This blog post will be about a new tool, written in PowerShell, to remotely manage mobile devices. This tool is based on the ConfigMgr SDK and contains all the available options for remotely managing mobile devices. That means it can retire, wipe, lock and pin reset mobile devices. Basically, it’s a version 2.0 of the tool I made a couple of months ago. That tool is limited to the ConfigMgr 2012 R2 functionality, of wipe and retire, and this new tool also contains the ConfigMgr 2012 R2 SP1 functionality, of lock and pin reset.
The use case for this tool is still the same. In most cases the service desk is responsible for helping end-users with their mobile devices. What if the company rather not provides the ConfigMgr console to the service desk? What if the company wants to prevent the service desk from wiping a mobile device? Well, that’s were this tool comes in place. This tool provides the possibility to remotely manage mobile devices without using the ConfigMgr console and it also provides the possibility to prevent the usage of the wipe functionality.
Now lets start with a good overview of this tool. The interface is pretty straight forward. It provides a textbox to provide a username. This textbox has a tooltip to provide information about the required information. After providing a username the Get Mobile Devices button can be used to get the registered (primary) mobile devices of the specified user.
The mobile devices, of the specified user, will be shown in the datagridview. After selecting a mobile device, in the datagridview, the Reset Passcode, the View Passcode State, the Remote Lock, the View Remote Lock State, the Retire and the Wipe buttons will enable, if applicable and if allowed. The Wipe and Reset Passcode functionality are not applicable for Windows (RT) devices. Also, the Wipe functionality needs to be specifically enabled via the AllowWipe switch.
This tool provides a lot of messages based on the actions performed by the administrative user. Based on the action the following messages can show.
Before this tool can be used, the administrative user, or service account, used to start this tool, requires at least the permissions as described in this post and the permissions to read user device affinities (User Device Affinities > Read). Besides those permissions, there are no special requirements for using this tool. I also didn’t use the ConfigMgr cmdlets, which completely removes the dependency to install the ConfigMgr console, or to do something creative with the ConfigMgr cmdlets.
To start this tool the following parameters are available.
- SiteServer: This parameter is mandatory and should point to a server containing the SMS provider;
- AllowWipe: This switch is optional and enables the button to wipe a mobile device.
All these parameters together will make a complete example look like this.
.\Manage-MobileDevice_v10.ps1 -SiteServer CLDSRV02 -AllowWipe