Using PMM Server Tools

0 users found this article helpful

Introduction

Parallels Mac Management Server Tools is a collection of Powershell scripts, which automate the most tedious tasks to configure PMM server components.

Installing Parallels Mac Management Server Tools

Prerequisites:

  1. Powershell 5.0 must be installed on the system.
    1. Type "powershell $PSVersionTable.PSVersion" in the Windows command prompt to find out if the necessary version of PowerShell is installed.

    2. Note: Powershell 5.0 is installed by default on Windows 2016 Server or above and provided as a separate download/installation on Windows 2012 R2 Server.

To install Parallels Mac Management Server Tools:

  1. Log on as a local system administrator;
  2. Download and launch PMM-Server-Tools.exe self-extracting archive. This installs the scripts for All Users on the system (view the created PMM-Server-Tools-Install.log installation log file for details).

Creating Certificate Templates for Parallels Configuration Manager Proxy for PKI

This section provides instructions on how to automate the tasks described in KB: How to Create Certificate Template for Parallels Configuration Manager Proxy for PKI Infrastructure.

Prerequisites:

  1. Enterprise Active Directory Certificate Services public key infrastructure configured.

  2. ActiveDirectory PowerShell module installed.

    1. Note: ActiveDirectory module is installed by default on domain controllers and requires Remote Server Administration Tools on domain-joined Windows servers.

To create a certificate template:

  1. Log on as a  Domain Administrator;
  2. Start Powershell;
  3. Ensure that Powershell current execution policy is OTHER THAN Restricted (type Get-ExecutionPolicy at PS prompt to find out. To set up the execution policy to the default for Windows server computers, type Set-ExecutionPolicy RemoteSigned);
  4. (Optional) Ensure that PmmServerTools Powershell module is installed (Import-Module PmmServerTools must succeed);
  5. Execute New-CMProxyADCSTemplate function with parameters:

    New-CMProxyADCSTemplate  function

    New-CMProxyADCSTemplate -DisplayName <String> [-Name <String>] -CMProxyConfiguratorAccount <String> -CMProxyHostAccount <String> [-CMProxyServiceAccount <String>] [-Server <String>]


    Examples:

    1. New-CMProxyADCSTemplate -DisplayName 'Parallels ConfigMgr Proxy Certificate'  -CMProxyConfiguratorAccount PMM16\CmProxyConfigurator -CMProxyHostAccount PMM16\win2016-001$
    2. New-CMProxyADCSTemplate -DisplayName 'Parallels ConfigMgr Proxy Certificate'  -Name ParallelsConfigMgrProxyCertificate -CMProxyConfiguratorAccount PMM16\CmProxyConfigurator -CMProxyHostAccount PMM16\win2016-001$ -CMProxyServiceAccount PMM16\Administrator -Server win2016-001.pmm16.dom

    Parameters:

    -DisplayName
    Display name for the certificate template to create.

    -Name (optional)
    AD object name of the certificate template.

    -CMProxyConfiguratorAccount
    Domain user account to run CM Proxy Service Configuration Wizard.

    -CMProxyHostAccount
    Domain account of the computer with PMM CM Proxy Service installed.

    -CMProxyServiceAccount (optional)
    PMM CM Proxy Service domain account.

    -Server (optional)
    FQDN of AD Domain Controller to target for the operation. When not specified the nearest Domain Controller is searched.

     

  6. Note:

    1. Even if the cmdlet is completed with error (e.g. due to invalid CM Proxy host computer account specified), it is still possible that the corresponding certificate template object has been created in Active Directory. 

    2. This "broken" certificate template must be removed from the Active Directory before subsequent retries. 

    3. To remove the template run: Remove-ADCSTemplate -DisplayName <broken-certificate-template-display-name>

Creating Certificate Templates for Parallels Mac Clients for PKI

This section provides instructions on how to automate the tasks described in KB: How to Create Certificate Template for Parallels Mac Clients for PKI Infrastructure.

Prerequisites:

  1. Enterprise Active Directory Certificate Services public key infrastructure configured.
  2. ActiveDirectory PowerShell module installed.
    1. Note: ActiveDirectory module is installed by default on domain controllers and requires Remote Server Administration Tools on domain-joined Windows servers.

To create a certificate template:

  1. Log on as a  Domain Administrator;
  2. Start Powershell;
  3. Ensure that Powershell current execution policy is OTHER THAN Restricted (type Get-ExecutionPolicy at PS prompt to find out. To set up the execution policy to the default for Windows server computers, type Set-ExecutionPolicy RemoteSigned);
  4. (Optional) Ensure that PmmServerTools Powershell module is installed (Import-Module PmmServerTools must succeed);
  5. Execute New-MacClientADCSTemplate function with parameters;

    New-MacClientADCSTemplate function

    New-MacClientADCSTemplate -DisplayName <String> [-Name <String>] -CMProxyHostAccount <String> [-CMProxyServiceAccount <String>] [-Server <String>]


    Examples:

    1. New-MacClientADCSTemplate -DisplayName 'Pmm Client Certificate'  -CMProxyHostAccount PMM16\win2016-001$
    2. New-MacClientADCSTemplate -DisplayName 'Pmm Client Certificate'  -Name PmmClientCertificate -CMProxyHostAccount PMM16\win2016-001$ -CMProxyServiceAccount PMM16\Administrator -Server win2016-001.pmm16.dom

    Parameters:

    -DisplayName
    Display name for the certificate template to create.

    -Name (optional)
    AD object name of the certificate template.

    -CMProxyHostAccount
    Domain account of the computer with PMM CM Proxy Service installed.

    -CMProxyServiceAccount (optional)
    PMM CM Proxy Service domain account.

    -Server (optional)
    FQDN of AD Domain Controller to target for the operation. When not specified the nearest Domain Controller is searched.

  6. Note:

    1. Even if the cmdlet is completed with error (e.g. due to invalid CM Proxy host computer account specified), it is still possible that the corresponding certificate template object has been created in Active Directory. 

    2. This "broken" certificate template must be removed from the Active Directory before subsequent retries. 

    3. To remove the template run: Remove-ADCSTemplate -DisplayName <broken-certificate-template-display-name>

Granting Account Permissions for Running the Parallels Configuration Manager Proxy Configuration Wizard

This section provides instructions on how to automate the tasks described in KB: Permissions Required for Running the Parallels Configuration Manager Proxy Configuration Wizard.

Prerequisites:

  1. ActiveDirectory PowerShell module installed.
    1. Note: ActiveDirectory module is installed by default on domain controllers and requires Remote Server Administration Tools on domain-joined Windows servers.
  2. SqlServer PowerShell module installed.
    1. Please refer to Install the SQL Server PowerShell module for details.
  3. ConfigurationManager PowerShell module installed.
    1. Please refer to System Center Configuration Manager Cmdlet Library for download and install instructions. 

To grant the account permissions:

  1. Log on as a  Domain Administrator;
  2. Choose a domain user account to grant the permissions to (create a new one if necessary);
  3. Start Powershell;
  4. Ensure that Powershell current execution policy is OTHER THAN Restricted (type Get-ExecutionPolicy at PS prompt to find out. To set up the execution policy to the default for Windows server computers, type Set-ExecutionPolicy RemoteSigned);
  5. (Optional) Ensure that PmmServerTools Powershell module is installed (Import-Module PmmServerTools must succeed);
  6. Execute Grant-CMProxyConfiguratorAccountPermissions function with parameters;

Grant-CMProxyConfiguratorAccountPermissions function

Grant-CMProxyConfiguratorAccountPermissions -AccountName <String> -CMProxyServiceAccount <String> -SiteCode <String> [-SiteServer <String>] [-SQLServer <String>] [-ADServer <String>]

Examples:

  1. Grant-CMProxyConfiguratorAccountPermissions -AccountName PMM16\ProxyConfigurator -CMProxyServiceAccount PMM16\win2016-001$ -SiteCode T16
  2. Grant-CMProxyConfiguratorAccountPermissions -AccountName PMM16\ProxyConfigurator -CMProxyServiceAccount PMM16\win2016-001$ -SiteCode T16 -SiteServer site-T16.pmm16.dom -SQLServer mssql-T16.pmm16.dom -ADServer pdc-002.pmm16.dom

Parameters:

-AccountName
Existing domain user account.

-CMProxyServiceAccount
PMM CM Proxy Service domain account.

-SiteCode
SCCM site code.

-SiteServer (optional)
FQDN of SCCM primary site server. When not specified the local computer is assumed.

-SQLServer (optional)
FQDN of MS SQL server with the site database. When not specified the local computer is assumed.

-ADServer (optional)
FQDN of AD Domain Controller to target for the operation. When not specified the nearest Domain Controller is searched.

Granting Account Permissions for Running the Parallels Configuration Manager Proxy Service

This section provides instructions on how to automate the tasks described in KB: Permissions Required for Running the Parallels Configuration Manager Proxy Service.

Prerequisites:

  1. ActiveDirectory PowerShell module installed.
    1. Note: ActiveDirectory module is installed by default on domain controllers and requires Remote Server Administration Tools on domain-joined Windows servers.
  2. ConfigurationManager PowerShell module installed.
    1. Please refer to System Center Configuration Manager Cmdlet Library for download and install instructions. 

To grant the account permissions:

  1. Log on as a  Domain Administrator;
  2. Choose a domain user account to grant the permissions to (create a new one if necessary);
  3. Start Powershell;
  4. Ensure that Powershell current execution policy is OTHER THAN Restricted (type Get-ExecutionPolicy at PS prompt to find out. To set up the execution policy to the default for Windows server computers, type Set-ExecutionPolicy RemoteSigned);
  5. (Optional) Ensure that PmmServerTools Powershell module is installed (Import-Module PmmServerTools must succeed);
  6. Execute Grant-CMProxyServiceAccountPermissions function with parameters;

    Grant-CMProxyServiceAccountPermissions function

    Grant-CMProxyServiceAccountPermissions -AccountName <String> -SiteCode <String> [-SiteServer <String>] [-ADServer <String>]

    Examples:

    1. Grant-CMProxyServiceAccountPermissions -AccountName PMM16\ProxyService -SiteCode T16
    2. Grant-CMProxyServiceAccountPermissions -AccountName PMM16\ProxyService -SiteCode T16 -SiteServer site-T16.pmm16.dom -ADServer pdc-002.pmm16.dom

    Parameters:

    -AccountName
    Existing domain user account.

    -SiteCode
    SCCM site code.

    -SiteServer (optional)
    FQDN of SCCM primary site server. When not specified the local computer is assumed.

    -ADServer (optional)
    FQDN of AD Domain Controller to target for the operation. When not specified the nearest Domain Controller is searched.

 

Was this article helpful?

Tell us how we can improve it.