Using PowerShell to Deploy Ivanti UWM Agents

The Ivanti Management Center PowerShell Module

The Ivanti Management Center provides a simple interface to deploy Ivanti UWM agents and configurations.

When installed, it exposes web services that are used by the Ivanti Management Center console to perform various functions.

I began developing functions to manipulate the Ivanti web services while on a project where I needed to automate the process of moving and polling machines.

After working with various functions, I assembled what I needed and created a module that works intuitively within PowerShell.

With this module administrators can automate certain management tasks that would ordinarily have to be performed through the UWM Management Center console.

A few examples of tasks that can be automated:

  • Moving machines between deployment groups
  • Installing the CCA
  • Polling machines
  • Removing the machines from the database

We will review the functions in the module and a simple script that allows users to pull machine information from the Management Center console.

There are two scripts that come with this module:

IvantiManagementCenterModule.psm1Download
The IvantiManagementCenterModule.psm1 script is the module which contains all functions.

MCScript.ps1Download
This is a basic template for accessing the module as shown below.

$PathToManagementCenterModule = "."

If(-not(Test-Path -Path "$PathToManagementCenterModule\IvantiManagementCenterModule.psm1")) {
    Write-Host "Unable to find the IvantiManagementCenterModule.psm1 module file, quitting."
    Exit
}

Import-Module "$PathToManagementCenterModule\IvantiManagementCenterModule.psm1" -ErrorAction Stop


<#
Connect-MCServer -ManagementServerName "uwm01.lab.local" -Port 80

Get-MCMachine
#>

Inside MCSCript.ps1 we define the variable:
$PathToManagementCenterModule = "."

The script can be modified to change the path containing the module. This is helpful if you paln on keeping it centrally on a workstation or server.

EX: $PathToManagementCenterModule = "C:\users\adminuser\documents\powershellstuff"

The MCScript will then load the module.

Let’s Get Started

First we call the Connect-MCServer function. This function is a prerequisite for all the functions in the module. Calling any other function without calling this one will cause the script to fail.

My lab management server is UWM01 and is configured to communicate with agents through port 80.

Connect-MCServer -ManagementServerName "uwm01.lab.local" -Port 80

After that we call the Get-MCMachine function.

Get-MCMachine

This function returns an object or collection of objects that are the records for the machine in the Ivanti Management Center server.

You can then pipe this collection into the built-in PowerShell cmdlets Select-Object or Format-List to generate a simple report.

Additional Functions

Update-MCMachineList – Refreshes internal arrays that contain the machine list sent back by the Ivanti Management Server.

Get-MCDeploymentGroup – Returns a group or collection of groups in the Ivanti Management Center.

Move-MCMachine – Moves a machine or a collection of machines in the Ivanti Management Center.

Start-MCInstallCCA – Calls the Ivanti Client Communication Agent install function on a target machine.

Start-MCPollMachine – Starts a client poll on a target

Remove-MCMachine – Removes a client from the Ivanti Management Server. This function is designed to only delete one machine at a time. It does not work with wildcards.

A Few Aspects to Consider

Once the module is loaded, you can use Get-Help with the above functions to get more detailed information including examples.

You can also inspect the comments in the IvantiManagementCenterModule.psm1 file to get this information.

Additionally, most of these functions have been designed to work with PowerShell pipelines.

Real World Scenario

In my example I have two machines. Each machine is a member of a different deployment group. I also have a server and is a member of another deployment group.

Using the script, I acquire a list of machines that match these workstations and poll only the machines that start with “Win10”.

Get-MCMachine -Machine "Win10*" | Start-MCPollMachine

In the client access log, you’ll notice a custom message:

In Conclusion

I hope this script will help my fellow Ivanti admins with machine cleanups and periodic CCA pushes.

I also look forward to any new use cases, custom scripts, and suggestions for improvement.

Sincerely,

Aman Motazedian
Senior Consultant
Critical Design Associates

LinkedIn Profile