique auto-generated ID containing eight characters.
MicrosoftECM.Collections.TypestringThe type of the collection.
MicrosoftECM.Collections.CommentstringGeneral comment or note that documents the collection.
MicrosoftECM.Collections.CurrentStatusstringCurrent status of the collection.
MicrosoftECM.Collections.HasProvisionedMemberbooleanWhether this collection has provisioned members.
MicrosoftECM.Collections.IncludeExcludeCollectionsCountnumberThe number of collections that are included and excluded with this collection.
MicrosoftECM.Collections.IsBuiltInbooleanWhether the collection is built-in.
MicrosoftECM.Collections.IsReferenceCollectionbooleanWhether the collection is not limited by another collection.
MicrosoftECM.Collections.LastChangeTimedateDate and time of when the collection was last altered in any way.
MicrosoftECM.Collections.LastMemberChangeTimedateDate and time of when the collection membership was last modified.
MicrosoftECM.Collections.LastRefreshTimedateDate and time of when the collection membership was last refreshed.
MicrosoftECM.Collections.LimitToCollectionIDstringThe ID of the collection to limit the query results to.
MicrosoftECM.Collections.LimitToCollectionNamestringThe name of the collection to limit the query results to.
MicrosoftECM.Collections.LocalMemberCountnumberThe number of members visible at the local site.
MicrosoftECM.Collections.MemberClassNamestringClass name having instances that are the members of the collection.
MicrosoftECM.Collections.MemberCountnumberThe number of collection members.
MicrosoftECM.Collections.UseClusterbooleanWhether this collection is a server group.
MicrosoftECM.Collections.CollectionRulesstringName of the defining membership criteria for the collection.

Command Example#

!ms-ecm-device-collection-create collection_name="my new collection name" comment="my collection comment" limiting_collection_name="All Systems"

Context Example#

{
"MicrosoftECM": {
"Collections": {
"CollectionRules": [
""
],
"Comment": "my collection comment",
"CurrentStatus": null,
"HasProvisionedMember": "False",
"ID": "ISR0001F",
"IncludeExcludeCollectionsCount": "0",
"IsBuiltIn": "False",
"IsReferenceCollection": "False",
"LastChangeTime": "2020-11-29T15:09:46Z",
"LastMemberChangeTime": "1980-00-01T00:01:00Z",
"LastRefreshTime": "1980-00-01T00:01:00Z",
"LimitToCollectionID": "SMS00001",
"LimitToCollectionName": "All Systems",
"LocalMemberCount": "0",
"MemberClassName": "SMS_CM_RES_COLL_ISR0001F",
"MemberCount": "0",
"Name": "my new collection name",
"Type": null,
"UseCluster": "False"
}
}
}

Human Readable Output#

Collection List#

NameIDTypeCommentCurrentStatusCollectionRulesHasProvisionedMemberIncludeExcludeCollectionsCountIsBuiltInIsReferenceCollectionLastChangeTimeLastMemberChangeTimeLastRefreshTimeLimitToCollectionIDLimitToCollectionNameLocalMemberCountMemberClassNameMemberCountUseCluster
my new collection nameISR0001Fmy collection commentFalse0FalseFalse2020-11-29T15:09:46Z1980-00-01T00:01:00Z1980-00-01T00:01:00ZSMS00001All Systems0SMS_CM_RES_COLL_ISR0001F0False

ms-ecm-device-collection-members-add#


Adds a direct rule membership to a device collection.

Base Command#

ms-ecm-device-collection-members-add

Input#

Argument NameDescriptionRequired
collection_idThe ID of a device collection. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of a device collection. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
device_resource_idsA comma-separated list of device resource IDs. (You can retrieve the device resource IDs via the !ms-ecm-device-list command.)Required

Context Output#

PathTypeDescription
MicrosoftECM.Collections.NamestringThe collection name.
MicrosoftECM.Collections.IDstringUnique auto-generated ID containing eight characters.
MicrosoftECM.Collections.TypestringThe type of the collection.
MicrosoftECM.Collections.CommentstringGeneral comment or note that documents the collection.
MicrosoftECM.Collections.CurrentStatusstringCurrent status of the collection.
MicrosoftECM.Collections.HasProvisionedMemberbooleanWhether the collection has provisioned members.
MicrosoftECM.Collections.IncludeExcludeCollectionsCountnumberThe number of collections that are included and excluded with this collection.
MicrosoftECM.Collections.IsBuiltInbooleanWhether the collection is built-in.
MicrosoftECM.Collections.IsReferenceCollectionbooleanWhether the collection is not limited by another collection.
MicrosoftECM.Collections.LastChangeTimedateDate and time of when the collection was last modified in any way.
MicrosoftECM.Collections.LastMemberChangeTimedateDate and time of when the collection membership was last modified.
MicrosoftECM.Collections.LastRefreshTimedateDate and time of when the collection membership was last refreshed.
MicrosoftECM.Collections.LimitToCollectionIDstringThe ID of the collection to limit the query results to.
MicrosoftECM.Collections.LimitToCollectionNamestringThe name of the collection to limit the query results to.
MicrosoftECM.Collections.LocalMemberCountnumberThe number of members visible at the local site.
MicrosoftECM.Collections.MemberClassNamestringClass name having instances that are the members of the collection.
MicrosoftECM.Collections.MemberCountnumberThe number of collection members.
MicrosoftECM.Collections.UseClusterbooleanA comma-separated list of resource IDs, e.g., 0001,0002.
MicrosoftECM.Collections.CollectionRulesstringName of the defining membership criteria for the collection.

Command Example#

!ms-ecm-device-collection-members-add device_resource_ids=16777220 collection_name="my new collection name"

Context Example#

{
"MicrosoftECM": {
"Collections": {
"CollectionRules": [
"\ninstance of SMS_CollectionRuleDirect\n{\n\tResourceClassName = \"SMS_R_System\";\n\tResourceID = 16777220;\n\tRuleName = \"EC2AMAZ-2AKQ815\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 3;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 2;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 1;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleExcludeCollection\n{\n\tExcludeCollectionID = \"ISR00020\";\n\tRuleName = \"Test\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 5;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 4;\n\tRuleName = \"new Rule\";\n};\n"
],
"Comment": "my collection comment",
"CurrentStatus": "READY",
"HasProvisionedMember": "True",
"ID": "ISR00068",
"IncludeExcludeCollectionsCount": "1",
"IsBuiltIn": "False",
"IsReferenceCollection": "False",
"LastChangeTime": "2020-11-19T14:25:59Z",
"LastMemberChangeTime": "2020-11-09T14:21:06Z",
"LastRefreshTime": "2020-11-19T14:26:13Z",
"LimitToCollectionID": "SMS00001",
"LimitToCollectionName": "All Systems",
"LocalMemberCount": "2",
"MemberClassName": "SMS_CM_RES_COLL_ISR00068",
"MemberCount": "2",
"Name": "my new collection name",
"Type": "Device",
"UseCluster": "False"
}
}
}

Human Readable Output#

WARNING: The specified resource ID '16777220' is already existing in rules.

ms-ecm-device-collection-include#


Adds an include collections membership rule to a device collection.

Base Command#

ms-ecm-device-collection-include

Input#

Argument NameDescriptionRequired
collection_idThe ID of a device collection. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of a device collection. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
include_collection_idThe ID of a device collection to include in the membership rule. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
include_collection_nameThe name of a device collection to include in the membership rule. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional

Context Output#

PathTypeDescription
MicrosoftECM.Collections.NamestringThe collection name.
MicrosoftECM.Collections.IDstringUnique auto-generated ID containing eight characters.
MicrosoftECM.Collections.TypestringThe type of the collection.
MicrosoftECM.Collections.CommentstringGeneral comment or note that documents the collection.
MicrosoftECM.Collections.CurrentStatusstringCurrent status of the collection.
MicrosoftECM.Collections.HasProvisionedMemberbooleanWhether this collection has provisioned members.
MicrosoftECM.Collections.IncludeExcludeCollectionsCountnumberThe number of collections that are included and excluded with this collection.
MicrosoftECM.Collections.IsBuiltInbooleanWhether the collection is built-in.
MicrosoftECM.Collections.IsReferenceCollectionbooleanWhether the collection is not limited by another collection.
MicrosoftECM.Collections.LastChangeTimedateDate and time of when the collection was last modified in any way.
MicrosoftECM.Collections.LastMemberChangeTimedateDate and time of when the collection membership was last modified.
MicrosoftECM.Collections.LastRefreshTimedateDate and time of when the collection membership was last refreshed.
MicrosoftECM.Collections.LimitToCollectionIDstringThe ID of the collection to limit the query results to.
MicrosoftECM.Collections.LimitToCollectionNamestringThe name of the collection to limit the query results to.
MicrosoftECM.Collections.LocalMemberCountnumberThe number of members visible at the local site.
MicrosoftECM.Collections.MemberClassNamestringClass name having instances that are the members of the collection.
MicrosoftECM.Collections.MemberCountnumberThe number of collection members.
MicrosoftECM.Collections.UseClusterbooleanA comma-separated list of resource IDs, e.g., 0001,0002.
MicrosoftECM.Collections.CollectionRulesstringName of the defining membership criteria for the collection.

Command Example#

!ms-ecm-device-collection-include collection_name="my new collection name" exclude_collection_name="Test"

ms-ecm-device-collection-exclude#


Adds an exclude membership rule to one or more Configuration Manager device collections.

Base Command#

ms-ecm-device-collection-exclude

Input#

Argument NameDescriptionRequired
collection_idThe ID of a device collection. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of a device collection. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
exclude_collection_idThe ID of a device collection to exclude from the membership rule. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
exclude_collection_nameThe name of a device collection to exclude from the membership rule. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional

Context Output#

PathTypeDescription
MicrosoftECM.Collections.NamestringThe collection name.
MicrosoftECM.Collections.IDstringUnique auto-generated ID containing eight characters.
MicrosoftECM.Collections.TypestringThe type of the collection.
MicrosoftECM.Collections.CommentstringGeneral comment or note that documents the collection.
MicrosoftECM.Collections.CurrentStatusstringCurrent status of the collection.
MicrosoftECM.Collections.HasProvisionedMemberbooleanWhether this collection has provisioned members.
MicrosoftECM.Collections.IncludeExcludeCollectionsCountnumberThe number of collections that are included and excluded with this collection.
MicrosoftECM.Collections.IsBuiltInbooleanWhether the collection is built-in.
MicrosoftECM.Collections.IsReferenceCollectionbooleanWhether the collection is not limited by another collection.
MicrosoftECM.Collections.LastChangeTimedateDate and time of when the collection was last modified in any way.
MicrosoftECM.Collections.LastMemberChangeTimedateDate and time of when the collection membership was last modified.
MicrosoftECM.Collections.LastRefreshTimedateDate and time of when the collection membership was last refreshed.
MicrosoftECM.Collections.LimitToCollectionIDstringThe ID of the collection to limit the query results to.
MicrosoftECM.Collections.LimitToCollectionNamestringThe name of the collection to limit the query results to.
MicrosoftECM.Collections.LocalMemberCountnumberThe number of members visible at the local site.
MicrosoftECM.Collections.MemberClassNamestringClass name having instances that are the members of the collection
MicrosoftECM.Collections.MemberCountnumberThe number of collection members.
MicrosoftECM.Collections.UseClusterbooleanA comma-separated list of resource IDs, e.g., 0001,0002.
MicrosoftECM.Collections.CollectionRulesstringName of the defining membership criteria for the collection.

Command Example#

!ms-ecm-device-collection-exclude collection_name="my new collection name" exclude_collection_name="Test"

Context Example#

{
"MicrosoftECM": {
"Collections": {
"CollectionRules": [
"\ninstance of SMS_CollectionRuleExcludeCollection\n{\n\tExcludeCollectionID = \"ISR00014\";\n\tRuleName = \"Test\";\n};\n"
],
"Comment": "my collection comment",
"CurrentStatus": null,
"HasProvisionedMember": "False",
"ID": "ISR0001F",
"IncludeExcludeCollectionsCount": "0",
"IsBuiltIn": "False",
"IsReferenceCollection": "False",
"LastChangeTime": "2020-11-29T15:09:46Z",
"LastMemberChangeTime": "2020-11-29T15:09:53Z",
"LastRefreshTime": "2020-11-29T15:09:53Z",
"LimitToCollectionID": "SMS00001",
"LimitToCollectionName": "All Systems",
"LocalMemberCount": "0",
"MemberClassName": "SMS_CM_RES_COLL_ISR0001F",
"MemberCount": "0",
"Name": "my new collection name",
"Type": null,
"UseCluster": "False"
}
}
}

Human Readable Output#

Collection List#

NameIDTypeCommentCurrentStatusCollectionRulesHasProvisionedMemberIncludeExcludeCollectionsCountIsBuiltInIsReferenceCollectionLastChangeTimeLastMemberChangeTimeLastRefreshTimeLimitToCollectionIDLimitToCollectionNameLocalMemberCountMemberClassNameMemberCountUseCluster
my new collection nameISR0001Fmy collection comment
instance of SMS_CollectionRuleExcludeCollection
{
ExcludeCollectionID = "ISR00014";
RuleName = "Test";
};
False0FalseFalse2020-11-29T15:09:46Z2020-11-29T15:09:53Z2020-11-29T15:09:53ZSMS00001All Systems0SMS_CM_RES_COLL_ISR0001F0False

ms-ecm-device-collection-members-by-query-add#


Adds a query membership rule to one or more Configuration Manager device collections.

Base Command#

ms-ecm-device-collection-members-by-query-add

Input#

Argument NameDescriptionRequired
collection_idThe ID of the device collection where the rule is applied. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of the device collection where the rule is applied. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
query_expressionThe query expression that Configuration Manager uses. For example "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)" to update the device collections.Required
rule_nameThe name for the rule.Required

Context Output#

PathTypeDescription
MicrosoftECM.Collections.NamestringThe name of the collection.
MicrosoftECM.Collections.IDstringUnique auto-generated ID containing eight characters.
MicrosoftECM.Collections.TypestringThe type of the collection.
MicrosoftECM.Collections.CommentstringGeneral comment or note that documents the collection.
MicrosoftECM.Collections.CurrentStatusstringCurrent status of the collection.
MicrosoftECM.Collections.HasProvisionedMemberbooleanWhether this collection has provisioned members.
MicrosoftECM.Collections.IncludeExcludeCollectionsCountnumberThe number of collections that are included and excluded with this collection.
MicrosoftECM.Collections.IsBuiltInbooleanWhether the collection is built-in.
MicrosoftECM.Collections.IsReferenceCollectionbooleanWhether the collection is not limited by another collection.
MicrosoftECM.Collections.LastChangeTimedateDate and time of when the collection was last modified in any way.
MicrosoftECM.Collections.LastMemberChangeTimedateDate and time of when the collection membership was last modified.
MicrosoftECM.Collections.LastRefreshTimedateDate and time of when the collection membership was last refreshed.
MicrosoftECM.Collections.LimitToCollectionIDstringThe ID of the collection to limit the query results to.
MicrosoftECM.Collections.LimitToCollectionNamestringThe name of the collection to limit the query results to.
MicrosoftECM.Collections.LocalMemberCountnumberThe number of members visible at the local site.
MicrosoftECM.Collections.MemberClassNamestringClass name having instances that are the members of the collection
MicrosoftECM.Collections.MemberCountnumberThe number of collection members.
MicrosoftECM.Collections.UseClusterbooleanA comma-separated list of resource IDs, e.g., 0001,0002.
MicrosoftECM.Collections.CollectionRulesstringName of the defining membership criteria for the collection.

Command Example#

!ms-ecm-device-collection-members-by-query-add query_expression="select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)" rule_name="new Rule" collection_name="my new collection name"

Context Example#

{
"MicrosoftECM": {
"Collections": {
"CollectionRules": [
"\ninstance of SMS_CollectionRuleExcludeCollection\n{\n\tExcludeCollectionID = \"ISR00020\";\n\tRuleName = \"Test\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 1;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 2;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 3;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 4;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tQueryID = 5;\n\tRuleName = \"new Rule\";\n};",
"\ninstance of SMS_CollectionRuleDirect\n{\n\tResourceClassName = \"SMS_R_System\";\n\tResourceID = 16777220;\n\tRuleName = \"EC2AMAZ-2AKQ815\";\n};",
"\ninstance of SMS_CollectionRuleQuery\n{\n\tQueryExpression = \"select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)\";\n\tRuleName = \"new Rule\";\n};\n"
],
"Comment": "my collection comment",
"CurrentStatus": "READY",
"HasProvisionedMember": "True",
"ID": "ISR00068",
"IncludeExcludeCollectionsCount": "1",
"IsBuiltIn": "False",
"IsReferenceCollection": "False",
"LastChangeTime": "2020-11-19T14:25:59Z",
"LastMemberChangeTime": "2020-11-09T14:21:06Z",
"LastRefreshTime": "2020-11-19T14:26:13Z",
"LimitToCollectionID": "SMS00001",
"LimitToCollectionName": "All Systems",
"LocalMemberCount": "2",
"MemberClassName": "SMS_CM_RES_COLL_ISR00068",
"MemberCount": "2",
"Name": "my new collection name",
"Type": "Device",
"UseCluster": "False"
}
}
}

Human Readable Output#

Collection List#

CommentLimitToCollectionIDCurrentStatusLastMemberChangeTimeTypeIncludeExcludeCollectionsCountUseClusterLastChangeTimeNameLocalMemberCountHasProvisionedMemberLimitToCollectionNameMemberClassNameIsReferenceCollectionCollectionRulesIDLastRefreshTimeIsBuiltInMemberCount
my collection commentSMS00001READY2020-11-09T14:21:06ZDevice1False2020-11-19T14:25:59Zmy new collection name2TrueAll SystemsSMS_CM_RES_COLL_ISR00068False
instance of SMS_CollectionRuleExcludeCollection
{
ExcludeCollectionID = "ISR00020";
RuleName = "Test";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)";
QueryID = 1;
RuleName = "new Rule";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)";
QueryID = 2;
RuleName = "new Rule";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)";
QueryID = 3;
RuleName = "new Rule";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)";
QueryID = 4;
RuleName = "new Rule";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)";
QueryID = 5;
RuleName = "new Rule";
};
,
instance of SMS_CollectionRuleDirect
{
ResourceClassName = "SMS_R_System";
ResourceID = 16777220;
RuleName = "EC2AMAZ-2AKQ815";
};
,
instance of SMS_CollectionRuleQuery
{
QueryExpression = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where (ClientType = 1) OR (SMS_R_System.AgentEdition0 = 5)";
RuleName = "new Rule";
};
ISR000682020-11-19T14:26:13ZFalse2

ms-ecm-service-start#


Starts a service on a device or collection. (Implemented by creating and invoking the XSOAR StartService script.)

Base Command#

ms-ecm-service-start

Input#

Argument NameDescriptionRequired
service_nameThe name of the service.Required
device_nameThe device name to start the service in. (You can retrieve the device name via the !ms-ecm-device-list command.)Optional
collection_idThe ID of the collection to start the service in. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of the collection to start the service in. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
poll_resultsWhether to poll for the script invocation results. Default is "false".Optional
timeoutThe timeout in seconds to poll for invocation results. Default is "30".Optional

Context Output#

PathTypeDescription
MicrosoftECM.ScriptsInvocationResults.OperationIdnumberThe script invocation operation ID.
MicrosoftECM.ScriptsInvocationResults.CollectionIdstringThe collection ID of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.CollectionNamestringThe collection name of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.DeviceNamestringThe name of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.ResourceIdnumberThe resource ID of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.LastUpdateTimedateThe last time the invocation result object was updated.
MicrosoftECM.ScriptsInvocationResults.ScriptExecutionStatestringThe state of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptExitCodenumberThe exit code of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptLastModifiedDatedateThe date of the script's last modification.
MicrosoftECM.ScriptsInvocationResults.ScriptNamestringThe name of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputstringThe output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputHashstringThe hash of the output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptVersionnumberThe version of the script when it was invoked.
MicrosoftECM.ScriptsInvocationResults.TaskIDstringThe unique identifier of the invocation.

Command Example#

!ms-ecm-service-start service_name=dnscache collection_name="All Systems" poll_results=true timeout=15

Context Example#

{
"MicrosoftECM": {
"ScriptsInvocationResults": [
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-PHPTDJV",
"LastUpdateTime": "2020-11-19T14:53:10Z",
"OperationId": 16777874,
"ResourceId": 16777221,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "CB2A5600-95A0-4663-9940-20E97BD26AC8",
"ScriptLastModifiedDate": "2020-11-19T14:52:56Z",
"ScriptName": "XSOAR StartService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "B03DDFEA2112E2743EFF47D0A450E762A864ECD55CF6D01AD6BF1A01E19BC78B",
"ScriptVersion": "1",
"TaskID": "{560F73AF-E4BC-447E-9C68-A7962E8E9B6B}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-TB8VCPN",
"LastUpdateTime": "2020-11-19T14:53:10Z",
"OperationId": 16777874,
"ResourceId": 16777222,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "CB2A5600-95A0-4663-9940-20E97BD26AC8",
"ScriptLastModifiedDate": "2020-11-19T14:52:56Z",
"ScriptName": "XSOAR StartService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "340EEE6517060B2B3A357561E719D9588DB65929CFD6091AF87A20D1AAED2BAF",
"ScriptVersion": "1",
"TaskID": "{560F73AF-E4BC-447E-9C68-A7962E8E9B6B}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-2AKQ815",
"LastUpdateTime": "2020-11-19T14:53:10Z",
"OperationId": 16777874,
"ResourceId": 16777220,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "CB2A5600-95A0-4663-9940-20E97BD26AC8",
"ScriptLastModifiedDate": "2020-11-19T14:52:56Z",
"ScriptName": "XSOAR StartService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "BD83747944C526E57E066BD863A2D6BBB4B5E81BFFC7310878F16C1505393E9C",
"ScriptVersion": "1",
"TaskID": "{560F73AF-E4BC-447E-9C68-A7962E8E9B6B}"
}
]
}
}

Human Readable Output#

Script Invocation Results#

CollectionNameScriptExitCodeOperationIdScriptGuidLastUpdateTimeScriptOutputHashTaskIDScriptVersionScriptExecutionStateScriptOutputScriptNameScriptLastModifiedDateDeviceNameResourceIdCollectionId
All Systems016777874CB2A5600-95A0-4663-9940-20E97BD26AC82020-11-19T14:53:10ZB03DDFEA2112E2743EFF47D0A450E762A864ECD55CF6D01AD6BF1A01E19BC78B{560F73AF-E4BC-447E-9C68-A7962E8E9B6B}1Succeeded{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}XSOAR StartService2020-11-19T14:52:56ZEC2AMAZ-PHPTDJV16777221SMS00001
All Systems016777874CB2A5600-95A0-4663-9940-20E97BD26AC82020-11-19T14:53:10Z340EEE6517060B2B3A357561E719D9588DB65929CFD6091AF87A20D1AAED2BAF{560F73AF-E4BC-447E-9C68-A7962E8E9B6B}1Succeeded{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}XSOAR StartService2020-11-19T14:52:56ZEC2AMAZ-TB8VCPN16777222SMS00001
All Systems016777874CB2A5600-95A0-4663-9940-20E97BD26AC82020-11-19T14:53:10ZBD83747944C526E57E066BD863A2D6BBB4B5E81BFFC7310878F16C1505393E9C{560F73AF-E4BC-447E-9C68-A7962E8E9B6B}1Succeeded{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}XSOAR StartService2020-11-19T14:52:56ZEC2AMAZ-2AKQ81516777220SMS00001

ms-ecm-service-restart#


Restarts a service on a device or collection. (Implemented by creating and invoking the XSOAR RestartService script.)

Base Command#

ms-ecm-service-restart

Input#

Argument NameDescriptionRequired
service_nameThe name of the service.Required
device_nameThe device name to start the service in. (You can retrieve the device name via the !ms-ecm-device-list command.)Optional
collection_idThe ID of the collection to start the service in. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of the collection to start the service in. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
poll_resultsWhether to poll for the script invocation results. Default is "false".Optional
timeoutThe timeout in seconds to poll for invocation results. Default is "30".Optional

Context Output#

PathTypeDescription
MicrosoftECM.ScriptsInvocationResults.OperationIdnumberThe script invocation operation ID.
MicrosoftECM.ScriptsInvocationResults.CollectionIdstringThe collection ID of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.CollectionNamestringThe collection name of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.DeviceNamestringThe name of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.ResourceIdnumberThe resource ID of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.LastUpdateTimedateThe last time the invocation result object was updated.
MicrosoftECM.ScriptsInvocationResults.ScriptExecutionStatestringThe state of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptExitCodenumberThe exit code of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptLastModifiedDatedateThe date of the script's last modification.
MicrosoftECM.ScriptsInvocationResults.ScriptNamestringThe name of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputstringThe output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputHashstringThe hash of the output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptVersionnumberThe version of the script when it was invoked.
MicrosoftECM.ScriptsInvocationResults.TaskIDstringThe unique identifier of the invocation.

Command Example#

!ms-ecm-service-restart service_name=dnscache collection_name="All Systems" poll_results=true timeout=15

Context Example#

{
"MicrosoftECM": {
"ScriptsInvocationResults": [
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-PHPTDJV",
"LastUpdateTime": "2020-11-19T14:52:35Z",
"OperationId": 16777873,
"ResourceId": 16777221,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "640C640F-7FED-4F80-812E-CF8C0852F2E5",
"ScriptLastModifiedDate": "2020-11-19T14:52:22Z",
"ScriptName": "XSOAR RestartService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "B03DDFEA2112E2743EFF47D0A450E762A864ECD55CF6D01AD6BF1A01E19BC78B",
"ScriptVersion": "1",
"TaskID": "{8E911C86-A0D8-4C29-ACEB-9FB183909128}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-TB8VCPN",
"LastUpdateTime": "2020-11-19T14:52:35Z",
"OperationId": 16777873,
"ResourceId": 16777222,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "640C640F-7FED-4F80-812E-CF8C0852F2E5",
"ScriptLastModifiedDate": "2020-11-19T14:52:22Z",
"ScriptName": "XSOAR RestartService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "340EEE6517060B2B3A357561E719D9588DB65929CFD6091AF87A20D1AAED2BAF",
"ScriptVersion": "1",
"TaskID": "{8E911C86-A0D8-4C29-ACEB-9FB183909128}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-2AKQ815",
"LastUpdateTime": "2020-11-19T14:52:35Z",
"OperationId": 16777873,
"ResourceId": 16777220,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "640C640F-7FED-4F80-812E-CF8C0852F2E5",
"ScriptLastModifiedDate": "2020-11-19T14:52:22Z",
"ScriptName": "XSOAR RestartService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "BD83747944C526E57E066BD863A2D6BBB4B5E81BFFC7310878F16C1505393E9C",
"ScriptVersion": "1",
"TaskID": "{8E911C86-A0D8-4C29-ACEB-9FB183909128}"
}
]
}
}

Human Readable Output#

Script Invocation Results#

CollectionIdResourceIdScriptExitCodeDeviceNameCollectionNameLastUpdateTimeScriptVersionScriptExecutionStateScriptOutputScriptGuidScriptLastModifiedDateScriptOutputHashScriptNameOperationIdTaskID
SMS00001167772210EC2AMAZ-PHPTDJVAll Systems2020-11-19T14:52:35Z1Succeeded{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}640C640F-7FED-4F80-812E-CF8C0852F2E52020-11-19T14:52:22ZB03DDFEA2112E2743EFF47D0A450E762A864ECD55CF6D01AD6BF1A01E19BC78BXSOAR RestartService16777873{8E911C86-A0D8-4C29-ACEB-9FB183909128}
SMS00001167772220EC2AMAZ-TB8VCPNAll Systems2020-11-19T14:52:35Z1Succeeded{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}640C640F-7FED-4F80-812E-CF8C0852F2E52020-11-19T14:52:22Z340EEE6517060B2B3A357561E719D9588DB65929CFD6091AF87A20D1AAED2BAFXSOAR RestartService16777873{8E911C86-A0D8-4C29-ACEB-9FB183909128}
SMS00001167772200EC2AMAZ-2AKQ815All Systems2020-11-19T14:52:35Z1Succeeded{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}640C640F-7FED-4F80-812E-CF8C0852F2E52020-11-19T14:52:22ZBD83747944C526E57E066BD863A2D6BBB4B5E81BFFC7310878F16C1505393E9CXSOAR RestartService16777873{8E911C86-A0D8-4C29-ACEB-9FB183909128}

ms-ecm-service-stop#


Stops a service on a device or collection. (Implemented by creating and invoking the XSOAR StopService script.)

Base Command#

ms-ecm-service-stop

Input#

Argument NameDescriptionRequired
service_nameThe name of the service.Required
device_nameThe device name to start the service in. (You can retrieve the device name via the !ms-ecm-device-list command.)Optional
collection_idThe ID of the collection to start the service in. (You can retrieve the ID via !ms-ecm-collection-list collection_type="Device".)Optional
collection_nameThe name of the collection to start the service in. (You can retrieve the name via !ms-ecm-collection-list collection_type="Device".)Optional
poll_resultsWhether to poll for the script invocation results. Default is "false".Optional
timeoutThe timeout in seconds to poll for invocation results. Default is "30".Optional

Context Output#

PathTypeDescription
MicrosoftECM.ScriptsInvocationResults.OperationIdnumberThe script invocation operation ID.
MicrosoftECM.ScriptsInvocationResults.CollectionIdstringThe collection ID of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.CollectionNamestringThe collection name of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.DeviceNamestringThe name of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.ResourceIdnumberThe resource ID of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.LastUpdateTimedateThe last time the invocation result object was updated.
MicrosoftECM.ScriptsInvocationResults.ScriptExecutionStatestringThe state of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptExitCodenumberThe exit code of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptLastModifiedDatedateThe date of the script's last modification.
MicrosoftECM.ScriptsInvocationResults.ScriptNamestringThe name of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputstringThe output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputHashstringThe hash of the output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptVersionnumberThe version of the script when it was invoked.
MicrosoftECM.ScriptsInvocationResults.TaskIDstringThe unique identifier of the invocation.

Command Example#

!ms-ecm-service-stop service_name=dnscache collection_name="All Systems" poll_results=true timeout=15

Context Example#

{
"MicrosoftECM": {
"ScriptsInvocationResults": [
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-PHPTDJV",
"LastUpdateTime": "2020-11-19T14:53:40Z",
"OperationId": 16777875,
"ResourceId": 16777221,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "F6CD27EC-E932-4981-9CED-ECF78A06651D",
"ScriptLastModifiedDate": "2020-11-19T14:53:31Z",
"ScriptName": "XSOAR StopService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":1,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "2586F4DFD8FB133752E3DCC53248A417124F096777FC9EEE327B08DF0DEFD175",
"ScriptVersion": "1",
"TaskID": "{B038C34A-678C-49A2-BEEE-7EF2DA67831D}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-TB8VCPN",
"LastUpdateTime": "2020-11-19T14:53:40Z",
"OperationId": 16777875,
"ResourceId": 16777222,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "F6CD27EC-E932-4981-9CED-ECF78A06651D",
"ScriptLastModifiedDate": "2020-11-19T14:53:31Z",
"ScriptName": "XSOAR StopService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":1,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "D27B022F6B8C8B584A79BB2D471EA173AE45588AAE28225563A38FC93B4EF2C6",
"ScriptVersion": "1",
"TaskID": "{B038C34A-678C-49A2-BEEE-7EF2DA67831D}"
},
{
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-2AKQ815",
"LastUpdateTime": "2020-11-19T14:53:40Z",
"OperationId": 16777875,
"ResourceId": 16777220,
"ScriptExecutionState": "Succeeded",
"ScriptExitCode": "0",
"ScriptGuid": "F6CD27EC-E932-4981-9CED-ECF78A06651D",
"ScriptLastModifiedDate": "2020-11-19T14:53:31Z",
"ScriptName": "XSOAR StopService",
"ScriptOutput": "{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"DNS Client\",\"DependentServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":false,\"DisplayName\":\"Network Connectivity Assistant\",\"DependentServices\":\"\",\"MachineName\":\".\",\"ServiceName\":\"NcaSvc\",\"ServicesDependedOn\":\"NSI dnscache iphlpsvc BFE\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":1,\"ServiceType\":32,\"StartType\":3,\"Site\":null,\"Container\":null}],\"MachineName\":\".\",\"ServiceName\":\"dnscache\",\"ServicesDependedOn\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}],\"ServiceHandle\":{\"IsInvalid\":false,\"IsClosed\":false},\"Status\":1,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null,\"Name\":\"dnscache\",\"RequiredServices\":[{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"Network Store Interface Service\",\"DependentServices\":\"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"nsi\",\"ServicesDependedOn\":\"rpcss nsiproxy\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":32,\"StartType\":2,\"Site\":null,\"Container\":null},{\"CanPauseAndContinue\":false,\"CanShutdown\":false,\"CanStop\":true,\"DisplayName\":\"NetIO Legacy TDI Support Driver\",\"DependentServices\":\"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp\",\"MachineName\":\".\",\"ServiceName\":\"Tdx\",\"ServicesDependedOn\":\"tcpip\",\"ServiceHandle\":\"SafeServiceHandle\",\"Status\":4,\"ServiceType\":1,\"StartType\":1,\"Site\":null,\"Container\":null}]}",
"ScriptOutputHash": "FC945DDB2710DA5E73E6A8F359EE556A85A59671018831092493AD0EA013DE99",
"ScriptVersion": "1",
"TaskID": "{B038C34A-678C-49A2-BEEE-7EF2DA67831D}"
}
]
}
}

Human Readable Output#

Script Invocation Results#

CollectionNameTaskIDScriptOutputScriptGuidScriptExecutionStateScriptLastModifiedDateCollectionIdScriptVersionDeviceNameLastUpdateTimeScriptNameResourceIdScriptOutputHashScriptExitCodeOperationId
All Systems{B038C34A-678C-49A2-BEEE-7EF2DA67831D}{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":1,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SMS_SITE_VSS_WRITER SMS_SITE_SQL_BACKUP SMS_SITE_COMPONENT_MANAGER SMS_SITE_BACKUP SMS_EXECUTIVE SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}F6CD27EC-E932-4981-9CED-ECF78A06651DSucceeded2020-11-19T14:53:31ZSMS000011EC2AMAZ-PHPTDJV2020-11-19T14:53:40ZXSOAR StopService167772212586F4DFD8FB133752E3DCC53248A417124F096777FC9EEE327B08DF0DEFD175016777875
All Systems{B038C34A-678C-49A2-BEEE-7EF2DA67831D}{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":1,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Dfs Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}F6CD27EC-E932-4981-9CED-ECF78A06651DSucceeded2020-11-19T14:53:31ZSMS000011EC2AMAZ-TB8VCPN2020-11-19T14:53:40ZXSOAR StopService16777222D27B022F6B8C8B584A79BB2D471EA173AE45588AAE28225563A38FC93B4EF2C6016777875
All Systems{B038C34A-678C-49A2-BEEE-7EF2DA67831D}{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"DNS Client","DependentServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":false,"DisplayName":"Network Connectivity Assistant","DependentServices":"","MachineName":".","ServiceName":"NcaSvc","ServicesDependedOn":"NSI dnscache iphlpsvc BFE","ServiceHandle":"SafeServiceHandle","Status":1,"ServiceType":32,"StartType":3,"Site":null,"Container":null}],"MachineName":".","ServiceName":"dnscache","ServicesDependedOn":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}],"ServiceHandle":{"IsInvalid":false,"IsClosed":false},"Status":1,"ServiceType":32,"StartType":2,"Site":null,"Container":null,"Name":"dnscache","RequiredServices":[{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"Network Store Interface Service","DependentServices":"AppVClient netprofm NlaSvc Netman NcaSvc SessionEnv Netlogon Browser LanmanWorkstation iphlpsvc IKEEXT Dnscache WinHttpAutoProxySvc Dhcp","MachineName":".","ServiceName":"nsi","ServicesDependedOn":"rpcss nsiproxy","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":32,"StartType":2,"Site":null,"Container":null},{"CanPauseAndContinue":false,"CanShutdown":false,"CanStop":true,"DisplayName":"NetIO Legacy TDI Support Driver","DependentServices":"NetBT NcaSvc iphlpsvc Dnscache WinHttpAutoProxySvc AppVClient netprofm NlaSvc Dhcp","MachineName":".","ServiceName":"Tdx","ServicesDependedOn":"tcpip","ServiceHandle":"SafeServiceHandle","Status":4,"ServiceType":1,"StartType":1,"Site":null,"Container":null}]}F6CD27EC-E932-4981-9CED-ECF78A06651DSucceeded2020-11-19T14:53:31ZSMS000011EC2AMAZ-2AKQ8152020-11-19T14:53:40ZXSOAR StopService16777220FC945DDB2710DA5E73E6A8F359EE556A85A59671018831092493AD0EA013DE99016777875

ms-ecm-script-invocation-results#


Gets a script invocation results.

Base Command#

ms-ecm-script-invocation-results

Input#

Argument NameDescriptionRequired
operation_idThe script invocation operation ID.Required

Context Output#

PathTypeDescription
MicrosoftECM.ScriptsInvocationResults.OperationIdnumberThe script invocation operation ID.
MicrosoftECM.ScriptsInvocationResults.CollectionIdstringThe collection ID of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.CollectionNamestringThe collection name of the device on which the script was invoked. on
MicrosoftECM.ScriptsInvocationResults.DeviceNamestringThe name of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.ResourceIdnumberThe resource ID of the device on which the script was invoked.
MicrosoftECM.ScriptsInvocationResults.LastUpdateTimedateThe last time the invocation result object was updated.
MicrosoftECM.ScriptsInvocationResults.ScriptExecutionStatestringThe state of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptExitCodenumberThe exit code of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptGuidstringThe unique identifier of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptLastModifiedDatedateThe date of the script's last modification.
MicrosoftECM.ScriptsInvocationResults.ScriptNamestringThe name of the script.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputstringThe output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptOutputHashstringThe hash of the output of the script invocation.
MicrosoftECM.ScriptsInvocationResults.ScriptVersionnumberThe version of the script when it was invoked.
MicrosoftECM.ScriptsInvocationResults.TaskIDstringThe unique identifier of the invocation.

Command Example#

!ms-ecm-script-invocation-results operation_id=16777267

Context Example#

{
"MicrosoftECM": {
"ScriptsInvocationResults": {
"CollectionId": "SMS00001",
"CollectionName": "All Systems",
"DeviceName": "EC2AMAZ-2AKQ815",
"LastUpdateTime": "2020-09-29T10:57:15Z",
"OperationId": 16777267,
"ResourceId": 16777220,
"ScriptExecutionState": "Failed",
"ScriptExitCode": "-2147467259",
"ScriptGuid": "2E0D961D-1C89-477D-B1A7-3FFEDC0AF2FA",
"ScriptLastModifiedDate": "2020-09-24T14:36:32Z",
"ScriptName": "Fail",
"ScriptOutput": "",
"ScriptOutputHash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855",
"ScriptVersion": "1",
"TaskID": "{FC58140A-B688-4D2E-8FEE-F7AED348FABF}"
}
}
}

Human Readable Output#

Script Invocation Results#

CollectionNameTaskIDScriptOutputScriptGuidScriptExecutionStateScriptLastModifiedDateCollectionIdScriptVersionDeviceNameLastUpdateTimeScriptNameResourceIdScriptOutputHashScriptExitCodeOperationId
All Systems{FC58140A-B688-4D2E-8FEE-F7AED348FABF}2E0D961D-1C89-477D-B1A7-3FFEDC0AF2FAFailed2020-09-24T14:36:32ZSMS000011EC2AMAZ-2AKQ8152020-09-29T10:57:15ZFail16777220E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855-214746725916777267

ms-ecm-device-get-collection-member#


Gets a Configuration Manager device by querying the SMS_CM_RES_COLL_SMS00001 class. You can use the ms-ecm-device-get-resource or ms-ecm-device-get-collection-member commands to change the query class. Depending upon your role-based access in the site, you may need to use one of these other commands.

Base Command#

ms-ecm-device-get-collection-member

Input#

Argument NameDescriptionRequired
device_namesA comma-separated list of device names, i.e., name1,name2,etc..Optional
resource_idsA comma-separated list of resource IDs, i.e., ID1,ID2,etc..Optional

Context Output#

PathTypeDescription
MicrosoftECM.Devices.DeviceNamestringThe name of the device.
MicrosoftECM.Devices.CollectionMemberDetails.ClientVersionstringVersion of the installed client software.
MicrosoftECM.Devices.CollectionMemberDetails.DeviceOSstringDevice operating system.
MicrosoftECM.Devices.ResourceIDnumberUnique Configuration Manager-supplied ID for the resource.
MicrosoftECM.Devices.CollectionMemberDetails.IsActivebooleanWhether there has been a recent heartbeat from the client.
MicrosoftECM.Devices.CollectionMemberDetails.LastActiveTimedateThe last reported time the client was active. Comes from Client Health.
MicrosoftECM.Devices.CollectionMemberDetails.LastClientCheckTimedateThe last reported health evaluation time. Comes from Client Health.
MicrosoftECM.Devices.CollectionMemberDetails.LastDDRdateLast heartbeat timestamp from client DDR discovery.
MicrosoftECM.Devices.CollectionMemberDetails.LastHardwareScandateTimestamp from the last hardware inventory scan.
MicrosoftECM.Devices.CollectionMemberDetails.LastPolicyRequestdateTimestamp of the last policy request for this client.
MicrosoftECM.Devices.CollectionMemberDetails.DomainstringDomain to which the resource belongs.
MicrosoftECM.Devices.CollectionMemberDetails.PrimaryUserstringThe primary user of the device.
MicrosoftECM.Devices.CollectionMemberDetails.StatusstringCurrent status of the device.
MicrosoftECM.Devices.CollectionMemberDetails.MACAddressstringThe MAC address of the device.
MicrosoftECM.Devices.CollectionMemberDetails.IsVirtualMachinebooleanWhether the client is a virtual machine.
MicrosoftECM.Devices.CollectionMemberDetails.IsDecommissionedbooleanWhether the collection member is decommissioned.
MicrosoftECM.Devices.CollectionMemberDetails.IsClientbooleanWhether the client is a Configuration Manager client.
MicrosoftECM.Devices.CollectionMemberDetails.IsBlockedbooleanWhether the system is blocked. The administrator can manually block/unblock a client in the Admin console UI. By blocking a client, client communication with the server will be cut off.
MicrosoftECM.Devices.CollectionMemberDetails.ExchangeServerstringName of the exchange server for Exchange Active Sync (EAS).
MicrosoftECM.Devices.CollectionMemberDetails.DeviceThreatLevelstringThe threat level of the device.
MicrosoftECM.Devices.CollectionMemberDetails.CurrentLogonUserstringThe user who is currently logged in.
MicrosoftECM.Devices.CollectionMemberDetails.LastLogonUserstringThe last user who logged in to the device.
MicrosoftECM.Devices.CollectionMemberDetails.DeviceOSBuildstringThe operating system build number of the device.
MicrosoftECM.Devices.CollectionMemberDetails.ADLastLogonTimedateLast logon timestamp of the computer (discovered from Active Directory).
MicrosoftECM.Devices.CollectionMemberDetails.SiteCodestringSite code of the site that created the collection.

Command Example#

!ms-ecm-device-get-collection-member device_names=EC2AMAZ-2AKQ815

Context Example#

{
"MicrosoftECM": {
"Devices": {
"CollectionMemberDetails": {
"ADLastLogonTime": "2020-11-12T06:07:29",
"ClientVersion": "5.00.8790.1007",
"CurrentLogonUser": null,
"DeviceOS": "Microsoft Windows NT Advanced Server 10.0",
"DeviceOSBuild": "10.0.14393.3025",
"DeviceThreatLevel": null,
"Domain": "DEMISTO",
"ExchangeServer": null,
"IsActive": true,
"IsBlocked": false,
"IsClient": true,
"IsDecommissioned": false,
"IsVirtualMachine": false,
"LastActiveTime": "2020-11-19T13:10:59Z",
"LastClientCheckTime": "2020-11-07T16:42:39Z",
"LastDDR": "2020-11-18T18:30:48Z",
"LastHardwareScan": "2020-11-15T11:49:36Z",
"LastLogonUser": null,
"LastPolicyRequest": "2020-11-19T13:10:59Z",
"PrimaryUser": "demisto\\sccmadmin",
"SiteCode": "ISR",
"Status": null
},
"DeviceName": "EC2AMAZ-2AKQ815",
"ResourceID": 16777220
}
}
}

Human Readable Output#

Device As Collection Member#

ClientVersionResourceIDIsActiveIsBlockedDeviceOSBuildLastHardwareScanSiteCodeDeviceNameLastPolicyRequestDeviceThreatLevelCurrentLogonUserPrimaryUserExchangeServerLastClientCheckTimeLastDDRIsDecommissionedLastLogonUserDomainStatusLastActiveTimeIsClientADLastLogonTimeIsVirtualMachineDeviceOS
5.00.8790.100716777220TrueFalse10.0.14393.30252020-11-15T11:49:36ZISREC2AMAZ-2AKQ8152020-11-19T13:10:59Zdemisto\sccmadmin2020-11-07T16:42:39Z2020-11-18T18:30:48ZFalseDEMISTO2020-11-19T13:10:59ZTrue11/12/2020 6:07:29 AMFalseMicrosoft Windows NT Advanced Server 10.0

ms-ecm-device-get-resource#


Gets a Configuration Manager device by querying the SMS_R_System class. You can use the ms-ecm-device-get-resource or ms-ecm-device-get-collection-member commands to change the query class. Depending upon your role-based access in the site, you may need to use one of these other commands.

Base Command#

ms-ecm-device-get-resource

Input#

Argument NameDescriptionRequired
device_namesA comma-separated list of device names, i.e., name1,name2,etc..Optional
resource_idsA comma-separated list of resource ids, i.e., ID1,ID2,etc..Optional

Context Output#

PathTypeDescription
MicrosoftECM.Devices.DeviceNamestringThe name of the device.
MicrosoftECM.Devices.ResourceDetails.AgentNamestringList of the names of discovery agents that found the resource.
MicrosoftECM.Devices.ResourceIDnumberConfiguration Manager-supplied ID that uniquely identifies a Configuration Manager client resource.
MicrosoftECM.Devices.ResourceDetails.ADSiteNamestringThe Active Directory site name that is assigned to the client.
MicrosoftECM.Devices.ResourceDetails.AgentSitestringList of sites from which the discovery agents run.
MicrosoftECM.Devices.ResourceDetails.AgentTimedateList of discovery dates and times.
MicrosoftECM.Devices.ResourceDetails.CPUTypestringThe CPU type, for example, StrongARM. Currently, only device clients report this value.
MicrosoftECM.Devices.ResourceDetails.DistinguishedNamestringThe distinguished name of the account.
MicrosoftECM.Devices.ResourceDetails.FullDomainNamestringThe full name of the device's domain
MicrosoftECM.Devices.ResourceDetails.IPv4AddressesstringList of the IPv4 addresses that are associated with the resource. More than one address is listed if the resource has multiple network cards installed.
MicrosoftECM.Devices.ResourceDetails.IPv6AddressesstringList of the IPv6 addresses that are associated with the resource. More than one address is listed if the resource has multiple network cards installed.
MicrosoftECM.Devices.ResourceDetails.NetbiosNamestringName used by the NetBIOS protocol.
MicrosoftECM.Devices.ResourceDetails.UserAccountControlnumberUser account control value retrieved from Active Directory.
MicrosoftECM.Devices.ResourceDetails.LastLogonUserNamedateName of the last logged-on user at the time the discovery agent ran.
MicrosoftECM.Devices.ResourceDetails.LastLogonUserDomainstringDomain used by the last logged-on user at the time the discovery agent ran.
MicrosoftECM.Devices.ResourceDetails.LastLogonTimestampdateThe date of the last user logon.
MicrosoftECM.Devices.ResourceDetails.OperatingSystemNameandVersionstringFree-form string that describes the operating system.
MicrosoftECM.Devices.ResourceDetails.VirtualMachineHostNamestringVirtual machine hostname.
MicrosoftECM.Devices.ResourceDetails.VirtualMachineTypestringThe type of the virtual machine.
MicrosoftECM.Devices.ResourceDetails.DNSForestGuidstringA unique identifier for the DNS forest.
MicrosoftECM.Devices.ResourceDetails.HardwareIDstringAn ID that uniquely describes the hardware on which the client is installed. This ID remains unchanged through re-imaging or through successive installations of the operating system or client. This differs from the Configuration Manager unique ID, which might change under these circumstances.

Command Example#

!ms-ecm-device-get-resource device_names=EC2AMAZ-2AKQ815

Context Example#

{
"MicrosoftECM": {
"Devices": {
"DeviceName": "EC2AMAZ-2AKQ815",
"ResourceDetails": {
"ADSiteName": "Default-First-Site-Name",
"AgentName": [
"SMS_AD_SYSTEM_DISCOVERY_AGENT",
"MP_ClientRegistration",
"Heartbeat Discovery"
],
"AgentSite": [
"ISR",
"ISR",
"ISR"
],
"AgentTime": [
"2020-11-19T00:00:01Z",
"2019-07-07T10:12:48Z",
"2020-11-19T14:30:48Z"
],
"CPUType": "Intel64 Family 6 Model 85 Stepping 4",
"DNSForestGuid": "E8AA1F36-33BE-41F2-ADCB-E40376F5B168",
"DistinguishedName": "CN=EC2AMAZ-2AKQ815,CN=Computers,DC=demisto,DC=local",
"FullDomainName": "DEMISTO.LOCAL",
"HardwareID": "2:387B42C549C5E7D718B68BC65959FA9041F7F2D0",
"IPv4Addresses": "2.2.2.2",
"IPv6Addresses": "fe80::81c5:1670:9363:a40b",
"LastLogonTimestamp": "2020-11-12T06:07:29Z",
"LastLogonUserDomain": null,
"LastLogonUserName": null,
"NetbiosName": "EC2AMAZ-2AKQ815",
"OperatingSystemNameandVersion": "Microsoft Windows NT Advanced Server 10.0",
"UserAccountControl": 4096,
"VirtualMachineHostName": "",
"VirtualMachineType": 0
},
"ResourceID": 16777220
}
}
}

Human Readable Output#

Device As Resource#

DistinguishedNameVirtualMachineHostNameAgentTimeOperatingSystemNameandVersionIPv4AddressesAgentSiteAgentNameADSiteNameFullDomainNameVirtualMachineTypeCPUTypeUserAccountControlNetbiosNameLastLogonTimestampHardwareIDDNSForestGuidLastLogonUserNameIPv6AddressesDeviceNameLastLogonUserDomainResourceID
CN=EC2AMAZ-2AKQ815,CN=Computers,DC=demisto,DC=local["2020-11-19T00:00:01Z","2019-07-07T10:12:48Z","2020-11-19T14:30:48Z"]Microsoft Windows NT Advanced Server 10.0"2.2.2.2"["ISR","ISR","ISR"]["SMS_AD_SYSTEM_DISCOVERY_AGENT","MP_ClientRegistration","Heartbeat Discovery"]Default-First-Site-NameDEMISTO.LOCAL0Intel64 Family 6 Model 85 Stepping 44096EC2AMAZ-2AKQ8152020-11-12T06:07:29Z2:387B42C549C5E7D718B68BC65959FA9041F7F2D0E8AA1F36-33BE-41F2-ADCB-E40376F5B168"fe80::81c5:1670:9363:a40b"EC2AMAZ-2AKQ81516777220

ms-ecm-get-user-device-affinity#


Gets the relationships between a device and its primary users.

Base Command#

ms-ecm-get-user-device-affinity

Input#

Argument NameDescriptionRequired
user_namesA comma-separated list of usernames with the form of "Domain\username" i.e., "Domain\user1,Domain\user2",etc.".Optional
resource_idsA comma-separated list of device resource ids, i.e., ID1,ID2,etc..Optional
device_namesA comma-separated list of device names, i.e., name1,name2,etc..Optional

Context Output#

PathTypeDescription
MicrosoftECM.UserDeviceAffinity.DeviceNamestringThe name of the device.
MicrosoftECM.UserDeviceAffinity.UserNamestringThe user name in domain\user format.
MicrosoftECM.UserDeviceAffinity.ResourceIDnumberThe resource ID of the device.
MicrosoftECM.UserDeviceAffinity.IsActivebooleanWhether the relationship is active.
MicrosoftECM.UserDeviceAffinity.CreationTimedateThe time when the relationship was created.
MicrosoftECM.UserDeviceAffinity.RelationshipResourceIDnumberThe unique identifier for this relationship.

Command Example#

!ms-ecm-get-user-device-affinity device_names=EC2AMAZ-2AKQ815

Context Example#

{
"MicrosoftECM": {
"UserDeviceAffinity": [
{
"CreationTime": "2020-09-07T14:52:57Z",
"DeviceName": "EC2AMAZ-2AKQ815",
"IsActive": true,
"RelationshipResourceID": 25165825,
"ResourceID": 16777220,
"UserName": "demisto\\sccmadmin"
},
{
"CreationTime": "2020-11-05T17:44:33Z",
"DeviceName": "EC2AMAZ-2AKQ815",
"IsActive": true,
"RelationshipResourceID": 25165830,
"ResourceID": 16777220,
"UserName": "demisto\\administrator"
}
]
}
}

Human Readable Output#

User Device Affinity#

IsActiveDeviceNameResourceIDCreationTimeUserNameRelationshipResourceID
TrueEC2AMAZ-2AKQ815167772202020-09-07T14:52:57Zdemisto\sccmadmin25165825
TrueEC2AMAZ-2AKQ815167772202020-11-05T17:44:33Zdemisto\administrator25165830