Approve, Block, Unapprove, or Unblock a Client in ConfigMgr 2012 via PowerShell

This blog post will show how to approve, block, unapprove, or unblock clients in ConfigMgr 2012 via PowerShell. Three of these actions, approve, block and unblock, are also accessible via the console, but via PowerShell it is very easy to perform these actions for a whole collections. This creates the possibility to create a custom automatic approval in combination with for example a collection membership. The fourth action, unapprove, is not accessible via the console and only accessible via WMI (with some help of PowerShell).


In WMI there is the class SMS_Collection, which has the methods ApproveClients and BlockClients. These methods can be used to (un)approve and (un)block clients and they require both the same two parameters. They both require a boolean and an array as input. When the boolean is set to TRUE it will approve, or block, all the clients specified in the array and when the boolean is set to FALSE it will unapprove, or unblock, all the clients in the specified array. This brings us, per action, to the following code snippets:


Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) -Class SMS_Collection ` -Name ApproveClients -ArgumentList @($True,$ClientsArray) -ComputerName $SiteServer


Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) -Class SMS_Collection ` -Name BlockClients -ArgumentList @($True,$ClientsArray) -ComputerName $SiteServer


Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) -Class SMS_Collection ` -Name ApproveClients -ArgumentList @($False,$ClientsArray) -ComputerName $SiteServer


Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) -Class SMS_Collection ` -Name BlockClients -ArgumentList @($False,$ClientsArray) -ComputerName $SiteServer

Complete example

Now after we know all the different invoke commands for the different actions, let’s use one of the actions for a complete example. Under here I created a small function to approve all clients in the specified collection. In short, this function creates an empty array, then queries for the CollectionId, then fills the array with all ResourceIds and at the end it will invoke the WMI method ApproveClients with the array as a parameter. This function needs as input the site code, the site server and the collection name.

function Approve-Client { param([string]$SiteCode, [string]$SiteServer, [string]$CollectionName) $ClientsArray = @() $CollectionId = (Get-WmiObject -Class SMS_Collection ` -Namespace root/SMS/site_$($SiteCode) -ComputerName $SiteServer ` -Filter "Name='$CollectionName'").CollectionId $ClientsArray = (Get-WmiObject -Class SMS_CollectionMember_a ` -Namespace root/SMS/site_$($SiteCode) -ComputerName $SiteServer ` -Filter "CollectionId='$CollectionId'").ResourceId Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) ` -Class SMS_Collection -Name ApproveClients ` -ArgumentList @($True,$ClientsArray) -ComputerName $SiteServer } Approve-Client "PTP" "PTSRVR02" "Samsung devices"

5 thoughts on “Approve, Block, Unapprove, or Unblock a Client in ConfigMgr 2012 via PowerShell”

  1. Hello Peter

    I found your website because I was looking for an solution to my problem.
    In the past I blocked a client for as a test.
    But now the problem this client is appearing in de managemet console but I can’t unblock it anymore. IT’s greyed-out. Also block is greyed-out.
    Therefore I used your function above to fill an array with a collection. So I deleted the last part of the function where you change the clients within the collection.
    But when I run this function as you describe (I used the settings of our SCCM environment) the array isn’t filled.
    I don’t get an error so I’m wondering what I’m doing wrong.

    Maybe I made a mistake so if you have a tip for me I would be happy.
    And I also love SCCM. 🙂



    • Hi Ron,
      Sorry, it’s not totally clear to me what you what you’ve done.
      The function basically does three things. First it finds the collection id of the collection, then it finds the collection members and puts them in the array and at the end it will either (un)approve, or (un)block the client.
      Are you trying to only do the first two things?

  2. Hi,

    It’s an old post but a got an error with this command :

    $a = @(‘Windows-7’)
    invoke-wmimethod -computer “WIN-FBHCF9O63P9” -namespace root\sms\site_LAB -class SMS_Collection -name BlockClients -argumentlist @($True,$a)

    And my error is “Invoke-wmimethod Input string is not in correct format”
    Did you have an idea ?



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.