I have worked with a few customers that are annoyed with the user configuration required to use the new Silverlight SCOM web console. The web console is often used for one-off application owners or IT staff that are not regularly using SCOM. It
was is a great way to give these users quick access to view the SCOM console so they can get more information about an alert they have received.
SCOM 2012 has extra steps that an end user has to take to get the web console to work. Users see the “Web Console Configuration Required” screen and are often confused as to what do to.
To fix this we can automate the configuration process. This will remove the configuration screens and the end user can access the SCOM web console easily.
Here are my sample GPOs with instructions on how to install them.
The instructions below will walk you through creating your own GPOs to automate the process.
Here are the high level steps.
- Automate Install of Microsoft Silverlight
- Export Client Certificate
- Export Registry Key(s)
- Automate Install of Client Certificate
- Automate Install of Registry Key(s)
- Verify it works on Windows XP, Vista, 7, and 8
1. Automate Install of Microsoft Silverlight
There are multiple ways to automate this install. I recommend creating a SCCM package or login script to push the install out to the clients that need it.
To do an unattended installed, the command(s) you need.
Silverlight_x64.exe /q or Silverlight.exe /q
Download Silverlight - http://go.microsoft.com/fwlink/?LinkID=149156&v=5.0.61118.0
My next challenge is the Web Console Configuration Required screen. This is the screen that throws off end users as they think the web console is not working and something need to be configured on the backend.
2. Export Client Certificate
First I click configure and download the SilverlightClientConfiguration.exe.
The tool does two things. Creates a certificate and creates a registry key.
Now I need to export the client certificate.
I right click on the Microsoft Code Signing PCA certificate and export it.
3. Export Registry Key(s)
I open the registry editor
I open the file in notepad and remove everything but
I also create the same key but for 32-bit systems by removing the Wow6432Node
You can download my copy here. Link
If you know how to add the cert and registry key into AD you can stop reading here. I will go though the process for anyone who doesn’t know how.
4. Automate Install of Client Certificate
To automate the install of the client certificate and registry keys I will use Active Directory Group Policy Objects.
In the navigation pane, I open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers
I click next, and Finish
5. Automate Install of Registry Key(s)
I go back to the same policies I created earlier and edit them.
In the Key Path for the 64-bit GPO I add
For the Value name I type
I change the Value type to Reg_DWORD
I click ok.
I repeat the process for the 32-bit one but I add this registry key.
Now I need to create some WMI filters to filter if it’s a 32-bit or 64-bit system. (Wow this more work then I thought!)
I go back into my Group Policy Management console.
I call the first one 64-Bit Systems. For the Description I use the same.
I click add. Then I Add this query.
Select * from Win32_Processor where AddressWidth = ’64’
I click Save and I repeat the process for the 32-Bit Filter.
But I use this query
Select * from Win32_Processor where AddressWidth = ’32’
I next attach the filters to the GPOs I created earlier.
I repeat the process to attach the 32-Bit filter to the 32-Bit GPO
5. Verify it works on Windows XP, Vista, 7, and 8
I have tested this on Win8, Win7 SP1 (64-Bit), Win7 SP1(32-Bit), Vista SP2(32-Bit), and XP SP3 (32-bit)
*Note with Windows XP SP3 I had to install the Group Policy Preference Client Side Extensions for Windows XP – http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=3628. In SP3 these are supposed to be already installed but I couldn’t get the registry group policies to work without reinstalling the GPO extensions.