├── Modules
    ├── placeholder.txt
    ├── CMOperations
    │   ├── LICENSE
    │   └── CMOperations.psd1
    └── Scripts
    │   ├── Set-WifiProfile.PS1
    │   └── Modify-BootStrapInfo.PS1
├── Reporting
    ├── SCConfigMgr-PatchingDashboardV2.5.pbit
    ├── SCConfigMGR-Patch-ComplianceV1.0.0.8.pbit
    └── Export-CMReports.ps1
├── README.md
├── Operating System Deployment
    ├── Windows Servicing
    │   ├── Invoke-CMResetWinRE.ps1
    │   ├── Invoke-CMDetectCurrentOSVersion.ps1
    │   ├── Invoke-CMDetectMBRPartitions.ps1
    │   ├── Invoke-CMDetectBitLockerEncryption.ps1
    │   └── Invoke-CMDetectFirmwareMode.ps1
    ├── Invoke-TSDumpVariables.ps1
    ├── Invoke-DellCCTKCheck.ps1
    ├── Enable-UbuntuForWindows.ps1
    ├── Set-WindowsDefenderSetting.ps1
    ├── BIOS
    │   └── Invoke-MicrosoftBIOSUpdate.ps1
    ├── Enable-CredentialGuard.ps1
    ├── Invoke-ITMaintenanceMessage.ps1
    ├── TPM
    │   └── Invoke-ManageTPMOwnership.ps1
    ├── Build and Capture
    │   └── Set-CMWindowsStoreUpdates.ps1
    └── Invoke-TPMOwnerPassword.ps1
├── Application
    ├── Get-MSIFileInformation.ps1
    ├── ConvertFrom-CMApplicationCIUniqueID.ps1
    ├── Add-CMApplicationRequirementRule.ps1
    ├── Get-CMApplicationsRequirementPrimaryDevice.ps1
    ├── Start-ApplicationDistribution.ps1
    ├── Get-CMApplicationWithDependency.ps1
    └── Set-CMApplicationPostInstallBehavior.ps1
├── Console Extension
    ├── CreateSoftwareUpdateGroup
    │   └── CreateSoftwareUpdateGroup.xml
    ├── GetMaintenanceWindows
    │   └── MW.xml
    └── DellWarranty
    │   └── 3.0
    │       ├── DellWarranty.xml
    │       └── MainWindow.xaml
├── Device Collection
    ├── Rename-CMCollections.ps1
    └── Remove-DeviceFromCollection.ps1
├── Site Administration
    ├── Set-CMDiscoveryMethodADGroupScope.ps1
    ├── Set-CMMaxMIFSize.ps1
    ├── Get-CMIPRangeBoundary.ps1
    ├── Set-CMAdditionalUpdateLanguagesForOffice365.ps1
    └── Set-CMCloudManagementGatewayState.ps1
├── Client
    ├── Clean-CMClientCache.ps1
    ├── Get-CMDeviceModels.ps1
    ├── Get-CMDeviceIPAddresses.ps1
    └── Import-CMDevice.ps1
├── Compliance Settings
    └── Set-OPPUpdateChannel.ps1
├── Content
    ├── Invoke-CMFailedContentRefresh.ps1
    └── Invoke-CMDeploymentTypeContentUpdate.ps1
├── Software Updates
    ├── ConvertTo-CMSoftwareUpdate.ps1
    ├── Invoke-ADRDeploymentPackage.ps1
    ├── Add-CMWSUSScanRetryErrorCodes.ps1
    └── New-CMDeploymentPackage.ps1
├── Package
    └── Get-CMDisabledPrograms.ps1
├── Migration
    ├── Import-CMStatusMessageQuery.ps1
    └── Import-CMQuery.ps1
├── Software Distribution
    └── Install-MBAMClient.ps1
└── Maintenance Windows
    ├── Get-CMDeviceMaintenanceWindow.ps1
    └── Remove-YearlyMWindow.PS1


/Modules/placeholder.txt:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/Reporting/SCConfigMgr-PatchingDashboardV2.5.pbit:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MSEndpointMgr/ConfigMgr/HEAD/Reporting/SCConfigMgr-PatchingDashboardV2.5.pbit


--------------------------------------------------------------------------------
/Reporting/SCConfigMGR-Patch-ComplianceV1.0.0.8.pbit:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MSEndpointMgr/ConfigMgr/HEAD/Reporting/SCConfigMGR-Patch-ComplianceV1.0.0.8.pbit


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ConfigMgr
2 | System Center Configuration Manager scripts
3 | 
4 | Scripts are provided as is with no liability and should be tested in a controlled environment.
5 | 


--------------------------------------------------------------------------------
/Operating System Deployment/Windows Servicing/Invoke-CMResetWinRE.ps1:
--------------------------------------------------------------------------------
 1 | # Disable WinRE
 2 | try {
 3 | 	Start-Process -FilePath "reagentc.exe" -ArgumentList "/Disable" -Wait -ErrorAction Stop
 4 | }
 5 | catch [System.Exception] {
 6 |     Write-Warning -Message "An error occured while disabling WinRE. Error message: $($_.Exception.Message)" ; exit 1
 7 | }
 8 | 
 9 | # Enable WinRE
10 | try {
11 | 	Start-Process -FilePath "reagentc.exe" -ArgumentList "/Enable" -Wait -ErrorAction Stop
12 | }
13 | catch [System.Exception] {
14 |     Write-Warning -Message "An error occured while enabling WinRE. Error message: $($_.Exception.Message)" ; exit 1
15 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Windows Servicing/Invoke-CMDetectCurrentOSVersion.ps1:
--------------------------------------------------------------------------------
 1 | # Load Microsoft.SMS.TSEnvironment COM object
 2 | try {
 3 |     $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 4 | }
 5 | catch [System.Exception] {
 6 |     Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 7 | }
 8 | 
 9 | # Determine current OS version
10 | $BuildNumber = Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty BuildNumber
11 | 
12 | # Set task sequence variable
13 | try {
14 |     $TSEnvironment.Value("OSDCurrentOSVersion") = "$($BuildNumber)"
15 | }
16 | catch [System.Exception] {
17 |     Write-Warning -Message "An error occured while setting task sequence variable. Error message: $($_.Exception.Message)" ; exit 1
18 | }


--------------------------------------------------------------------------------
/Application/Get-MSIFileInformation.ps1:
--------------------------------------------------------------------------------
 1 | param(
 2 | [parameter(Mandatory=$true)]
 3 | [IO.FileInfo]$Path,
 4 | [parameter(Mandatory=$true)]
 5 | [ValidateSet("ProductCode","ProductVersion","ProductName")]
 6 | [string]$Property
 7 | )
 8 | try {
 9 |     $WindowsInstaller = New-Object -ComObject WindowsInstaller.Installer
10 |     $MSIDatabase = $WindowsInstaller.GetType().InvokeMember("OpenDatabase","InvokeMethod",$Null,$WindowsInstaller,@($Path.FullName,0))
11 |     $Query = "SELECT Value FROM Property WHERE Property = '$($Property)'"
12 |     $View = $MSIDatabase.GetType().InvokeMember("OpenView","InvokeMethod",$null,$MSIDatabase,($Query))
13 |     $View.GetType().InvokeMember("Execute", "InvokeMethod", $null, $View, $null)
14 |     $Record = $View.GetType().InvokeMember("Fetch","InvokeMethod",$null,$View,$null)
15 |     $Value = $Record.GetType().InvokeMember("StringData","GetProperty",$null,$Record,1)
16 |     return $Value
17 | } 
18 | catch {
19 |     Write-Output $_.Exception.Message
20 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Windows Servicing/Invoke-CMDetectMBRPartitions.ps1:
--------------------------------------------------------------------------------
 1 | # Load Microsoft.SMS.TSEnvironment COM object
 2 | try {
 3 |     $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 4 | }
 5 | catch [System.Exception] {
 6 |     Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 7 | }
 8 | 
 9 | # Detect amount of partitions for system drive
10 | $DriveLetter = $env:SystemDrive.Substring(0,1)
11 | $SystemDrivePartitionCount = (Get-Partition -DriveLetter $DriveLetter | Measure-Object).Count
12 | 
13 | # Set task sequence variable
14 | try {
15 |     if ($SystemDrivePartitionCount -le 3) {
16 |         $TSEnvironment.Value("OSDConvertToGPT") = "True"
17 |     }
18 |     else {
19 |         $TSEnvironment.Value("OSDConvertToGPT") = "False"
20 |     }
21 | }
22 | catch [System.Exception] {
23 |     Write-Warning -Message "An error occured while setting task sequence variable. Error message: $($_.Exception.Message)" ; exit 1
24 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Windows Servicing/Invoke-CMDetectBitLockerEncryption.ps1:
--------------------------------------------------------------------------------
 1 | # Load Microsoft.SMS.TSEnvironment COM object
 2 | try {
 3 |     $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 4 | }
 5 | catch [System.Exception] {
 6 |     Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 7 | }
 8 | 
 9 | # Detect encrypted drives
10 | $OSDriveEncrypted = $false
11 | $EncryptedVolumes = Get-WmiObject -Namespace "root\cimv2\Security\MicrosoftVolumeEncryption" -Class "Win32_EncryptableVolume"
12 | foreach ($Volume in $EncryptedVolumes) {
13 |     if ($Volume.DriveLetter -like $env:SystemDrive) {
14 |         if ($Volume.EncryptionMethod -ge 1) {
15 |             $OSDriveEncrypted = $true
16 |         }
17 |     }
18 | }
19 | 
20 | # Set task sequence variable
21 | try {
22 |     $TSEnvironment.Value("OSDBitLockerEncrypted") = "$($OSDriveEncrypted)"
23 | }
24 | catch [System.Exception] {
25 |     Write-Warning -Message "An error occured while setting task sequence variable. Error message: $($_.Exception.Message)" ; exit 1
26 | }


--------------------------------------------------------------------------------
/Console Extension/CreateSoftwareUpdateGroup/CreateSoftwareUpdateGroup.xml:
--------------------------------------------------------------------------------
 1 | <ActionDescription Class="Executable" DisplayName="Create Software Update Group" MnemonicDisplayName="Create Software Update Group" Description="Create Software Update Group" SqmDataPoint="53">
 2 | 	<ShowOn>
 3 | 		<string>DefaultHomeTab</string>
 4 | 		<string>ContextMenu</string>
 5 | 	</ShowOn>
 6 | 	<ResourceAssembly>
 7 | 		<Assembly>AdminUI.CollectionProperty.dll</Assembly>
 8 | 		<Type>Microsoft.ConfigurationManagement.AdminConsole.CollectionProperty.Properties.Resources.resources</Type>
 9 | 	</ResourceAssembly>
10 | 	<ImagesDescription>
11 | 		<ResourceAssembly>
12 | 			<Assembly>AdminUI.UIResources.dll</Assembly>
13 | 			<Type>Microsoft.ConfigurationManagement.AdminConsole.UIResources.Properties.Resources.resources</Type>
14 | 		</ResourceAssembly>
15 | 		<ImageResourceName>SUM_Update</ImageResourceName>
16 | 	</ImagesDescription>
17 | 	<Executable>
18 | 		<FilePath>"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"</FilePath>
19 | 		<Parameters>-WindowStyle Hidden -ExecutionPolicy ByPass -File #PATH# -SiteServer #SERVER#</Parameters>
20 | 	</Executable>
21 | </ActionDescription>


--------------------------------------------------------------------------------
/Modules/CMOperations/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 JordanTheITGuy
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/Device Collection/Rename-CMCollections.ps1:
--------------------------------------------------------------------------------
 1 | [CmdletBinding()]
 2 | param(
 3 | [parameter(Mandatory=$true)]
 4 | [string]$SiteServer,
 5 | [parameter(Mandatory=$true)]
 6 | [string]$SiteCode,
 7 | [parameter(Mandatory=$true)]
 8 | [int]$CollectionType,
 9 | [parameter(Mandatory=$true)]
10 | [string]$SearchFor,
11 | [parameter(Mandatory=$true)]
12 | [string]$ReplaceWith,
13 | [parameter(Mandatory=$false)]
14 | [switch]$WhatIf
15 | )
16 | Process {
17 |     $Collections = Get-WmiObject -Class SMS_Collection -Namespace "root\SMS\site_$($SiteCode)" -ComputerName "$($SiteServer)" | Where-Object { ($_.CollectionType -eq $CollectionType) -and ($_.Name -like "*$($SearchFor)*") }
18 |     $Collections | ForEach-Object {
19 |         if ($WhatIf -eq $true) {
20 |             Write-Output "Collection to rename: $($_.Name)"
21 |         }
22 |         elseif ($WhatIf -ne $true) {
23 |             Write-Output "Current collection name: $($_.Name)"
24 |             Write-Output "New collection name: $($_.Name -replace "$($SearchFor)","$($ReplaceWith)")`n"
25 |             $_.Name = $_.Name -replace "$($SearchFor)","$($ReplaceWith)"
26 |             $_.Put() | Out-Null
27 |         }
28 |     }
29 | }


--------------------------------------------------------------------------------
/Console Extension/GetMaintenanceWindows/MW.xml:
--------------------------------------------------------------------------------
 1 | <ActionDescription Class="Executable" DisplayName="Show Maintenance Windows" MnemonicDisplayName="Show Maintenance Windows" Description="Show Maintenance Windows" SqmDataPoint="53">
 2 | 	<ShowOn>
 3 | 		<string>ContextMenu</string>
 4 | 	</ShowOn>
 5 |     <ResourceAssembly>
 6 | 		<Assembly>AdminUI.CollectionProperty.dll</Assembly>
 7 | 			<Type>Microsoft.ConfigurationManagement.AdminConsole.CollectionProperty.Properties.Resources.resources</Type>
 8 | 	</ResourceAssembly>
 9 | 		<ImagesDescription>
10 | 			<ResourceAssembly>
11 | 				<Assembly>AdminUI.UIResources.dll</Assembly>
12 | 				<Type>Microsoft.ConfigurationManagement.AdminConsole.UIResources.Properties.Resources.resources</Type>
13 | 			</ResourceAssembly>
14 | 		<ImageResourceName>Information</ImageResourceName>
15 | 	</ImagesDescription>
16 | 	<Executable>
17 | 		<FilePath>"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"</FilePath>
18 | 		<Parameters>-windowstyle hidden -executionpolicy bypass -file "C:\Scripts\Get-MaintenanceWindows.ps1" -SiteServer "##SUB:__Server##" -SiteCode "##SUB:SiteCode##" -ResourceID "##SUB:ResourceID##"</Parameters>
19 | 	</Executable>
20 | </ActionDescription>


--------------------------------------------------------------------------------
/Console Extension/DellWarranty/3.0/DellWarranty.xml:
--------------------------------------------------------------------------------
 1 | <ActionDescription Class="Executable" DisplayName="Dell Warranty" MnemonicDisplayName="Dell Warranty" Description="Dell Warranty" SqmDataPoint="53">
 2 |   <ShowOn>
 3 |     <string>DefaultHomeTab</string>
 4 |     <string>ContextMenu</string>
 5 |   </ShowOn>
 6 |   <ResourceAssembly>
 7 |     <Assembly>AdminUI.CollectionProperty.dll</Assembly>
 8 |     <Type>Microsoft.ConfigurationManagement.AdminConsole.CollectionProperty.Properties.Resources.resources</Type>
 9 |   </ResourceAssembly>
10 |   <ImagesDescription>
11 |     <ResourceAssembly>
12 |       <Assembly>AdminUI.UIResources.dll</Assembly>
13 |       <Type>Microsoft.ConfigurationManagement.AdminConsole.UIResources.Properties.Resources.resources</Type>
14 |     </ResourceAssembly>
15 |     <ImageResourceName>Information</ImageResourceName>
16 |   </ImagesDescription>
17 |   <Executable>
18 |     <FilePath>"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"</FilePath>
19 |     <Parameters>-sta -WindowStyle Hidden -ExecutionPolicy ByPass -File "C:\Scripts\DellWarranty\Invoke-DellWarrantyTool_3.0.ps1" -SiteServer ##SUB:__Server## -APIKey YOURAPIKEY -DeviceName ##SUB:Name## -ResourceID ##SUB:ResourceID##</Parameters>
20 |   </Executable>
21 | </ActionDescription>


--------------------------------------------------------------------------------
/Site Administration/Set-CMDiscoveryMethodADGroupScope.ps1:
--------------------------------------------------------------------------------
 1 | # Import Configuration Manager module
 2 | Import-Module -Name ConfigurationManager
 3 | 
 4 | # Set location to the ConfigMgr PSDrive
 5 | Set-Location -Path P01:
 6 | 
 7 | # Define variables
 8 | $SearchFilter = "Groups"
 9 | $SearchBase = "OU=Contoso,DC=contoso,DC=com"
10 | 
11 | # Get distinguished names for eligible OU's
12 | $OUDistinguishedNames = Get-ADOrganizationalUnit -Filter "Name -like '$($SearchFilter)'" -SearchBase $SearchBase | Select-Object -ExpandProperty DistinguishedName
13 | 
14 | # Construct array list
15 | $ADGroupDiscoveryList = New-Object -TypeName System.Collections.ArrayList
16 | 
17 | # Process each discovered AD object
18 | foreach ($OUDistinguishedName in $OUDistinguishedNames) {
19 |     # Determine parent OU name
20 |     $OUParent = (([ADSI]"LDAP://$($OUDistinguishedName)").Parent).SubString(7)
21 |     $OUParentName = Get-ADOrganizationalUnit -Identity $OUParent | Select-Object -ExpandProperty Name
22 | 
23 |     # Create new ADGroupDiscoveryScope object and add it to the array list
24 |     $ADGroupDiscoveryScope = New-CMADGroupDiscoveryScope -Name $OUParentName -LdapLocation "LDAP://$($OUDistinguishedName)" -RecursiveSearch $true
25 |     $ADGroupDiscoveryList.Add($ADGroupDiscoveryScope) | Out-Null
26 |     
27 | }
28 | 
29 | # Set the Discovery Method scope
30 | Set-CMDiscoveryMethod -ActiveDirectoryGroupDiscovery -AddGroupDiscoveryScope $ADGroupDiscoveryList


--------------------------------------------------------------------------------
/Operating System Deployment/Windows Servicing/Invoke-CMDetectFirmwareMode.ps1:
--------------------------------------------------------------------------------
 1 | # Load Microsoft.SMS.TSEnvironment COM object
 2 | try {
 3 |     $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 4 | }
 5 | catch [System.Exception] {
 6 |     Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 7 | }
 8 | 
 9 | # Load firmware type from kernel32.dll
10 | Add-Type -Language CSharp -TypeDefinition @"
11 | 
12 |     using System;
13 |     using System.Runtime.InteropServices;
14 | 
15 |     public class FirmwareType
16 |     {
17 |         [DllImport("kernel32.dll")]
18 |         static extern bool GetFirmwareType(ref uint FirmwareType);
19 | 
20 |         public static uint GetFirmwareType()
21 |         {
22 |             uint firmwaretype = 0;
23 |             if (GetFirmwareType(ref firmwaretype))
24 |                 return firmwaretype;
25 |             else
26 |                 return 0;
27 |         }
28 |     }
29 | "@
30 | 
31 | # Determine firmware type
32 | switch ([FirmwareType]::GetFirmwareType()) {
33 |     1 { $FirmwareType = "BIOS" }
34 |     2 { $FirmwareType = "UEFI" }
35 |     0 { $FirmwareType = "Unknown" }
36 | }
37 | 
38 | # Set task sequence variable
39 | try {
40 |     $TSEnvironment.Value("OSDFirmwareType") = "$($FirmwareType)"
41 | }
42 | catch [System.Exception] {
43 |     Write-Warning -Message "An error occured while setting task sequence variable. Error message: $($_.Exception.Message)" ; exit 1
44 | }


--------------------------------------------------------------------------------
/Site Administration/Set-CMMaxMIFSize.ps1:
--------------------------------------------------------------------------------
 1 | <#  
 2 | .SYNOPSIS  
 3 |     This function can be run against a server to set the 'Max MIF Size' registry value.
 4 | .DESCRIPTION
 5 |     This function can be run against a server to set the 'Max MIF Size' registry value.
 6 | .PARAMETER ComputerName
 7 |     The NetBIOS name of the computer to run the script against.
 8 | .PARAMETER Size
 9 |     Integer value of the maximum size for MIF size that the system will handle. Specified in hex, e.g. 3200000 = 50MB.
10 | .NOTES  
11 |     Name: Set-MaxMIFSize
12 |     Author: Nickolaj Andersen
13 |     DateCreated: 2014-01-07
14 |         
15 | .LINK  
16 |     http://www.scconfigmgr.com
17 | .EXAMPLE  
18 | Set-CMMaxMIFSize -ComputerName 'SRV001' -Size 3200000
19 | 
20 | Description
21 | -----------
22 | This command will set the 'Max MIF Size' DWORD value in 'HKLM\SOFTWARE\Microsoft\SMS\Components\SMS_INVENTORY_DATA_LOADER'.
23 |         
24 | #>
25 | [CmdletBinding()]
26 | param(
27 | [ValidateScript({Test-Connection -ComputerName $_ -Count 1})]
28 | [ValidateNotNull()]
29 | [parameter(Mandatory=$true,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
30 | $ComputerName,
31 | [ValidateNotNull()]
32 | [parameter(Mandatory=$true)]
33 | [int]$Size
34 | )
35 | Process {
36 |     try {
37 |         Invoke-Command -ComputerName $ComputerName -ScriptBlock {
38 |             param(
39 |             $Size,
40 |             $ComputerName
41 |             )
42 |             $Key = "SOFTWARE\Microsoft\SMS\Components\SMS_INVENTORY_DATA_LOADER"
43 |             $BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName)
44 |             $SubKey = $BaseKey.OpenSubkey($Key,$true)
45 |             $SubKey.SetValue('Max MIF Size',$Size,[Microsoft.Win32.RegistryValueKind]::DWORD)
46 |         } -ArgumentList ($Size,$ComputerName)
47 |     }
48 |     catch {
49 |         Write-Output $_.Exception.Message
50 |     }
51 | }


--------------------------------------------------------------------------------
/Console Extension/DellWarranty/3.0/MainWindow.xaml:
--------------------------------------------------------------------------------
 1 | <Window         
 2 | 	xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" 
 3 | 	xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" 
 4 | 	Name="Window" Title="Dell Warranty Tool 3.0" Height="350" Width="600" WindowStartupLocation="CenterScreen" Background="#FFE5E5E5" Topmost="False">
 5 | 	<Grid>
 6 |         <DataGrid Name="DataGrid_Main" HorizontalAlignment="Left" Margin="10,71,0,0" VerticalAlignment="Top" Height="208" Width="565" Background="#FFE5E5E5" SelectionMode="Single" AutoGenerateColumns="True" IsReadOnly="True" AlternationCount="2" AlternatingRowBackground="#FFDBDBDC" GridLinesVisibility="None" HeadersVisibility="Column" ColumnWidth="*"/>
 7 |         <GroupBox Name="GroupBox_DeviceName" Header="Device Name" HorizontalAlignment="Left" Margin="10,10,0,0" VerticalAlignment="Top" Height="50" Width="137">
 8 |             <TextBox Name="TextBox_DeviceName" HorizontalAlignment="Left" Height="23" Margin="4,2,0,0" TextWrapping="Wrap" VerticalAlignment="Top" Width="120" IsEnabled="False"/>
 9 |         </GroupBox>
10 |         <GroupBox Name="GroupBox_ServiceTag" Header="Service Tag" HorizontalAlignment="Left" Margin="160,10,0,0" VerticalAlignment="Top" Height="50" Width="137">
11 |             <TextBox Name="TextBox_ServiceTag" HorizontalAlignment="Left" Height="23" Margin="4,2,-2.333,0" TextWrapping="Wrap" VerticalAlignment="Top" Width="120" IsEnabled="False"/>
12 |         </GroupBox>
13 |         <GroupBox Name="GroupBox_Model" Header="Model" HorizontalAlignment="Left" Margin="310,10,0,0" VerticalAlignment="Top" Height="50" Width="137">
14 |             <TextBox Name="TextBox_Model" HorizontalAlignment="Left" Height="23" TextWrapping="Wrap" VerticalAlignment="Top" Width="120" Margin="4,2,0,0" IsEnabled="False"/>
15 |         </GroupBox>
16 |         <Button Name="Button_Start" Content="Get Warranty" HorizontalAlignment="Left" Margin="464,17,0,0" VerticalAlignment="Top" Width="100" Height="23"/>
17 |         <CheckBox Name="CheckBox_SandBox" Content="Sandbox mode" HorizontalAlignment="Left" Margin="463,45,0,0" VerticalAlignment="Top" Width="106"/>
18 |         <ProgressBar Name="ProgressBar_Main" HorizontalAlignment="Left" Height="10" Margin="10,290,0,0" VerticalAlignment="Top" Width="565"/>
19 |     </Grid>
20 | </Window>
21 | 


--------------------------------------------------------------------------------
/Client/Clean-CMClientCache.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Clean the ConfigMgr client cache for items not used within the set amount of retention days.
 4 | 
 5 | .DESCRIPTION
 6 |     Clean the ConfigMgr client cache for items not used within the set amount of retention days.
 7 | 
 8 | .PARAMETER RetentionDays
 9 |     Purge client cache items not refreshed within the set value.
10 | 
11 | .EXAMPLE
12 |     # Purge items in the ConfigMgr client cache that have not been refreshed within the last 7 days:
13 |     .\Clean-CMClientCache.ps1 -RetentionDays 7
14 | 
15 | .NOTES
16 |     FileName:    Clean-CMClientCache.ps1
17 |     Author:      Nickolaj Andersen
18 |     Contact:     @NickolajA
19 |     Created:     2019-02-15
20 |     Updated:     2019-02-15
21 | 
22 |     Version history:
23 |     1.0.0 - (2019-02-15) Script created
24 | #>
25 | [CmdletBinding(SupportsShouldProcess=$true)]
26 | param(
27 |     [parameter(Mandatory=$true, HelpMessage="Purge client cache items not refreshed within the set value.")]
28 |     [ValidateNotNullOrEmpty()]
29 |     [string]$RetentionDays
30 | )
31 | Process {
32 |     # Construct a new UIResourceMgr object
33 |     $CCMClient = New-Object -ComObject UIResource.UIResourceMgr
34 |     if ($CCMClient -ne $null) {
35 |         if (($CCMClient.GetType()).Name -match "_ComObject") {
36 |             # Get client cache directory location
37 |             $CCMCacheDir = ($CCMClient.GetCacheInfo().Location)
38 |             
39 |             # List all applications due in the future or currently running
40 |             $PendingApps = $CCMClient.GetAvailableApplications() | Where-Object { (($_.StartTime -gt (Get-Date)) -or ($_.IsCurrentlyRunning -eq "1")) }
41 |             
42 |             # Create list of applications to purge from cache
43 |             $PurgeApps = $CCMClient.GetCacheInfo().GetCacheElements() | Where-Object { ($_.ContentID -notin $PendingApps.PackageID) -and $((Test-Path -Path $_.Location) -eq $true) -and ($_.LastReferenceTime -lt (Get-Date).AddDays(-$RetentionDays)) }
44 |             
45 |             # Purge apps no longer required
46 |             foreach ($App in $PurgeApps)
47 |             {
48 |                 $CCMClient.GetCacheInfo().DeleteCacheElement($App.CacheElementID)
49 |             }
50 |             
51 |             # Clean Up Misc Directories 
52 |             $ActiveDirs = $CCMClient.GetCacheInfo().GetCacheElements() | ForEach-Object { Write-Output $_.Location }
53 |             Get-ChildItem -Path $CCMCacheDir | Where-Object { (($_.PsIsContainer -eq $true) -and ($_.FullName -notin $ActiveDirs)) } | Remove-Item -Recurse -Force -Verbose
54 |         }
55 |     }
56 | }


--------------------------------------------------------------------------------
/Client/Get-CMDeviceModels.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Get all device models present in ConfigMgr
 4 | 
 5 | .DESCRIPTION
 6 |     This script will get all device models present in ConfigMgr. It requires Hardware Inventory to be enabled and that the devices have reported a full hardware inventory report at least once.
 7 | 
 8 | .PARAMETER SiteServer
 9 |     Site server name with SMS Provider installed.
10 | 
11 | .EXAMPLE
12 |     # Get all device models on a Primary Site server called 'CM01':
13 |     .\Get-CMDeviceModels.ps1 -SiteServer CM01
14 |     
15 | .NOTES
16 |     FileName:    Get-CMDeviceModels.ps1
17 |     Author:      Nickolaj Andersen
18 |     Contact:     @NickolajA
19 |     Created:     2015-04-10
20 |     Updated:     2019-03-12
21 | 
22 |     Version history:
23 |     1.0.0 - (2015-04-10) Script created
24 |     1.0.1 - (2019-03-12) Added manufacturer as a column in the output
25 | #>
26 | [CmdletBinding(SupportsShouldProcess=$true)]
27 | param(
28 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
29 |     [ValidateNotNullOrEmpty()]
30 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
31 |     [string]$SiteServer
32 | )
33 | Begin {
34 |     # Determine SiteCode from WMI
35 |     try {
36 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
37 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
38 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
39 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
40 |                 $SiteCode = $SiteCodeObject.SiteCode
41 |                 Write-Debug "SiteCode: $($SiteCode)"
42 |             }
43 |         }
44 |     }
45 |     catch [Exception] {
46 |         Throw "Unable to determine SiteCode"
47 |     }
48 | }
49 | Process {
50 |     # ArrayList to store the models in
51 |     $ModelsArrayList = New-Object -TypeName System.Collections.ArrayList
52 | 
53 |     # Enumerate through all models
54 |     $ComputerSystems = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_G_System_COMPUTER_SYSTEM -ComputerName $SiteServer | Select-Object -Property Model, Manufacturer
55 |     
56 |     # Add model to ArrayList if not present
57 |     if ($ComputerSystems -ne $null) {
58 |         foreach ($ComputerSystem in $ComputerSystems) {
59 |             if ($ComputerSystem.Model -notin $ModelsArrayList.Model) {
60 |                 $PSObject = [PSCustomObject]@{
61 |                     Model = $ComputerSystem.Model
62 |                     Manufacturer = $ComputerSystem.Manufacturer
63 |                 }
64 |                 $ModelsArrayList.Add($PSObject) | Out-Null
65 |             }
66 |         }
67 |     }
68 |     Write-Output $ModelsArrayList
69 | }


--------------------------------------------------------------------------------
/Compliance Settings/Set-OPPUpdateChannel.ps1:
--------------------------------------------------------------------------------
 1 | # Define the name of the update channel
 2 | $UpdateChannelName = "Broad" # Valid options are: Monthly, Targeted, Broad and Insiders
 3 | 
 4 | switch ($UpdateChannelName) {
 5 |     "Monthly" {
 6 |         $UpdateChannel = "http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60"
 7 |     }
 8 |     "Targeted" {
 9 |         $UpdateChannel = "http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf"
10 |     }
11 |     "Broad" {
12 |         $UpdateChannel = "http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114"
13 |     }
14 |     "Insiders" {
15 |         $UpdateChannel = "http://officecdn.microsoft.com/pr/64256afe-f5d9-4f86-8936-8840a6a4f5be"
16 |     }
17 | }
18 | 
19 | # Change update channel if existing does not match desired update channel
20 | Write-Output -InputObject "Chosen update channel '$($UpdateChannelName)' translated to: $($UpdateChannel)"
21 | $OfficeC2RClientPath = Join-Path -Path $env:CommonProgramW6432 -ChildPath "Microsoft Shared\ClickToRun\OfficeC2RClient.exe"
22 | $C2RConfiguration = "HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\Configuration"
23 | $CurrentUpdateChannel = Get-ItemProperty -Path $C2RConfiguration | Select-Object -ExpandProperty CDNBaseUrl
24 | if ($CurrentUpdateChannel -notlike $UpdateChannel) {
25 |     Write-Output -InputObject "Current update channel does not match specified update channel, calling procedure to change update channel"
26 |     
27 |     # Update registy configuration for new update channel
28 |     Set-ItemProperty -Path $C2RConfiguration -Name "UpdateChannel" -Value $UpdateChannel -Force
29 |     Write-Output -InputObject "Updated registry configuration with new update channel data endpoint"
30 | 
31 |     # Call OfficeC2RClient.exe and change the update channel
32 |     $OfficeC2RClientParameters = "/changesetting channel=$($UpdateChannelName)"
33 |     Write-Output -InputObject "Calling OfficeC2RClient.exe with the following parameters: $($OfficeC2RClientParameters)"
34 |     Start-Process -FilePath $OfficeC2RClientPath -ArgumentList $OfficeC2RClientParameters -Wait
35 | 
36 |     # Call OfficeC2RClient.exe and update Office applications
37 |     $OfficeC2RClientParameters = "/update user updateprompt=false forceappshutdown=true displaylevel=true"
38 |     Write-Output -InputObject "Calling OfficeC2RClient.exe with the following parameters: $($OfficeC2RClientParameters)"
39 |     Start-Process -FilePath $OfficeC2RClientPath -ArgumentList $OfficeC2RClientParameters
40 | 
41 |     # Trigger hardware inventory
42 |     Invoke-WmiMethod -Namespace "root\ccm" -Class "SMS_Client" -Name "TriggerSchedule" -ArgumentList "{00000000-0000-0000-0000-000000000001}"
43 | }
44 | else {
45 |     Write-Output -InputObject "Current update channel matches specified update channel, will not attempt to change update channel"
46 | }


--------------------------------------------------------------------------------
/Application/ConvertFrom-CMApplicationCIUniqueID.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Convert a CI Unique ID to Application Name and Version in ConfigMgr 2012
 4 | .DESCRIPTION
 5 |     This script will convert a CI Unique ID shown in for example the AppIntentEval.log client log file to an Application Name and Version in ConfigMgr 2012
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER CIUniqueID
 9 |     Specify the CI_UniqueID for the application to be translated
10 | .EXAMPLE
11 |     .\ConvertFrom-CMApplicationCIUniqueID.ps1 -SiteServer CM01 -CIUniqueID "Application_f7cdd400-ed5a-473b-a1ce-d3a0cc6643d2" -Verbose
12 |     Converts the CI Unique ID (part of) 'Application_f7cdd400-ed5a-473b-a1ce-d3a0cc6643d2' on a Primary Site server called 'CM01':
13 | .NOTES
14 |     Script name: ConvertFrom-CMApplicationCIUniqueID.ps1
15 |     Author:      Nickolaj Andersen
16 |     Contact:     @NickolajA
17 |     DateCreated: 2015-02-10
18 | #>
19 | [CmdletBinding(SupportsShouldProcess=$true)]
20 | [OutputType([PSObject])]
21 | param(
22 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
23 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
24 |     [ValidateNotNullOrEmpty()]
25 |     [string]$SiteServer,
26 |     [parameter(Mandatory=$true, HelpMessage="Specify the CI_UniqueID for the application to be translated")]
27 |     [ValidateNotNullOrEmpty()]
28 |     [string[]]$CIUniqueID
29 | )
30 | Begin {
31 |     # Determine SiteCode from WMI
32 |     try {
33 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
34 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
35 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
36 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
37 |                 $SiteCode = $SiteCodeObject.SiteCode
38 |                 Write-Debug "SiteCode: $($SiteCode)"
39 |             }
40 |         }
41 |     }
42 |     catch [Exception] {
43 |         Throw "Unable to determine SiteCode"
44 |     }
45 | }
46 | Process {
47 |     $ResultsList = New-Object -TypeName System.Collections.ArrayList
48 |     foreach ($ID in $CIUniqueID) {
49 |         Write-Verbose -Message "Query: SELECT * FROM SMS_ApplicationLatest WHERE CI_UniqueID like '%$($ID)%'"
50 |         $Application = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class "SMS_ApplicationLatest" -ComputerName $SiteServer -Filter "CI_UniqueID like '%$($ID)%'"
51 |         if ($Application -ne $null) {
52 |             $PSObject = [PSCustomObject]@{
53 |                 DisplayName = $Application.LocalizedDisplayName
54 |                 Version = $Application.SoftwareVersion
55 |                 CI_UniqueID = $Application.CI_UniqueID
56 |             }
57 |             $ResultsList.Add($PSObject) | Out-Null
58 |         }
59 |         else {
60 |             Write-Verbose -Message "Unable to find an application matching the CI_UniqueID with '$($ID)'"
61 |         }
62 |     }
63 |     Write-Output $ResultsList
64 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Invoke-TSDumpVariables.ps1:
--------------------------------------------------------------------------------
 1 | # Functions
 2 | function Write-CMLogEntry {
 3 |     param (
 4 |         [parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")]
 5 |         [ValidateNotNullOrEmpty()]
 6 |         [string]$Value,
 7 | 
 8 |         [parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
 9 |         [ValidateNotNullOrEmpty()]
10 |         [ValidateSet("1", "2", "3")]
11 |         [string]$Severity,
12 | 
13 |         [parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")]
14 |         [ValidateNotNullOrEmpty()]
15 |         [string]$FileName = "TSVarDump.log"
16 |     )
17 |     # Determine log file location
18 |     $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value("_SMSTSLogPath") -ChildPath $FileName
19 |     
20 |     # Construct time stamp for log entry
21 |     $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
22 |     
23 |     # Construct date for log entry
24 |     $Date = (Get-Date -Format "MM-dd-yyyy")
25 |     
26 |     # Construct context for log entry
27 |     $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
28 |     
29 |     # Construct final log entry
30 |     $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""TSVarDump"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
31 |     
32 |     # Add value to log file
33 |     try {
34 |         Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
35 |     }
36 |     catch [System.Exception] {
37 |         Write-Warning -Message "Unable to append log entry to TSVarDump.log file. Error message: $($_.Exception.Message)"
38 |     }
39 | }
40 | 
41 | function Get-SensitiveVariable {
42 |     param(
43 |         [parameter(Mandatory = $true, HelpMessage = "Name of a task sequence variable.")]
44 |         [ValidateNotNullOrEmpty()]
45 |         [string]$Variable    
46 |     )
47 |     $SensitiveMatch = $false
48 |     foreach ($SensitiveVariable in @("_OSDOAF", "_SMSTSTaskSequence", "_SMSTSReserved*")) {
49 |         if ($Variable -like $SensitiveVariable) {
50 |             $SensitiveMatch = $true
51 |         }
52 |     }
53 | 
54 |     return $SensitiveMatch
55 | }
56 | 
57 | # Load Microsoft.SMS.TSEnvironment COM object
58 | try {
59 |     $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
60 | }
61 | catch [System.Exception] {
62 |     Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
63 | }
64 | 
65 | # Start task sequence variable values dumping
66 | Write-CMLogEntry -Value "Starting Task Sequence variable values dumping" -Severity 1
67 | 
68 | # Process each variable in Microsoft.SMS.TSEnvironment and dump the values
69 | foreach ($TSVariable in ($TSEnvironment.GetVariables())) {
70 |     $Sensitive = Get-SensitiveVariable -Variable $TSVariable
71 |     if ($Sensitive -eq $false) {
72 |         Write-CMLogEntry -Value ("$($TSVariable) = $($TSEnvironment.Value($TSVariable))") -Severity 1
73 |     }
74 |     else {
75 |         Write-CMLogEntry -Value ("$($TSVariable) = **** REMOVED ****") -Severity 1
76 |     }
77 | }
78 | 
79 | # End task sequence variable values dumping
80 | Write-CMLogEntry -Value "Completed Task Sequence variable values dumping" -Severity 1


--------------------------------------------------------------------------------
/Content/Invoke-CMFailedContentRefresh.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 | 
 4 | .DESCRIPTION
 5 | 
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER ShowProgress
 9 |     Show a progressbar displaying the current operation
10 | .EXAMPLE
11 |     
12 | .NOTES
13 |     Script name: <script name>.ps1
14 |     Author:      Nickolaj Andersen
15 |     Contact:     @NickolajA
16 |     DateCreated: 2014-11-17
17 | #>
18 | [CmdletBinding(SupportsShouldProcess=$true)]
19 | param(
20 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
21 |     [ValidateNotNullOrEmpty()]
22 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
23 |     [string]$SiteServer,
24 |     [parameter(Mandatory=$false, HelpMessage="Show a progressbar displaying the current operation")]
25 |     [switch]$ShowProgress
26 | )
27 | Begin {
28 |     # Determine SiteCode from WMI
29 |     try {
30 |         Write-Verbose -Message "Determining SiteCode for Site Server: '$($SiteServer)'"
31 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
32 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
33 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
34 |                 $SiteCode = $SiteCodeObject.SiteCode
35 |                 Write-Debug -Message "SiteCode: $($SiteCode)"
36 |             }
37 |         }
38 |     }
39 |     catch [System.UnauthorizedAccessException] {
40 |         Write-Warning -Message "Access denied" ; break
41 |     }
42 |     catch [System.Exception] {
43 |         Write-Warning -Message "Unable to determine SiteCode" ; break
44 |     }
45 | }
46 | Process {
47 |     if ($PSBoundParameters["ShowProgress"]) {
48 |         $ProgressCount = 0
49 |     }
50 |     # Main code part goes here
51 |     Write-Verbose -Message "Querying for packages in a failed distribution state"
52 |     $DistributionFailures = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_PackageStatusDistPointsSummarizer -Filter "(State = '1') OR (State = '2') OR (State = '3') OR (State = '7') OR (State = '8')"
53 |     if ($DistributionFailures -ne $null) {
54 |         foreach ($ContentFailure in $DistributionFailures) {
55 |             Write-Verbose -Message "Found package '$($ContentFailure.PackageID)', will attempt to refresh"
56 |             $DistributionPoints = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_DistributionPoint -Filter "(SiteCode = '$($ContentFailure.SiteCode)') AND (PackageID = '$($ContentFailure.PackageID)')"
57 |             if ($DistributionPoints -ne $null) {
58 |                 foreach ($DistributionPoint in $DistributionPoints) {
59 |                     if ($DistributionPoint.ServerNALPath -eq $ContentFailure.ServerNALPath) {
60 |                         $DistributionPoint.RefreshNow = $true
61 |                         $DistributionPoint.Put() | Out-Null
62 |                         Write-Verbose -Message "Successfully refreshed package '$($ContentFailure.PackageID)'"
63 |                     }
64 |                 }
65 |             }
66 |             else {
67 |                 Write-Output -InputObject "No Distribution Points found for package '$($ContentFailure.PackageID)'"
68 |             }
69 |         }
70 |     }
71 |     else {
72 |         Write-Output -InputObject "There where no unsuccessful content distributions found"
73 |     }
74 | }
75 | 
76 | 


--------------------------------------------------------------------------------
/Client/Get-CMDeviceIPAddresses.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     List all IP addresses for each device in a collection
 4 | .DESCRIPTION
 5 |     Get a formatted list of each IP address for all devices in a collection in ConfigMgr
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .EXAMPLE
 9 |     .\Get-CMDeviceIPAddresses.ps1 -SiteServer CM01 -CollectionName "All Inactive Systems"
10 | .NOTES
11 |     Script name: Get-CMDeviceIPAddresses.ps1
12 |     Author:      Nickolaj Andersen
13 |     Contact:     @NickolajA
14 |     DateCreated: 2015-12-14
15 | #>
16 | [CmdletBinding(SupportsShouldProcess=$true)]
17 | param(
18 |     [parameter(Mandatory=$true,HelpMessage="Site Server where SQL Server Reporting Services are installed")]
19 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1})]
20 |     [ValidateNotNullOrEmpty()]
21 |     [string]$SiteServer,
22 |     [parameter(Mandatory=$true,HelpMessage="Specify a collection")]
23 |     [ValidateNotNullOrEmpty()]
24 |     [string]$CollectionName
25 | )
26 | Begin {
27 |     # Determine SiteCode from WMI
28 |     try {
29 |         Write-Verbose "Determining Site Code for Site server: '$($SiteServer)'"
30 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
31 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
32 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
33 |                 $SiteCode = $SiteCodeObject.SiteCode
34 |                 Write-Verbose -Message "Site Code: $($SiteCode)"
35 |             }
36 |         }
37 |     }
38 |     catch [System.UnauthorizedAccessException] {
39 |         Write-Warning -Message "Access denied" ; break
40 |     }
41 |     catch [System.Exception] {
42 |         Write-Warning -Message "Unable to determine Site Code" ; break
43 |     }
44 | }
45 | Process {
46 |     $CollectionID = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Collection -ComputerName $SiteServer -Filter "Name like '$($CollectionName)'" | Select-Object -ExpandProperty CollectionID
47 |     $CollectionMembers = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_FullCollectionMembership -ComputerName $SiteServer -Filter "CollectionID like '$($CollectionID)'" | Select-Object -Property Name
48 |     foreach ($CollectionMember in $CollectionMembers) {
49 |         $DeviceInfo = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_R_System -ComputerName $SiteServer -Filter "Name like '$($CollectionMember.Name)'" | Select-Object -Property Name, IPAddresses
50 |         if ($DeviceInfo.IPAddresses.Count -ge 2) {
51 |             $IPCount = 1
52 |             foreach ($IPAddress in $DeviceInfo.IPAddresses) {
53 |                 if ($IPCount -eq 1) {
54 |                     $PSObject = [PSCustomObject]@{
55 |                         Name = $DeviceInfo.Name
56 |                         IPAddresses = $IPAddress
57 |                     }
58 |                 }
59 |                 else {
60 |                     $PSObject = [PSCustomObject]@{
61 |                         Name = ""
62 |                         IPAddresses = $IPAddress
63 |                     }
64 |                 }
65 |                 Write-Output -InputObject $PSObject
66 |                 $IPCount++
67 |             }
68 |         }
69 |         else {
70 |             $PSObject = [PSCustomObject]@{
71 |                 Name = $DeviceInfo.Name
72 |                 IPAddresses = $DeviceInfo | Select-Object -ExpandProperty IPAddresses
73 |             }
74 |             Write-Output -InputObject $PSObject
75 |         }
76 |     } 
77 | } 
78 | 


--------------------------------------------------------------------------------
/Software Updates/ConvertTo-CMSoftwareUpdate.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Convert a Software Update CI_ID or CI_UniqueID property into KB and Description
 4 | .DESCRIPTION
 5 |     Convert a Software Update CI_ID or CI_UniqueID property into KB and Description
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER CIID
 9 |     Specify the CI_ID to convert to a Software Update
10 | .PARAMETER CIUniqueID
11 |     Specify the CI_UniqueID to convert to a Software Update
12 | .EXAMPLE
13 |     .\ConvertTo-CMSoftwareUpdate.ps1 -SiteServer CM01 -CIID 16855151
14 |     .\ConvertTo-CMSoftwareUpdate.ps1 -SiteServer CM01 -CIUniqueID 79e81e3e-97f6-4059-8a25-6732f8ec0a94
15 | .NOTES
16 |     Script name: ConvertTo-CMSoftwareUpdate.ps1
17 |     Author:      Nickolaj Andersen
18 |     Contact:     @NickolajA
19 |     DateCreated: 2015-08-21
20 | #>
21 | [CmdletBinding(SupportsShouldProcess=$true)]
22 | param(
23 |     [parameter(Mandatory=$true, ParameterSetName="CIID", HelpMessage="Site server name with SMS Provider installed")]
24 |     [parameter(ParameterSetName="CIUniqueID")]
25 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
26 |     [ValidateNotNullorEmpty()]
27 |     [string]$SiteServer,
28 |     [parameter(Mandatory=$true, ParameterSetName="CIID", HelpMessage="Specify the CI_ID to convert to a Software Update")]
29 |     [ValidateNotNullorEmpty()]
30 |     [string]$CIID,
31 |     [parameter(Mandatory=$true, ParameterSetName="CIUniqueID", HelpMessage="Specify the CI_UniqueID to convert to a Software Update")]
32 |     [ValidateNotNullorEmpty()]
33 |     [string]$CIUniqueID
34 | )
35 | Begin {
36 |     # Determine SiteCode from WMI
37 |     try {
38 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
39 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
40 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
41 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
42 |                 $SiteCode = $SiteCodeObject.SiteCode
43 |                 Write-Debug "SiteCode: $($SiteCode)"
44 |             }
45 |         }
46 |     }
47 |     catch [System.UnauthorizedAccessException] {
48 |         Write-Warning -Message "Access denied" ; break
49 |     }
50 |     catch [System.Exception] {
51 |         Write-Warning -Message $_.Exception.Message ; break
52 |     }
53 | }
54 | Process {
55 |     try {
56 |         if ($PSBoundParameters["CIID"]) {
57 |             $SoftwareUpdates = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_SoftwareUpdate -Filter "CI_ID like '$($CIID)'" -ErrorAction Stop
58 |         }
59 |         if ($PSBoundParameters["CIUniqueID"]) {
60 |             $SoftwareUpdates = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_SoftwareUpdate -Filter "CI_UniqueID like '$($CIUniqueID)'" -ErrorAction Stop
61 |         }
62 |     }
63 |     catch [System.UnauthorizedAccessException] {
64 |         Write-Warning -Message "Access denied" ; break
65 |     }
66 |     catch [System.Exception] {
67 |         Write-Warning -Message $_.Exception.Message ; break
68 |     }
69 |     if ($SoftwareUpdates -ne $null) {
70 |         foreach ($SoftwareUpdate in $SoftwareUpdates) {
71 |             $PSObject = [PSCustomObject]@{
72 |                 ArticleID = "KB" + $SoftwareUpdate.ArticleID
73 |                 Description = $SoftwareUpdate.LocalizedDisplayName
74 |             }
75 |             Write-Output $PSObject
76 |         }
77 |     }
78 |     else {
79 |         Write-Warning -Message "No Software Update was found matching the specified search criteria"
80 |     }
81 | }


--------------------------------------------------------------------------------
/Application/Add-CMApplicationRequirementRule.ps1:
--------------------------------------------------------------------------------
 1 | $SiteServer = "CAS01"
 2 | $SiteCode = "CAS"
 3 | $AppName = "7-Zip 9.20 x64"
 4 | 
 5 | try {
 6 |     Add-Type -Path (Join-Path -Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName -ChildPath "Microsoft.ConfigurationManagement.ApplicationManagement.dll")
 7 |     Add-Type -Path (Join-Path -Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName -ChildPath "Microsoft.ConfigurationManagement.ApplicationManagement.Extender.dll")
 8 |     Add-Type -Path (Join-Path -Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName -ChildPath "Microsoft.ConfigurationManagement.ApplicationManagement.MsiInstaller.dll")
 9 | }
10 | catch {
11 |     Write-Error $_.Exception.Message
12 | }
13 | 
14 | $Applications = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class "SMS_ApplicationLatest" -ComputerName $SiteServer -Filter "LocalizedDisplayName like '%$($AppName)%'"
15 | foreach ($Application in $Applications) {
16 |     $LocalizedDisplayName = $Application.LocalizedDisplayName
17 |     $CurrentApplication = [wmi]$Application.__PATH
18 |     $ApplicationXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($CurrentApplication.SDMPackageXML, $true)
19 |     foreach ($DeploymentType in $ApplicationXML.DeploymentTypes) {
20 |         # Clear the current Requirement rules
21 |         $DeploymentType.Requirements.Clear()
22 |         # Create an Operands object
23 |         $Operands = New-Object -TypeName "Microsoft.ConfigurationManagement.DesiredConfigurationManagement.CustomCollection``1[[Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.RuleExpression]]"
24 |         $Operands.Add("Windows/All_x64_Windows_8.1_Client")
25 |         $Operands.Add("Windows/All_x64_Windows_7_Client")
26 |         # Create an Operator
27 |         $Operator = [Microsoft.ConfigurationManagement.DesiredConfigurationManagement.ExpressionOperators.ExpressionOperator]::OneOf
28 |         # Create an Operating Systems Expression object
29 |         $OSExpression = New-Object -TypeName Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.OperatingSystemExpression -ArgumentList (
30 |             $Operator, 
31 |             $Operands
32 |         )
33 |         # Create an Annotation object
34 |         $Annotation = New-Object -TypeName Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.Annotation
35 |         $Annotation.DisplayName = New-Object -TypeName Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.LocalizableString -ArgumentList (
36 |             "DisplayName", 
37 |             "Operating system One of {All Windows 7 (64-bit), All Windows 8.1 (64-bit)}", 
38 |             $null
39 |         )
40 |         # Create a NonComplianceSeverity object
41 |         $NonComplianceSeverity = [Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.NoncomplianceSeverity]::None
42 |         # Create a Requirement object
43 |         $RequirementRule = New-Object -TypeName Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.Rule -ArgumentList (
44 |             ("Rule_" + [Guid]::NewGuid().ToString()),
45 |             $NonComplianceSeverity,
46 |             $Annotation,
47 |             $OSExpression
48 |         )
49 |         # Add the Requirement object to the DeploymentType
50 |         $DeploymentType.Requirements.Add($RequirementRule)
51 |         # Re-serialize the ApplicationXML object
52 |         $UpdatedXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::SerializeToString($ApplicationXML, $true)
53 |         # Update WMI object
54 |         $CurrentApplication.SDMPackageXML = $UpdatedXML
55 |         $CurrentApplication.Put()
56 |     }
57 | }


--------------------------------------------------------------------------------
/Software Updates/Invoke-ADRDeploymentPackage.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 | 
 4 | This script is for using when you have set the 'No deployment package' setting in ConfigMgr ADRS - and cannot uncheck the box in
 5 | 
 6 | .EXAMPLE
 7 | 
 8 |     .\invoke-ADRDeploymentPackage.ps1 -SiteCode PR1 -ADRName "Example"  -Verbose -PackageID "PR10000D"
 9 | 
10 | .NOTES
11 |     FileName:    invoke-ADRDeploymentPackageFix.ps1
12 |     Author:      Jordan Benzing
13 |     Contact:     @JordanTheItGuy
14 |     Created:     2019-01-18
15 |     Updated:     2019-01-18
16 | 
17 |     Version history:
18 |     1.0.0 - (2019-01-18) Script created
19 | 
20 |     Copyright 2019 TrueSec , Jordan Benzing , SCConfigMgr
21 |     Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
22 |     (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
23 |     publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
24 |     subject to the following conditions:
25 | 
26 |     The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
27 | 
28 |     THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
29 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
30 |     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 | 
32 | #>
33 | [cmdletBinding()]
34 | param(
35 |     [Parameter(Mandatory = $True,HelpMessage = "Enter the Site Code for your SCCM Server")]
36 |     [string]$SiteCode,
37 |     [Parameter(Mandatory = $True,HelpMessage = "Enter the name of the ADR")]
38 |     [string]$ADRName,
39 |     [Parameter(Mandatory = $False,HelpMessage = "Enter the package ID you would like to set it to.")]
40 |     [string]$PackageID
41 |     )
42 | Begin {}
43 | Process{
44 | try{
45 | [wmi]$ADR = (Get-WmiObject -Class SMS_AutoDeployment -Namespace "root/sms/site_$($SiteCode)" | Where-Object -FilterScript {$_.Name -eq $ADRName}).__Path
46 | Write-Verbose -Message "Got the ADR $($ADR.Name)"
47 | #GEt the ADR WMIObject that represents the automatic deployment rule
48 | [XML]$ContentXML = $ADR.ContentTemplate
49 | Write-Verbose -Message "Converted the template to XML"
50 | #Convert the content stored in the WMI object into the XML it should be treated as
51 | $CreateContent = $MissingElement = $ContentXML.CreateElement("PackageID")
52 | Write-Verbose -Message "Created the element for PackageID"
53 | $AppendStep = $ContentXML.ContentActionXML.AppendChild($MissingElement)
54 | Write-Verbose -Message "Appended the child"
55 | #Add the missing PackageID element back to the content XML
56 | #Create the missing PackageID element
57 | if($PackageID){
58 | $ContentXML.ContentActionXML.PackageID = $PackageID
59 | Write-Verbose -Message "Succesfully added the packageID to the attribute"
60 | }
61 | #The above step is optional - if you don't use a package ID it will default to forcing you to simply select one of the three radio buttons.
62 | $SwapStep = $Adr.ContentTemplate = $ContentXML.ContentActionXML.OuterXml
63 | Write-Verbose -Message "Now adding the content XML back to the original ADR XMl"
64 | #Swap the contenttemplate stored in the ADR with the XML that has been updated.
65 | $ADR.Put() | Out-Null
66 | Write-Verbose -Message "Completed putting the management object back"
67 | #Put the WMI object you've been editing back.
68 | }
69 | catch{ 
70 |     Write-Error $_.Exception.Message
71 | }
72 | }


--------------------------------------------------------------------------------
/Package/Get-CMDisabledPrograms.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     List all Disabled Programs of Packages in ConfigMgr 2012
 4 | .DESCRIPTION
 5 |     Use this script to list all of the disabled Programs for each Package in ConfigMgr 2012. This script will also give you the option to enable those Programs.
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER Enable
 9 |     Specify this switch only if you wish to enable the disable Programs. Don't specify it if you wish to only list the disabled Programs.
10 | .EXAMPLE
11 |     .\Get-CMDisabledPrograms.ps1 -SiteServer CM01 -Verbose
12 |     Lists all disabled Programs and their Package Name association on a Primary Site server called 'CM01':
13 | .NOTES
14 |     Script name: Get-CMDisabledPrograms.ps1
15 |     Author:      Nickolaj Andersen
16 |     Contact:     @NickolajA
17 |     DateCreated: 2015-03-10
18 | #>
19 | [CmdletBinding(SupportsShouldProcess=$true)]
20 | param(
21 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
22 |     [ValidateNotNullOrEmpty()]
23 |     [string]$SiteServer,
24 |     [parameter(Mandatory=$false, HelpMessage="Enable disabled programs")]
25 |     [switch]$Enable
26 | )
27 | Begin {
28 |     # Determine SiteCode from WMI
29 |     try {
30 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
31 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop -Verbose:$false
32 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
33 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
34 |                 $SiteCode = $SiteCodeObject.SiteCode
35 |                 Write-Debug "SiteCode: $($SiteCode)"
36 |             }
37 |         }
38 |     }
39 |     catch [Exception] {
40 |         Throw "Unable to determine SiteCode"
41 |     }
42 |     # Set SiteDrive variable
43 |     $SiteDrive = $SiteCode + ":"
44 |     # Get current location
45 |     $CurrentLocation = $PSScriptRoot
46 |     # Import ConfigMgr PowerShell module
47 |     Import-Module (Join-Path -Path (($env:SMS_ADMIN_UI_PATH).Substring(0,$env:SMS_ADMIN_UI_PATH.Length-5)) -ChildPath "\ConfigurationManager.psd1" -Verbose:$false) -Force -Verbose:$false
48 |     if ((Get-PSDrive $SiteCode -ErrorAction SilentlyContinue | Measure-Object).Count -ne 1) {
49 |         New-PSDrive -Name $SiteCode -PSProvider "AdminUI.PS.Provider\CMSite" -Root $SiteServer -Verbose:$false
50 |     }
51 | }
52 | Process {
53 |     # Change location to the Site Drive
54 |     Set-Location $SiteDrive -Verbose:$false
55 |     # Get all Programs
56 |     $Programs = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Program -ComputerName $SiteServer -Verbose:$false
57 |     if ($Programs -ne $null) {
58 |         foreach ($Program in $Programs) {
59 |             if ($Program.ProgramFlags -eq ($Program.ProgramFlags -bor "0x00001000")) {
60 |                 $PSObject = [PSCustomObject]@{
61 |                     "PackageName" = $Program.PackageName
62 |                     "ProgramName" = $Program.ProgramName
63 |                 }
64 |                 if ($PSBoundParameters["Enable"]) {
65 |                     Write-Verbose -Message "Enabling program '$($Program.ProgramName)' for package '$($Program.PackageName)'"
66 |                     try {
67 |                         Get-CMProgram -ProgramName $Program.ProgramName -PackageId $Program.PackageID -Verbose:$false | Enable-CMProgram -Verbose:$false -ErrorAction Stop
68 |                     }
69 |                     catch {
70 |                         Write-Warning -Message "Unable to enable program '$($Program.ProgramName)' for package '$($Program.PackageName)'"
71 |                     }
72 |                 }
73 |                 else {
74 |                     Write-Output $PSObject
75 |                 }
76 |             }
77 |         }
78 |     }
79 |     else {
80 |         Write-Warning -Message "No Programs found"
81 |     }
82 | }
83 | End {
84 |     Set-Location -Path $CurrentLocation
85 | }


--------------------------------------------------------------------------------
/Client/Import-CMDevice.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Import a Device into ConfigMgr 2012
 4 | .DESCRIPTION
 5 |     Import a Device into ConfigMgr 2012
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER ComputerName
 9 |     Name of the device
10 | .PARAMETER MACAddress
11 |     Specify the unique MAC address for the device
12 | .PARAMETER CollectionName
13 |     If specified, imported device will be added to the provided collection
14 | .EXAMPLE
15 |     .\Import-CMDevice.ps1 -SiteServer 'CM01' -DeviceName 'CL001' -MACAddress '00:00:00:00:00:00'
16 | .NOTES
17 |     Script name: Import-CMDevice.ps1
18 |     Author:      Nickolaj Andersen
19 |     Contact:     @NickolajA
20 |     DateCreated: 2015-11-02
21 | #>
22 | [CmdletBinding(SupportsShouldProcess=$true)]
23 | param(
24 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
25 |     [ValidateNotNullOrEmpty()]
26 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
27 |     [string]$SiteServer,
28 |     [parameter(Mandatory=$true)]
29 |     [string]$DeviceName,
30 |     [parameter(Mandatory=$true)]
31 |     [ValidatePattern('^([0-9a-fA-F]{2}[:]{0,1}){5}[0-9a-fA-F]{2}$')]
32 |     [string]$MACAddress,
33 |     [parameter(Mandatory=$false)]
34 |     [string]$CollectionName
35 | )
36 | Begin {
37 |     # Determine SiteCode from WMI
38 |     try {
39 |         Write-Verbose -Message "Determining SiteCode for Site Server: '$($SiteServer)'"
40 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
41 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
42 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
43 |                 $SiteCode = $SiteCodeObject.SiteCode
44 |                 Write-Debug -Message "SiteCode: $($SiteCode)"
45 |             }
46 |         }
47 |     }
48 |     catch [System.UnauthorizedAccessException] {
49 |         Write-Warning -Message "Access denied" ; break
50 |     }
51 |     catch [System.Exception] {
52 |         Write-Warning -Message "Unable to determine SiteCode" ; break
53 |     }
54 | }
55 | Process {
56 |     try {
57 |         if ($PSCmdlet.ShouldProcess($DeviceName, "ImportDevice")) {
58 |             # Import Computer
59 |             $WMIConnection = ([WMIClass]"\\$($SiteServer)\root\SMS\site_$($SiteCode):SMS_Site")
60 |             $NewEntry = $WMIConnection.psbase.GetMethodParameters("ImportMachineEntry")
61 |             $NewEntry.MACAddress = $MACAddress
62 |             $NewEntry.NetbiosName = $DeviceName
63 |             $NewEntry.OverwriteExistingRecord = $true
64 |             $Resource = $WMIConnection.psbase.InvokeMethod("ImportMachineEntry", $NewEntry, $null)
65 |             if ([int]$Resource.ReturnValue -eq 0) {
66 |                 Write-Verbose -Message "Successfully imported new device with name '$($DeviceName)'"
67 |             }
68 |             if ($PSBoundParameters["CollectionName"]) {
69 |             $CollectionQuery = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Collection -ComputerName $SiteServer -Filter "Name like '$($CollectionName)'" -ErrorAction Stop
70 |                 if ($CollectionQuery -ne $null) {
71 |                     $Instance = ([WMIClass]"\\$($SiteServer)\root\SMS\Site_$($SiteCode):SMS_CollectionRuleDirect").CreateInstance()
72 |                     $Instance.ResourceClassName = "SMS_R_SYSTEM"
73 |                     $Instance.ResourceID = $Resource.ResourceID
74 |                     $Instance.RuleName = $DeviceName
75 |                     $Rule = $CollectionQuery.AddMemberShipRule($Instance)
76 |                     if ([int]$Rule.ReturnValue -eq 0) {
77 |                         Write-Verbose -Message "Successfully added '$($DeviceName)' to collection '$($CollectionName)'"
78 |                     }
79 |                     # Refresh All Systems collection
80 |                     $CollectionQuery.RequestRefresh() | Out-Null
81 |                 }
82 |             }
83 |         }
84 |     }
85 |     catch [System.Exception] {
86 |         Write-Warning -Message "$($_.Exception.Message). Line: $($_.InvocationInfo.ScriptLineNumber)" ; break
87 |     }
88 | }


--------------------------------------------------------------------------------
/Migration/Import-CMStatusMessageQuery.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Import a set of exported custom Status Message Queries to ConfigMgr 2012
 4 | .DESCRIPTION
 5 |     When you've exported a set of custom Status Message Queries with Export-CMStatusMessageQuery, you can use this script import them back into ConfigMgr 2012
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER Path
 9 |     Specify a valid path to where the XML file containing the exported Status Message Queries is located
10 | .EXAMPLE
11 |     .\Export-CMStatusMessageQuery.ps1 -SiteServer CM01 -Path "C:\Export\SMQuery.xml" -Verbose
12 |     Import all Status Message Queries from the file 'C:\Export\SMQuery.xml' on a Primary Site server called 'CM01':
13 | .NOTES
14 |     Script name: Import-CMStatusMessageQuery.ps1
15 |     Author:      Nickolaj Andersen
16 |     Contact:     @NickolajA
17 |     DateCreated: 2015-01-12
18 | #>
19 | [CmdletBinding(SupportsShouldProcess=$true)]
20 | param(
21 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
22 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
23 |     [ValidateNotNullOrEmpty()]
24 |     [string]$SiteServer,
25 |     [parameter(Mandatory=$true, HelpMessage="Specify a valid path to where the XML file containing the Status Message Queries will be stored")]
26 |     [ValidateNotNullOrEmpty()]
27 |     [ValidatePattern("^[A-Za-z]{1}:\\\w+\\\w+")]
28 |     [ValidateScript({
29 |         # Check if path contains any invalid characters
30 |         if ((Split-Path -Path $_ -Leaf).IndexOfAny([IO.Path]::GetInvalidFileNameChars()) -ge 0) {
31 |             Throw "$(Split-Path -Path $_ -Leaf) contains invalid characters"
32 |         }
33 |         else {
34 |             # Check if file extension is XML
35 |             if ([System.IO.Path]::GetExtension((Split-Path -Path $_ -Leaf)) -like ".xml") {
36 |                 # Check if the whole path exists
37 |                 if (Test-Path -Path $_ -PathType Leaf) {
38 |                         return $true
39 |                 }
40 |                 else {
41 |                     Throw "Unable to locate part of or the whole specified path, specify a valid path to an exported XML file"
42 |                 }
43 |             }
44 |             else {
45 |                 Throw "$(Split-Path -Path $_ -Leaf) contains an unsupported file extension. Supported extension is '.xml'"
46 |             }
47 |         }
48 |     })]
49 |     [string]$Path
50 | )
51 | Begin {
52 |     # Determine SiteCode from WMI
53 |     try {
54 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
55 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
56 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
57 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
58 |                 $SiteCode = $SiteCodeObject.SiteCode
59 |                 Write-Debug "SiteCode: $($SiteCode)"
60 |             }
61 |         }
62 |     }
63 |     catch [Exception] {
64 |         Throw "Unable to determine SiteCode"
65 |     }
66 | }
67 | Process {
68 |     # Get XML file and construct XML document
69 |     [xml]$XMLData = Get-Content -Path $Path
70 |     # Get all custom Status Message Queries
71 |     try {
72 |         if ($XMLData.ConfigurationManager.Description -like "Export of Status Message Queries") {
73 |             Write-Verbose -Message "Successfully validated XML document"
74 |         }
75 |         else {
76 |             Throw "Invalid XML document loaded"
77 |         }
78 |         foreach ($Query in ($XMLData.ConfigurationManager.Query)) {
79 |             $NewInstance = ([WmiClass]"\\$($SiteServer)\root\SMS\site_$($SiteCode):SMS_Query").CreateInstance()
80 |             $NewInstance.Name = $Query.Name
81 |             $NewInstance.Expression = $Query.Expression
82 |             $NewInstance.TargetClassName = $Query.TargetClassName
83 |             $NewInstance.Put() | Out-Null
84 |             Write-Verbose -Message "Imported query '$($Query.Name)' successfully"
85 |         }
86 |     }
87 |     catch [Exception] {
88 |         Throw $_.Exception.Message
89 |     }
90 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Invoke-DellCCTKCheck.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Detect the version of CCTK compatible with your Dell system during OS deployment tasks calling the CCTK BIOS application.
 4 | 
 5 | .DESCRIPTION
 6 |     Detect the version of CCTK compatible with your Dell system during OS deployment tasks calling the CCTK BIOS application.
 7 | 
 8 | .EXAMPLE
 9 |     .\Invoke-DellCCTKCheck.ps1
10 | 
11 | .NOTES
12 |     FileName:    Invoke-DellCCTKCheck.ps1
13 |     Author:      Maurice Daly
14 |     Contact:     @MoDaly_IT
15 |     Created:     2019-03-11
16 |     Updated:     2019-03-11
17 | 
18 |     Version history:
19 |     1.0.0 - (2019-03-11) Script created
20 | #>
21 | Begin {
22 | 	# Load Microsoft.SMS.TSEnvironment COM object
23 | 	try {
24 | 		$TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Continue
25 | 	}
26 | 	catch [System.Exception] {
27 | 		Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object"; break
28 | 	}
29 | }
30 | Process {
31 |     # Functions
32 | 	function Write-CMLogEntry {
33 | 		param (
34 | 			[parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")]
35 | 			[ValidateNotNullOrEmpty()]
36 | 			[string]$Value,
37 | 			[parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
38 | 			[ValidateNotNullOrEmpty()]
39 | 			[ValidateSet("1", "2", "3")]
40 | 			[string]$Severity,
41 | 			[parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")]
42 | 			[ValidateNotNullOrEmpty()]
43 | 			[string]$FileName = "ApplyDriverPackage.log"
44 | 		)
45 |         # Determine log file location
46 |         $LogsDirectory = Join-Path -Path $TSEnvironment.Value("_SMSTSLogPath") -ChildPath "Temp"
47 | 		$LogFilePath = Join-Path -Path $LogsDirectory -ChildPath $FileName
48 | 		
49 | 		# Construct time stamp for log entry
50 | 		$Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
51 | 		
52 | 		# Construct date for log entry
53 | 		$Date = (Get-Date -Format "MM-dd-yyyy")
54 | 		
55 | 		# Construct context for log entry
56 | 		$Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
57 | 		
58 | 		# Construct final log entry
59 | 		$LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""ApplyDriverPackage"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
60 | 		
61 | 		# Add value to log file
62 | 		try {
63 | 			Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop
64 | 		}
65 | 		catch [System.Exception] {
66 | 			Write-Warning -Message "Unable to append log entry to ApplyDriverPackage.log file. Error message at line $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.Message)"
67 | 		}
68 |     }
69 |     
70 |     # Determine the CCTK version
71 |     Write-CMLogEntry -Value "Starting Dell CCTK compatibility check" -Severity 1
72 |     $CCTKVersion = (Get-ItemProperty -Path ".\CCTK.exe" | Select-Object -ExpandProperty VersionInfo).ProductVersion
73 |     
74 |     # Call CCTK application to determine the exit code
75 | 	Write-CMLogEntry -Value "Running Dell CCTK version $($CCTKVersion) on host system" -Severity 1
76 | 	$CCTKExitCode = (Start-Process -Path "CCTK.exe" -Wait -PassThru -WindowStyle Minimized).ExitCode
77 |     
78 |     # Determine the CCTK application path based on exit code
79 |     Write-CMLogEntry -Value "Reading Dell CCTK running output" -Severity 1
80 | 	if (($CCTKExitCode -like "141") -or ($CCTKExitCode -like "140")) {
81 | 		Write-CMLogEntry -Value "Non WMI-ACPI BIOS detected, setting CCTK legacy mode" -Severity 2
82 | 		$CCTKPath = Join-Path -Path $((Get-Location).Path) -ChildPath "Legacy"
83 | 		$TSEnvironment.Value("DellNewCCTKCmds") = $false
84 | 	}
85 | 	else {
86 | 		Write-CMLogEntry -Value "WMI-ACPI BIOS detected" -Severity 1
87 | 		$CCTKPath = (Get-Location).Path
88 | 		$TSEnvironment.Value("DellNewCCTKCmds") = $true
89 |     }
90 |     
91 |     # Set task sequence variable with path for CCTK application
92 | 	Write-CMLogEntry -Value "Setting DellCCTKPath task sequence variable with the following value: $($CCTKPath)" -Severity 1
93 | 	$TSEnvironment.Value("DellCCTKPath") = $CCTKPath
94 | }


--------------------------------------------------------------------------------
/Site Administration/Get-CMIPRangeBoundary.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Check if a specific IP address can be matched for a boundary in ConfigMgr.
  4 | 
  5 | .DESCRIPTION
  6 |     Check if a specific IP address can be matched for a boundary in ConfigMgr.
  7 | 
  8 | .PARAMETER SiteServer
  9 |     Site server name with SMS Provider installed.
 10 | 
 11 | .PARAMETER IPAddress
 12 |     IP address e.g. 192.168.1.15.
 13 | 
 14 | .EXAMPLE
 15 |     .\Get-CMIPAddressBoundary.ps1 -SiteServer CM01 -IPAddress 192.168.1.15
 16 | 
 17 | .NOTES
 18 |     FileName:    Get-CMIPAddressBoundary.ps1
 19 |     Author:      Nickolaj Andersen
 20 |     Contact:     @NickolajA
 21 |     Created:     2014-04-15
 22 |     Updated:     2017-12-07
 23 |     
 24 |     Version history:
 25 |     1.0.0 - (2014-04-15) Script created
 26 |     1.0.1 - (2017-12-07) Complete re-write of the script and added helper function to determine bit converted integer value
 27 | #>
 28 | [CmdletBinding(SupportsShouldProcess=$true)]
 29 | param(
 30 |     [parameter(Mandatory=$true, HelpMessage="Site Server where the SMS Provider is installed.")]
 31 |     [ValidateNotNullOrEmpty()]
 32 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
 33 |     [string]$SiteServer,
 34 | 
 35 |     [parameter(Mandatory=$true, HelpMessage="IP address e.g. 192.168.1.15.")]
 36 |     [ValidateNotNullOrEmpty()]
 37 |     [string]$IPAddress
 38 | )
 39 | Begin {
 40 |     # Determine SiteCode from WMI
 41 |     try {
 42 |         Write-Verbose -Message "Determining Site Code for Site server: '$($SiteServer)'"
 43 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 44 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 45 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 46 |                 $SiteCode = $SiteCodeObject.SiteCode
 47 |                 Write-Verbose -Message "Site Code: $($SiteCode)"
 48 |             }
 49 |         }
 50 |     }
 51 |     catch [System.UnauthorizedAccessException] {
 52 |         Write-Warning -Message "Access denied" ; break
 53 |     }
 54 |     catch [System.Exception] {
 55 |         Write-Warning -Message "Unable to determine Site Code" ; break
 56 |     }
 57 | }
 58 | Process {
 59 |     # Functions
 60 |     function Get-IPAddressInteger {
 61 |         param(
 62 |             [parameter(Mandatory=$true)]
 63 |             [ValidateNotNullOrEmpty()]
 64 |             [string]$IPAddress
 65 |         )
 66 |         Process {
 67 |             # Convert IP address to integer
 68 |             $AddressBytes = [System.Net.IPAddress]::Parse($IPAddress).GetAddressBytes()
 69 |             [Array]::Reverse($AddressBytes)
 70 |             $IPAddressInteger = [System.BitConverter]::ToUInt32($AddressBytes, 0)
 71 | 
 72 |             return $IPAddressInteger
 73 |         }
 74 |     }
 75 | 
 76 |     # Get all boundaries
 77 |     $Boundaries = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Boundary -ComputerName $SiteServer -Filter "BoundaryType = 3"
 78 |     if (($Boundaries -ne $null) -and ($Boundaries | Measure-Object).Count -ge 1) {
 79 |         foreach ($Boundary in $Boundaries) {
 80 |             # Get IP address integer
 81 |             $IPAddressInteger = Get-IPAddressInteger -IPAddress $IPAddress
 82 | 
 83 |             # Get boundary range start integer
 84 |             $IPAddressStartInteger = Get-IPAddressInteger -IPAddress ($Boundary.Value.Split("-")[0])
 85 | 
 86 |             # Get bounday range end integer
 87 |             $IPAddressEndInteger = Get-IPAddressInteger -IPAddress ($Boundary.Value.Split("-")[1])
 88 | 
 89 |             # Perform check if IP address is within boundary
 90 |             if (($IPAddressStartInteger -le $IPAddressInteger) -and ($IPAddressInteger -le $IPAddressEndInteger)) {
 91 |                 $PSCustomObject = [PSCustomObject]@{
 92 |                     DisplayName = $Boundary.DisplayName
 93 |                     BoundaryRange = $Boundary.Value
 94 |                     GroupCount = $Boundary.GroupCount
 95 |                 }
 96 |                 Write-Output -InputObject $PSCustomObject
 97 |             }
 98 |         }
 99 |     }
100 |     else {
101 |         Write-Warning -Message "Unable to detect any IP-range boundary objects"
102 |     }
103 | }


--------------------------------------------------------------------------------
/Modules/CMOperations/CMOperations.psd1:
--------------------------------------------------------------------------------
  1 | <#	
  2 | 	===========================================================================
  3 | 	 Created with: 	SAPIEN Technologies, Inc., PowerShell Studio 2017 v5.4.144
  4 | 	 Created on:   	2/23/2018 11:13 AM
  5 | 	 Created by:   	Jordan Benzing
  6 | 	 Filename:     	CMOperations.psd1
  7 | 	 -------------------------------------------------------------------------
  8 | 	 Module Manifest
  9 | 	-------------------------------------------------------------------------
 10 | 	 Module Name: CMOperations
 11 | 	===========================================================================
 12 | #>
 13 | 
 14 | 
 15 | @{
 16 | 	
 17 | 	# Script module or binary module file associated with this manifest
 18 | 	ModuleToProcess = 'CMOperations.psm1'
 19 | 	
 20 | 	# Version number of this module.
 21 | 	ModuleVersion = '1.0.0.4'
 22 | 	
 23 | 	# ID used to uniquely identify this module
 24 | 	GUID = '8911e550-c0cb-4542-a5c9-07915bdfa47a'
 25 | 	
 26 | 	# Author of this module
 27 | 	Author = 'Jordan Benzing'
 28 | 	
 29 | 	# Copyright statement for this module
 30 | 	Copyright = '(c) 2018. All rights reserved.'
 31 | 	
 32 | 	# Description of the functionality provided by this module
 33 | 	Description = 'Powershell Module for Configuration Manager Operations tasks.'
 34 | 	
 35 | 	# Minimum version of the Windows PowerShell engine required by this module
 36 | 	PowerShellVersion = '4.0'
 37 | 	
 38 | 	# Name of the Windows PowerShell host required by this module
 39 | 	PowerShellHostName = ''
 40 | 	
 41 | 	# Minimum version of the Windows PowerShell host required by this module
 42 | 	PowerShellHostVersion = ''
 43 | 	
 44 | 	# Minimum version of the .NET Framework required by this module
 45 | 	DotNetFrameworkVersion = '2.0'
 46 | 	
 47 | 	# Minimum version of the common language runtime (CLR) required by this module
 48 | 	CLRVersion = '2.0.50727'
 49 | 	
 50 | 	# Processor architecture (None, X86, Amd64, IA64) required by this module
 51 | 	ProcessorArchitecture = 'None'
 52 | 	
 53 | 	# Modules that must be imported into the global environment prior to importing
 54 | 	# this module
 55 | 	RequiredModules = @()
 56 | 	
 57 | 	# Assemblies that must be loaded prior to importing this module
 58 | 	RequiredAssemblies = @()
 59 | 	
 60 | 	# Script files (.ps1) that are run in the caller's environment prior to
 61 | 	# importing this module
 62 | 	ScriptsToProcess = @()
 63 | 	
 64 | 	# Type files (.ps1xml) to be loaded when importing this module
 65 | 	TypesToProcess = @()
 66 | 	
 67 | 	# Format files (.ps1xml) to be loaded when importing this module
 68 | 	FormatsToProcess = @()
 69 | 	
 70 | 	# Modules to import as nested modules of the module specified in
 71 | 	# ModuleToProcess
 72 | 	NestedModules = @()
 73 | 	
 74 | 	# Functions to export from this module
 75 | 	FunctionsToExport = "Start-SoftwareUpdateScan","Start-HardwareInventoryScan","Get-LastHardwareScan","Get-UpdatesInSoftwareCenter","Install-UpdatesInSoftwareCenter","Get-NextAvailableMW","Get-LastSoftwareUpdateScan" #For performanace, list functions explicity
 76 | 	
 77 | 	# Cmdlets to export from this module
 78 | 	CmdletsToExport = '*' 
 79 | 	
 80 | 	# Variables to export from this module
 81 | 	VariablesToExport = '*'
 82 | 	
 83 | 	# Aliases to export from this module
 84 | 	AliasesToExport = '*' #For performanace, list alias explicity
 85 | 	
 86 | 	# List of all modules packaged with this module
 87 | 	ModuleList = @()
 88 | 	
 89 | 	# List of all files packaged with this module
 90 | 	FileList = @()
 91 | 	
 92 | 	# Private data to pass to the module specified in ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
 93 | 	PrivateData = @{
 94 | 		
 95 | 		#Support for PowerShellGet galleries.
 96 | 		PSData = @{
 97 | 			
 98 | 			# Tags applied to this module. These help with module discovery in online galleries.
 99 | 			# Tags = @()
100 | 			
101 | 			# A URL to the license for this module.
102 | 			# LicenseUri = ''
103 | 			
104 | 			# A URL to the main website for this project.
105 | 			# ProjectUri = ''
106 | 			
107 | 			# A URL to an icon representing this module.
108 | 			# IconUri = ''
109 | 			
110 | 			# ReleaseNotes of this module
111 | 			# ReleaseNotes = ''
112 | 			
113 | 		} # End of PSData hashtable
114 | 		
115 | 	} # End of PrivateData hashtable
116 | }
117 | 
118 | 
119 | 
120 | 
121 | 
122 | 
123 | 
124 | 


--------------------------------------------------------------------------------
/Migration/Import-CMQuery.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Import a set of exported custom Queries to ConfigMgr 2012
 4 | .DESCRIPTION
 5 |     When you've exported a set of custom Queries with Export-CMQuery, you can use this script import them back into ConfigMgr 2012
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER Path
 9 |     Specify a valid path to where the XML file containing the exported Queries is located
10 | .EXAMPLE
11 |     .\Export-CMQuery.ps1 -SiteServer CM01 -Path "C:\Export\Query.xml" -Verbose
12 |     Import all Queries from the file 'C:\Export\Query.xml' on a Primary Site server called 'CM01':
13 | .NOTES
14 |     Script name: Import-CMQuery.ps1
15 |     Author:      Nickolaj Andersen
16 |     Contact:     @NickolajA
17 |     DateCreated: 2015-05-17
18 | #>
19 | [CmdletBinding(SupportsShouldProcess=$true)]
20 | param(
21 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
22 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
23 |     [ValidateNotNullOrEmpty()]
24 |     [string]$SiteServer,
25 |     [parameter(Mandatory=$true, HelpMessage="Specify a valid path to where the XML file containing the Queries will be stored")]
26 |     [ValidateNotNullOrEmpty()]
27 |     [ValidatePattern("^[A-Za-z]{1}:\\\w+\\\w+")]
28 |     [ValidateScript({
29 |         # Check if path contains any invalid characters
30 |         if ((Split-Path -Path $_ -Leaf).IndexOfAny([IO.Path]::GetInvalidFileNameChars()) -ge 0) {
31 |             Throw "$(Split-Path -Path $_ -Leaf) contains invalid characters"
32 |         }
33 |         else {
34 |             # Check if file extension is XML
35 |             if ([System.IO.Path]::GetExtension((Split-Path -Path $_ -Leaf)) -like ".xml") {
36 |                 # Check if the whole path exists
37 |                 if (Test-Path -Path $_ -PathType Leaf) {
38 |                         return $true
39 |                 }
40 |                 else {
41 |                     Throw "Unable to locate part of or the whole specified path, specify a valid path to an exported XML file"
42 |                 }
43 |             }
44 |             else {
45 |                 Throw "$(Split-Path -Path $_ -Leaf) contains an unsupported file extension. Supported extension is '.xml'"
46 |             }
47 |         }
48 |     })]
49 |     [string]$Path
50 | )
51 | Begin {
52 |     # Determine SiteCode from WMI
53 |     try {
54 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
55 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
56 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
57 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
58 |                 $SiteCode = $SiteCodeObject.SiteCode
59 |                 Write-Debug "SiteCode: $($SiteCode)"
60 |             }
61 |         }
62 |     }
63 |     catch [System.UnauthorizedAccessException] {
64 |         Write-Warning -Message "Access denied" ; break
65 |     }
66 |     catch [System.Exception] {
67 |         Write-Warning -Message $_.Exception.Message ; break
68 |     }
69 | }
70 | Process {
71 |     # Get XML file and construct XML document
72 |     [xml]$XMLData = Get-Content -Path $Path
73 |     # Get all custom Queries
74 |     try {
75 |         if ($XMLData.ConfigurationManager.Description -like "Export of Queries") {
76 |             Write-Verbose -Message "Successfully validated XML document"
77 |         }
78 |         else {
79 |             Write-Warning -Message "Invalid XML document loaded" ; break
80 |         }
81 |         foreach ($Query in ($XMLData.ConfigurationManager.Query)) {
82 |             $NewInstance = ([WmiClass]"\\$($SiteServer)\root\SMS\site_$($SiteCode):SMS_Query").CreateInstance()
83 |             $NewInstance.Name = $Query.Name
84 |             $NewInstance.Expression = $Query.Expression
85 |             $NewInstance.TargetClassName = $Query.TargetClassName
86 |             $NewInstance.Put() | Out-Null
87 |             Write-Verbose -Message "Imported query '$($Query.Name)' successfully"
88 |         }
89 |     }
90 |     catch [System.UnauthorizedAccessException] {
91 |         Write-Warning -Message "Access denied" ; break
92 |     }
93 |     catch [System.Exception] {
94 |         Write-Warning -Message $_.Exception.Message ; break
95 |     }
96 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Enable-UbuntuForWindows.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Enable Windows Subsystem for Linux (Ubuntu) on Windows 10 version 1607 or later.
 4 | 
 5 | .DESCRIPTION
 6 |     This script will configure Developer Mode in order to enable Windows Subsystem for Linux (Ubuntu) on Windows 10 version 1607 or later.
 7 | 
 8 | .EXAMPLE
 9 |     Prepare Windows 10 for Windows Subsystem for linux and install required features:
10 |     .\Enable-UbuntuForWindows.ps1
11 | 
12 | .NOTES
13 |     FileName:    Enable-UbuntuForWindows.ps1
14 |     Author:      Nickolaj Andersen
15 |     Contact:     @NickolajA
16 |     Created:     2016-09-08
17 |     Updated:     2016-09-08
18 |     
19 |     Version history:
20 |     1.0.0 - (2016-09-08) Script created
21 | #>
22 | Begin {
23 |     # Validate Windows 10 version 1607 build
24 |     if ([int](Get-WmiObject -Class Win32_OperatingSystem).BuildNumber -lt 14393) {
25 |         Write-Warning -Message "Unsupported build of Windows 10 detected, exiting" ; exit 1
26 |     }
27 | 
28 |     # Construct TSEnvironment object
29 |     try {
30 |         $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
31 |     }
32 |     catch [System.Exception] {
33 |         Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
34 |     }
35 | }
36 | Process {
37 |     # Functions
38 |     function Write-CMLogEntry {
39 | 	    param(
40 | 		    [parameter(Mandatory=$true, HelpMessage="Value added to the smsts.log file.")]
41 | 		    [ValidateNotNullOrEmpty()]
42 | 		    [string]$Value,
43 | 
44 | 		    [parameter(Mandatory=$true, HelpMessage="Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
45 | 		    [ValidateNotNullOrEmpty()]
46 |             [ValidateSet("1", "2", "3")]
47 | 		    [string]$Severity,
48 | 
49 | 		    [parameter(Mandatory=$false, HelpMessage="Name of the log file that the entry will written to.")]
50 | 		    [ValidateNotNullOrEmpty()]
51 | 		    [string]$FileName = "EnableUbuntuforWindows.log"
52 | 	    )
53 | 	    # Determine log file location
54 |         $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value("_SMSTSLogPath") -ChildPath $FileName
55 | 
56 |         # Construct time stamp for log entry
57 |         $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
58 | 
59 |         # Construct date for log entry
60 |         $Date = (Get-Date -Format "MM-dd-yyyy")
61 | 
62 |         # Construct context for log entry
63 |         $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
64 | 
65 |         # Construct final log entry
66 |         $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""EnableUbuntuForWindows"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
67 | 	
68 | 	    # Add value to log file
69 |         try {
70 | 	        Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
71 |         }
72 |         catch [System.Exception] {
73 |             Write-Warning -Message "Unable to append log entry to EnableUbuntuforWindows.log file"
74 |         }
75 |     }
76 | 
77 |     # Write beginning of log file
78 |     Write-CMLogEntry -Value "Starting configuration for Windows Subsystem for Linux" -Severity 1
79 | 
80 |     # Create AppModelUnlock if it doesn't exist, required for enabling Developer Mode
81 |     $RegistryKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock"
82 |     if (-not(Test-Path -Path $RegistryKeyPath)) {
83 |         Write-CMLogEntry -Value "Creating HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock registry key" -Severity 1
84 |         New-Item -Path $RegistryKeyPath -ItemType Directory -Force
85 |     }
86 | 
87 |     # Add registry value to enable Developer Mode
88 |     Write-CMLogEntry -Value "Adding HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense value as DWORD with data 1" -Severity 1
89 |     New-ItemProperty -Path $RegistryKeyPath -Name AllowDevelopmentWithoutDevLicense -PropertyType DWORD -Value 1
90 | 
91 |     # Enable required Windows Features for Linux Subsystem
92 |     try {
93 |         Enable-WindowsOptionalFeature -FeatureName Microsoft-Windows-Subsystem-Linux -Online -All -LimitAccess -NoRestart -ErrorAction Stop
94 |         Write-CMLogEntry -Value "Successfully enabled Microsoft-Windows-Subsystem-Linux feature" -Severity 1
95 |     }
96 |     catch [System.Exception] {
97 |         Write-CMLogEntry -Value "An error occured when enabling Microsoft-Windows-Subsystem-Linux feature, see DISM log for more information" -Severity 3
98 |     }
99 | }


--------------------------------------------------------------------------------
/Software Updates/Add-CMWSUSScanRetryErrorCodes.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Add an error code to the WSUS Scan Retry Error Codes list that will instruct a ConfigMgr 2012 client to switch Software Update Point
 4 | .DESCRIPTION
 5 |     Use this script to add an error code to the WSUS Scan Retry Error Codes list that will instruct a ConfigMgr 2012 client to switch Software Update Point once the threshold of failed scans has been reached
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER ErrorCode
 9 |     Specify the error code to add as hexadecimal, e.g. 0x80072ee2
10 | .EXAMPLE
11 |     .\Add-CMWSUSScanRetryErrorCodes.ps1 -SiteServer CM01 -ErrorCode 0x80072ee2
12 |     Add the error code '0x80072ee2' to the WSUS Scan Retry Error Codes list on a Primary Site server called 'CM01':
13 | .NOTES
14 |     Script name: Add-CMWSUSScanRetryErrorCodes.ps1
15 |     Author:      Nickolaj Andersen
16 |     Contact:     @NickolajA
17 |     DateCreated: 2015-04-07
18 | #>
19 | [CmdletBinding(SupportsShouldProcess=$true)]
20 | param(
21 |     [parameter(Mandatory=$true,HelpMessage="Site server where the SMS Provider is installed")]
22 |     [ValidateNotNullOrEmpty()]
23 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
24 |     [string]$SiteServer,
25 |     [parameter(Mandatory=$true,HelpMessage="Specify the error code to add as hexadecimal, e.g. 0x80072ee2")]
26 |     [ValidateNotNullOrEmpty()]
27 |     [ValidateLength(1,10)]
28 |     [ValidatePattern("^0{1}[xX]{1}[0-9a-fA-F]{8}$")]
29 |     [string]$ErrorCode
30 | )
31 | Begin {
32 |     # Determine SiteCode from WMI
33 |     try {
34 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
35 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
36 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
37 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
38 |                 $SiteCode = $SiteCodeObject.SiteCode
39 |                 Write-Debug "SiteCode: $($SiteCode)"
40 |             }
41 |         }
42 |     }
43 |     catch [System.UnauthorizedAccessException] {
44 |         Write-Warning -Message "Access to WMI on target '$($SiteServer)' was denied" ; break
45 |     }
46 |     catch [Exception] {
47 |         Write-Warning -Message "Unable to determine SiteCode" ; break
48 |     }
49 |     # Convert hexadecimal error code to decimal
50 |     try {
51 |         $RetryCodeUInt = [System.Convert]::ToUInt32($ErrorCode, 16) -as [string]
52 |         Write-Verbose -Message "Converted error code '$($ErrorCode)' to '$($RetryCodeUInt)'"
53 |     }
54 |     catch [Exception] {
55 |         Write-Warning -Message "Unable to convert error code '$($ErrorCode)' to decimal" ; break
56 |     }
57 |     # Define ErrorActionPreference
58 |     $ErrorActionPreference = "Stop"
59 | }
60 | Process {
61 |     # Get all WSUS Components
62 |     $WSUSComponents = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_SCI_Component -ComputerName $SiteServer -Filter "ComponentName like 'SMS_WSUS_CONFIGURATION_MANAGER'"
63 |     if ($WSUSComponents -ne $null) {
64 |         foreach ($WSUSObject in $WSUSComponents) {
65 |             $WSUSObjectProps = $WSUSObject.Props
66 |             foreach ($WSUSObjectProp in $WSUSObjectProps) {
67 |                 # Get the WSUS Scan Retry Error Codes object
68 |                 if ($WSUSObjectProp.PropertyName -like "WSUS Scan Retry Error Codes") {
69 |                     if ($WSUSObjectProp.Value2 -notmatch $RetryCodeUInt) {
70 |                         $UpdatedRetryCodes = $WSUSObjectProp.Value2.Replace("}","") + ", $($RetryCodeUInt)"
71 |                         $UpdatedRetryCodes = $UpdatedRetryCodes.Insert($UpdatedRetryCodes.Length, "}")
72 |                         $WSUSObjectProp.Value2 = $UpdatedRetryCodes
73 |                         # Update WMI object with new Props object
74 |                         if ($PSCmdlet.ShouldProcess($WSUSObject.ItemName, "Update Scan Retry Codes")) {
75 |                             try {
76 |                                 $WSUSObject.Props = $WSUSObjectProps
77 |                                 $WSUSObject.Put() | Out-Null
78 |                             }
79 |                             catch [Exception] {
80 |                                 Write-Warning -Message "An error occured while attempting to update WMI object" ; break
81 |                             }
82 |                         }
83 |                     }
84 |                     else {
85 |                         Write-Warning -Message "Specified error code is already present on object '$($WSUSObject.ItemName)'"
86 |                     }
87 |                 }
88 |             }
89 |         }
90 |     }
91 |     else {
92 |         Write-Warning -Message "No WSUS Components was found"
93 |     }
94 | }


--------------------------------------------------------------------------------
/Application/Get-CMApplicationsRequirementPrimaryDevice.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Get all Applications with a requirement rule for Primary Device
 4 | .DESCRIPTION
 5 |     This script will get all Applications with a requirement rule for Primary Device
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .PARAMETER ShowProgress
 9 |     Show a progressbar displaying the current operation
10 | .EXAMPLE
11 |     .\Get-CMApplicationRequirementRulePrimaryDevice.ps1 -SiteServer CM01 -ShowProgress
12 |     Get all Applications with a requirement rule for Primary Device while showing the progress, on a Primary Site server called 'CM01':
13 | .NOTES
14 |     Script name: Get-CMApplicationRequirementRulePrimaryDevice.ps1
15 |     Author:      Nickolaj Andersen
16 |     Contact:     @NickolajA
17 |     DateCreated: 2015-03-26
18 | #>
19 | [CmdletBinding(SupportsShouldProcess=$true)]
20 | param(
21 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
22 |     [ValidateNotNullOrEmpty()]
23 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
24 |     [string]$SiteServer,
25 |     [parameter(Mandatory=$false, HelpMessage="Show a progressbar displaying the current operation")]
26 |     [switch]$ShowProgress
27 | )
28 | Begin {
29 |     # Determine SiteCode from WMI
30 |     try {
31 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
32 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
33 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
34 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
35 |                 $SiteCode = $SiteCodeObject.SiteCode
36 |                 Write-Debug "SiteCode: $($SiteCode)"
37 |             }
38 |         }
39 |     }
40 |     catch [Exception] {
41 |         Write-Warning -Message "Unable to determine SiteCode" ; break
42 |     }
43 |     # Load assemblies
44 |     try {
45 |         Add-Type -Path (Join-Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName "Microsoft.ConfigurationManagement.ApplicationManagement.dll")
46 |         Add-Type -Path (Join-Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName "Microsoft.ConfigurationManagement.ApplicationManagement.Extender.dll")
47 |         Add-Type -Path (Join-Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName "Microsoft.ConfigurationManagement.ApplicationManagement.MsiInstaller.dll")
48 |     }
49 |     catch [Exception] {
50 |         Write-Warning -Message "Unable to load required assemblies" ; break
51 |     }
52 | }
53 | Process {
54 |     if ($PSBoundParameters["ShowProgress"]) {
55 |         $ProgressCount = 0
56 |     }
57 |     $Applications = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class "SMS_Application" -ComputerName $SiteServer -Filter 'IsLatest = "True"'
58 |     $ApplicationCount = ($Applications | Measure-Object).Count
59 |     foreach ($Application in $Applications) {
60 |         if ($PSBoundParameters["ShowProgress"]) {
61 |             $ProgressCount++
62 |         }
63 |         $LocalizedDisplayName = $Application.LocalizedDisplayName
64 |         $CurrentApplication = [wmi]$Application.__PATH
65 |         $ApplicationXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($CurrentApplication.SDMPackageXML,$True)
66 |         foreach ($DeploymentType in $ApplicationXML.DeploymentTypes) {
67 |             if ($PSBoundParameters["ShowProgress"]) {
68 |                 Write-Progress -Activity "Enumerating Applications for Primary User requirement rule" -Id 1 -Status "$($ProgressCount) / $($ApplicationCount)" -CurrentOperation "Current application: $($LocalizedDisplayName)" -PercentComplete (($ProgressCount / $ApplicationCount) * 100)
69 |             }
70 |             if (($DeploymentType.Requirements.Expression.Operands.LogicalName -like "PrimaryDevice") -and ($DeploymentType.Requirements.Expression.Operator.OperatorName -like "Equals") -and ($DeploymentType.Requirements.Expression.Operands.Value -eq $true)) {
71 |                 $PSObject = [PSCustomObject]@{
72 |                     ApplicationName = $LocalizedDisplayName
73 |                     DeploymentTypeName = $DeploymentType.Title
74 |                     RequirementEnabled = $true
75 |                     LogicalName = $DeploymentType.Requirements.Expression.Operands.LogicalName
76 |                     OperatorName = $DeploymentType.Requirements.Expression.Operator.OperatorName
77 |                     Value = $DeploymentType.Requirements.Expression.Operands.Value
78 |                 }
79 |                 Write-Output $PSObject
80 |             }
81 |         }
82 |     }
83 | }
84 | End {
85 |     if ($PSBoundParameters["ShowProgress"]) {
86 |         Write-Progress -Activity "Enumerating Applications for Primary User requirement rule" -Id 1 -Completed
87 |     }
88 | }
89 | 


--------------------------------------------------------------------------------
/Content/Invoke-CMDeploymentTypeContentUpdate.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 | .SYNOPSIS
 3 |     Update content for Deployment Types
 4 | .DESCRIPTION
 5 |     This script will update content for each Deployment Type on an Application that has a distribution failure of state 7
 6 | .PARAMETER SiteServer
 7 |     Site server name with SMS Provider installed
 8 | .EXAMPLE
 9 |     .\Invoke-CMDeploymentTypeContentUpdate.ps1 -SiteServer MOASSCCM03 -Verbose
10 | .NOTES
11 |     Script name: Invoke-CMDeploymentTypeContentUpdate.ps1
12 |     Author:      Nickolaj Andersen
13 |     Contact:     @NickolajA
14 |     DateCreated: 2014-11-17
15 | #>
16 | [CmdletBinding(SupportsShouldProcess=$true)]
17 | param(
18 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
19 |     [ValidateNotNullOrEmpty()]
20 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
21 |     [string]$SiteServer,
22 |     [parameter(Mandatory=$false, HelpMessage="Show a progressbar displaying the current operation")]
23 |     [switch]$ShowProgress
24 | )
25 | Begin {
26 |     # Determine SiteCode from WMI
27 |     try {
28 |         Write-Verbose -Message "Determining SiteCode for Site Server: '$($SiteServer)'"
29 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
30 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
31 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
32 |                 $SiteCode = $SiteCodeObject.SiteCode
33 |                 Write-Debug -Message "SiteCode: $($SiteCode)"
34 |             }
35 |         }
36 |     }
37 |     catch [System.UnauthorizedAccessException] {
38 |         Write-Warning -Message "Access denied" ; break
39 |     }
40 |     catch [System.Exception] {
41 |         Write-Warning -Message "Unable to determine SiteCode" ; break
42 |     }
43 |     # Load ConfigMgr module
44 |     try {
45 |         Import-Module -Name ConfigurationManager -ErrorAction Stop -Verbose:$false
46 |     }
47 |     catch [System.UnauthorizedAccessException] {
48 |         Write-Warning -Message "Access denied" ; break
49 |     }
50 |     catch [System.Exception] {
51 |         Write-Warning -Message $_.Exception.Message ; break
52 |     }
53 |     # Get current location
54 |     $CurrentLocation = $PSScriptRoot
55 | }
56 | Process {
57 |     if ($PSBoundParameters["ShowProgress"]) {
58 |         $ProgressCount = 0
59 |     }
60 |     # Get all Applications
61 |     $AppHashTable = New-Object -TypeName System.Collections.Hashtable
62 |     Write-Verbose -Message "Reading all Applications"
63 |     $Applications = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_ApplicationLatest -Filter "isExpired = 'False'"
64 |     foreach ($Application in $Applications) {
65 |         $Application.Get()
66 |         if ($Application.PackageID -ne "") {
67 |             $AppHashTable.Add($Application.PackageID, $Application.ModelName)
68 |         }
69 |     }
70 |     Write-Verbose -Message "Querying for packages in a failed distribution state"
71 |     $DistributionFailures = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_PackageStatusDistPointsSummarizer -Filter "State = '7'"
72 |     if ($DistributionFailures -ne $null) {
73 |         foreach ($ContentFailure in $DistributionFailures) {
74 |             if ($AppHashTable["$($ContentFailure.PackageID)"]) {
75 |                 Write-Verbose -Message "Found Application with PackageID '$($ContentFailure.PackageID)', will attempt to update content"
76 |                 $ApplicationModelName = $AppHashTable["$($ContentFailure.PackageID)"]
77 |                 $ApplicationName = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_ApplicationLatest -Filter "ModelName = '$($ApplicationModelName)'" | Select-Object -ExpandProperty LocalizedDisplayName
78 |                 $DeploymentTypes = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_DeploymentType -Filter "(AppModelName = '$($ApplicationModelName)') AND (isLatest = 'True')"
79 |                 foreach ($DeploymentType in $DeploymentTypes) {
80 |                     $SiteDrive = $SiteCode + ":"
81 |                     Set-Location -Path $SiteDrive -Verbose:$false
82 |                     $DeploymentTypeName = $DeploymentType | Select-Object -ExpandProperty LocalizedDisplayName
83 |                     if ($PSCmdlet.ShouldProcess($DeploymentTypeName, "Update Content")) {
84 |                         Update-CMDistributionPoint -DeploymentTypeName $DeploymentTypeName -ApplicationName $ApplicationName -Verbose:$false
85 |                         Write-Verbose -Message "Successfully updated content for DeploymentType '$($DeploymentTypeName)' on Application '$($ApplicationName)'"
86 |                     }
87 |                 }
88 |                 Set-Location -Path $CurrentLocation -Verbose:$false
89 |             }
90 |         }
91 |     }
92 |     else {
93 |         Write-Output -InputObject "There where no unsuccessful content distributions found"
94 |     }
95 |     Set-Location -Path $CurrentLocation -Verbose:$false
96 | }


--------------------------------------------------------------------------------
/Software Distribution/Install-MBAMClient.ps1:
--------------------------------------------------------------------------------
  1 | # Functions
  2 | function Write-CMLogEntry {
  3 |     param (
  4 |         [parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")]
  5 |         [ValidateNotNullOrEmpty()]
  6 |         [string]$Value,
  7 |         [parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
  8 |         [ValidateNotNullOrEmpty()]
  9 |         [ValidateSet("1", "2", "3")]
 10 |         [string]$Severity,
 11 |         [parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")]
 12 |         [ValidateNotNullOrEmpty()]
 13 |         [string]$FileName = "AppInstallation.log"
 14 |     )
 15 |     # Determine log file location
 16 |     $LogFilePath = Join-Path -Path $env:SystemRoot -ChildPath ("\Temp\" + $FileName)
 17 |     
 18 |     # Construct time stamp for log entry
 19 |     $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
 20 |     
 21 |     # Construct date for log entry
 22 |     $Date = (Get-Date -Format "MM-dd-yyyy")
 23 |     
 24 |     # Construct context for log entry
 25 |     $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
 26 |     
 27 |     # Construct final log entry
 28 |     $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""AppInstallation"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
 29 |     
 30 |     # Add value to log file
 31 |     try {
 32 |         Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
 33 |     }
 34 |     catch [System.Exception] {
 35 |         Write-Warning -Message "Unable to append log entry to AppInstallation.log file. Error message: $($_.Exception.Message)"
 36 |     }
 37 | }
 38 | 
 39 | function Invoke-Executable {
 40 |     param(
 41 |         [parameter(Mandatory=$true, HelpMessage="Specify the file name or path of the executable to be invoked, including the extension")]
 42 |         [ValidateNotNullOrEmpty()]
 43 |         [string]$FilePath,
 44 | 
 45 |         [parameter(Mandatory=$false, HelpMessage="Specify arguments that will be passed to the executable")]
 46 |         [ValidateNotNull()]
 47 |         [string]$Arguments
 48 |     )
 49 | 
 50 |     # Construct a hash-table for default parameter splatting
 51 |     $SplatArgs = @{
 52 |         FilePath = $FilePath
 53 |         NoNewWindow = $true
 54 |         Passthru = $true
 55 |         ErrorAction = "Stop"
 56 |     }
 57 | 
 58 |     # Add ArgumentList param if present
 59 |     if (-not([System.String]::IsNullOrEmpty($Arguments))) {
 60 |         $SplatArgs.Add("ArgumentList", $Arguments)
 61 |     }
 62 | 
 63 |     # Invoke executable and wait for process to exit
 64 |     try {
 65 |         $Invocation = Start-Process @SplatArgs
 66 |         $Handle = $Invocation.Handle
 67 |         $Invocation.WaitForExit()
 68 |     }
 69 |     catch [System.Exception] {
 70 |         Write-Warning -Message $_.Exception.Message ; break
 71 |     }
 72 | 
 73 |     return $Invocation.ExitCode
 74 | }
 75 | 
 76 | # Detect OS architecture
 77 | $OSArchitecture = Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty OSArchitecture
 78 | switch ($OSArchitecture) {
 79 |     "64-bit" {
 80 |         $OSArch = "x64"
 81 |     }
 82 |     "32-bit" {
 83 |         $OSArch = "x86"
 84 |     }
 85 | }
 86 | 
 87 | # Application details
 88 | $ApplicationName = "Microsoft MBAM 2.5 SP1 Client with KB4018510"
 89 | $MSIFileName = "MbamClientSetup-2.5.1100.0_$($OSArch).msi"
 90 | $MSPFileName = "MBAM2.5_Client_$($OSArch)_KB4018510.msp"
 91 | 
 92 | # Initiate application installation logging
 93 | Write-CMLogEntry -Value "Initiating application installation" -Severity 1
 94 | 
 95 | # Get current working directory
 96 | $CurrentWorkingDir = $PSScriptRoot
 97 | Write-CMLogEntry -Value "Current working directory: $($CurrentWorkingDir)" -Severity 1
 98 | 
 99 | # Check if MBAM Client is installed
100 | $MBAMClientInstallState = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\MBAM" -Name Installed -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Installed
101 | 
102 | # Build arguments for install command
103 | if ($MBAMClientInstallState -eq 1) {
104 |     $ArgumentList = "/p $(Join-Path -Path $CurrentWorkingDir -ChildPath $MSPFileName) /qn REBOOT=ReallySuppress"
105 | }
106 | else {
107 |     $ArgumentList = "/i $(Join-Path -Path $CurrentWorkingDir -ChildPath $MSIFileName) /update $(Join-Path -Path $CurrentWorkingDir -ChildPath $MSPFileName) /qn REBOOT=ReallySuppress"
108 | }
109 | Write-CMLogEntry -Value "Command line arguments for msiexec.exe: $($ArgumentList)" -Severity 1
110 | 
111 | # Invoke command line for installation
112 | Write-CMLogEntry -Value "Starting installation of $($ApplicationName)" -Severity 1
113 | $Invocation = Invoke-Executable -FilePath msiexec.exe -Arguments $ArgumentList
114 | 
115 | # Exit with return code from invocation
116 | Write-CMLogEntry -Value "Return code from installation was '$($Invocation)'" -Severity 1
117 | exit $Invocation


--------------------------------------------------------------------------------
/Maintenance Windows/Get-CMDeviceMaintenanceWindow.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Get maintenance windows for a given device in ConfigMgr.
  4 | 
  5 | .DESCRIPTION
  6 |     Get maintenance windows for a given device in ConfigMgr.
  7 | 
  8 | .PARAMETER SiteServer
  9 |     Site Server where the SMS Provider is installed.
 10 | 
 11 | .PARAMETER DeviceName
 12 |     Name of the device.
 13 | 
 14 | .EXAMPLE
 15 |     # Get all maintenance windows for a device named 'CL01':
 16 |     .\Get-CMDeviceMaintenanceWindow.ps1 -SiteServer CM01 -DeviceName CL01
 17 | 
 18 | .NOTES
 19 |     FileName:    Get-CMDeviceMaintenanceWindow.ps1
 20 |     Author:      Nickolaj Andersen
 21 |     Contact:     @NickolajA
 22 |     Created:     2019-06-18
 23 |     Updated:     2019-06-18
 24 | 
 25 |     Version history:
 26 |     1.0.0 - (2019-06-18) Script created
 27 | #>
 28 | [CmdletBinding(SupportsShouldProcess=$true)]
 29 | param(
 30 |     [parameter(Mandatory=$true, HelpMessage="Site Server where the SMS Provider is installed.")]
 31 |     [ValidateNotNullOrEmpty()]
 32 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
 33 |     [string]$SiteServer,
 34 | 
 35 |     [parameter(Mandatory=$true, HelpMessage="Name of the device.")]
 36 |     [ValidateNotNullOrEmpty()]
 37 |     [string]$DeviceName
 38 | )
 39 | Begin {
 40 |     # Determine SiteCode from WMI
 41 |     try {
 42 |         Write-Verbose -Message "Determining Site Code for Site server: '$($SiteServer)'"
 43 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 44 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 45 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 46 |                 $SiteCode = $SiteCodeObject.SiteCode
 47 |                 Write-Verbose -Message "Site Code: $($SiteCode)"
 48 |             }
 49 |         }
 50 |     }
 51 |     catch [System.UnauthorizedAccessException] {
 52 |         Write-Warning -Message "Access denied"; break
 53 |     }
 54 |     catch [System.Exception] {
 55 |         Write-Warning -Message "Unable to determine site code from specified Configuration Manager site server, specify the site server where the SMS Provider is installed"; break
 56 |     }
 57 | }
 58 | Process {
 59 |     try {
 60 |         # Retrieve the resource id for the given device name
 61 |         $DeviceResourceID = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_R_System -ComputerName $SiteServer -Filter "Name like '$($DeviceName)'" -ErrorAction Stop | Select-Object -ExpandProperty ResourceID
 62 | 
 63 |         # Retrieve all device collection membership for the resource id
 64 |         $CollectionIDs = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_FullCollectionMembership -ComputerName $SiteServer -Filter "ResourceID like '$($DeviceResourceID)'"
 65 | 
 66 |         if ($CollectionIDs -ne $null) {
 67 |             # Process each collection item
 68 |             foreach ($CollectionID in $CollectionIDs) {
 69 |                 # Retrieve the collection settings for current collection
 70 |                 $CollectionSettings = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_CollectionSettings -ComputerName $SiteServer -Filter "CollectionID='$($CollectionID.CollectionID)'"
 71 |                 foreach ($CollectionSetting in $CollectionSettings) {
 72 |                     # Retrieve the full collection setting instance including lazy properties
 73 |                     $CollectionSetting.Get()
 74 | 
 75 |                     # Process each service window in collection settings
 76 |                     foreach ($MaintenanceWindow in $CollectionSetting.ServiceWindows) {
 77 |                         # Determine the start time of the service window
 78 |                         $StartTime = [Management.ManagementDateTimeConverter]::ToDateTime($MaintenanceWindow.StartTime)
 79 |                         
 80 |                         # Get the collection name where the current service window is configured
 81 |                         $CollectionName = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Collection -ComputerName $SiteServer -Filter "CollectionID = '$($CollectionID.CollectionID)'" | Select-Object -ExpandProperty Name
 82 | 
 83 |                         # Construct a custom PSObject for output
 84 |                         $PSObject = [PSCustomObject]@{
 85 |                             "MaintenanceWindowName" = $MaintenanceWindow.Name
 86 |                             "Schedule" = $MaintenanceWindow.Description
 87 |                             "ReccurenceType" = $MaintenanceWindow.RecurrenceType
 88 |                             "CollectionName" = $CollectionName
 89 |                             "StartTime" = $StartTime
 90 |                         }
 91 | 
 92 |                         # Handle output of custom object
 93 |                         Write-Output $PSObject
 94 |                     }
 95 |                 }
 96 |             }
 97 |         }
 98 |     }
 99 |     catch [System.Exception] {
100 |         Write-Warning -Message "Unable to determine resource id for given device name"; break
101 |     }
102 | }


--------------------------------------------------------------------------------
/Application/Start-ApplicationDistribution.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Distributes all Applications created within a certain time frame to a Distribution Point Group
  4 | .DESCRIPTION
  5 |     Distributes all Applications created within a certain time frame to a Distribution Point Group
  6 | .PARAMETER SiteServer
  7 |     Primary Site server name
  8 | .PARAMETER DPGName
  9 |     Specify a Distribution Point Group name
 10 | .PARAMETER CreatedDaysAgo
 11 |     Specify the amount of days ago an Application was created. The script will only enumerate Applications created within the specified time frame.
 12 | .EXAMPLE
 13 |     Start to distribute all Applications created within the last day to a Distribution Point Group called 'All DPs' on a Site server called 'CM01':
 14 | 
 15 |     .\Start-ApplicationDistribution.ps1 -SiteServer "CM01" -DPGName "All DPs"
 16 | .EXAMPLE 
 17 |     Start to distribute all Applications created within the last 3 days to a Distribution Point Group called 'All DPs' on a Site server called 'CM01':
 18 | 
 19 |     .\Start-ApplicationDistribution.ps1 -SiteServer "CM01" -DPGName "All DPs" -CreatedDaysAgo 3
 20 | .NOTES
 21 |     Script name: Start-ApplicationDistribution.ps1
 22 |     Author:      Nickolaj Andersen
 23 |     Contact:     @NickolajA
 24 |     DateCreated: 2014-09-22
 25 | #>
 26 | [CmdletBinding(SupportsShouldProcess=$true)]
 27 | param(
 28 |     [parameter(Mandatory=$true, HelpMessage="Specify the Primary Site server")]
 29 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 2})]
 30 |     [string]$SiteServer = "$($env:COMPUTERNAME)",
 31 |     [parameter(Mandatory=$true, HelpMessage="Specify the name of a Distribution Point Group")]
 32 |     [string]$DPGName,
 33 |     [parameter(Mandatory=$false, HelpMessage="Specify the name of a Distribution Point Group")]
 34 |     [int]$CreatedDaysAgo = 1
 35 | )
 36 | Begin {
 37 |     # Determine SiteCode from WMI
 38 |     try {
 39 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
 40 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 41 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 42 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 43 |                 $SiteCode = $SiteCodeObject.SiteCode
 44 |                 Write-Debug "SiteCode: $($SiteCode)"
 45 |             }
 46 |         }
 47 |     }
 48 |     catch [Exception] {
 49 |         Throw "Unable to determine SiteCode"
 50 |     }
 51 |     # Load the Configuration Manager 2012 PowerShell module
 52 |     try {
 53 |         Write-Verbose "Importing Configuration Manager module"
 54 |         Write-Debug ((($env:SMS_ADMIN_UI_PATH).Substring(0,$env:SMS_ADMIN_UI_PATH.Length-5)) + "\ConfigurationManager.psd1")
 55 |         Import-Module ((($env:SMS_ADMIN_UI_PATH).Substring(0,$env:SMS_ADMIN_UI_PATH.Length-5)) + "\ConfigurationManager.psd1") -Force -ErrorAction Stop -Verbose:$false
 56 |         if ((Get-PSDrive $SiteCode -ErrorAction SilentlyContinue -Verbose:$false | Measure-Object).Count -ne 1) {
 57 |             New-PSDrive -Name $SiteCode -PSProvider "AdminUI.PS.Provider\CMSite" -Root $SiteServer -ErrorAction Stop -Verbose:$false
 58 |         }
 59 |         # Set the location to the Configuration Manager drive
 60 |         Set-Location ($SiteCode + ":") -Verbose:$false
 61 |     }
 62 |     catch [Exception] {
 63 |         Throw $_.Exception.Message
 64 |     }
 65 | }
 66 | Process {
 67 |     # Validate specified Distribution Point Group
 68 |     try {
 69 |         $DPG = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_DistributionPointGroup -ComputerName $SiteServer -Filter "Name = '$($DPGName)'"
 70 |         if (($DPG | Measure-Object).Count -eq 1) {
 71 |             Write-Verbose "Found Distribution Point Group: $($DPG.Name)"
 72 |         }
 73 |         elseif (($DPG | Measure-Object).Count -gt 1) {
 74 |             Throw "Query for DPGs returned more than 1 object"
 75 |         }
 76 |         else {
 77 |             Throw "Unable to determine Distribution Point Group name from specified string for parameter 'DPGName'"
 78 |         }
 79 |     }
 80 |     catch [Exception] {
 81 |         Throw $_.Exception.Message
 82 |     }
 83 |     # Start Application distribution
 84 |     try {
 85 |         Write-Verbose "Enumerating applicable Applications"
 86 |         if ($PSBoundParameters["CreatedDaysAgo"]) {
 87 |             $Applications = Get-CMApplication -Verbose:$false | Select-Object LocalizedDisplayName, PackageID, DateCreated | Where-Object { $_.DateCreated -ge (Get-Date).AddDays(-$CreatedDaysAgo) }
 88 |         }
 89 |         else {
 90 |             $Applications = Get-CMApplication -Verbose:$false | Select-Object LocalizedDisplayName, PackageID
 91 |         }
 92 |         foreach ($Application in $Applications) {
 93 |             if (-not(Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_DPGroupDistributionStatusDetails -ComputerName $SiteServer -Filter "PackageID = '$($Application.PackageID)'" -ErrorAction SilentlyContinue)) {
 94 |                 if ($PSCmdlet.ShouldProcess("$($DPG.Name)", "Distribute Application: $($Application.LocalizedDisplayName)")) {
 95 |                     $DPG.AddPackages($Application.PackageID) | Out-Null
 96 |                 }
 97 |             }
 98 |         }
 99 |         Set-Location C:
100 |     }
101 |     catch [Exception] {
102 |         Throw $_.Exception.Message
103 |     }
104 | }


--------------------------------------------------------------------------------
/Modules/Scripts/Set-WifiProfile.PS1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     This Script is used to build a WiFi XML Template for WPAPSK
  4 | 
  5 | .DESCRIPTION
  6 |     This is set up using basic connection rules for WPA-PSK and accepts parameters. The idea of this is to allow you to quickly
  7 |     deploy wireless profiles to machines using the run-scripts module in ConfigMgr. Please note that doing this WILL cause a network password to 
  8 |     temporarily be stored in PLAIN TEXT. 
  9 | 
 10 | .PARAMETER ProfileName
 11 |     This parameter is used to submit the SSID of the network you will be connecting too. This parameter is CASE SENSITIVE. This is because the content
 12 |     is converted into a hex string value. Currently this is only for SSID's that ARE being broadcasted. 
 13 |     
 14 | 
 15 | .PARAMETER Key
 16 |    This paramter is used to submit the passsword for the SSID network. This password is stored temporarily in plain text on the machine when the VM is generated.
 17 |    The password is NOT stored in the script repository for the client. 
 18 | 
 19 | .NOTES
 20 |     FileName:    Set-WiFiProfile.ps1
 21 |     Author:      Jordan Benzing
 22 |     Contact:     @JordanTheItGuy
 23 |     Created:     2018-09-10
 24 |     Updated:     2018-09-10
 25 | 
 26 |     Version history:
 27 | 	1.0.8 - (2018-09-10) Script created
 28 | 	
 29 | 	This is NOT an extremely secure method for creating profiles however if you read the information in my post you'll notice that in reality wireless profiles aren't stored securely on computers anyways.
 30 | 	
 31 | 
 32 | #>
 33 | 
 34 | #region ConfigurationBlock
 35 | <#
 36 | This section is currently commented out if you want to remove the parameterization out comment out the parameter region of the script and uncommnet the configuration region.
 37 | Note if you elect to use this code block you will be storing information in plain text within the script and will also likely want to un-comment the scheduledtask region to clean the scripts store.
 38 | $ProfileName = YourSSIDHere
 39 | $Key= YourWirelessKeyHere
 40 | #>
 41 | #endregion ConfigurationBlock
 42 | 
 43 | #region ParameterBlock
 44 | #If you elect to hardcode the profiles comment this section of code out and use the configuration block region instead.
 45 | [CmdletBinding(SupportsShouldProcess=$true)]
 46 | param
 47 | (
 48 |     [parameter(Mandatory = $true)]
 49 |     [string]$ProfileName,
 50 |     [parameter(Mandatory = $true)]
 51 |     [String]$Key
 52 | )
 53 | #endregion ParameterBlock
 54 | 
 55 | Begin {}
 56 | Process {
 57 | $conversionValue = $ProfileName.ToCharArray()
 58 | #Converts the Provided profile to a char array that is then used to convert to Hex.
 59 | foreach($letter in $conversionValue){$HexKey = $HexKey + " " + [System.String]::Format("{0:X}", [System.Convert]::ToUInt32($letter))}
 60 | #Converts the string into a HEX value
 61 | $HexKey = $HexKey.ToSTring()
 62 | #Converts the bytecollection object to a String
 63 | $HexKey = $HexKey.replace(' ','')
 64 | #removes spaces from the string.
 65 | $data = @"
 66 | <?xml version="1.0"?>
 67 | <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
 68 | 	<name>$ProfileName</name>
 69 | 	<SSIDConfig>
 70 | 		<SSID>
 71 | 			<hex>$HexKey</hex>
 72 | 			<name>$ProfileName</name>
 73 | 		</SSID>
 74 | 	</SSIDConfig>
 75 | 	<connectionType>ESS</connectionType>
 76 | 	<connectionMode>auto</connectionMode>
 77 | 	<MSM>
 78 | 		<security>
 79 | 			<authEncryption>
 80 | 				<authentication>WPA2PSK</authentication>
 81 | 				<encryption>AES</encryption>
 82 | 				<useOneX>false</useOneX>
 83 | 			</authEncryption>
 84 | 			<sharedKey>
 85 | 				<keyType>passPhrase</keyType>
 86 | 				<protected>false</protected>
 87 | 				<keyMaterial>$Key</keyMaterial>
 88 | 			</sharedKey>
 89 | 		</security>
 90 | 	</MSM>
 91 | 	<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
 92 | 		<enableRandomization>false</enableRandomization>
 93 | 		<randomizationSeed>3386856935</randomizationSeed>
 94 | 	</MacRandomization>
 95 | </WLANProfile>
 96 | "@
 97 | #Generates the Here string for a common wifi profile type.
 98 | New-Item C:\Windows\Temp\WLANProfile.xml -ItemType file -Force -Value $data | Out-Null
 99 | #Creates the .XML file that will be used to import the profile temporarily.
100 | <#
101 | This block will create a scheduled task that will remove all scripts stored in the script store repostory
102 | This script section is useful if you decided to hardcode the SSID tag and the wifi password parameter
103 | 
104 | **DEVNOTE** - I may later develop this to parse the 'Scripts' log to find the GUID of the script and then instead only remove the script that ran this
105 | if(Get-ScheduledTask -TaskName 'Clean ScriptStore'){Unregister-ScheduledTask -TaskName 'Clean ScriptStore' -Confirm:$false}	
106 | $Command = "if(test-path -path C:\Windows\ccm\scriptstore){Get-ChildItem -Path C:\Windows\CCM\ScriptStore\ -Filter *.ps1 | ForEach-Object {Remove-Item -Path `$_.FullName -Force}}"
107 | & schtasks /create /ru "System" /sc ONCE /ST (Get-Date).AddMinutes(2).ToString('HH:mm:ss') /tn "Remove Scripts log" /TR "PowerShell.Exe -Command $Command"
108 | #>
109 | 
110 | #Generates the XML file locally in the TEMP directory this can be changed to use a different location.
111 | netsh wlan add profile filename="C:\Windows\Temp\WLANProfile.xml"
112 | #imports the .XML file from the temp directory to install the WLAN Profile
113 | Remove-Item C:\Windows\Temp\WLANProfile.xml
114 | #Removes the XML file that was created and used from the machine
115 | }
116 | 


--------------------------------------------------------------------------------
/Software Updates/New-CMDeploymentPackage.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Create a Deployment Package in Configuration Manager 2012.
  4 | .DESCRIPTION
  5 |     Use this script if you need to create a Deployment Package in Configuration Manager 2012. 
  6 | .PARAMETER SiteServer
  7 |     Primary Site server name with SMS Provider installed
  8 | .PARAMETER Name
  9 |     Name of the Deployment Package
 10 | .PARAMETER Description
 11 |     Description of the Deployment Package
 12 | .PARAMETER SourcePath
 13 |     UNC path to the source location where downloaded patches will be stored
 14 | .EXAMPLE
 15 |     .\New-CMDeploymentPackage.ps1 -SiteServer CM01 -Name "Critical and Security Patches" -SourcePath "\\CAS01\Source$\SUM\ADRs\CS" -Description "Contains Critical and Security patches"
 16 |     Create a Deployment Package called 'Critical and Security Patches', specifying a source path and description on a Primary Site server called 'CM01':
 17 | .NOTES
 18 |     Script name: New-CMDeploymentPackage.ps1
 19 |     Author:      Nickolaj Andersen
 20 |     Contact:     @NickolajA
 21 |     DateCreated: 2014-11-05
 22 | #>
 23 | [CmdletBinding(SupportsShouldProcess=$true)]
 24 | param(
 25 |     [parameter(Mandatory=$true,HelpMessage="Site server where the SMS Provider is installed")]
 26 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
 27 |     [string]$SiteServer,
 28 |     [parameter(Mandatory=$true,HelpMessage="Name of the Deployment Package")]
 29 |     [string]$Name,
 30 |     [parameter(Mandatory=$false,HelpMessage="Description of the Deployment Package")]
 31 |     [string]$Description,
 32 |     [parameter(Mandatory=$true,HelpMessage="UNC path to the source location where downloaded patches will be stored")]
 33 |     [string]$SourcePath
 34 | )
 35 | Begin {
 36 |     # Determine SiteCode from WMI
 37 |     try {
 38 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
 39 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 40 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 41 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 42 |                 $SiteCode = $SiteCodeObject.SiteCode
 43 |                 Write-Debug "SiteCode: $($SiteCode)"
 44 |             }
 45 |         }
 46 |     }
 47 |     catch [Exception] {
 48 |         Throw "Unable to determine SiteCode"
 49 |     }
 50 | }
 51 | Process {
 52 |     function Get-DuplicateInfo {
 53 |         $IsDuplicatePkg = $false
 54 |         $EnumDeploymentPackages = Get-CimInstance -CimSession $CimSession -Namespace "root\SMS\site_$($SiteCode)" -ClassName SMS_SoftwareUpdatesPackage -ErrorAction SilentlyContinue -Verbose:$false
 55 |         foreach ($Pkgs in $EnumDeploymentPackages) {
 56 |             if ($Pkgs.PkgSourcePath -like "$($SourcePath)") {
 57 |                 $IsDuplicatePkg = $true
 58 |             }
 59 |         }
 60 |         return $IsDuplicatePkg
 61 |     }
 62 |     function Remove-CimSessions {
 63 |         foreach ($Session in $(Get-CimSession -ComputerName $SiteServer -ErrorAction SilentlyContinue -Verbose:$false)) {
 64 |             if ($Session.TestConnection()) {
 65 |                 Write-Verbose -Message "Closing CimSession against '$($Session.ComputerName)'"
 66 |                 Remove-CimSession -CimSession $Session -ErrorAction SilentlyContinue -Verbose:$false
 67 |             }
 68 |         }
 69 |     }
 70 |     try {
 71 |         Write-Verbose -Message "Establishing a Cim session against '$($SiteServer)'"
 72 |         $CimSession = New-CimSession -ComputerName $SiteServer -Verbose:$false
 73 |         # Check if there's an existing Deployment Package with the same name
 74 |         if ((Get-CimInstance -CimSession $CimSession -Namespace "root\SMS\site_$($SiteCode)" -ClassName SMS_SoftwareUpdatesPackage -Filter "Name like '$($Name)'" -ErrorAction SilentlyContinue -Verbose:$false | Measure-Object).Count -eq 0) {
 75 |             # Check if there's an existing Deployment Package with the same source path
 76 |             if ((Get-DuplicateInfo) -eq $false) {
 77 |                 $CimProperties = @{
 78 |                     "Name" = "$($Name)"
 79 |                     "PkgSourceFlag" = 2
 80 |                     "PkgSourcePath" = "$($SourcePath)"
 81 |                 }
 82 |                 if ($PSBoundParameters["Description"]) {
 83 |                     $CimProperties.Add("Description",$Description)
 84 |                 }
 85 |                 $CMDeploymentPackage = New-CimInstance -CimSession $CimSession -Namespace "root\SMS\site_$($SiteCode)" -ClassName SMS_SoftwareUpdatesPackage -Property $CimProperties -Verbose:$false -ErrorAction Stop
 86 |                 $PSObject = [PSCustomObject]@{
 87 |                     "Name" = $CMDeploymentPackage.Name
 88 |                     "Description" = $CMDeploymentPackage.Description
 89 |                     "PackageID" = $CMDeploymentPackage.PackageID
 90 |                     "PkgSourcePath" = $CMDeploymentPackage.PkgSourcePath
 91 |                 }
 92 |                 if (-not($PSBoundParameters["WhatIf"])) {
 93 |                     Write-Output $PSObject
 94 |                 }
 95 |             }
 96 |             else {
 97 |                 Write-Warning -Message "A Deployment Package with the specified source path already exists"
 98 |             }
 99 |         }
100 |         else {
101 |             Write-Warning -Message "A Deployment Package with the name '$($Name)' already exists"
102 |         }
103 |     }
104 |     catch [Exception] {
105 |         Remove-CimSessions
106 |         Throw $_.Exception.Message
107 |     }
108 | }
109 | End {
110 |     # Remove active Cim session established to $SiteServer
111 |     Remove-CimSessions
112 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Set-WindowsDefenderSetting.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Configure Windows Defender settings, e.g. disable FirstRun UI window.
  4 | 
  5 | .DESCRIPTION
  6 |     This script serves as a template to successfully configure different settings related to Windows Defender that requires manipulation of the registry.
  7 |     Active Setup is leveraged to perform a run once experience per user. There are three different run modes supported by this script:
  8 | 
  9 |     - Stage
 10 |         This mode is the initial mode that should be invoked e.g. during operating system deployment with MDT or ConfigMgr. Script is copied to C:\Windows
 11 |         and Active Setup is prepared.
 12 |     - CreateProcess
 13 |         This mode makes sure that the script is re-launched during Active Setup in order not to prolong the logon experience for the end user.
 14 |     - Execute
 15 |         This mode performs the actual configuration of Windows Defender settings.
 16 | 
 17 |     Use only the Stage run mode to prepare the system for Active Setup and Windows Defender configuration changes.
 18 | 
 19 | .EXAMPLE
 20 |     .\Set-WindowsDefenderSetting.ps1 -RunMode Stage
 21 | 
 22 | .NOTES
 23 |     Version history:
 24 |     1.0.0 - (2016-10-11) Script created
 25 | 
 26 | .NOTES
 27 |     FileName:    Set-WindowsDefenderSetting.ps1
 28 |     Author:      Nickolaj Andersen
 29 |     Contact:     @NickolajA
 30 |     Created:     2016-10-11
 31 |     Updated:     2016-10-11
 32 |     Version:     1.0.0
 33 | #>
 34 | [CmdletBinding(SupportsShouldProcess=$true)]
 35 | param(
 36 |     [parameter(Mandatory=$true)]
 37 |     [ValidateNotNullOrEmpty()]
 38 |     [ValidateSet("Stage","Execute", "CreateProcess")]
 39 |     [string]$RunMode
 40 | )
 41 | Process {
 42 |     # Functions
 43 |     function Invoke-Process {
 44 |         param(
 45 |             [parameter(Mandatory=$true)]
 46 |             [ValidateNotNullOrEmpty()]
 47 |             [string]$Name,
 48 | 
 49 |             [parameter(Mandatory=$true)]
 50 |             [ValidateNotNullOrEmpty()]
 51 |             [string]$Arguments,
 52 | 
 53 |             [parameter(Mandatory=$false)]
 54 |             [switch]$Hidden,
 55 | 
 56 |             [parameter(Mandatory=$false)]
 57 |             [switch]$Wait
 58 |         )
 59 |         # Construct new ProcessStartInfo object
 60 |         $ProcessStartInfo = New-Object -TypeName System.Diagnostics.ProcessStartInfo
 61 |         $ProcessStartInfo.FileName = $Name
 62 |         $ProcessStartInfo.Arguments = $Arguments
 63 | 
 64 |         # Hide the process window
 65 |         if ($Hidden -eq $true) {
 66 |             $ProcessStartInfo.WindowStyle = "Hidden"
 67 |             $ProcessStartInfo.CreateNoWindow = $true
 68 |         }
 69 | 
 70 |         # Instatiate new process
 71 |         $Process = [System.Diagnostics.Process]::Start($ProcessStartInfo)
 72 | 
 73 |         # Wait for process to terminate
 74 |         if ($Wait -eq $true) {
 75 |             $Process.WaitForExit()
 76 |         }
 77 | 
 78 |         # Return exit code from process
 79 |         return $Process.ExitCode
 80 |     }
 81 | 
 82 |     switch ($RunMode) {
 83 |         "Stage" {
 84 |             if (-not(Test-Path -Path (Join-Path -Path $env:SystemRoot -ChildPath $MyInvocation.MyCommand.Name) -PathType Leaf)) {
 85 |                 # Stage script in system root directory for ActiveSetup
 86 |                 try {
 87 |                     Copy-Item $MyInvocation.MyCommand.Definition -Destination $env:SystemRoot -ErrorAction Stop
 88 |                 }
 89 |                 catch [System.Exception] {
 90 |                     Write-Warning -Message "Unable to stage script in system root directory for ActiveSetup. Error message: $($_.Exception.Message)" ; exit
 91 |                 }
 92 |             }
 93 | 
 94 |             # Prepare ActiveSetup
 95 |             try {
 96 |                 New-Item -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\WindowsDefender" -type Directory -Force -ErrorAction Stop
 97 |                 New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\WindowsDefender" -Name Version -Value 1 -PropertyType String -Force -ErrorAction Stop
 98 |                 New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\WindowsDefender" -Name StubPath -Value "powershell.exe -ExecutionPolicy ByPass -NoProfile -File $(Join-Path -Path $env:SystemRoot -ChildPath $MyInvocation.MyCommand.Name) -RunMode CreateProcess" -PropertyType ExpandString -Force -ErrorAction Stop
 99 |             }
100 |             catch [System.Exception] {
101 |                 Write-Warning -Message "Unable to prepare ActiveSetup key. Error message: $($_.Exception.Message)"
102 |             }
103 |         }
104 |         "CreateProcess" {
105 |             # Invoke script for Active Setup
106 |             Invoke-Process -Name "powershell.exe" -Arguments "-ExecutionPolicy Bypass -NoProfile -File $($env:SystemRoot)\$($MyInvocation.MyCommand.Name) -RunMode Execute" -Hidden
107 |         }
108 |         "Execute" {
109 |             # Validate that the Windows Defender key exists
110 |             do {
111 |                 Start-Sleep -Seconds 3
112 |             }
113 |             while (-not(Test-Path -Path "HKCU:\SOFTWARE\Microsoft\Windows Defender"))
114 | 
115 |             # Add UIFirstRun value
116 |             try {
117 |                 New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows Defender" -Name UIFirstRun -PropertyType DWORD -Value 0 -Force -ErrorAction Stop
118 |             }
119 |             catch [System.Exception] {
120 |                 Write-Warning -Message "Unable to create UIFirstRun value. Error message: $($_.Exception.Message)"
121 |             }          
122 |         }
123 |     }
124 | }


--------------------------------------------------------------------------------
/Application/Get-CMApplicationWithDependency.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     List all Applications in ConfigMgr 2012 that have one or more dependencies configured
  4 | .DESCRIPTION
  5 |     This script will enumerate through all the Applications in ConfigMgr 2012 and output a custom object for those applications
  6 |     that have a dependency configured for any of the DeploymentTypes
  7 | .PARAMETER SiteServer
  8 |     Site server name with SMS Provider installed
  9 | .PARAMETER ShowProgress
 10 |     Show a progressbar displaying the current operation
 11 | .EXAMPLE
 12 |     List Applications with dependencies on a Primary Site server called 'CM01':
 13 |     .\Get-CMApplicationWithDependency.ps1 -SiteServer -ShowProgress
 14 | .NOTES
 15 |     Script name: Get-CMApplicationWithDependency.ps1
 16 |     Author:      Nickolaj Andersen
 17 |     Contact:     @NickolajA
 18 |     DateCreated: 2015-09-23
 19 | #>
 20 | [CmdletBinding(SupportsShouldProcess=$true)]
 21 | param(
 22 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
 23 |     [ValidateNotNullOrEmpty()]
 24 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
 25 |     [string]$SiteServer,
 26 |     [parameter(Mandatory=$false, HelpMessage="Show a progressbar displaying the current operation")]
 27 |     [switch]$ShowProgress
 28 | )
 29 | Begin {
 30 |     # Determine SiteCode from WMI
 31 |     try {
 32 |         Write-Verbose -Message "Determining SiteCode for Site Server: '$($SiteServer)'"
 33 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 34 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 35 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 36 |                 $SiteCode = $SiteCodeObject.SiteCode
 37 |                 Write-Debug -Message "SiteCode: $($SiteCode)"
 38 |             }
 39 |         }
 40 |     }
 41 |     catch [System.UnauthorizedAccessException] {
 42 |         Write-Warning -Message "Access denied" ; break
 43 |     }
 44 |     catch [System.Exception] {
 45 |         Write-Warning -Message "Unable to determine SiteCode" ; break
 46 |     }
 47 |     # Load ConfigMgr application assemblies
 48 |     try {
 49 |         Add-Type -Path (Join-Path -Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName -ChildPath "Microsoft.ConfigurationManagement.ApplicationManagement.dll") -ErrorAction Stop
 50 |         Add-Type -Path (Join-Path -Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName -ChildPath "Microsoft.ConfigurationManagement.ApplicationManagement.Extender.dll") -ErrorAction Stop
 51 |         Add-Type -Path (Join-Path -Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName -ChildPath "Microsoft.ConfigurationManagement.ApplicationManagement.MsiInstaller.dll") -ErrorAction Stop
 52 |     }
 53 |     catch [System.UnauthorizedAccessException] {
 54 | 	    Write-Warning -Message "Access was denied when attempting to load ApplicationManagement dll's" ; break
 55 |     }
 56 |     catch [System.Exception] {
 57 | 	    Write-Warning -Message "Unable to load required ApplicationManagement dll's. Make sure that you're running this tool on system where the ConfigMgr console is installed and that you're running the tool elevated" ; break
 58 |     }
 59 | }
 60 | Process {
 61 |     if ($PSBoundParameters["ShowProgress"]) {
 62 |         $ProgressCount = 0
 63 |     }
 64 |     try {
 65 |         $Applications = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class "SMS_ApplicationLatest" -ComputerName $SiteServer -ErrorAction Stop
 66 |         $ApplicationCount = ($Applications | Measure-Object).Count
 67 |         foreach ($Application in $Applications) {
 68 |             if ($PSBoundParameters["ShowProgress"]) {
 69 |                 $ProgressCount++
 70 |                 Write-Progress -Activity "Enumerating Applications for dependencies" -Status "Application $($ProgressCount) / $($ApplicationCount)" -Id 1 -PercentComplete (($ProgressCount / $ApplicationCount) * 100)
 71 |             }
 72 |             $ApplicationName = $Application.LocalizedDisplayName
 73 |             # Get Application object including Lazy properties
 74 |             $Application.Get()
 75 |             # Deserialize SDMPakageXML property from string
 76 |             $ApplicationXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($Application.SDMPackageXML, $true)
 77 |             foreach ($DeploymentType in $ApplicationXML.DeploymentTypes) {
 78 |                 if ([int]$DeploymentType.Dependencies.Count -ge 1) {
 79 |                     $PSObject = [PSCustomObject]@{
 80 |                         ApplicationName = $ApplicationName
 81 |                         DeploymentTypeName = $DeploymentType.Title
 82 |                         DependencyCount = $DeploymentType.Dependencies.Count
 83 |                         DependencyGroupName = $DeploymentType.Dependencies.Name
 84 |                         DependentApplication = $DeploymentType.Dependencies.Expression.Operands | ForEach-Object {
 85 |                             Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class "SMS_ApplicationLatest" -ComputerName $SiteServer -Filter "CI_UniqueID like '$($_.ApplicationAuthoringScopeId)%$($_.ApplicationLogicalName)%'" | Select-Object -ExpandProperty LocalizedDisplayName
 86 |                         }
 87 |                         EnforceDesiredState = $DeploymentType.Dependencies.Expression.Operands.EnforceDesiredState
 88 |                     }
 89 |                     Write-Output -InputObject $PSObject
 90 |                 }
 91 |             }
 92 |         }
 93 |     }
 94 |     catch [System.Exception] {
 95 |         Write-Warning -Message $_.Exception.Message ; break
 96 |     }
 97 | }
 98 | End {
 99 |     if ($PSBoundParameters["ShowProgress"]) {
100 |         Write-Progress -Activity "Enumerating Applications for dependencies" -Id 1 -Completed
101 |     }
102 | }


--------------------------------------------------------------------------------
/Operating System Deployment/BIOS/Invoke-MicrosoftBIOSUpdate.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Invoke Microsoft Update process.
  4 | 
  5 | .DESCRIPTION
  6 |     This script will invoke the Microsoft BIOS update process for the executable residing in the path specified for the Path parameter.
  7 | 
  8 | .PARAMETER LogFileName
  9 |     Set the name of the log file produced by the flash utility.
 10 | 
 11 | .EXAMPLE
 12 |     .\Invoke-MicrosoftBIOSUpdate.ps1 -LogFileName "LogFileName.log"
 13 | 
 14 | .NOTES
 15 |     FileName:    Invoke-MicrosoftBIOSUpdate.ps1
 16 |     Authors:     Maurice Daly / Nickolaj Andersen
 17 |     Contact:     @modaly_it / @NickolajA
 18 |     Created:     2019-07-11
 19 |     Updated:     2020-04-11
 20 |     
 21 |     Version history:
 22 |     1.0.0 - (2019-07-11) Script created (Maurice Daly)
 23 | 	1.0.1 - (2019-07-25) Minor fixes
 24 | 	1.0.2 - (2020-04-11) Removed unnecessary parameter Path, it was never used in the script
 25 | #>
 26 | [CmdletBinding(SupportsShouldProcess=$true)]
 27 | param(
 28 |     [parameter(Mandatory=$false, HelpMessage="Set the name of the log file produced by the flash utility.")]
 29 |     [ValidateNotNullOrEmpty()]
 30 |     [string]$LogFileName = "MicrosoftBIOSUpdate.log"
 31 | )
 32 | Begin {
 33 | 	# Load Microsoft.SMS.TSEnvironment COM object
 34 | 	try {
 35 | 		$TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 36 | 	}
 37 | 	catch [System.Exception] {
 38 | 		Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object"
 39 | 	}
 40 | }
 41 | Process {
 42 | 	# Set Log Path
 43 | 	$LogsDirectory = Join-Path $env:SystemRoot "Temp"
 44 | 	
 45 |     # Functions
 46 |     function Write-CMLogEntry {
 47 | 	    param(
 48 | 		    [parameter(Mandatory=$true, HelpMessage="Value added to the log file.")]
 49 | 		    [ValidateNotNullOrEmpty()]
 50 | 		    [string]$Value,
 51 | 
 52 | 		    [parameter(Mandatory=$true, HelpMessage="Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
 53 | 		    [ValidateNotNullOrEmpty()]
 54 |             [ValidateSet("1", "2", "3")]
 55 | 		    [string]$Severity,
 56 | 
 57 | 		    [parameter(Mandatory=$false, HelpMessage="Name of the log file that the entry will written to.")]
 58 | 		    [ValidateNotNullOrEmpty()]
 59 | 		    [string]$FileName = "Invoke-MicrosoftBIOSUpdate.log"
 60 | 	    )
 61 | 	    # Determine log file location
 62 |         $LogFilePath = Join-Path -Path $TSEnvironment.Value("_SMSTSLogPath") -ChildPath $FileName
 63 | 
 64 |         # Construct time stamp for log entry
 65 |         $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
 66 | 
 67 |         # Construct date for log entry
 68 |         $Date = (Get-Date -Format "MM-dd-yyyy")
 69 | 
 70 |         # Construct context for log entry
 71 |         $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
 72 | 
 73 |         # Construct final log entry
 74 |         $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""MicrosoftBIOSUpdate.log"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
 75 | 	
 76 | 	    # Add value to log file
 77 |         try {
 78 | 	        Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop 
 79 |         }
 80 |         catch [System.Exception] {
 81 |             Write-Warning -Message "Unable to append log entry to Invoke-MicrosoftBIOSUpdate.log file. Error message: $($_.Exception.Message)"
 82 |         }
 83 |     }
 84 | 	
 85 | 	function Invoke-Executable {
 86 | 		param (
 87 | 			[parameter(Mandatory = $true, HelpMessage = "Specify the file name or path of the executable to be invoked, including the extension")]
 88 | 			[ValidateNotNullOrEmpty()]
 89 | 			[string]$FilePath,
 90 | 			[parameter(Mandatory = $false, HelpMessage = "Specify arguments that will be passed to the executable")]
 91 | 			[ValidateNotNull()]
 92 | 			[string]$Arguments
 93 | 		)
 94 | 		
 95 | 		# Construct a hash-table for default parameter splatting
 96 | 		$SplatArgs = @{
 97 | 			FilePath = $FilePath
 98 | 			NoNewWindow = $true
 99 | 			Passthru = $true
100 | 			ErrorAction = "Stop"
101 | 		}
102 | 		
103 | 		# Add ArgumentList param if present
104 | 		if (-not ([System.String]::IsNullOrEmpty($Arguments))) {
105 | 			$SplatArgs.Add("ArgumentList", $Arguments)
106 | 		}
107 | 		
108 | 		# Invoke executable and wait for process to exit
109 | 		try {
110 | 			$Invocation = Start-Process @SplatArgs
111 | 			$Handle = $Invocation.Handle
112 | 			$Invocation.WaitForExit()
113 | 		}
114 | 		catch [System.Exception] {
115 | 			Write-Warning -Message $_.Exception.Message; break
116 | 		}
117 | 		
118 | 		return $Invocation.ExitCode
119 | 	}
120 | 	
121 | 	# Default to task sequence variable set in detection script
122 | 	if (-not([string]::IsNullOrEmpty($TSEnvironment.Value("OSDBIOSPackage01")))){
123 | 		Write-CMLogEntry -Value "Using BIOS package location set in OSDBIOSPackage01 TS variable" -Severity 1
124 | 		$OSDFirmwarePackageLocation = $TSEnvironment.Value("OSDBIOSPackage01")
125 | 	}
126 | 	
127 | 	# Run BIOS update process if BIOS package exists
128 | 	if (-not([string]::IsNullOrEmpty($OSDFirmwarePackageLocation))){
129 | 		# Write log file for script execution
130 | 		Write-CMLogEntry -Value "Initiating pnputil to apply firmware updates" -Severity 1
131 | 		$ApplyFirmwareInvocation = Invoke-Executable -FilePath "powershell.exe" -Arguments "pnputil /add-driver $(Join-Path -Path $OSDFirmwarePackageLocation -ChildPath '*.inf') /subdirs /install | Out-File -FilePath (Join-Path -Path $($LogsDirectory) -ChildPath 'Install-MicrosoftFirmware.txt') -Force"											
132 | 		}
133 | 	else {
134 | 		Write-CMLogEntry -Value "Unable to determine BIOS package path." -Severity 2 ; exit 1
135 | 	}
136 | }
137 | 


--------------------------------------------------------------------------------
/Operating System Deployment/Enable-CredentialGuard.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Enable Credential Guard on Windows 10 during OS Deployment with ConfigMgr
  4 | 
  5 | .DESCRIPTION
  6 |     This script will enable a Windows 10 device being installed through OS Deployment with ConfigMgr to leverage Credential Guard
  7 |     in order to prevent pass-the-hash attacks.
  8 | 
  9 | .EXAMPLE
 10 |     .\Enable-CredentialGuard.ps1
 11 | 
 12 | .NOTES
 13 | 
 14 |     Version history:
 15 |     1.0.0 - (2016-06-08) Script created
 16 |     1.0.1 - (2016-08-10) Script updated to support Windows 10 version 1607 that no longer required the Isolated User Mode feature, since it's embedded in the hypervisor
 17 |     1.0.2 - (2017-07-03) Script updated since Windows 10 version 1607 and higher no longer needs Hyper-V feature for enablind Credential Guard
 18 | 
 19 | .NOTES
 20 |     FileName:    Enable-CredentialGuard.ps1
 21 |     Author:      Nickolaj Andersen
 22 |     Contact:     @NickolajA
 23 |     Created:     2016-06-08
 24 |     Updated:     2017-07-03
 25 |     Version:     1.0.2
 26 | #>
 27 | Begin {
 28 |     # Construct TSEnvironment object
 29 |     try {
 30 |         $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 31 |     }
 32 |     catch [System.Exception] {
 33 |         Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 34 |     }
 35 | }
 36 | Process {
 37 |     # Functions
 38 |     function Write-CMLogEntry {
 39 | 	    param(
 40 | 		    [parameter(Mandatory=$true, HelpMessage="Value added to the smsts.log file.")]
 41 | 		    [ValidateNotNullOrEmpty()]
 42 | 		    [string]$Value,
 43 | 
 44 | 		    [parameter(Mandatory=$true, HelpMessage="Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
 45 | 		    [ValidateNotNullOrEmpty()]
 46 |             [ValidateSet("1", "2", "3")]
 47 | 		    [string]$Severity,
 48 | 
 49 | 		    [parameter(Mandatory=$false, HelpMessage="Name of the log file that the entry will written to.")]
 50 | 		    [ValidateNotNullOrEmpty()]
 51 | 		    [string]$FileName = "EnableCredentialGuard.log"
 52 | 	    )
 53 | 	    # Determine log file location
 54 |         $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value("_SMSTSLogPath") -ChildPath $FileName
 55 | 
 56 |         # Construct time stamp for log entry
 57 |         $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
 58 | 
 59 |         # Construct date for log entry
 60 |         $Date = (Get-Date -Format "MM-dd-yyyy")
 61 | 
 62 |         # Construct context for log entry
 63 |         $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
 64 | 
 65 |         # Construct final log entry
 66 |         $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""CredentialGuard"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
 67 | 	
 68 | 	    # Add value to log file
 69 |         try {
 70 | 	        Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
 71 |         }
 72 |         catch [System.Exception] {
 73 |             Write-Warning -Message "Unable to append log entry to EnableCredentialGuard.log file"
 74 |         }
 75 |     }
 76 | 
 77 |     # Write beginning of log file
 78 |     Write-CMLogEntry -Value "Starting configuration for Credential Guard" -Severity 1
 79 | 
 80 |     if ([int](Get-WmiObject -Class Win32_OperatingSystem).BuildNumber -lt 14393) {
 81 |         try {
 82 |             # For version older than Windows 10 version 1607 (build 14939), enable required Windows Features for Credential Guard
 83 |             Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V-HyperVisor -Online -All -LimitAccess -NoRestart -ErrorAction Stop
 84 |             Write-CMLogEntry -Value "Successfully enabled Microsoft-Hyper-V-HyperVisor feature" -Severity 1
 85 | 
 86 |             # For version older than Windows 10 version 1607 (build 14939), add the IsolatedUserMode feature as well
 87 |             Enable-WindowsOptionalFeature -FeatureName IsolatedUserMode -Online -All -LimitAccess -NoRestart -ErrorAction Stop
 88 |             Write-CMLogEntry -Value "Successfully enabled IsolatedUserMode feature" -Severity 1
 89 |         }
 90 |         catch [System.Exception] {
 91 |             Write-CMLogEntry -Value "An error occured when enabling required windows features" -Severity 3
 92 |         }
 93 |     }
 94 |     
 95 |     # Add required registry key for Credential Guard
 96 |     $RegistryKeyPath = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard"
 97 |     if (-not(Test-Path -Path $RegistryKeyPath)) {
 98 |         Write-CMLogEntry -Value "Creating HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard registry key" -Severity 1
 99 |         New-Item -Path $RegistryKeyPath -ItemType Directory -Force
100 |     }
101 | 
102 |     # Add registry value RequirePlatformSecurityFeatures - 1 for Secure Boot only, 3 for Secure Boot and DMA Protection
103 |     Write-CMLogEntry -Value "Adding HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures value as DWORD with data 1" -Severity 1
104 |     New-ItemProperty -Path $RegistryKeyPath -Name RequirePlatformSecurityFeatures -PropertyType DWORD -Value 1
105 | 
106 |     # Add registry value EnableVirtualizationBasedSecurity - 1 for Enabled, 0 for Disabled
107 |     Write-CMLogEntry -Value "Adding HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity value as DWORD with data 1" -Severity 1
108 |     New-ItemProperty -Path $RegistryKeyPath -Name EnableVirtualizationBasedSecurity -PropertyType DWORD -Value 1
109 | 
110 |     # Add registry value LsaCfgFlags - 1 enables Credential Guard with UEFI lock, 2 enables Credential Guard without lock, 0 for Disabled
111 |     Write-CMLogEntry -Value "Adding HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags value as DWORD with data 1" -Severity 1
112 |     New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name LsaCfgFlags -PropertyType DWORD -Value 1
113 | 
114 |     # Write end of log file
115 |     Write-CMLogEntry -Value "Successfully enabled Credential Guard" -Severity 1
116 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Invoke-ITMaintenanceMessage.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 | 	IT Maintenance notice for task sequence maintenance deployments
  4 | 	
  5 | .DESCRIPTION
  6 | 	The script updates the background, legal notice and legal caption for IT maintenance work. 
  7 | 	Run the script in a TS before the first restart. When the machine reboots the specified
  8 | 	maintenance background and logon messages are displayed. The existing messages and background 
  9 | 	details	are captured into text backup files. 
 10 | 
 11 | 	Post driver installation, run the script again, it will automatically read in the backup 
 12 | 	files and revert settings.
 13 | 
 14 | .PARAMETER State
 15 | 	Enable or disable the logon maintenance message.
 16 | 
 17 | .EXAMPLE
 18 | 	# Enable the logon maintenance message:
 19 | 	.\Invoke-ITMaintenanceMessage -State "Enable"
 20 | 
 21 | 	# Disable the logon maintenance message:
 22 | 	.\Invoke-ITMaintenanceMessage -State "Disable"
 23 | 
 24 | .NOTES
 25 |     FileName:    Invoke-ITMaintenanceMessage.ps1
 26 |     Author:      Maurice Daly
 27 |     Contact:     @MoDaly_IT
 28 |     Created:     2017-10-19
 29 | 	Updated:     2017-11-03
 30 |   
 31 |     Version history:
 32 | 	1.0.0 - (2017-10-13) Script created
 33 | 	1.0.1 - (2017-11-03) Updated the param block with ValidateSet for improved usage experience. Parameter renamed from MaintenanceMessage to State.
 34 | #>
 35 | [CmdletBinding(SupportsShouldProcess = $true)]
 36 | param (
 37 | 	[parameter(Mandatory = $true, HelpMessage = "Enable or disable the logon maintenance message.")]
 38 | 	[ValidateNotNullOrEmpty()]
 39 | 	[ValidateSet("Enable", "Disable")]
 40 | 	[string]$State
 41 | )
 42 | Process {
 43 | 	# Functions
 44 | 	function Update-RegistryValue {
 45 | 		param (
 46 | 			[parameter(Mandatory=$false, HelpMessage="The registy key to work with")]
 47 | 			[ValidateNotNullOrEmpty()]
 48 | 			[string]$RegistryKey,
 49 | 
 50 | 			[parameter(Mandatory=$false, HelpMessage="The registry item to restore")]
 51 | 			[ValidateNotNullOrEmpty()]
 52 | 			[string]$RegistryItem,
 53 | 
 54 | 			[parameter(Mandatory=$false, HelpMessage="The registry item to restore")]
 55 | 			[ValidateNotNullOrEmpty()]
 56 | 			[string]$RegistryValue,
 57 | 
 58 | 			[parameter(Mandatory=$true, HelpMessage="The backup file to use")]
 59 | 			[ValidateNotNullOrEmpty()]
 60 | 			[string]$BackupFile,
 61 | 
 62 | 			[parameter(Mandatory=$true, HelpMessage="The job type, backup or restore")]
 63 | 			[ValidateNotNullOrEmpty()]
 64 | 			[ValidateSet("Backup", "Restore")]
 65 | 			[string]$Action
 66 | 		)
 67 | 		
 68 | 		if ($Action -eq "Backup") {
 69 | 			$RegistryValue | Out-File -Encoding ASCII -FilePath $BackupFile -Force
 70 | 		}
 71 | 		elseif ($Action -eq "Restore") {
 72 | 			if ((Test-Path -Path $BackupFile) -eq $true) {
 73 | 				$Notice = [string]::join([environment]::newline, (get-content -path $BackupFile))
 74 | 				Set-ItemProperty -Path $RegistryKey -Name $RegistryItem -Value $Notice
 75 | 			}
 76 | 			else {
 77 | 				Set-ItemProperty -Path $RegistryKey -Name $RegistryItem -Value $null
 78 | 			}
 79 | 		}
 80 | 	}
 81 | 
 82 | 	# Set Maintenance Values - Required for maintenance notice and wallpaper
 83 | 	$MaintenanceNotice = "Your machine will reboot shortly and be ready for use. DO NOT log in to the machine at this point."
 84 | 	$MaintenanceCaption = "IT MAINTENANCE IN PROCESS - DO NOT LOG ON"
 85 | 	$MaintenanceBackground = "C:\Windows\System32\oobe\info\backgrounds\maintenanceBackground.jpg"
 86 | 
 87 | 	# Define Variables
 88 | 	$LegalRegNoticePath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
 89 | 	$PersonalizationRegPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization"
 90 | 	$CurrentLegalNotice = (Get-Item -Path $LegalRegNoticePath | Get-ItemProperty).LegalNoticeText
 91 | 	$CurrentLegalCaption = (Get-Item -Path $LegalRegNoticePath | Get-ItemProperty).LegalNoticeCaption
 92 | 	$CurrentLockScreenImage = (Get-Item -Path $PersonalizationRegPath| Get-ItemProperty).LockScreenImage
 93 | 	$LegalCaptionBackupFile = "LegalCaptionBackup.txt"
 94 | 	$LegalNoticeBackupFile = "LegalNoticeBackup.txt"
 95 | 	$LockScreenBackupFile = "LockScreenBackup.txt"
 96 | 	$CurrentWorkingDirectory = $PSScriptRoot
 97 | 
 98 | 	switch ($State) {
 99 | 		"Enable" {
100 | 			# Back legal caption, legal notce and lock screen values 
101 | 			Update-RegistryValue -RegistryValue $CurrentLegalCaption -BackupFile (Join-Path -Path $CurrentWorkingDirectory -ChildPath $LegalCaptionBackupFile) -Action Backup
102 | 			Update-RegistryValue -RegistryValue $CurrentLegalNotice -BackupFile (Join-Path -Path $CurrentWorkingDirectory -ChildPath $LegalNoticeBackupFile) -Action Backup
103 | 			Update-RegistryValue -RegistryValue $CurrentLockScreenImage -BackupFile (Join-Path -Path $CurrentWorkingDirectory -ChildPath $LockScreenBackupFile) -Action Backup
104 | 			
105 | 			# Set legal notice to warn user of driver update process
106 | 			Set-ItemProperty -Path $LegalRegNoticePath -Name LegalNoticeCaption -Value $MaintenanceCaption
107 | 			Set-ItemProperty -Path $LegalRegNoticePath -Name LegalNoticeText -Value $MaintenanceNotice
108 | 			
109 | 			# Enable lock screen changing
110 | 			if ((Get-ItemProperty -Path $PersonalizationRegPath).NoChangingLockScreen -eq $true) {
111 | 				Set-ItemProperty -Path $PersonalizationRegPath -Name "NoChangingLockScreen" -Value $false
112 | 			}
113 | 			Set-ItemProperty -Path $PersonalizationRegPath -Name "LockScreenImage" -Value $MaintenanceBackground
114 | 			Start-Sleep -Seconds 10
115 | 		}
116 | 		"Disable" {
117 | 			try {
118 | 				# Revert previous legal caption, legal notce and lock screen values
119 | 				Update-RegistryValue -RegistryKey $LegalRegNoticePath -RegistryItem LegalNoticeCaption -BackupFile (Join-Path -Path $CurrentWorkingDirectory -ChildPath $LegalCaptionBackupFile) -Action Restore
120 | 				Update-RegistryValue -RegistryKey $LegalRegNoticePath -RegistryItem LegalNoticeText -BackupFile (Join-Path -Path $CurrentWorkingDirectory -ChildPath $LegalNoticeBackupFile) -Action Restore
121 | 				Update-RegistryValue -RegistryKey $PersonalizationRegPath -RegistryItem LockScreenImage -BackupFile (Join-Path -Path $CurrentWorkingDirectory -ChildPath $LockScreenBackupFile) -Action Restore
122 | 			}
123 | 			catch [System.Exception] {
124 | 				Write-Warning -Message "$($_.Exception.Message)"
125 | 			}
126 | 		}
127 | 	}
128 | }


--------------------------------------------------------------------------------
/Device Collection/Remove-DeviceFromCollection.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Remove a device from range of OSD related device collections in ConfigMgr
  4 | .DESCRIPTION
  5 |     This script will remove a device from a range of OSD related device collections specified in the CollectionIDList array list.
  6 | 	If the device is a member of any of the specified device collections, it will be removed. This script is particular useful when
  7 | 	used together with Status Filter Rules once a task sequence has successfully executed.
  8 | .PARAMETER SiteServer
  9 |     Site server name with SMS Provider installed
 10 | .PARAMETER DeviceName
 11 |     Name of the device that will be removed from any specified device collections
 12 | .PARAMETER CollectionPrefix
 13 |     Collection prefix is used for determining what Device Collections to process
 14 | .PARAMETER LogLocation
 15 |     Specify the temporary location that the script will log it's current process to
 16 | .EXAMPLE
 17 |     Remove device 'CL001' from any of the specified device collections, on a Primary Site server called 'CM01':
 18 | 	.\Remove-DeviceFromCollection.ps1 -SiteServer CM01 -DeviceName CL001 -LogLocation WindowsTemp
 19 | .NOTES
 20 |     Script name: Remove-DeviceFromCollection.ps1
 21 |     Author:      Nickolaj Andersen
 22 |     Contact:     @NickolajA
 23 |     DateCreated: 2016-02-11
 24 | #>
 25 | [CmdletBinding(SupportsShouldProcess=$true)]
 26 | param(
 27 |     [parameter(Mandatory=$true, HelpMessage="Site server name with SMS Provider installed")]
 28 |     [ValidateNotNullorEmpty()]
 29 |     [string]$SiteServer,
 30 |     [parameter(Mandatory=$true, HelpMessage="Name of the device that will be removed from any specified device collections")]
 31 |     [ValidateNotNullorEmpty()]
 32 |     [string]$DeviceName,
 33 |     [parameter(Mandatory=$true, HelpMessage="Collection prefix is used for determining what Device Collections to process")]
 34 |     [ValidateNotNullorEmpty()]
 35 |     [string]$CollectionPrefix,
 36 |     [parameter(Mandatory=$false, HelpMessage="Specify the temporary location that the script will log it's current process to")]
 37 |     [ValidateNotNullorEmpty()]
 38 |     [ValidateSet("WindowsTemp","UserTemp")]
 39 |     [string]$LogLocation = "WindowsTemp"
 40 | )
 41 | Begin {
 42 |     # Determine SiteCode from WMI
 43 |     try {
 44 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
 45 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 46 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 47 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 48 |                 $SiteCode = $SiteCodeObject.SiteCode
 49 |                 Write-Debug "SiteCode: $($SiteCode)"
 50 |             }
 51 |         }
 52 |     }
 53 |     catch [System.UnauthorizedAccessException] {
 54 |         Write-Warning -Message "Access denied" ; break
 55 |     }
 56 |     catch [System.Exception] {
 57 |         Write-Warning -Message $_.Exception.Message ; break
 58 |     }
 59 | }
 60 | Process {
 61 |     # Functions
 62 |     function Write-LogFile {
 63 |         param(
 64 |             [parameter(Mandatory=$true, HelpMessage="Name of the log file, e.g. 'FileName'. File extension should not be specified")]
 65 |             [ValidateNotNullOrEmpty()]
 66 |             [string]$Name,
 67 |             [parameter(Mandatory=$true, HelpMessage="Value added to the specified log file")]
 68 |             [ValidateNotNullOrEmpty()]
 69 |             [string]$Value,
 70 |             [parameter(Mandatory=$true, HelpMessage="Choose a location where the log file will be created")]
 71 |             [ValidateNotNullOrEmpty()]
 72 |             [ValidateSet("UserTemp","WindowsTemp")]
 73 |             [string]$Location
 74 |         )
 75 |         # Determine log file location
 76 |         switch ($Location) {
 77 |             "UserTemp" { $LogLocation = ($env:TEMP + "\") }
 78 |             "WindowsTemp" { $LogLocation = ($env:SystemRoot + "\Temp\") }
 79 |         }
 80 |         # Construct log file name and location
 81 |         $LogFile = ($LogLocation + $Name + ".log")
 82 |         # Create log file unless it already exists
 83 |         if (-not(Test-Path -Path $LogFile -PathType Leaf)) {
 84 |             New-Item -Path $LogFile -ItemType File -Force | Out-Null
 85 |         }
 86 |         # Add timestamp to value
 87 |         $Value = (Get-Date).ToShortDateString() + ":" + (Get-Date).ToLongTimeString() + " - " + $Value
 88 |         # Add value to log file
 89 |         Add-Content -Value $Value -LiteralPath $LogFile -Force
 90 |     }
 91 | 
 92 |     # Get Device ResourceID
 93 |     Write-LogFile -Name "RemoveDeviceFromCollection" -Location $LogLocation -Value "Determine ResourceID for DeviceName: $($DeviceName)"
 94 |     $ResourceIDs = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_R_System -Filter "Name like '$($DeviceName)'" | Select-Object -ExpandProperty ResourceID
 95 |     foreach ($ResourceID in $ResourceIDs) {
 96 |         Write-LogFile -Name "RemoveDeviceFromCollection" -Location $LogLocation -Value "ResourceID: $($ResourceID)"
 97 |         $CollectionIDList = New-Object -TypeName System.Collections.ArrayList
 98 |         # Determine OSD related device collections based on specified collection prefix
 99 |         $OSDCollections = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Collection -Filter "Name like '$($CollectionPrefix)%'" | Select-Object -ExpandProperty CollectionID
100 |         $CollectionIDList.AddRange(@($OSDCollections))       
101 |         # Determine if DeviceName is a member of OSD collections
102 |         foreach ($CollectionID in $CollectionIDList) {
103 |             $Collection = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_Collection -Filter "CollectionID like '$($CollectionID)'"
104 |             $Collection.Get()
105 |             foreach ($CollectionRule in $Collection.CollectionRules) {
106 |                 # Remove Device from collection if there's a Collection Rule matching the DeviceName parameter
107 |                 if ($CollectionRule.ResourceID -like $ResourceID) {
108 |                     Write-LogFile -Name "RemoveDeviceFromCollection" -Location $LogLocation -Value "Removing '$($DeviceName)' from '$($Collection.Name)"
109 |                     $Collection.DeleteMembershipRule($CollectionRule)
110 |                 }
111 |             }
112 |         }
113 |     }
114 | }


--------------------------------------------------------------------------------
/Operating System Deployment/TPM/Invoke-ManageTPMOwnership.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Clear the TPM ownership during OSD with ConfigMgr.
  4 | 
  5 | .DESCRIPTION
  6 | 	This script can both detect the current ownership state of the TPM module and clear the ownership. The script has been designed to
  7 | 	run as a two-step implementation. Firstly detecting the current state using the DetectState value for the Action parameter. If the TPM
  8 | 	is owned, a task sequence parameter named IsTPMOwned is set with a value of TRUE. Second step is to clear the TPM module using the
  9 | 	Clear value for the Action parameter. Once the script has completed, another task sequence variable named IsTPMRestartRequired is
 10 | 	set to TRUE. This can then be used to determine if a Restart Computer step should be used to restart the computer.
 11 | 
 12 | .PARAMETER Action
 13 | 	Specify an action to either detect the ownership state or clear the ownership information from the TPM module.
 14 | 
 15 | .EXAMPLE
 16 | 	# Detect whether the TPM module is owned:
 17 | 	.\Invoke-ManageTPMOwnership.ps1 -Action DetectState
 18 | 	
 19 | 	# Clear the TPM module:
 20 |     .\Invoke-ManageTPMOwnership.ps1 -Action Clear
 21 | 
 22 | .NOTES
 23 |     FileName:    Invoke-ManageTPMOwnership.ps1
 24 |     Author:      Nickolaj Andersen
 25 |     Contact:     @NickolajA
 26 |     Created:     2018-01-30
 27 |     Updated:     2018-04-04
 28 |     
 29 |     Version history:
 30 | 	1.0.0 - (2018-01-30) Script created
 31 | 	1.0.1 - (2018-04-04) Updated script with vendor specific SetPhysicalPresence method execution
 32 | #>
 33 | [CmdletBinding(SupportsShouldProcess=$true)]
 34 | param(
 35 |     [parameter(Mandatory=$true, HelpMessage="Specify an action to either detect the ownership state or clear the ownership information from the TPM module.")]
 36 | 	[ValidateNotNullOrEmpty()]
 37 | 	[ValidateSet("Clear", "DetectState")]
 38 |     [string]$Action
 39 | )
 40 | Begin {
 41 | 	# Load Microsoft.SMS.TSEnvironment COM object
 42 | 	try {
 43 | 		$TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 44 | 	}
 45 | 	catch [System.Exception] {
 46 | 		Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object"
 47 | 	}    
 48 | }
 49 | Process {
 50 |     # Functions
 51 | 	function Write-CMLogEntry {
 52 | 		param (
 53 | 			[parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")]
 54 | 			[ValidateNotNullOrEmpty()]
 55 | 			[string]$Value,
 56 | 
 57 | 			[parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
 58 | 			[ValidateNotNullOrEmpty()]
 59 | 			[ValidateSet("1", "2", "3")]
 60 | 			[string]$Severity,
 61 | 
 62 | 			[parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")]
 63 | 			[ValidateNotNullOrEmpty()]
 64 | 			[string]$FileName = "TPMManagement.log"
 65 | 		)
 66 | 		# Determine log file location
 67 | 		$LogFilePath = Join-Path -Path $env:SystemRoot -ChildPath "\Temp\$($FileName)"
 68 | 		
 69 | 		# Construct time stamp for log entry
 70 | 		$Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
 71 | 		
 72 | 		# Construct date for log entry
 73 | 		$Date = (Get-Date -Format "MM-dd-yyyy")
 74 | 		
 75 | 		# Construct context for log entry
 76 | 		$Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
 77 | 		
 78 | 		# Construct final log entry
 79 | 		$LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""TPMManagement"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
 80 | 		
 81 | 		# Add value to log file
 82 | 		try {
 83 | 			Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop
 84 | 		}
 85 | 		catch [System.Exception] {
 86 | 			Write-Warning -Message "Unable to append log entry to TPMManagement.log file. Error message: $($_.Exception.Message)"
 87 | 		}
 88 | 	}
 89 | 
 90 | 	# Load TPM module class
 91 | 	try {
 92 | 		$TPMModule = Get-WmiObject -Namespace "root\cimv2\Security\MicrosoftTpm" -Class Win32_TPM -ErrorAction Stop
 93 | 	}
 94 | 	catch [System.Exception] {
 95 | 		Write-CMLogEntry -Value "Unable to load TPM class. Error message: $($_.Exception.Message)" -Severity 2
 96 | 	}
 97 | 
 98 | 	# Check if TPM is present and enabled
 99 | 	if ($TPMModule -ne $null) {
100 | 		switch ($Action) {
101 | 			"Clear" {
102 | 				# Check if TPM is enabled
103 | 				if (-not($TPMModule.IsEnabled())) {
104 | 					Write-CMLogEntry -Value "TPM module is not enabled, bailing out" -Severity 3; break
105 | 				}
106 | 
107 | 				# Attempt to clear TPM ownership
108 | 				if ($TPMModule.IsOwned()) {
109 | 					Write-CMLogEntry -Value "Attempting to clear TPM ownership" -Severity 1
110 | 
111 | 					# https://msdn.microsoft.com/en-us/library/windows/desktop/aa376478(v=vs.85).aspx
112 | 					$ComputerManufacturer = Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty Manufacturer
113 | 					switch -Wildcard ($ComputerManufacturer) {
114 | 						"*Dell*" {
115 | 							$Invocation = $TPMModule.SetPhysicalPresenceRequest(14) # Enable, activate and clear TPM ownership
116 | 						}
117 | 						"*Hewlett-Packard*" {
118 | 							$Invocation = $TPMModule.SetPhysicalPresenceRequest(10) # Enable, activate and clear TPM ownership
119 | 						}
120 | 						"*HP*" {
121 | 							$Invocation = $TPMModule.SetPhysicalPresenceRequest(10) # Enable, activate and clear TPM ownership
122 | 						}
123 | 					}
124 | 
125 | 					if ($Invocation.ReturnValue -eq 0) {
126 | 						Write-CMLogEntry -Value "Successfully cleared TPM ownership, restart required" -Severity 1
127 | 						$TSEnvironment.Value("IsTPMRestartRequired") = "TRUE"
128 | 					}
129 | 					else {
130 | 						Write-CMLogEntry -Value "Unhandled exception occurred, bailing out with exit code 1" -Severity 3; exit 1
131 | 					}
132 | 				}
133 | 			}
134 | 			"DetectState" {
135 | 				# Check if TPM is enabled
136 | 				if (-not($TPMModule.IsEnabled())) {
137 | 					Write-CMLogEntry -Value "TPM module is not enabled, bailing out" -Severity 3; break
138 | 				}
139 | 
140 | 				# Set task sequence variable for TPM ownership state
141 | 				if ($TPMModule.IsOwned()) {
142 | 					$TSEnvironment.Value("IsTPMOwned") = "TRUE"
143 | 				}
144 | 				else {
145 | 					$TSEnvironment.Value("IsTPMOwned") = "FALSE"
146 | 				}
147 | 			}
148 | 		}
149 | 	}
150 | 	else {
151 | 		Write-CMLogEntry -Value "TPM module class was not found, empty list of instances was returned" -Severity 2
152 | 	}
153 | }


--------------------------------------------------------------------------------
/Site Administration/Set-CMAdditionalUpdateLanguagesForOffice365.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Set additional update languages for Office 365 updates that are not currently supported by ConfigMgr
  4 | 
  5 | .DESCRIPTION
  6 |     This script will make changes to the site configuration allowing for additional update languages for Office 365 that will
  7 |     be downloaded per update, that are not currently supported by ConfigMgr.
  8 | 
  9 | .PARAMETER SiteServer
 10 |     Site server name with SMS Provider installed.
 11 | 
 12 | .PARAMETER Language
 13 |     Specify the additional languages as a string array. Pass an empty string to clear the existing additional languages.
 14 | 
 15 | .EXAMPLE
 16 |     # Set a couple of languages
 17 |     .\Set-CMAdditionalUpdateLanguagesForOffice365.ps1 -SiteServer CM01 -Language "sv-SE", "da-DK"
 18 | 
 19 |     # Clear the languages set
 20 |     .\Set-CMAdditionalUpdateLanguagesForOffice365.ps1 -SiteServer CM01 -Language ""
 21 | 
 22 | .NOTES
 23 |     FileName:    Set-CMAdditionalUpdateLanguagesForOffice365.ps1
 24 |     Author:      Nickolaj Andersen
 25 |     Contact:     @NickolajA
 26 |     Created:     2017-03-30
 27 |     Updated:     2017-03-30
 28 |     
 29 |     Version history:
 30 |     1.0.0 - (2017-03-30) Script created
 31 | #>
 32 | [CmdletBinding(SupportsShouldProcess=$true)]
 33 | param(
 34 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed.")]
 35 |     [ValidateNotNullOrEmpty()]
 36 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
 37 |     [string]$SiteServer,
 38 | 
 39 |     [parameter(Mandatory=$true, HelpMessage="Specify the additional languages as a string array. Pass an empty string to clear the existing additional languages.")]
 40 |     [ValidateNotNull()]
 41 |     [AllowEmptyString()]
 42 |     [string[]]$Language
 43 | )
 44 | Begin {
 45 |     # Determine SiteCode from WMI
 46 |     try {
 47 |         Write-Verbose -Message "Determining Site Code for Site server: '$($SiteServer)'"
 48 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 49 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 50 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 51 |                 $SiteCode = $SiteCodeObject.SiteCode
 52 |                 Write-Verbose -Message "Site Code: $($SiteCode)"
 53 |             }
 54 |         }
 55 |     }
 56 |     catch [System.UnauthorizedAccessException] {
 57 |         Write-Warning -Message "Access denied" ; break
 58 |     }
 59 |     catch [System.Exception] {
 60 |         Write-Warning -Message "Unable to determine Site Code" ; break
 61 |     }
 62 | 
 63 |     # Determine top level Site Code
 64 |     Write-Verbose -Message "Determine top level Site Code in hierarchy"
 65 |     $SiteDefinitions = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_SCI_SiteDefinition -ComputerName $SiteServer
 66 |     foreach ($SiteDefinition in $SiteDefinitions) {
 67 |         if ($SiteDefinition.ParentSiteCode -like [System.String]::Empty) {
 68 |             $TopLevelSiteCode = $SiteDefinition.SiteCode
 69 |             Write-Verbose -Message "Determined top level Site Code: $($TopLevelSiteCode)"
 70 |         }
 71 |     }
 72 | 
 73 |     # Join language array to string object
 74 |     $Languages = $Language -join ", "
 75 | 
 76 | }
 77 | Process {
 78 |     if ($TopLevelSiteCode -ne $null) {
 79 |         # Detect presence of SMS_WSUS_CONFIGURATION_MANAGER component
 80 |         $WSUSComponent = Get-CimInstance -Namespace "root\SMS\site_$($SiteCode)" -ClassName SMS_SCI_Component -ComputerName $SiteServer -Verbose:$false | Where-Object -FilterScript { ($_.SiteCode -like $TopLevelSiteCode) -and ($_.ComponentName -like "SMS_WSUS_CONFIGURATION_MANAGER") }
 81 | 
 82 |         if ($WSUSComponent -ne $null) {
 83 |             # Get embedded property list for SMS_WSUS_CONFIGURATION_MANAGER
 84 |             $WSUSAdditionalUpdateLanguageProperty = $WSUSComponent.Props | Where-Object -FilterScript { $_.PropertyName -like "AdditionalUpdateLanguagesForO365" }
 85 | 
 86 |             if ($WSUSAdditionalUpdateLanguageProperty -ne $null) {
 87 |                 # Construct array index for Props property
 88 |                 $PropsIndex = 0
 89 |             
 90 |                 # Amend AdditionalUpdateLanguagesForO365 embedded property instance
 91 |                 foreach ($EmbeddedProperty in $WSUSComponent.Props) {
 92 |                     if ($EmbeddedProperty.PropertyName -like "AdditionalUpdateLanguagesForO365") {
 93 |                         Write-Verbose -Message "Amending AdditionalUpdateLanguagesForO365 embedded property with additional languages: $($Languages)"
 94 |                         $EmbeddedProperty.Value2 = $Languages
 95 |                         $WSUSComponent.Props[$PropsIndex] = $EmbeddedProperty
 96 |                     }
 97 | 
 98 |                     # Increase Props index
 99 |                     $PropsIndex++
100 |                 }
101 | 
102 |                 # Construct property table
103 |                 $PropsTable = @{
104 |                     Props = $WSUSComponent.Props
105 |                 }
106 | 
107 |                 # Save changes made to existing AdditionalUpdateLanguagesForO365 embedded property instance
108 |                 try {
109 |                     Get-CimInstance -InputObject $WSUSComponent -Verbose:$false | Set-CimInstance -Property $PropsTable -Verbose:$false -ErrorAction Stop
110 |                     Write-Verbose -Message "Successfully amended AdditionalUpdateLanguagesForO365 embedded property"
111 |                 }
112 |                 catch [System.Exception] {
113 |                     Write-Warning -Message $_.Exception.Message ; break
114 |                 }
115 | 
116 |                 # Get WSUS component again and pass embedded property to pipeline for output
117 |                 $WSUSComponent = Get-CimInstance -Namespace "root\SMS\site_$($SiteCode)" -ClassName SMS_SCI_Component -ComputerName $SiteServer -Verbose:$false | Where-Object -FilterScript { ($_.SiteCode -like $TopLevelSiteCode) -and ($_.ComponentName -like "SMS_WSUS_CONFIGURATION_MANAGER") }
118 |                 $WSUSAdditionalUpdateLanguageProperty = $WSUSComponent.Props | Where-Object -FilterScript { $_.PropertyName -like "AdditionalUpdateLanguagesForO365" }
119 |                 Write-Output -InputObject $WSUSAdditionalUpdateLanguageProperty
120 |             }
121 |         }
122 |     }
123 |     else {
124 |         Write-Warning -Message "Unable to determine top level Site Code, bailing out"
125 |     }
126 | }


--------------------------------------------------------------------------------
/Application/Set-CMApplicationPostInstallBehavior.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Use this script to set the PostInstall behavior for Applications in ConfigMgr 2012
  4 | .DESCRIPTION
  5 |     Use this script to set the PostInstall behavior for Applications in ConfigMgr 2012
  6 | .PARAMETER SiteServer
  7 |     (DefaultParameterSet)
  8 |     Primary Site server name
  9 | .PARAMETER ApplicationName
 10 |     (SingleApp)
 11 |     Specify a name of an application
 12 | .PARAMETER PostInstallBehavior
 13 |     (SingleApp, MultipleApps)
 14 |     Specify a Post Install Behavior, valid options are:
 15 | 
 16 |     BasedOnExitCode
 17 |     NoAction
 18 |     ForceLogOff
 19 |     ForceReboot
 20 |     ProgramReboot
 21 | .PARAMETER Recurse
 22 |     (MultipleApps)
 23 |     When specified, the PostInstallBehavior setting will be set on all applications with a DeploymentType of MSI or Script
 24 | .EXAMPLE
 25 |     Set PostInstallBehavior setting 'NoAction' on an application called 'TestApp1' on a Primary Site server called 'CM01':
 26 | 
 27 |     .\Set-CMApplicationPostInstallBehavior.ps1 -SiteServer CM01 -ApplicationName "TestApp1" -PostInstallBehavior NoAction
 28 | .EXAMPLE 
 29 |     Set PostInstallBehavior setting 'BasedOnExitCode' for all applicable applications on a Primary Site server called 'CM01' and show verbose output:
 30 | 
 31 |     .\Set-CMApplicationPostInstallBehavior.ps1 -SiteServer CM01 -PostInstallBehavior NoAction -Recurse -Verbose
 32 | .NOTES
 33 |     Script name: Set-CMApplicationPostInstallBehavior.ps1
 34 |     Author:      Nickolaj Andersen
 35 |     Contact:     @NickolajA
 36 |     DateCreated: 2014-09-30
 37 | #>
 38 | [CmdletBinding(SupportsShouldProcess=$true)]
 39 | param(
 40 |     [parameter(Position=0, Mandatory=$true, HelpMessage="Specify Primary Site server")]
 41 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 2})]
 42 |     [string]$SiteServer = "$($env:COMPUTERNAME)",
 43 |     [parameter(Position=1, HelpMessage="Specify a specific application name")]
 44 |     [parameter(ParameterSetName="SingleApp")]
 45 |     [string]$ApplicationName,
 46 |     [parameter(Position=2,Mandatory=$true, HelpMessage="Specify the Post Install Behavior setting")]
 47 |     [parameter(ParameterSetName="SingleApp")]
 48 |     [parameter(ParameterSetName="MultipleApps")]
 49 |     [ValidateSet(
 50 |     "BasedOnExitCode",
 51 |     "NoAction",
 52 |     "ForceLogOff",
 53 |     "ForceReboot",
 54 |     "ProgramReboot"
 55 |     )]
 56 |     [string]$PostInstallBehavior,
 57 |     [parameter(Position=2, HelpMessage="Make changes to all applications")]
 58 |     [parameter(ParameterSetName="MultipleApps")]
 59 |     [switch]$Recurse
 60 | )
 61 | Begin {
 62 |     # Determine SiteCode from WMI
 63 |     try {
 64 |         Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
 65 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer
 66 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 67 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 68 |                 $SiteCode = $SiteCodeObject.SiteCode
 69 |                 Write-Debug "SiteCode: $($SiteCode)"
 70 |             }
 71 |         }
 72 |     }
 73 |     catch [Exception] {
 74 |         Throw "Unable to determine SiteCode"
 75 |     }
 76 |     # Load assemblies
 77 |     try {
 78 |         [System.Reflection.Assembly]::LoadFrom((Join-Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName "Microsoft.ConfigurationManagement.ApplicationManagement.dll")) | Out-Null
 79 |         [System.Reflection.Assembly]::LoadFrom((Join-Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName "Microsoft.ConfigurationManagement.ApplicationManagement.Extender.dll")) | Out-Null
 80 |         [System.Reflection.Assembly]::LoadFrom((Join-Path (Get-Item $env:SMS_ADMIN_UI_PATH).Parent.FullName "Microsoft.ConfigurationManagement.ApplicationManagement.MsiInstaller.dll")) | Out-Null
 81 |     }
 82 |     catch [Exception] {
 83 |         Throw "Unable to load assemblies"
 84 |     }
 85 |     # Get Application(s)
 86 |     try {
 87 |         if ($PSBoundParameters["Recurse"].IsPresent) {
 88 |             Write-Verbose "Recurse mode selected, retrieving all application objects from WMI"
 89 |             $Applications = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_ApplicationLatest -ComputerName $SiteServer
 90 |         }
 91 |         else {
 92 |             Write-Verbose "Specific application specified, retrieving object from WMI"
 93 |             $Applications = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_ApplicationLatest -ComputerName $SiteServer -Filter "LocalizedDisplayName like '$($ApplicationName)'"
 94 |         }
 95 |     }
 96 |     catch [Exception] {
 97 |         Throw "Unable to get applications"
 98 |     }
 99 | }
100 | Process {
101 |     # Set PostInstallBehavior on selected applications
102 |     try {
103 |         $Applications | ForEach-Object {
104 |             $Application = [wmi]$_.__PATH
105 |             Write-Verbose "Deserializing SDMPackageXML property for application: '$($Application.LocalizedDisplayName)'"
106 |             $ApplicationXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($Application.SDMPackageXML,$True)
107 |             foreach ($DeploymentType in $ApplicationXML.DeploymentTypes) {
108 |                 if (($DeploymentType.Installer.Technology -like "MSI") -or ($DeploymentType.Installer.Technology -like "Script")) {
109 |                     if (-not($DeploymentType.Installer.PostInstallBehavior -like "$($PostInstallBehavior)")) {
110 |                         Write-Verbose "Set PostInstallBehavior setting to: '$($PostInstallBehavior)'"
111 |                         if ($PSCmdlet.ShouldProcess("Application: $($Application.LocalizedDisplayName)", "PostInstallBehavior: $($PostInstallBehavior)")) {
112 |                             $DeploymentType.Installer.PostInstallBehavior = "$($PostInstallBehavior)"
113 |                                 Write-Verbose "Serializing XML back to String"
114 |                                 $UpdatedXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::SerializeToString($ApplicationXML, $True)
115 |                                 $Application.SDMPackageXML = $UpdatedXML
116 |                                 Write-Verbose "Saving changes to WMI object"
117 |                                 $Application.Put() | Out-Null
118 |                         }
119 |                     }
120 |                     else {
121 |                         Write-Verbose "PostInstallBehavior is already set to '$($PostInstallBehavior)'"
122 |                     }
123 |                 }
124 |                 else {
125 |                     Write-Verbose "Unsupported DeploymentType technology detected: '$($DeploymentType.Installer.Technology)'"
126 |                 }
127 |             }
128 |         }
129 |     }
130 |     catch [Exception] {
131 |         Throw "Unable to set PostInstallBehavior"
132 |     }
133 | }


--------------------------------------------------------------------------------
/Operating System Deployment/Build and Capture/Set-CMWindowsStoreUpdates.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Disable or Enable Windows Store updates during reference image creation using Configuration Manager.
  4 | 
  5 | .DESCRIPTION
  6 |     This script disables or enables Windows Store updates to occur during a reference image creation operation with Configuration Manager.
  7 |     Put this script right after the Apply Operating System step and run the script with the parameter State set with a value of Disable. At the end of
  8 |     the task sequence before the Prepare Configuration Manager Client step, run the script with the parameter State set with a value of Enable.
  9 | 
 10 | .PARAMETER State
 11 |     Enable or disable Windows Store updates state.
 12 | 
 13 | .EXAMPLE
 14 |     # Disable Windows Store updates:
 15 |     .\Set-CMWindowsStoreUpdates.ps1 -State Disable
 16 | 
 17 |     # Enable Windows Store updates:
 18 |     .\Set-CMWindowsStoreUpdates.ps1 -State Enable
 19 | 
 20 | .NOTES
 21 |     FileName:    Set-CMWindowsStoreUpdates.ps1
 22 |     Author:      Nickolaj Andersen
 23 |     Contact:     @NickolajA
 24 |     Created:     2017-04-16
 25 |     Updated:     2017-04-16
 26 |     
 27 |     Version history:
 28 |     1.0.0 - (2017-04-16) Script created
 29 | #>
 30 | [CmdletBinding(SupportsShouldProcess=$true)]
 31 | param(
 32 |     [parameter(Mandatory=$true, HelpMessage="Enable or disable Windows Store updates state.")]
 33 |     [ValidateNotNullOrEmpty()]
 34 |     [ValidateSet("Enable", "Disable")]
 35 |     [string]$State
 36 | )
 37 | Begin {
 38 |     # Load Microsoft.SMS.TSEnvironment COM object
 39 |     try {
 40 |         $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 41 |     }
 42 |     catch [System.Exception] {
 43 |         Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 44 |     }
 45 | }
 46 | Process {
 47 |     # Functions
 48 |     function Write-MDTLogEntry {
 49 | 	    param(
 50 | 		    [parameter(Mandatory=$true, HelpMessage="Value added to the log file.")]
 51 | 		    [ValidateNotNullOrEmpty()]
 52 | 		    [string]$Value,
 53 | 
 54 | 		    [parameter(Mandatory=$true, HelpMessage="Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
 55 | 		    [ValidateNotNullOrEmpty()]
 56 |             [ValidateSet("1", "2", "3")]
 57 | 		    [string]$Severity,
 58 | 
 59 | 		    [parameter(Mandatory=$false, HelpMessage="Name of the log file that the entry will written to.")]
 60 | 		    [ValidateNotNullOrEmpty()]
 61 | 		    [string]$FileName = "WindowsStoreUpdates.log"
 62 | 	    )
 63 | 	    # Determine log file location
 64 |         $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value("_SMSTSLogPath") -ChildPath $FileName
 65 | 
 66 |         # Construct time stamp for log entry
 67 |         $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
 68 | 
 69 |         # Construct date for log entry
 70 |         $Date = (Get-Date -Format "MM-dd-yyyy")
 71 | 
 72 |         # Construct context for log entry
 73 |         $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
 74 | 
 75 |         # Construct final log entry
 76 |         $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""WindowsStoreUpdates"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
 77 | 	
 78 | 	    # Add value to log file
 79 |         try {
 80 | 	        Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
 81 |         }
 82 |         catch [System.Exception] {
 83 |             Write-Warning -Message "Unable to append log entry to WindowsStoreUpdates.log file. Error message: $($_.Exception.Message)"
 84 |         }
 85 |     }
 86 | 
 87 |     # Enable or disable depending on parameter input
 88 |     switch ($State) {
 89 |         "Enable" {
 90 |             try {
 91 |                 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Name "AutoDownload" -Force -ErrorAction Stop
 92 |                 Write-MDTLogEntry -Value "Successfully removed AutoDownload value, enabling Windows Store updates" -Severity 1
 93 |             }
 94 |             catch [System.Exception] {
 95 |                 Write-MDTLogEntry -Value "Unable to remove AutoDownload value. Error message: $($_.Exception.Message)" -Severity 3
 96 |             }
 97 |         }
 98 |         "Disable" {
 99 |             # Load system registry hive
100 |             try {
101 |                 $OSDrive = $TSEnvironment.Value("OSDisk")
102 |                 $LoadArguments = "load HKLM\Temp $($OSDrive)\Windows\system32\config\SOFTWARE"
103 |                 Write-MDTLogEntry -Value "Attempting to load SOFTWARE registry hive from: $($OSDrive)\Windows\system32\config\SOFTWARE" -Severity 1
104 |                 Start-Process -FilePath "reg.exe" -ArgumentList $LoadArguments -ErrorAction Stop
105 |                 Write-MDTLogEntry -Value "Successfully loaded default software registry hive to HKLM:\Temp" -Severity 1
106 |             }
107 |             catch [System.Exception] {
108 |                 Write-MDTLogEntry -Value "Unable to load default software registry hive. Error message: $($_.Exception.Message)" -Severity 3 ; break
109 |             }
110 | 
111 |             # Wait for registry load
112 |             Write-MDTLogEntry -Value "Waiting for registry hive to be accessible" -Severity 1
113 |             do {
114 |                 Start-Sleep -Seconds 1
115 |             }
116 |             until (Test-Path -Path "HKLM:\Temp")
117 | 
118 |             # Create AutoDownload value
119 |             try {
120 |                 New-Item -Path "HKLM:\Temp\Policies\Microsoft\WindowsStore" -ItemType Directory -Force -ErrorAction Stop
121 |                 New-ItemProperty -Path "HKLM:\Temp\Policies\Microsoft\WindowsStore" -Name "AutoDownload" -Value 2 -PropertyType "Dword" -Force -ErrorAction Stop
122 |                 Write-MDTLogEntry -Value "Successfully changed AutoDownload value to 2 (always off)" -Severity 1
123 |             }
124 |             catch [System.Exception] {
125 |                 Write-MDTLogEntry -Value "Unable to create AutoDownload value. Error message: $($_.Exception.Message)" -Severity 3
126 |             }
127 |         }
128 |     }
129 | }
130 | End {
131 |     do {
132 |         try {
133 |             # Clean inactive handles
134 |             [gc]::Collect()
135 | 
136 |             # Unload system registry hive
137 |             $UnloadArguments = "unload HKLM\Temp"
138 |             Start-Process -FilePath "reg.exe" -ArgumentList $UnloadArguments -Wait -ErrorAction Stop
139 |         }
140 |         catch [System.Exception] {
141 |             Write-MDTLogEntry -Value "Unable to unload default software registry hive. Error message: $($_.Exception.Message)" -Severity 3
142 |         }
143 |     }
144 |     until ((Test-Path -Path HKLM:\Temp) -eq $false)
145 |     Write-MDTLogEntry -Value "Successfully unloaded default software registry hive" -Severity 1
146 | }


--------------------------------------------------------------------------------
/Reporting/Export-CMReports.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Export all reports in a specific folder on Reporting Service point
  4 | .DESCRIPTION
  5 |     Use this script to export all the reports available in the specified folder on a Reporting Service point in ConfigMgr 2012
  6 |     Method to download the reports are borrow from this blog post:
  7 |     http://www.sqlmusings.com/2011/03/28/how-to-download-all-your-ssrs-report-definitions-rdl-files-using-powershell/
  8 | .PARAMETER ReportServer
  9 |     Site Server where SQL Server Reporting Services are installed
 10 | .PARAMETER SiteCode
 11 |     SiteCode of the Reporting Service point
 12 | .PARAMETER RootFolderName
 13 |     Should only be specified if the default 'ConfigMgr_<sitecode>' folder is not used and a custom folder was created
 14 | .PARAMETER FolderName
 15 |     If specified, search is restricted to within this folder if it exists
 16 | .PARAMETER ExportPath
 17 |     Path to where the reports will be exported
 18 | .PARAMETER Credential
 19 |     PSCredential object created with Get-Credential or specify an username
 20 | .PARAMETER ShowProgress
 21 |     Show a progressbar displaying the current operation
 22 | .EXAMPLE
 23 |     .\Export-CMReports.ps1 -ReportServer CM01 -SiteCode PS1 -FolderName "Custom Reports" -ExportPath "C:\Export"
 24 |     Export all the reports in a folder called 'Custom Reports' to 'C:\Export' on a report server called 'CM01':
 25 | .NOTES
 26 |     Script name: Export-CMReports.ps1
 27 |     Author:      Nickolaj Andersen
 28 |     Contact:     @NickolajA
 29 |     DateCreated: 2014-11-24
 30 | #>
 31 | [CmdletBinding(SupportsShouldProcess=$true)]
 32 | param(
 33 |     [parameter(Mandatory=$true,HelpMessage="Site Server where SQL Server Reporting Services are installed")]
 34 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1})]
 35 |     [string]$ReportServer,
 36 |     [parameter(Mandatory=$true,HelpMessage="SiteCode of the Reporting Service point")]
 37 |     [string]$SiteCode,
 38 |     [parameter(Mandatory=$false,HelpMessage="Should only be specified if the default 'ConfigMgr_<sitecode>' folder is not used and a custom folder was created")]
 39 |     [string]$RootFolderName = "ConfigMgr",
 40 |     [parameter(Mandatory=$false,HelpMessage="If specified, search is restricted to within this folder if it exists")]
 41 |     [string]$FolderName,
 42 |     [parameter(Mandatory=$true,HelpMessage="Path to where the reports will be exported")]
 43 |     [string]$ExportPath,
 44 |     [Parameter(Mandatory=$false,HelpMessage="PSCredential object created with Get-Credential or specify an username")]
 45 |     [ValidateNotNull()]
 46 |     [System.Management.Automation.PSCredential]
 47 |     [System.Management.Automation.Credential()]
 48 |     $Credential = [System.Management.Automation.PSCredential]::Empty,
 49 |     [parameter(Mandatory=$false,HelpMessage="Show a progressbar displaying the current operation")]
 50 |     [switch]$ShowProgress
 51 | )
 52 | Begin {
 53 |     # Build the Uri
 54 |     $SSRSUri = "http://$($ReportServer)/ReportServer/ReportService2010.asmx"
 55 |     # Build the default or custom ConfigMgr path for a Reporting Service point
 56 |     if ($RootFolderName -like "ConfigMgr") {
 57 |         $SSRSRootFolderName = -join ("/","$($RootFolderName)","_",$($SiteCode))
 58 |     }
 59 |     else {
 60 |         $SSRSRootFolderName = -join ("/","$($RootFolderName)")
 61 |     }
 62 |     # Configure arguments being passed to the New-WebServiceProxy cmdlet by splatting
 63 |     $ProxyArgs = [ordered]@{
 64 |         "Uri" = $SSRSUri
 65 |         "Namespace" = "SSRS.ReportingServices2010"
 66 |         "UseDefaultCredential" = $true
 67 |     }
 68 |     if ($Credential -ne [System.Management.Automation.PSCredential]::Empty) {
 69 |         $ProxyArgs.Remove("UseDefaultCredential")
 70 |         $ProxyArgs.Add("Credential", $Credential)
 71 |     }
 72 |     else {
 73 |         Write-Verbose -Message "Credentials was not provided, using default"
 74 |     }
 75 |     # Trim ExportPath
 76 |     if ($ExportPath.EndsWith("\")) {
 77 |         Write-Verbose -Message "Trimmed export path"
 78 |         $ExportPath = $ExportPath.TrimEnd("\")
 79 |     }
 80 |     # Determine ShowProgress count
 81 |     if ($PSBoundParameters["ShowProgress"]) {
 82 |         $ProgressCount = 0
 83 |     }
 84 | }
 85 | Process {
 86 |     try {
 87 |         # Set up a WebServiceProxy
 88 |         $WebServiceProxy = New-WebServiceProxy @ProxyArgs -ErrorAction Stop
 89 |         if ($PSBoundParameters["FolderName"]) {
 90 |             Write-Verbose -Message "FolderName parameter was specified, matching results"
 91 |             $WebItems = $WebServiceProxy.ListChildren($SSRSRootFolderName, $true) | Select-Object ID, Name, Path, TypeName | Where-Object { $_.Path -match "$($FolderName)" } | Where-Object { $_.TypeName -eq "Report" }
 92 |         }
 93 |         else {
 94 |             Write-Verbose -Message "Gathering objects from Report Server"
 95 |             $WebItems = $WebServiceProxy.ListChildren($SSRSRootFolderName, $true) | Select-Object ID, Name, Path, TypeName | Where-Object { $_.TypeName -eq "Report" }
 96 |         }
 97 |         $WebItemsCount = ($WebItems | Measure-Object).Count
 98 |         # For each report
 99 |         foreach ($Item in $WebItems) {
100 |             # Get Report name
101 |             $SubPath = (Split-Path -Path $Item.Path).TrimStart("\")
102 |             $ReportName = Split-Path -Path $Item.Path -Leaf
103 |             $File = New-Object -TypeName System.Xml.XmlDocument
104 |             # Show progress
105 |             if ($PSBoundParameters["ShowProgress"]) {
106 |                 $ProgressCount++
107 |                 Write-Progress -Activity "Exporting Reports" -Id 1 -Status "$($ProgressCount) / $($WebItemsCount)" -CurrentOperation "$($ReportName)" -PercentComplete (($ProgressCount / $WebItemsCount) * 100)
108 |             }
109 |             # Create an empty byte array
110 |             [byte[]]$ReportDefinition = $null
111 |             # Get the definition and store it as a byte array
112 |             $ReportDefinition = $WebServiceProxy.GetItemDefinition($Item.Path)
113 |             [System.IO.MemoryStream]$MemoryStream = New-Object -TypeName System.IO.MemoryStream(@(,$ReportDefinition))
114 |             $File.Load($MemoryStream)
115 |             # Build the report file name and path
116 |             $ReportFileName = -join ($ExportPath,"\",$SubPath,"\",$ReportName,".rdl")
117 |             # Create additional directories under the export path
118 |             if (-not(Test-Path -Path (-join ($ExportPath,"\",$SubPath)))) {
119 |                 New-Item -Path (-join ($ExportPath,"\",$SubPath)) -ItemType Directory -Force -Verbose:$false | Out-Null
120 |             }
121 |             # Save the report
122 |             if ($PSCmdlet.ShouldProcess("Report: $($ReportName)","Save")) {
123 |                 if (-not(Test-Path -Path $ReportFileName -PathType Leaf)) {
124 |                     $File.Save($ReportFileName)
125 |                 }
126 |                 else {
127 |                     Write-Warning -Message "Existing file found with name '$($ReportName).rdl', skipping download"
128 |                 }
129 |             }
130 |         }
131 |     }
132 |     catch [Exception] {
133 |         Throw $_.Exception.Message
134 |     }
135 | }
136 | End {
137 |     if ($PSBoundParameters["ShowProgress"]) {
138 |         Write-Progress -Activity "Exporting Reports" -Completed -ErrorAction SilentlyContinue
139 |     }
140 | }


--------------------------------------------------------------------------------
/Site Administration/Set-CMCloudManagementGatewayState.ps1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     Set service state for a specific or multiple Cloud Management Gateway resources in Configuration Manager.
  4 | 
  5 | .DESCRIPTION
  6 |     This script can either start or stop a single or multiple Cloud Management Gateway resources in Configuration Manager.
  7 | 
  8 | .PARAMETER SiteServer
  9 |     Site server name with SMS Provider installed.
 10 | 
 11 | .PARAMETER CloudServiceName
 12 |     Specify the a single or multiple Cloud Management Gateway service names, e,g, contosocmg.cloudapp.net.
 13 | 
 14 | .PARAMETER ServiceState
 15 |     Specify the desired Cloud Management Gateway service state.
 16 | 
 17 | .EXAMPLE
 18 |     # Start the Cloud Management Gateway with a cloud service name of 'ContosoCMG.cloudapp.net':
 19 |     .\Set-CMCloudMAnagementGatewayState.ps1 -CloudServiceName 'ContosoCMG.cloudapp.net' -ServiceState Start -Verbose
 20 | 
 21 |     # Stop the Cloud Management Gateway with a cloud service name of 'ContosoCMG.cloudapp.net':
 22 |     .\Set-CMCloudMAnagementGatewayState.ps1 -CloudServiceName 'ContosoCMG.cloudapp.net' -ServiceState Stop -Verbose
 23 | 
 24 | .NOTES
 25 |     FileName:    Set-CMCloudManagementGatewayState.ps1
 26 |     Author:      Nickolaj Andersen
 27 |     Contact:     @NickolajA
 28 |     Created:     2017-09-24
 29 |     Updated:     2017-09-24
 30 |     
 31 |     Version history:
 32 |     1.0.0 - (2017-09-24) Script created
 33 | #>
 34 | [CmdletBinding(SupportsShouldProcess=$true)]
 35 | param(
 36 |     [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed.")]
 37 |     [ValidateNotNullOrEmpty()]
 38 |     [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
 39 |     [string]$SiteServer,
 40 | 
 41 |     [parameter(Mandatory=$true, HelpMessage="Specify the a single or multiple Cloud Management Gateway service names, e,g, contosocmg.cloudapp.net.")]
 42 |     [ValidateNotNullOrEmpty()]
 43 |     [string[]]$CloudServiceName,
 44 | 
 45 |     [parameter(Mandatory=$true, HelpMessage="Specify the desired Cloud Management Gateway service state.")]
 46 |     [ValidateNotNullOrEmpty()]
 47 |     [ValidateSet("Start", "Stop")]
 48 |     [string]$ServiceState
 49 | )
 50 | Begin {
 51 |     # Determine SiteCode from WMI
 52 |     try {
 53 |         Write-Verbose -Message "Determining Site Code for Site server: '$($SiteServer)'"
 54 |         $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
 55 |         foreach ($SiteCodeObject in $SiteCodeObjects) {
 56 |             if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
 57 |                 $SiteCode = $SiteCodeObject.SiteCode
 58 |                 Write-Verbose -Message "Site Code: $($SiteCode)"
 59 |             }
 60 |         }
 61 |     }
 62 |     catch [System.UnauthorizedAccessException] {
 63 |         Write-Warning -Message "Access denied" ; break
 64 |     }
 65 |     catch {
 66 |         Write-Warning -Message "Unable to determine Site Code" ; break
 67 |     }
 68 | 
 69 |     # Load ConfigMgr module
 70 |     try {
 71 |         $SiteDrive = $SiteCode + ":"
 72 |         Import-Module -Name ConfigurationManager -ErrorAction Stop -Verbose:$false
 73 |     }
 74 |     catch [System.UnauthorizedAccessException] {
 75 |         Write-Warning -Message "Access denied" ; break
 76 |     }
 77 |     catch {
 78 |         try {
 79 |             Import-Module -Name (Join-Path -Path (($env:SMS_ADMIN_UI_PATH).Substring(0,$env:SMS_ADMIN_UI_PATH.Length-5)) -ChildPath "\ConfigurationManager.psd1") -Force -ErrorAction Stop -Verbose:$false
 80 |             if ((Get-PSDrive -Name $SiteCode -ErrorAction SilentlyContinue | Measure-Object).Count -ne 1) {
 81 |                 New-PSDrive -Name $SiteCode -PSProvider "AdminUI.PS.Provider\CMSite" -Root $SiteServer -ErrorAction Stop -Verbose:$false | Out-Null
 82 |             }
 83 |         }
 84 |         catch [System.UnauthorizedAccessException] {
 85 |             Write-Warning -Message "Access denied" ; break
 86 |         }
 87 |         catch {
 88 |             Write-Warning -Message "$($_.Exception.Message). Line: $($_.InvocationInfo.ScriptLineNumber)" ; break
 89 |         }
 90 |     }
 91 | 
 92 |     # Determine and set location to the CMSite drive
 93 |     $CurrentLocation = $PSScriptRoot
 94 |     Set-Location -Path $SiteDrive -ErrorAction Stop -Verbose:$false
 95 | 
 96 |     # Disable Fast parameter usage check for Lazy properties
 97 |     $CMPSSuppressFastNotUsedCheck = $true
 98 | 
 99 |     # Construct table of Cloud Management Gateway states
100 |     $StateTable = @{
101 |         99 = "Deleting"
102 |         6 = "Stopped"
103 |         5 = "Stopping"
104 |         4 = "Deployment starting"
105 |         1 = "Provisioning"
106 |         0 = "Running"
107 |     }
108 | }
109 | Process {
110 |     foreach ($CloudServiceResource in $CloudServiceName) {
111 |         # Get Cloud Management Gateway resource object
112 |         try {
113 |             Write-Verbose -Message "Attempting to retrieve Cloud Management Gateway resource with service name '$($CloudServiceResource)'"
114 |             $CloudManagementGateway = Get-CMCloudManagementGateway -Name $CloudServiceResource -ErrorAction Stop -Verbose:$false
115 |             Write-Verbose -Message "Successfully located the targeted Cloud Management Gateway resource"
116 |         }
117 |         catch [System.Exception] {
118 |             Write-Warning -Message "Unable to retrieve the targeted Cloud Management Gateway resource. Error message: $($_.Exception.Message)"
119 |         }
120 | 
121 |         if ($CloudManagementGateway -ne $null) {
122 |             try {
123 |                 switch ($ServiceState) {
124 |                     "Start" {
125 |                         if ($CloudManagementGateway.State -eq 6) {
126 |                             Write-Verbose -Message "Attempting to start Cloud Management Gateway resource '$($CloudManagementGateway.Name)'"
127 |                             $Invocation = Start-CMCloudManagementGateway -InputObject $CloudManagementGateway -ErrorAction Stop -Verbose:$false
128 |                             Write-Verbose -Message "Cloud Management Gateway is now starting, allow some time for this operation to complete"
129 |                         }
130 |                         else {
131 |                             Write-Verbose -Message "Cloud Management Gateway is currently in the '$($StateTable[[int]$CloudManagementGateway.State])', will not attempt to start resource"
132 |                         }
133 |                     }
134 |                     "Stop" {
135 |                         if ($CloudManagementGateway.State -eq 0) {
136 |                             Write-Verbose -Message "Attempting to stop Cloud Management Gateway resource '$($CloudManagementGateway.Name)'"
137 |                             $Invocation = Stop-CMCloudManagementGateway -InputObject $CloudManagementGateway -ErrorAction Stop -Verbose:$false
138 |                             Write-Verbose -Message "Cloud Management Gateway is now shutting down, allow some time for this operation to complete"
139 |                         }
140 |                         else {
141 |                             Write-Verbose -Message "Cloud Management Gateway is currently in the '$($StateTable[[int]$CloudManagementGateway.State])', will not attempt to start resource"
142 |                         }
143 |                     }
144 |                 }
145 |             }
146 |             catch [System.Exception] {
147 |                 Write-Warning -Message "Unable to retrieve Cloud Management Gateway resource. Error message: $($_.Exception.Message)" ; break
148 |             }
149 |         }
150 |         else {
151 |             Write-Warning -Message "Unable to retrieve Cloud Management Gateway resource, please enter a valid Cloud Service Name"
152 |         }
153 |     }
154 | }
155 | End {
156 |     Set-Location -Path $CurrentLocation
157 | }


--------------------------------------------------------------------------------
/Modules/Scripts/Modify-BootStrapInfo.PS1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     This script is for finding a specific piece of information in an INI file that is used for MDT and replacing it. An example of this would be if you need to update 
  4 |     the domain join account in all boot files in all deployment shares or update the password in all of the boot files in all deployment shares.
  5 | 
  6 | .DESCRIPTION
  7 |     This script is intended to be used specifically for finding any uses of a specific term in an INI file for the MDT Bootstrap and to modify it. This script is used at
  8 |     your own risk.
  9 | 
 10 | .EXAMPLE
 11 |     Only Gets info using search base C:\DeploymentShare 
 12 | 
 13 |     .\Modify-BootStrapInfo.ps1 -SearchBase C:\DeploymentShare -SearchTerm UserID=Administrator -GetInfo:$true -UpdateInfo:$false
 14 | 
 15 | .PARAMETER GetInfo
 16 |     This is a required switch true false switch
 17 |         $TRUE - Runs the GET-BOOTSTRAPCONTENT function to retreive information based on search criteria and find all INI's meeting the specified criteria.
 18 |         $FALSE - Prevents the 'Get-BootstrapContent function from running to retrevie the location of all INI's meeting the specified criteria
 19 | .PARAMETER UpdateInfo
 20 |     This is a required true false switch
 21 |         $TRUE - runs the set-bootstrapcontent function to exchange/update information based on meeting the specified INI criteria
 22 |         $FALSE - Prevents the Set-bootstrapcontent function from running to exchange/update information based on meeting the specified INI criteria
 23 | 
 24 | .PARAMETER SearchBase
 25 |     This is a non-required string. If it is not set it will begin looking from the current running directroy to find all INI files that match the specified criteria
 26 |     if set it will use that path to begin the search. This parameter is recommended to reduce run times. 
 27 | 
 28 | .PARAMETER SearchTerm
 29 |     This is a required string. If it is not set it will be asked for. This is what is used to look to see if the file contains this. This is an EXACT match using the contains
 30 |     method. If there is no exact match it will not return a result.
 31 |     EXAMPLE - "Administrator" =/= "UserID=Administrator"
 32 | 
 33 | .PARAMETER ReplaceTerm
 34 |     This is not required to run the script but will become required if you attempt to run the Set-BootStrapContent function called by making UpdateInfo $true.
 35 | 
 36 | .NOTES
 37 |     FileName:    Modify-BootStrapInfo.ps1
 38 |     Author:      Jordan Benzing
 39 |     Contact:     @JordanTheItGuy
 40 |     Created:     2018-09-06
 41 |     Updated:     2018-09-06
 42 | 
 43 |     Version history:
 44 |     1.0.0 - (2018-09-06) Script created
 45 | #>
 46 | 
 47 | [CmdletBinding()]
 48 | Param(
 49 |     [parameter(Mandatory = $true)]
 50 |     [switch]$GetInfo,
 51 |     [parameter(Mandatory = $true)]
 52 |     [switch]$UpdateInfo,
 53 |     [parameter(Mandatory = $false)]
 54 |     [string]$SearchBase,
 55 |     [Parameter(Mandatory = $true)]
 56 |     [string]$SearchTerm
 57 | )
 58 | 
 59 | #Requires -RunAsAdministrator
 60 | 
 61 | function Get-BootStrapContent {
 62 |     [CmdletBinding()]
 63 |     param(
 64 |         [Parameter(Mandatory = $false)]
 65 |         [string]$SearchBase,
 66 |         [Parameter(Mandatory = $true)]
 67 |         [string]$SearchTerm
 68 |     )
 69 |     Begin {
 70 |         $FileArray = @()
 71 |     }
 72 |     Process {
 73 |         #Begin function to search for INI files that meet the criteria. 
 74 |         Write-Verbose -Message "Now Building file list to search through - ignoring and suppressing any INI with access denied"
 75 |         $Filelist = Get-ChildItem -Path $SearchBase -Filter *.ini -Recurse -ErrorAction SilentlyContinue
 76 | 
 77 |         #Get the list of all files starting from the specified directory with the .INI file extension.
 78 |         foreach ($File in $Filelist) {
 79 |             #For each file in the list of .INI files perform the following action. - If later adding a progress bar breakout here
 80 |             $FileName = $File.Name
 81 |             Write-Verbose -Message "Retreiving content for $Filename"
 82 |             $Content = Get-Content -Path $File.FullName -ErrorAction SilentlyContinue
 83 |             #Get the content of the file currently being evaluated - if you cannot get the content silently continue - this is done due to permission errors may
 84 |             #Add more gracefull error handling later on
 85 |             if ($Content) {
 86 |                 #Checks if there was any content within the INI file - originally found that some INI files retrieved had no content 
 87 |                 #If you remove this check it will error on the contains method because you cannot call contains on a null string.
 88 |                 if ($Content.ToLower().Contains($SearchTerm.ToLower())) {
 89 |                     #Evaluates if the content from the INI file contains the search terms if it does enters the loop.
 90 |                     $item = New-Object -TypeName psobject
 91 |                     $item | Add-Member -Type NoteProperty -Name FileName -Value $FileName
 92 |                     $item | Add-Member -Type NoteProperty -Name FileLocation -Value $File.FullName
 93 |                     $FileArray += $item
 94 |                     #Generates a PSObject with the information to remove the object and then stores it in an array
 95 |                 }
 96 |             }
 97 |         }
 98 |         $FileArray | Format-Table -AutoSize
 99 |     }
100 | }
101 | 
102 | function Set-BootStrapContent {
103 |     [CmdletBinding()]
104 |     param(
105 |         [Parameter(Mandatory = $true)]
106 |         [string]$SearchBase,
107 |         [Parameter(Mandatory = $true)]
108 |         [string]$SearchTerm,
109 |         [Parameter(Mandatory = $true)]
110 |         [string]$ReplaceTerm
111 |     )
112 |     Begin { }
113 |     Process {
114 |         #Begin function to search for INI files that meet the criteria that we will make changes to. 
115 |         $Filelist = Get-ChildItem -Path $SearchBase -Filter *.ini -Recurse -ErrorAction SilentlyContinue
116 | 
117 |         #Get the list of all files starting from the specified directory with the .INI file extension.
118 |         foreach ($File in $Filelist) {
119 |             #For each file in the list of .INI files perform the following action. - If later adding a progress bar breakout here
120 |             $Content = Get-Content -Path $file.FullName -ErrorAction SilentlyContinue
121 |             #Get the content of the file currently being evaluated - if you cannot get the content silently continue - this is done due to permission errors may
122 |             #Add more gracefull error handling later on
123 |             if ($Content) {
124 |                 #Checks if there was any content within the INI file - originally found that some INI files retrieved had no content 
125 |                 #If you remove this check it will error on the contains method because you cannot call contains on a null string.
126 |                 #If the content contains the search term then enter the loop to perform the replacement.
127 |                     if ($Content.ToLower().Contains($SearchTerm.ToLower())) {
128 |                     #Replaces the content in the file and sets it. 
129 |                     $Content -replace $SearchTerm , $ReplaceTerm | Set-Content $File.FullName
130 |                     #Writes to host what it changed. 
131 |                     Write-Host "Replaced $SearchTerm in the file $File.FullName with $ReplaceTerm"
132 |                 }
133 |             }
134 |         }
135 |     }
136 | }
137 | 
138 | if ($GetInfo) {
139 |     #If the GetINfo Flag was set to true - then it will run through this code block
140 |     Get-BootStrapContent -SearchBase $SearchBase -SearchTerm $SearchTerm
141 | }
142 | 
143 | if ($UpdateInfo) {
144 |     #If UpdateInfo was set to true - then run through this code block
145 |     Set-BootStrapContent -SearchBase $SearchBase -SearchTerm $SearchTerm
146 | }
147 | 


--------------------------------------------------------------------------------
/Maintenance Windows/Remove-YearlyMWindow.PS1:
--------------------------------------------------------------------------------
  1 | <#
  2 | .SYNOPSIS
  3 |     This script is part of the package to create standard MW Collections and Windows and remove them
  4 | 
  5 | .DESCRIPTION
  6 |     Use this script to REMOVE Maintenacne windows from the standardized MW collections.
  7 |         
  8 | 
  9 | .EXAMPLE
 10 |     This script uses some parameters here is an example of usage:
 11 |     .\Remove-YearlyMYindow.PS1
 12 | 
 13 | .NOTES
 14 |     FileName:    Remove-YearlyMYindow.PS1
 15 |     Author:      Jordan Benzing
 16 |     Contact:     @JordanTheItGuy
 17 |     Created:     2019-04-09
 18 |     Updated:     2019-04-09
 19 | 
 20 |     Version 1.0.1 - It works and removes maintenance windows.
 21 |     Version 1.0.2 - Added Parameter for Collection Naming Standard so it can be used with OTHER collection structures
 22 |                 - adjusted some of the verbose statements from the hardcoded original version to be more precise
 23 |     Version 1.0.3 (2019-04-09) - Adjusted verbose statement to be more accurate
 24 | 
 25 | #>
 26 | 
 27 | param(
 28 |     [Parameter(Mandatory=$true)]
 29 |     [string]$CollectionNamingStandard
 30 | )
 31 | #region HelperFunctions
 32 | function Get-CMModule
 33 | #This application gets the configMgr module
 34 | {
 35 |     [CmdletBinding()]
 36 |     param()
 37 |     Try
 38 |     {
 39 |         Write-Verbose "Attempting to import SCCM Module"
 40 |         #Retrieves the fcnction from ConfigMgr installation path. 
 41 |         Import-Module (Join-Path $(Split-Path $ENV:SMS_ADMIN_UI_PATH) ConfigurationManager.psd1) -Verbose:$false
 42 |         Write-Verbose "Succesfully imported the SCCM Module"
 43 |     }
 44 |     Catch
 45 |     {
 46 |         Throw "Failure to import SCCM Cmdlets."
 47 |     } 
 48 | }
 49 | 
 50 | function Test-ConfigMgrAvailable
 51 | #Tests if ConfigMgr is availble so that the SMSProvider and configmgr cmdlets can help. 
 52 | {
 53 |     [CMdletbinding()]
 54 |     Param
 55 |     (
 56 |         [Parameter(Mandatory = $false)]
 57 |         [bool]$Remediate
 58 |     )
 59 |         try
 60 |         {
 61 |             if((Test-Module -ModuleName ConfigurationManager -Remediate:$true) -eq $false)
 62 |             #Checks to see if the Configuration Manager module is loaded or not and then since the remediate flag is set automatically imports it.
 63 |             { 
 64 |                 throw "You have not loaded the configuration manager module please load the appropriate module and try again."
 65 |                 #Throws this error if even after the remediation or if the remediation fails. 
 66 |             }
 67 |             write-Verbose "ConfigurationManager Module is loaded"
 68 |             Write-Verbose "Checking if current drive is a CMDrive"
 69 |             if((Get-location -Verbose:$false).Path -ne (Get-location -PSProvider 'CmSite' -Verbose:$false).Path)
 70 |             #Checks if the current location is the - PS provider for the CMSite server. 
 71 |             {
 72 |                 Write-Verbose -Message "The location is NOT currently the CMDrive"
 73 |                 if($Remediate)
 74 |                 #If the remediation field is set then it attempts to set the current location of the path to the CMSite server path. 
 75 |                     {
 76 |                         Write-Verbose -Message "Remediation was requested now attempting to set location to the the CM PSDrive"
 77 |                         Set-Location -Path (((Get-PSDrive -PSProvider CMSite -Verbose:$false).Name) + ":") -Verbose:$false
 78 |                         Write-Verbose -Message "Succesfully connected to the CMDrive"
 79 |                         #Sets the location properly to the PSDrive.
 80 |                     }
 81 | 
 82 |                 else
 83 |                 {
 84 |                     throw "You are not currently connected to a CMSite Provider Please Connect and try again"
 85 |                 }
 86 |             }
 87 |             write-Verbose "Succesfully validated connection to a CMProvider"
 88 |             return $true
 89 |         }
 90 |         catch
 91 |         {
 92 |             $errorMessage = $_.Exception.Message
 93 |             write-error -Exception CMPatching -Message $errorMessage
 94 |             return $false
 95 |         }
 96 | }
 97 | 
 98 | function Test-Module
 99 | #Function that is designed to test a module if it is loaded or not. 
100 | {
101 |     [CMdletbinding()]
102 |     Param
103 |     (
104 |         [Parameter(Mandatory = $true)]
105 |         [String]$ModuleName,
106 |         [Parameter(Mandatory = $false)]
107 |         [bool]$Remediate
108 |     )
109 |     If(Get-Module -Name $ModuleName)
110 |     #Checks if the module is currently loaded and if it is then return true.
111 |     {
112 |         Write-Verbose -Message "The module was already loaded return TRUE"
113 |         return $true
114 |     }
115 |     If((Get-Module -Name $ModuleName) -ne $true)
116 |     #Checks if the module is NOT loaded and if it's not loaded then check to see if remediation is requested. 
117 |     {
118 |         Write-Verbose -Message "The Module was not already loaded evaluate if remediation flag was set"
119 |         if($Remediate -eq $true)
120 |         #If the remediation flag is selected then attempt to import the module. 
121 |         {
122 |             try 
123 |             {
124 |                     if($ModuleName -eq "ConfigurationManager")
125 |                     #If the module requested is the Configuration Manager module use the below method to try to import the ConfigMGr Module.
126 |                     {
127 |                         Write-Verbose -Message "Non-Standard module requested run pre-written function"
128 |                         Get-CMModule
129 |                         #Runs the command to get the COnfigMgr module if its needed. 
130 |                         Write-Verbose -Message "Succesfully loaded the module"
131 |                         return $true
132 |                     }
133 |                     else
134 |                     {
135 |                     Write-Verbose -Message "Remediation flag WAS set now attempting to import module $($ModuleName)"
136 |                     Import-Module -Name $ModuleName
137 |                     #Import  the other module as needed - if they have no custom requirements.
138 |                     Write-Verbose -Message "Succesfully improted the module $ModuleName"
139 |                     Return $true
140 |                     }
141 |             }
142 |             catch 
143 |             {
144 |                 Write-Error -Message "Failed to import the module $($ModuleName)"
145 |                 Set-Location $StartingLocation
146 |                 break
147 |             }
148 |         }
149 |         else {
150 |             #Else return the fact that it's not applicable and return false from the execution.
151 |             {
152 |                 Return $false
153 |             }
154 |         }
155 |     }
156 | }
157 | #endregion HelperFunctions
158 | 
159 | $StartingLocation = Get-Location
160 | if(!(Test-ConfigMgrAvailable -Remediate:$true -Verbose)){
161 |     Write-Error -Message "Nope that's horribly broken"
162 |     break  
163 | }
164 | 
165 | Write-Verbose -Message "Now getting Collection list" -Verbose
166 | $Collections = Get-CMCollection -Name $CollectionNamingStandard
167 | Write-Verbose -Message "Succesfully retrieved Collections" -Verbose
168 | Write-Verbose -Message "Now cleaning Maintenance Windows pardon our dust..." -Verbose
169 | foreach($Collection in $Collections)
170 |     {
171 |         Write-Verbose -Message "Retrieving maintenance windows from $($Collection.Name)" -Verbose
172 |         $MaintenanceWindows = Get-CMMaintenanceWindow -CollectionName $Collection.Name
173 |         foreach($MaintenanceWindow in $MaintenanceWindows)
174 |             {
175 |                 Write-Verbose "Removing Maintenance window $($MaintenanceWindow.Name) from collection $($Collection.Name)" -Verbose
176 |                 Remove-CMMaintenanceWindow -CollectionName $Collection.Name -MaintenanceWindowName $MaintenanceWindow.Name -Force
177 |                 Write-Verbose "SUCCESFULLY Removed Maintenance window $($MaintenanceWindow.Name) from collection $($Collection.Name)" -Verbose
178 |             }
179 |     }
180 | Set-Location -Path $StartingLocation.Path


--------------------------------------------------------------------------------
/Operating System Deployment/Invoke-TPMOwnerPassword.ps1:
--------------------------------------------------------------------------------
  1 |  <#
  2 | .SYNOPSIS
  3 |     Control the behavior of TPM Owner Password on Windows 10 version 1607 or later during OSD with ConfigMgr.
  4 | 
  5 | .DESCRIPTION
  6 |     Use this script in order to control how the TPM Owner Password is handled on Windows 10 version 1607 or later during OSD with ConfigMgr.
  7 | 
  8 | .EXAMPLE
  9 |     Save the TPM Owner Password to the registry (required for Windows 10 version 1607 and later):
 10 |     .\Invoke-TPMOwnerPassword.ps1 -Mode Save
 11 | 
 12 |     Revert TPM Owner Password behavior to Windows 10 version 1607:
 13 |     .\Invoke-TPMOwnerPassword.ps1 -Mode Revert
 14 | 
 15 | .NOTES
 16 |     FileName:    Invoke-TPMOwnerPassword.ps1
 17 |     Author:      Nickolaj Andersen
 18 |     Contact:     @NickolajA
 19 |     Created:     2016-11-04
 20 |     Updated:     2016-11-04
 21 |     
 22 |     Version history:
 23 |     1.0.0 - (2016-11-04) Script created
 24 | #>
 25 | [CmdletBinding(SupportsShouldProcess=$true)]
 26 | param(
 27 |     [parameter(Mandatory=$true)]
 28 |     [ValidateNotNullOrEmpty()]
 29 |     [ValidateSet("Save","Revert")]
 30 |     [string]$Mode
 31 | )
 32 | Begin {
 33 |     # Construct TSEnvironment object
 34 |     try {
 35 |         $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
 36 |     }
 37 |     catch [System.Exception] {
 38 |         Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object" ; exit 1
 39 |     }
 40 | }
 41 | Process {
 42 |     # Functions
 43 |     function Write-CMLogEntry {
 44 | 	    param(
 45 | 		    [parameter(Mandatory=$true, HelpMessage="Value added to the SaveTPMOwnerPassword.log file.")]
 46 | 		    [ValidateNotNullOrEmpty()]
 47 | 		    [string]$Value,
 48 | 
 49 | 		    [parameter(Mandatory=$true, HelpMessage="Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
 50 | 		    [ValidateNotNullOrEmpty()]
 51 |             [ValidateSet("1", "2", "3")]
 52 | 		    [string]$Severity,
 53 | 
 54 | 		    [parameter(Mandatory=$false, HelpMessage="Name of the log file that the entry will written to.")]
 55 | 		    [ValidateNotNullOrEmpty()]
 56 | 		    [string]$FileName = "SaveTPMOwnerPassword.log"
 57 | 	    )
 58 | 	    # Determine log file location
 59 |         $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value("_SMSTSLogPath") -ChildPath $FileName
 60 | 
 61 |         # Construct time stamp for log entry
 62 |         $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), "+", (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))
 63 | 
 64 |         # Construct date for log entry
 65 |         $Date = (Get-Date -Format "MM-dd-yyyy")
 66 | 
 67 |         # Construct context for log entry
 68 |         $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
 69 | 
 70 |         # Construct final log entry
 71 |         $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""SaveTPMOwnerPassword"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
 72 | 	
 73 | 	    # Add value to log file
 74 |         try {
 75 | 	        Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
 76 |         }
 77 |         catch [System.Exception] {
 78 |             Write-Warning -Message "Unable to append log entry to SaveTPMOwnerPassword.log file"
 79 |         }
 80 |     }
 81 | 
 82 |     function Test-RegistryValue {
 83 | 	    param(
 84 | 		    [parameter(Mandatory=$true, HelpMessage="Path to key where value to test exists")]
 85 | 		    [ValidateNotNullOrEmpty()]
 86 | 		    [string]$Path,
 87 | 
 88 | 		    [parameter(Mandatory=$true, HelpMessage="Name of the value")]
 89 | 		    [ValidateNotNullOrEmpty()]
 90 | 		    [string]$Name
 91 |         )
 92 |         # If item property value exists return True, else catch the failure and return False
 93 |         try {
 94 |             $Existence = Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Name -ErrorAction Stop
 95 |             if ($Existence -ne $null) {
 96 |                 return $true
 97 |             }
 98 |         }
 99 |         catch [System.Exception] {
100 |             return $false
101 |         }
102 |     }
103 | 
104 |     # Write beginning of log file
105 |     Write-CMLogEntry -Value "Invoking TPM Owner Password control" -Severity 1
106 | 
107 |     # Switch based on selected execution mode from parameter input
108 |     switch ($Mode) {
109 |         "Save" {
110 |             # Attempt to get value from read-only TS environment variable containing TPM Owner Auth password
111 |             $OAFTSVariable = $TSEnvironment.Value("_OSDOAF")
112 |             if ($OAFTSVariable -ne $null) {
113 |                 # Save value from TS Environment variable to registry
114 |                 try {
115 |                     New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Services\TPM\WMI\Admin" -Name OwnerAuthFull -Value "$($OAFTSVariable)" -Force -ErrorAction Stop
116 |                     Write-CMLogEntry -Value "Successfully set OwnerAuthFull value with TPM Owner Password" -Severity 1
117 |                 }
118 |                 catch [System.Exception] {
119 |                     Write-CMLogEntry -Value "An error occured when attempting to create the OwnerAuthFull value in the registry. Error message: $($_.Exception.Message)" -Severity 3
120 |                 }
121 | 
122 |                 # Create TPM key if not exists
123 |                 try {
124 |                     $TPMKeyPath = "HKLM:\Software\Policies\Microsoft\TPM"
125 |                     if (Test-Path -Path $TPMKeyPath) {
126 |                         New-Item -Path $TPMKeyPath -Force -ErrorAction Stop
127 |                     }
128 |                     Write-CMLogEntry -Value "Successfully validated TPM key location" -Severity 1
129 |                 }
130 |                 catch [System.Exception] {
131 |                     Write-CMLogEntry -Value "An error occured when attempting to create the TPM key in the registry. Error message: $($_.Exception.Message)" -Severity 3
132 |                 }
133 |         
134 |                 # Set OSManagedAuthLevel to Windows 10 version 1511 and older behavior
135 |                 try {
136 |                     New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\TPM" -Name OSManagedAuthLevel -Value 4 -Force -ErrorAction Stop
137 |                     Write-CMLogEntry -Value "Successfully set OSManagedAuthLevel value with data value of 4 (old TPM Owner Password behavior)" -Severity 1
138 |                 }
139 |                 catch [System.Exception] {
140 |                     Write-CMLogEntry -Value "An error occured when attempting to create the OSManagedAuthLevel value in the registry. Error message: $($_.Exception.Message)" -Severity 3
141 |                 }
142 |             }
143 |         }
144 |         "Revert" {
145 |             # Set OSManagedAuthLevel to Windows 10 version 1607 and later behavior
146 |             try {
147 |                 New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\TPM" -Name OSManagedAuthLevel -Value 2 -Force -ErrorAction Stop
148 |                 Write-CMLogEntry -Value "Successfully reverted OSManagedAuthLevel value with data value of 2 (new TPM Owner Password behavior)" -Severity 1
149 |             }
150 |             catch [System.Exception] {
151 |                 Write-CMLogEntry -Value "An error occured when attempting to revert the OSManagedAuthLevel value in the registry. Error message: $($_.Exception.Message)" -Severity 3
152 |             }
153 | 
154 |             # Remove OwnerAuthFull value
155 |             try {
156 |                 $TPMOwnerAuthPath = "HKLM:\SYSTEM\ControlSet001\Services\TPM\WMI\Admin"
157 |                 if (Test-RegistryValue -Path $TPMOwnerAuthPath -Name OwnerAuthFull) {
158 |                     Remove-ItemProperty -Path $TPMOwnerAuthPath -Name OwnerAuthFull -Force -ErrorAction Stop
159 |                     Write-CMLogEntry -Value "Successfully removed OwnerAuthFull value from registry" -Severity 1
160 |                 }
161 |             }
162 |             catch [System.Exception] {
163 |                 Write-CMLogEntry -Value "An error occured when attempting to remove the OwnerAuthFull value in the registry. Error message: $($_.Exception.Message)" -Severity 3
164 |             }
165 |         }
166 |     }
167 | }
168 | 


--------------------------------------------------------------------------------