Since at least SCCM 2007, there have been scripts triggered off of Status messages to perform this task.
These are the excellent guides I followed to get this up and running. The main two are these here, blended together.
The environment is SCCM 2012r2 CU4 running on Windows Server 2012r2.
Outside of SCCM
Create a Service Account in AD - "SVC-SCCM-RemovalAdmin"
On your Primary Server, in Windows
Add the Service Account to the Primary Site Server Local User Group "Remote Management Users"
We will presume you keep your scripts in this location on the Primary Server: C:\Scripts
Put these two files there (Ryan Norton @ ServerTechs.info had these on his page).
- Edit Username
- Edit Script Paths!
- Make sure the path to your module is correct (aka where you have SCCM itself installed locally).
- In Send-MailMessage: Change the From, modify Subject, Recipients, and your own mail server.
I bet you saw the reference up there to the cred.txt file. You need to create that unless you like being terrible at securing anything. This is really just ripped right from Ryan Norton's page:
Make sure you have PSExec on the system.
- Open a Administrative Command Prompt.
- Run: "PSExec -i -s powershell.exe"
- Enter: "Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\Scripts\Cred.txt"
- Nothing will prompt you. Type the password for the Domain\SVC-SCCM-RemovalAdmin. Followed by the enter key. Very. Carefully.
Now time to jump into the SCCM Console.
Create a Collection you want to be the place people put Devices to be imaged (HelpDeskImaging).
Give the users the rights and scope to add devices to that collection. This is where you can use limiting collections to then prevent certain servers from being moved into this collection to be re-imaged. Deny beats Allow!
Create a new Security role by going to, Administration Tab - Security - Security Role. You can call it "CollectionEditor" giving only Collection Read and Modify rights. Chose appropriate Security Scope to include the Collection you want to work with (HelpDeskImaging).
Jump over to the Administration Tab - Security - Administrative Users and add the "SVC-SCCM-RemovalAdmin" account there, giving it the "Collection Editor" role. Assign security scope here if needed.
So now we have the account added, it can now actually remove members from the Collection (kinda). But it needs to be triggered.
Head to Administrative Tab - Sites - Highlight your Site - Status Filter Rules.
Task Sequence Manager must be typed. It isn't on the drop down. Message ID must be 11171.
You can specify a Property + Property ID to have this only trigger for certain OSD deployments in that collection. Leave it blank to trigger on all completions within that collection(s).
Under Actions you'll need "Run a Program" filled out. Remember to use the right path for the script.
So keep in mind, the script is going to run on any completion which is triggered either for any completion (just Message ID), or specific ones (If you added Property + Value).
What changes the script sending the email or not is how you have Collections chosen in the "Run A Program" Action within the Status Message.
That's it! You should be getting alerts!
There are some nice troubleshooting links in the two links I posted above, and plenty more below.
Here are a bunch more for inspiration, troubleshooting and other methods!