├── .gitattributes ├── .gitignore ├── Active Directory ├── Audit Scripts │ ├── NoPasswordReset.ps1 │ ├── PowerSploit_ADGroupsinGPOs.ps1 │ ├── PowerSploit_DFSShare.ps1 │ ├── PowerSploit_ExploitableSystems.ps1 │ ├── PowerSploit_ForeignGroups.ps1 │ ├── PowerSploit_GPPPasswords.ps1 │ ├── PowerSploit_WritableManagedGroups.ps1 │ ├── Readme.md │ └── SPNAudit.ps1 └── GPO │ ├── Bitlocker │ ├── manifest.xml │ └── {D1205166-978A-43F6-8310-4789918FC168} │ │ ├── Backup.xml │ │ ├── DomainSysvol │ │ └── GPO │ │ │ └── Machine │ │ │ ├── comment.cmtx │ │ │ └── registry.pol │ │ ├── bkupInfo.xml │ │ └── gpreport.xml │ ├── ImportGPOBaselines.ps1 │ ├── Microsoft Security Standards │ ├── Level 4 │ │ ├── manifest.xml │ │ ├── {0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ │ └── GPO │ │ │ │ │ └── Machine │ │ │ │ │ ├── comment.cmtx │ │ │ │ │ ├── microsoft │ │ │ │ │ └── windows nt │ │ │ │ │ │ └── SecEdit │ │ │ │ │ │ └── GptTmpl.inf │ │ │ │ │ └── registry.pol │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ │ ├── {1B7CA888-2108-483E-B166-0ACF97E5DC9B} │ │ │ ├── Backup.xml │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ │ ├── {2AE5457C-4294-4A6D-B874-B9FD2CB660BD} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ │ └── GPO │ │ │ │ │ └── Machine │ │ │ │ │ ├── comment.cmtx │ │ │ │ │ └── registry.pol │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ │ └── {EDFECDE3-711F-43A5-A192-3B3AAD06C5C8} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ └── GPO │ │ │ │ └── Machine │ │ │ │ ├── comment.cmtx │ │ │ │ └── registry.pol │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ └── README.md │ └── README.md ├── Applications ├── Detection Methods │ └── BIOS.ps1 ├── GlobalConditions.ps1 └── Scripts │ ├── PackagingHostConfig.ps1 │ └── VHD_Application_Install │ ├── PS_VHD_Install.ps1 │ └── readme.md ├── Collections ├── AdaptivaHealth.MOF ├── Dogfood.MOF ├── HealthCollections.MOF ├── OfficeChannels.mof ├── SCCMServerRoles.MOF ├── SecurityHealthCollections.MOF ├── WindowsVersions.mof └── readme ├── Compliance Settings ├── CIs │ ├── Baselines │ │ ├── CIS Baselines │ │ │ ├── CIS Google Chrome.cab │ │ │ ├── CIS Microsoft Windows 10 1703.cab │ │ │ ├── CIS Microsoft Windows 7.cab │ │ │ ├── CIS Microsoft Windows 8.1.cab │ │ │ ├── CIS Microsoft Windows Server 2008 R2.cab │ │ │ ├── CIS Microsoft Windows Server 2008.cab │ │ │ ├── CIS Microsoft Windows Server 2012 R2.cab │ │ │ ├── CIS Microsoft Windows Server 2012.cab │ │ │ ├── CIS Microsoft Windows Server 2016.cab │ │ │ └── README.md │ │ ├── D0D STIG Baselines │ │ │ ├── README.md │ │ │ ├── STIG 1804 DoD Baselines.cab │ │ │ └── STIG 1811 DoD Baselines.cab │ │ ├── Microsoft Baselines │ │ │ ├── MSFT Windows 10 1709.cab │ │ │ ├── MSFT Windows 10 1809.cab │ │ │ ├── MSFT Windows 10 and Server 2016 (1803).cab │ │ │ ├── MSFT Windows Server 2012 R2.cab │ │ │ └── MSFT Windows Server 2019.cab │ │ └── Windows Security Hardening.cab │ ├── Client Configuration │ │ ├── CB - Deprovisioned AppX via PoSh.cab │ │ ├── CB - Deprovisioned AppX via Registry.cab │ │ ├── CB - Reprovision AppX.cab │ │ ├── CI - Windows Analytics.cab │ │ ├── ClientHealth.cab │ │ ├── Disable DualScan.cab │ │ ├── Office 365 - Channel.cab │ │ ├── WinRM Configuration.cab │ │ ├── WinRM Configuration.md │ │ └── Windows Defender Passive Mode.cab │ ├── README.md │ └── Server Configuration │ │ └── System Center Configuration Manager - Role Configuration.cab └── Script │ ├── Convert-GPOtoCI_1.2.6 │ ├── Convert-GPOtoCI.ps1 │ ├── README.md │ └── xmlTemplates │ │ ├── rule.xml │ │ └── setting.xml │ └── MigrateGPOBaselinesToDCM.ps1 ├── Defender └── Antivirus │ ├── Exclusions_AD.xml │ ├── Exclusions_DHCP.xml │ ├── Exclusions_DNS.xml │ ├── Exclusions_HyperV.xml │ ├── Exclusions_IIS.xml │ ├── Exclusions_SCCM.xml │ ├── Exclusions_SCCMClient.xml │ ├── Exclusions_SQL.xml │ ├── Exclusions_WINS.xml │ └── Exclusions_Windows.xml ├── Exploit Guard ├── DOD_EP_V2.XML ├── ProcessMitigation.xml └── README.md ├── Hardware Inventory ├── Dell_OMCI_SMS_DEF.mof ├── HP_CMI_SMS_DEF.mof ├── HealthChecksHINV.mof └── readme.md ├── Intune └── Device Configuration Profiles │ ├── Endpoint Protection │ ├── Windows 10 - Endpoint Protection_26-04-2019-12-45-33.json │ └── readme.md │ ├── Google Chrome │ ├── CIS Level 1 - Chrome Browser policies for Microsoft Intune.xlsx │ ├── Google Chrome Configuration_23-04-2019-13-50-42.json │ └── Readme.md │ ├── Office 365 │ ├── Office 365 - MSFT Baseline.xlsx │ ├── Readme.md │ ├── Windows 10 - Office 365 Security Baseline - ADMX Ingestion_23-04-2019-13-50-43.json │ ├── Windows 10 - Office 365 Security Baseline - Computer_23-04-2019-13-50-43.json │ └── Windows 10 - Office 365 Security Baseline - User_23-04-2019-13-50-43.json │ └── Readme.md ├── LICENSE ├── README.md ├── Reports ├── README.md ├── Reporting for the Rest of Us - Deployment Status Dashboard.pbit └── TS Fail Status.sql ├── SQL ├── Find Asset and User Data by Installed Application Name (ARP).sql ├── Find Assets by Primary User Email.sql ├── Installed Web Browsers (IE, Chrome, Firefox, Opera, and Safari).sql ├── List of Assets with Windows 10 Build Information.sql └── README.MD ├── Scripts ├── Bitlocker │ ├── BitlockerAudit.ps1 │ └── Get-BitlockerStatus.ps1 ├── ClientHealth.ps1 ├── CurrentLoggedOnUsers.ps1 ├── Deploy-AppByCategory.ps1 ├── Drivers │ ├── AutoApplyDrivers │ │ ├── AutoApplyDrivers.ps1 │ │ ├── AutoApplyDrivers.zip │ │ ├── MODULE_Functions │ │ │ ├── MODULE_Drivers.psm1 │ │ │ ├── MODULE_Functions.psd1 │ │ │ ├── MODULE_Functions.psm1 │ │ │ ├── MODULE_LogIt.psm1 │ │ │ └── MODULE_SQL.psm1 │ │ └── Readme.md │ ├── BurnDriverDatabaseWithFire.ps1 │ └── DriverSourceCheck.ps1 ├── DynamicMWs │ ├── Dynamic Maintenance Windows.pdf │ ├── MW-Feeder.ps1 │ ├── New-CMMaintenanceWindow.ps1 │ ├── Remove-CMMaintenanceWindow.ps1 │ ├── Window_Source.csv │ └── readme.md ├── Fix Stuck BITS Jobs.ps1 ├── NumberOfDaysSinceLastBoot.ps1 ├── Repair-MSIApplication.ps1 ├── ResetPolicy.ps1 ├── Run CCMEval.ps1 ├── SCCM Setup │ ├── README.md │ ├── SUP_ADR_Creation.ps1 │ └── SUP_UpdateSelection.ps1 ├── Service_WIM │ ├── Service_WIM.ps1 │ └── readme.md ├── Test-FileSystemAccess.ps1 ├── Windows_Update_Fix.ps1 ├── Write-CMLogEntry.ps1 └── _TestCI.ps1 ├── SecurityRoles ├── Collection Resource Manager.xml └── readme.md ├── Status Message Queries ├── All Status Messages for Task Sequence Components by Site.txt ├── PXE Service Point Status Messages.wql └── readme ├── Task Sequences ├── MBR2GPT │ ├── MBR2GPT.zip │ ├── MBR2GPT_files │ │ └── BIOS Security Configuration │ │ │ ├── multiplatform_201903120943.exe │ │ │ ├── multiplatform_201903120943.sh │ │ │ └── multiplatform_201903120943_x64.exe │ └── README.md ├── Modular OSD │ ├── ModularOSD.zip │ ├── ModularOSD_files │ │ └── OSD Configuration │ │ │ ├── ApplicationAssociations │ │ │ └── DefaultAssociations.xml │ │ │ ├── CopyFiles.vbs │ │ │ ├── DiskCleanup │ │ │ ├── Custom.reg │ │ │ ├── SageSet.reg │ │ │ ├── Win10Defaults.reg │ │ │ └── Windows10DiskCleanup.reg │ │ │ ├── PowerCfg │ │ │ ├── DeploymentPowerScheme.pow │ │ │ └── PowerCfg.txt │ │ │ ├── ProvisioningPackages │ │ │ ├── Default.ppkg │ │ │ ├── Default.txt │ │ │ └── ProvisioningPackage.txt │ │ │ ├── Registry_ThirdParty │ │ │ └── Google-Disable-Chrome-Updates.reg │ │ │ ├── Registry_Windows10 │ │ │ ├── Depreciated │ │ │ │ ├── DisableTelemetry.reg │ │ │ │ ├── DisableTypingTelemetry.reg │ │ │ │ ├── DisableUserGeneratedFeedback.reg │ │ │ │ └── DisableWiFiSense.reg │ │ │ ├── DisableAdvertisingID.reg │ │ │ ├── DisableEdgeDesktopShortcutCreation_1803.reg │ │ │ ├── DisableFirstLogonAnimation.reg │ │ │ ├── DisableIEFirstRun.reg │ │ │ ├── DisableMasterBrowser.reg │ │ │ ├── DisableMouseCursorSupression.reg │ │ │ ├── DisableOneDrive.reg │ │ │ ├── DisableStoreCloudContent.reg │ │ │ ├── DisableSyncProviderAd.reg │ │ │ ├── DisableSystemRestore.reg │ │ │ ├── DisableWebSearch.reg │ │ │ ├── DisableWindowsAutomaticUpdates.reg │ │ │ ├── GroupPolicyServiceConfiguration.reg │ │ │ ├── LockScreenImage.reg │ │ │ ├── MBAMStartupSettings.reg │ │ │ ├── PowerShellDefaultPolicies.reg │ │ │ ├── SetAppPrivacy.reg │ │ │ ├── ShowOldDesktopIcons.reg │ │ │ ├── WMIServiceConfiguration.reg │ │ │ └── Windows10DiskCleanup.reg.bak │ │ │ ├── Scripts │ │ │ ├── CopyOSDLogs.ps1 │ │ │ ├── Gather.ps1 │ │ │ ├── GatherOSDLogs.ps1 │ │ │ ├── MDT │ │ │ │ ├── CustomSettings.ini │ │ │ │ ├── ZTIDataAccess.vbs │ │ │ │ ├── ZTIGather.wsf │ │ │ │ ├── ZTIGather.xml │ │ │ │ ├── ZTIUtility.vbs │ │ │ │ ├── x64 │ │ │ │ │ └── Microsoft.BDD.Utility.dll │ │ │ │ ├── x86 │ │ │ │ │ └── Microsoft.BDD.Utility.dll │ │ │ │ └── ztiRunCommandHidden.wsf │ │ │ ├── RemoveWin10Apps.ps1 │ │ │ ├── RunOnce.vbs │ │ │ ├── RunOnce64.vbs │ │ │ ├── SetNetworkInterfacePrivate.ps1 │ │ │ ├── TSVarsSafeDump.ps1 │ │ │ ├── TSVarsUNSafeDump.ps1 │ │ │ └── Test-RebootPending.ps1 │ │ │ ├── StartMenu │ │ │ ├── ExampleStartMenu.xml │ │ │ └── sample.xml │ │ │ └── unattend.xml │ └── PoSh Export Command.ps1 ├── README.md └── _Legacy │ ├── Modular OSD │ └── ModularOSD.zip │ ├── README.md │ └── Win10 Master Deployment │ └── Win10MasterDeployment.zip ├── _CI ├── build-all-steps.yml └── build-single-steps.yml ├── _Legacy ├── Driver Import Script │ ├── ImportDrivers.ps1.txt │ ├── MODULE_LogIt │ │ └── MODULE_LogIt.psm1.txt │ ├── Readme.txt │ └── Signdrivers.txt └── Misc │ ├── Needs to be cleaned up and organized.txt │ └── SCCM Scripts │ ├── ApplicationLifecycle.ps1.txt │ ├── Application_Example.xml │ ├── AutoGenerateApplicationDeployments - Copy.ps1.txt │ ├── AutoGenerateApplicationDeployments.ps1.txt │ ├── AutoGenerateApplicationInstalledCollections.ps1.txt │ ├── Autologon.ps1.txt │ ├── Create-Application.ps1.txt │ ├── Create_Application.old.ps1.txt │ ├── Functions.psm1.txt │ ├── MODULE_LogIt │ └── MODULE_LogIt.psm1.txt │ ├── Remove_SCCM_Client_GUID │ ├── Remove_SCCM_Client_Settings.cmd │ ├── Remove_SCCM_Client_Settings.ps1.txt │ └── ccmdelcert.exe │ ├── SourceFileSize.ps1.txt │ └── correct-BaseVars.ps1.txt └── azure-pipelines.yml /.gitattributes: -------------------------------------------------------------------------------- 1 | *.MOF diff 2 | *.mof diff 3 | *.reg diff=astextplain 4 | *.MOFTEST binary eol=crlf diff=astextplain 5 | 6 | #common settings that generally should always be used with your language specific settings 7 | 8 | # Auto detect text files and perform LF normalization 9 | # http://davidlaing.com/2012/09/19/customise-your-gitattributes-to-become-a-git-ninja/ 10 | * text=auto 11 | 12 | # 13 | # The above will handle all files NOT found below 14 | # 15 | 16 | # Documents 17 | *.doc diff=astextplain 18 | *.DOC diff=astextplain 19 | *.docx diff=astextplain 20 | *.DOCX diff=astextplain 21 | *.dot diff=astextplain 22 | *.DOT diff=astextplain 23 | *.pdf diff=astextplain 24 | *.PDF diff=astextplain 25 | *.rtf diff=astextplain 26 | *.RTF diff=astextplain 27 | *.md text 28 | *.adoc text 29 | *.textile text 30 | *.mustache text 31 | *.csv text 32 | *.tab text 33 | *.tsv text 34 | *.sql text 35 | 36 | # Don't diff image files 37 | *.iso binary 38 | *.wim binary 39 | 40 | # Graphics 41 | *.png binary 42 | *.jpg binary 43 | *.jpeg binary 44 | *.gif binary 45 | *.tif binary 46 | *.tiff binary 47 | *.ico binary 48 | # SVG treated as an asset (binary) by default. If you want to treat it as text, 49 | # comment-out the following line and uncomment the line after. 50 | *.svg binary 51 | #*.svg text 52 | *.eps binary 53 | 54 | # Git Large File Storage (LFS). 55 | #*.wim filter=lfs diff=lfs merge=lfs -text 56 | #*.iso filter=lfs diff=lfs merge=lfs -text 57 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | #Python specific 2 | *.pyc 3 | 4 | #Kwrite/Gedit/Other crapapps making backups 5 | *~ 6 | 7 | #Patch files 8 | *.patch 9 | 10 | #Personal 11 | /saveddata/ 12 | 13 | #Pyfa file 14 | pyfaFits.html 15 | 16 | #Temporary files 17 | *.py__jb_tmp__ 18 | 19 | # Based on https://github.com/github/gitignore 20 | 21 | # Byte-compiled / optimized / DLL files 22 | __pycache__/ 23 | *.py[cod] 24 | *$py.class 25 | 26 | # C extensions 27 | *.so 28 | 29 | # Distribution / packaging 30 | .Python 31 | env/ 32 | build/ 33 | develop-eggs/ 34 | dist/ 35 | downloads/ 36 | eggs/ 37 | .eggs/ 38 | lib/ 39 | lib64/ 40 | parts/ 41 | sdist/ 42 | var/ 43 | *.egg-info/ 44 | .installed.cfg 45 | *.egg 46 | Pyfa.egg-info/ 47 | 48 | # PyInstaller 49 | # Usually these files are written by a python script from a template 50 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 51 | *.manifest 52 | 53 | # Installer logs 54 | pip-log.txt 55 | pip-delete-this-directory.txt 56 | 57 | # Unit test / coverage reports 58 | htmlcov/ 59 | .tox/ 60 | .coverage 61 | .coverage.* 62 | .cache 63 | nosetests.xml 64 | coverage.xml 65 | *,cover 66 | .hypothesis/ 67 | 68 | # Translations 69 | *.mo 70 | *.pot 71 | 72 | # Django stuff: 73 | *.log 74 | local_settings.py 75 | 76 | # Flask stuff: 77 | instance/ 78 | .webassets-cache 79 | 80 | # Scrapy stuff: 81 | .scrapy 82 | 83 | # Sphinx documentation 84 | docs/_build/ 85 | 86 | # PyBuilder 87 | target/ 88 | 89 | # IPython Notebook 90 | .ipynb_checkpoints 91 | 92 | # pyenv 93 | .python-version 94 | 95 | # celery beat schedule file 96 | celerybeat-schedule 97 | 98 | # dotenv 99 | .env 100 | 101 | # virtualenv 102 | .venv/ 103 | venv/ 104 | ENV/ 105 | 106 | # Spyder project settings 107 | .spyderproject 108 | 109 | # Rope project settings 110 | .ropeproject 111 | 112 | # Eclipse project settings 113 | .project 114 | .pydevproject 115 | .settings 116 | 117 | # Pycharm project settings 118 | .idea 119 | eos.iml 120 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/NoPasswordReset.ps1: -------------------------------------------------------------------------------- 1 | Write-Verbose "Get current Active Directory domain... " 2 | $ADForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() 3 | $ADForestInfoRootDomain = $ADForestInfo.RootDomain 4 | $ADForestInfoRootDomainDN = "DC=" + $ADForestInfoRootDomain -Replace("\.",',DC=') 5 | 6 | $ADDomainInfoLGCDN = 'GC://' + $ADForestInfoRootDomainDN 7 | 8 | Write-Verbose "Discovering Microsoft SQL Servers in the AD Forest $ADForestInfoRootDomainDN " 9 | $root = [ADSI]$ADDomainInfoLGCDN 10 | $ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(&(objectclass=user)(objectcategory=user)(useraccountcontrol:1.2.840.113556.1.4.803:=65536))") 11 | $ADSearcher.SizeLimit = 100000; 12 | $ADSearcher.PageSize = 100000; 13 | $AllADSPNs = $ADSearcher.FindAll() 14 | 15 | Write-Verbose "Exporting Active Directory Object Information" 16 | $AllADSPNs.Properties | select-object @{expression={$_.name}; label=’Name’}, @{expression={$_.dnshostname}; label=’DNS Host Name’}, @{expression={$_.cn}; label=’CN’}, @{expression={$_.distinguishedname}; label=’Distinguished Name’}, @{expression={$_.samaccountname}; label=’SAM Account Name’}, @{expression={$_.serviceprincipalname}; label=’Service Principal Name’}, @{expression={$_.objectcategory}; label=’Object Category’}, @{expression={$_.networkaddress}; label=’Network Address’}, @{expression={$_.adspath}; label=’ADS Path’}, @{expression={$_.whencreated}; label=’When Created’} | Export-Csv -Path ".\ADAudit_NoPasswordReset.csv" -NoTypeInformation 17 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/PowerSploit_ADGroupsinGPOs.ps1: -------------------------------------------------------------------------------- 1 | Import-Module PowerSploit -ErrorAction SilentlyContinue 2 | 3 | If (-not (Get-Module -Name PowerSploit)) 4 | { 5 | Write-Host "Could not load PowerSploit module. Is it downloaded and installed?" -ForegroundColor Red 6 | Write-Host "https://github.com/PowerShellMafia/PowerSploit" -ForegroundColor Cyan 7 | } 8 | 9 | Get-NetGPOGroup | 10 | Select-Object @{expression={$_.GPODisplayName}; label=’GPO Display Name’}, @{expression={$_.GPOName}; label=’GUID’}, @{expression={$_.GPOType}; label=’GPO Type’}, @{expression={$_.GroupName}; label=’Group Name’}, @{expression={$_.GroupSID}; label=’Group SID’} | 11 | Export-Csv -Path .\ADAudit_ADGroupsinGPOs.csv -NoTypeInformation 12 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/PowerSploit_DFSShare.ps1: -------------------------------------------------------------------------------- 1 | Import-Module PowerSploit -ErrorAction SilentlyContinue 2 | 3 | If (-not (Get-Module -Name PowerSploit)) 4 | { 5 | Write-Host "Could not load PowerSploit module. Is it downloaded and installed?" -ForegroundColor Red 6 | Write-Host "https://github.com/PowerShellMafia/PowerSploit" -ForegroundColor Cyan 7 | } 8 | 9 | Get-DFSshare | 10 | Select-Object @{expression={$_.RemoteServerName}; label=’Remote Server Name’}, @{expression={$_.Name}; label=’Share Name’} | 11 | Export-Csv -Path .\ADAudit_ExposedDFSShare.csv -NoTypeInformation 12 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/PowerSploit_ExploitableSystems.ps1: -------------------------------------------------------------------------------- 1 | Import-Module PowerSploit -ErrorAction SilentlyContinue 2 | 3 | If (-not (Get-Module -Name PowerSploit)) 4 | { 5 | Write-Host "Could not load PowerSploit module. Is it downloaded and installed?" -ForegroundColor Red 6 | Write-Host "https://github.com/PowerShellMafia/PowerSploit" -ForegroundColor Cyan 7 | } 8 | 9 | (Get-ExploitableSystem).GetEnumerator() | Sort-Object ComputerName | Select ComputerName, OperatingSystem,ServicePack,LastLogon,MsfModule,CVE | Export-Csv -Path ".\ADAudit_ExploitableSystems.csv" -NoTypeInformation 10 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/PowerSploit_ForeignGroups.ps1: -------------------------------------------------------------------------------- 1 | Import-Module PowerSploit -ErrorAction SilentlyContinue 2 | 3 | If (-not (Get-Module -Name PowerSploit)) 4 | { 5 | Write-Host "Could not load PowerSploit module. Is it downloaded and installed?" -ForegroundColor Red 6 | Write-Host "https://github.com/PowerShellMafia/PowerSploit" -ForegroundColor Cyan 7 | } 8 | 9 | Find-ForeignGroup | Select-Object @{expression={$_.GroupDomain}; label='Domain'}, @{expression={$_.GroupName}; label='Group Name'}, @{expression={$_.UserName}; label='User Name'}, @{expression={$_.UserDomain}; label='User Domain'}, @{expression={$_.UserDN}; label='User DN'} | Export-CSV -path ".\ADAudit_ForeignGroup.csv" -NoTypeInformation 10 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/PowerSploit_GPPPasswords.ps1: -------------------------------------------------------------------------------- 1 | Import-Module PowerSploit -ErrorAction SilentlyContinue 2 | 3 | If (-not (Get-Module -Name PowerSploit)) 4 | { 5 | Write-Host "Could not load PowerSploit module. Is it downloaded and installed?" -ForegroundColor Red 6 | Write-Host "https://github.com/PowerShellMafia/PowerSploit" -ForegroundColor Cyan 7 | } 8 | 9 | Get-GPPPassword | 10 | Select-Object @{expression={$_.UserNames}; label=’User Name’}, @{expression={$_.Passwords}; label=’Passwords’}, @{expression={$_.NewName}; label=’New Name’},@{expression={$_.Changed}; label=’Changed’}, @{expression={(Get-GPO -Guid $_.File.Split("\")[6]).DisplayName}; label='Group Policy Name'}, @{expression={$_.File}; label=’File’} | 11 | Export-Csv -Path .\ADAudit_ExposedGPPPasswords.csv -NoTypeInformation 12 | 13 | # Does not work yet 14 | # $GPPAutoLogon = Get-GPPAutologon 15 | 16 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/PowerSploit_WritableManagedGroups.ps1: -------------------------------------------------------------------------------- 1 | Import-Module PowerSploit -ErrorAction SilentlyContinue 2 | 3 | If (-not (Get-Module -Name PowerSploit)) 4 | { 5 | Write-Host "Could not load PowerSploit module. Is it downloaded and installed?" -ForegroundColor Red 6 | Write-Host "https://github.com/PowerShellMafia/PowerSploit" -ForegroundColor Cyan 7 | } 8 | 9 | Find-ManagedSecurityGroups | Where-Object {$_.CanManagerWrite} | Select-Object @{expression={$_.GroupCN}; label='Group Name'}, @{expression={$_.GroupDN}; label='Group DN'}, @{expression={$_.ManagerCN}; label='Group Manager'}, @{expression={$_.ManagerCN}; label='Manager CN'}, @{expression={$_.ManagerType}; label='Manager Type'} | Export-CSV -path ".\ADAudit_WritableManagedGroups.csv" -NoTypeInformation 10 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/Readme.md: -------------------------------------------------------------------------------- 1 | Some scripts that can be used for auditing Active Directory. Most of these are pretty simple, just runs the command and outputs to a CSV. 2 | -------------------------------------------------------------------------------- /Active Directory/Audit Scripts/SPNAudit.ps1: -------------------------------------------------------------------------------- 1 | Write-Verbose "Get current Active Directory domain... " 2 | $ADForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() 3 | $ADForestInfoRootDomain = $ADForestInfo.RootDomain 4 | $ADForestInfoRootDomainDN = "DC=" + $ADForestInfoRootDomain -Replace("\.",',DC=') 5 | 6 | $ADDomainInfoLGCDN = 'GC://' + $ADForestInfoRootDomainDN 7 | 8 | Write-Verbose "Discovering Microsoft SQL Servers in the AD Forest $ADForestInfoRootDomainDN " 9 | $root = [ADSI]$ADDomainInfoLGCDN 10 | $ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(serviceprincipalname=*)") 11 | $ADSearcher.SizeLimit = 100000; 12 | $ADSearcher.PageSize = 100000; 13 | $AllADSPNs = $ADSearcher.FindAll() 14 | 15 | Write-Verbose "Exporting Active Directory Object Information" 16 | $AllADSPNs.Properties | select-object @{expression={$_.name}; label=’Name’}, @{expression={$_.dnshostname}; label=’DNS Host Name’}, @{expression={$_.cn}; label=’CN’}, @{expression={$_.distinguishedname}; label=’Distinguished Name’}, @{expression={$_.samaccountname}; label=’SAM Account Name’}, @{expression={$_.serviceprincipalname}; label=’Service Principal Name’}, @{expression={$_.objectcategory}; label=’Object Category’}, @{expression={$_.networkaddress}; label=’Network Address’}, @{expression={$_.adspath}; label=’ADS Path’}, @{expression={$_.whencreated}; label=’When Created’} | Export-Csv -Path ".\ADAudit_Raw_SPNObjectData.csv" -NoTypeInformation 17 | 18 | $SPNCount = @{} 19 | 20 | ForEach ($_ in $AllADSPNs.Properties.serviceprincipalname) 21 | { 22 | $SPNName = ($_.Split("/"))[0] 23 | 24 | If ($SPNCount.containsKey($SPNName)) 25 | { 26 | $SPNCount.($SPNName)++ 27 | } 28 | Else 29 | { 30 | $SPNCount["$SPNName"] = [int]1 31 | } 32 | 33 | } 34 | 35 | $SPNCount.GetEnumerator() | Sort-Object Name | Select Name, Value | Export-Csv -Path ".\ADAudit_SPNCount.csv" -NoTypeInformation 36 | 37 | Write-Verbose "Exporting Service Accounts With SPNs" 38 | 39 | $ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(&(objectclass=user)(objectcategory=user)(serviceprincipalname=*))") 40 | $AllADSPNs = $ADSearcher.FindAll() 41 | $ADSearcher.SizeLimit = 100000; 42 | $ADSearcher.PageSize = 100000; 43 | $AllADSPNs.Properties | select-object @{expression={$_.name}; label=’Name’}, @{expression={$_.dnshostname}; label=’DNS Host Name’}, @{expression={$_.cn}; label=’CN’}, @{expression={$_.distinguishedname}; label=’Distinguished Name’}, @{expression={$_.samaccountname}; label=’SAM Account Name’}, @{expression={$_.serviceprincipalname}; label=’Service Principal Name’}, @{expression={$_.objectcategory}; label=’Object Category’}, @{expression={$_.networkaddress}; label=’Network Address’}, @{expression={$_.adspath}; label=’ADS Path’}, @{expression={$_.whencreated}; label=’When Created’} | Export-Csv -Path ".\ADAudit_SPNServiceAccounts.csv" -NoTypeInformation 44 | -------------------------------------------------------------------------------- /Active Directory/GPO/Bitlocker/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Active Directory/GPO/Bitlocker/{D1205166-978A-43F6-8310-4789918FC168}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Active Directory/GPO/Bitlocker/{D1205166-978A-43F6-8310-4789918FC168}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Active Directory/GPO/Bitlocker/{D1205166-978A-43F6-8310-4789918FC168}/DomainSysvol/GPO/Machine/registry.pol: -------------------------------------------------------------------------------- 1 | PReg[Software\Policies\Microsoft\FVE;ActiveDirectoryBackup;;;][Software\Policies\Microsoft\FVE;RequireActiveDirectoryBackup;;;][Software\Policies\Microsoft\FVE;ActiveDirectoryInfoToStore;;;][Software\Policies\Microsoft\FVE;OSHardwareEncryption;;;][Software\Policies\Microsoft\FVE;OSAllowSoftwareEncryptionFailover;;;][Software\Policies\Microsoft\FVE;OSRestrictHardwareEncryptionAlgorithms;;;][Software\Policies\Microsoft\FVE;**del.OSAllowedHardwareEncryptionAlgorithms;;; ][Software\Policies\Microsoft\FVE;UseRecoveryPassword;;;][Software\Policies\Microsoft\FVE;UseRecoveryDrive;;;][Software\Policies\Microsoft\FVE;OSRecovery;;;][Software\Policies\Microsoft\FVE;OSManageDRA;;;][Software\Policies\Microsoft\FVE;OSRecoveryPassword;;;][Software\Policies\Microsoft\FVE;OSRecoveryKey;;;][Software\Policies\Microsoft\FVE;OSHideRecoveryPage;;;][Software\Policies\Microsoft\FVE;OSActiveDirectoryBackup;;;][Software\Policies\Microsoft\FVE;OSActiveDirectoryInfoToStore;;;][Software\Policies\Microsoft\FVE;OSRequireActiveDirectoryBackup;;;][Software\Policies\Microsoft\FVE;OSEncryptionType;;;][Software\Policies\Microsoft\FVE;UseAdvancedStartup;;;][Software\Policies\Microsoft\FVE;EnableBDEWithNoTPM;;;][Software\Policies\Microsoft\FVE;UseTPM;;;][Software\Policies\Microsoft\FVE;UseTPMPIN;;;][Software\Policies\Microsoft\FVE;UseTPMKey;;;][Software\Policies\Microsoft\FVE;UseTPMKeyPIN;;;][Software\Policies\Microsoft\FVE;FDVHardwareEncryption;;;][Software\Policies\Microsoft\FVE;FDVAllowSoftwareEncryptionFailover;;;][Software\Policies\Microsoft\FVE;FDVRestrictHardwareEncryptionAlgorithms;;;][Software\Policies\Microsoft\FVE;**del.FDVAllowedHardwareEncryptionAlgorithms;;; ][Software\Policies\Microsoft\FVE;FDVEncryptionType;;;][Software\Policies\Microsoft\FVE;FDVRecovery;;;][Software\Policies\Microsoft\FVE;FDVManageDRA;;;][Software\Policies\Microsoft\FVE;FDVRecoveryPassword;;;][Software\Policies\Microsoft\FVE;FDVRecoveryKey;;;][Software\Policies\Microsoft\FVE;FDVHideRecoveryPage;;;][Software\Policies\Microsoft\FVE;FDVActiveDirectoryBackup;;;][Software\Policies\Microsoft\FVE;FDVActiveDirectoryInfoToStore;;;][Software\Policies\Microsoft\FVE;FDVRequireActiveDirectoryBackup;;;] -------------------------------------------------------------------------------- /Active Directory/GPO/Bitlocker/{D1205166-978A-43F6-8310-4789918FC168}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Active Directory/GPO/Bitlocker/{D1205166-978A-43F6-8310-4789918FC168}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Active Directory/GPO/Bitlocker/{D1205166-978A-43F6-8310-4789918FC168}/gpreport.xml -------------------------------------------------------------------------------- /Active Directory/GPO/ImportGPOBaselines.ps1: -------------------------------------------------------------------------------- 1 | # Map GUIDs to GPO display names 2 | <# 3 | .SYNOPSIS 4 | 5 | .DESCRIPTION 6 | 7 | .PARAMETER rootdir 8 | 9 | .EXAMPLE 10 | 11 | #> 12 | 13 | param( 14 | [parameter(Mandatory=$true)] 15 | [String] 16 | $rootdir 17 | ) 18 | 19 | $results = @{} 20 | Get-ChildItem -Recurse -Include backup.xml $rootdir | ForEach-Object{ 21 | $guid = $_.Directory.Name 22 | $x = [xml](Get-Content $_) 23 | $dn = $x.GroupPolicyBackupScheme.GroupPolicyObject.GroupPolicyCoreSettings.DisplayName.InnerText 24 | # $dn + "`t" + $guid 25 | $results.Add($dn, $guid) 26 | Import-GPO -BackupId $guid -Path (Get-Item (get-item $_.PSParentPath).PSParentPath).FullName -TargetName $dn -CreateIfNeeded 27 | } 28 | $results | Format-Table Name, Value -AutoSize 29 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Active Directory/GPO/Microsoft Security Standards/Level 4/{0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Active Directory/GPO/Microsoft Security Standards/Level 4/{0D329DF9-3BC6-47AA-AC03-CC8A99F24D1E}/gpreport.xml -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{1B7CA888-2108-483E-B166-0ACF97E5DC9B}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{1B7CA888-2108-483E-B166-0ACF97E5DC9B}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{1B7CA888-2108-483E-B166-0ACF97E5DC9B}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Active Directory/GPO/Microsoft Security Standards/Level 4/{1B7CA888-2108-483E-B166-0ACF97E5DC9B}/gpreport.xml -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{2AE5457C-4294-4A6D-B874-B9FD2CB660BD}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{2AE5457C-4294-4A6D-B874-B9FD2CB660BD}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{2AE5457C-4294-4A6D-B874-B9FD2CB660BD}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{2AE5457C-4294-4A6D-B874-B9FD2CB660BD}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Active Directory/GPO/Microsoft Security Standards/Level 4/{2AE5457C-4294-4A6D-B874-B9FD2CB660BD}/gpreport.xml -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{EDFECDE3-711F-43A5-A192-3B3AAD06C5C8}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 4b cd cb ec 60 bf 4a 35 23 44 5e 02 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{EDFECDE3-711F-43A5-A192-3B3AAD06C5C8}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{EDFECDE3-711F-43A5-A192-3B3AAD06C5C8}/DomainSysvol/GPO/Machine/registry.pol: -------------------------------------------------------------------------------- 1 | PReg[Software\Policies\Microsoft\Windows Defender;PUAProtection;;;] -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{EDFECDE3-711F-43A5-A192-3B3AAD06C5C8}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/Level 4/{EDFECDE3-711F-43A5-A192-3B3AAD06C5C8}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Active Directory/GPO/Microsoft Security Standards/Level 4/{EDFECDE3-711F-43A5-A192-3B3AAD06C5C8}/gpreport.xml -------------------------------------------------------------------------------- /Active Directory/GPO/Microsoft Security Standards/README.md: -------------------------------------------------------------------------------- 1 | https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework 2 | -------------------------------------------------------------------------------- /Active Directory/GPO/README.md: -------------------------------------------------------------------------------- 1 | Microsoft Security Compliance Toolkit: 2 | https://docs.microsoft.com/en-us/windows/security/threat-protection/security-compliance-toolkit-10 3 | 4 | DoD STIGs: 5 | https://public.cyber.mil/stigs/gpo/ 6 | -------------------------------------------------------------------------------- /Applications/Detection Methods/BIOS.ps1: -------------------------------------------------------------------------------- 1 | # Change the target major and minor version to the desired values. 2 | # Confirmed to work against Dell and HP 3 | $TargetBiosMajorVersion = 1 4 | $TargetBiosMinorVersion = 10 5 | 6 | $BiosMajorVersion = (Get-WmiObject -Class Win32_Bios -Property SystemBiosMajorVersion).SystemBiosMajorVersion 7 | $BiosMinorVersion = (Get-WmiObject -Class Win32_Bios -Property SystemBiosMinorVersion).SystemBiosMinorVersion 8 | 9 | if ($TargetBiosMajorVersion -ge $BiosMajorVersion) 10 | { 11 | if ($TargetBiosMinorVersion -ge $BiosMinorVersion) 12 | { 13 | Write-Host "Installed" 14 | } 15 | } 16 | else 17 | { 18 | # Do nothing 19 | } 20 | -------------------------------------------------------------------------------- /Applications/GlobalConditions.ps1: -------------------------------------------------------------------------------- 1 | # 2 | # Press 'F5' to run this script. Running this script will load the ConfigurationManager 3 | # module for Windows PowerShell and will connect to the site. 4 | # 5 | # This script was auto-generated at '10/18/2019 9:54:22 AM'. 6 | 7 | # Uncomment the line below if running in an environment where script signing is 8 | # required. 9 | #Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process 10 | 11 | # Site configuration 12 | $SiteCode = "CHQ" # Site code 13 | $ProviderMachineName = "CM1.corp.contoso.com" # SMS Provider machine name 14 | 15 | # Customizations 16 | $initParams = @{} 17 | #$initParams.Add("Verbose", $true) # Uncomment this line to enable verbose logging 18 | #$initParams.Add("ErrorAction", "Stop") # Uncomment this line to stop the script on any errors 19 | 20 | # Do not change anything below this line 21 | 22 | # Import the ConfigurationManager.psd1 module 23 | if((Get-Module ConfigurationManager) -eq $null) { 24 | Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" @initParams 25 | } 26 | 27 | # Connect to the site's drive if it is not already present 28 | if((Get-PSDrive -Name $SiteCode -PSProvider CMSite -ErrorAction SilentlyContinue) -eq $null) { 29 | New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $ProviderMachineName @initParams 30 | } 31 | 32 | # Set the current location to be the site code. 33 | Set-Location "$($SiteCode):\" @initParams 34 | 35 | # Hardware Manufacturer 36 | New-CMGlobalConditionWqlQuery -Class Win32_ComputerSystem -DataType String -Name Manufacturer -Property Manufacturer -Namespace root\cimv2 37 | 38 | # Hardware Model 39 | New-CMGlobalConditionWqlQuery -Class Win32_ComputerSystem -DataType String -Name Model -Property Model -Namespace root\cimv2 40 | -------------------------------------------------------------------------------- /Applications/Scripts/VHD_Application_Install/PS_VHD_Install.ps1: -------------------------------------------------------------------------------- 1 | #Thanks to @jgkps for the installation method and @LtBehr for his version of the PS Script, which this is based upon. 2 | 3 | #Folder containing this script. VHD should reside in the root alongside the script. 4 | if(!$PSScriptRoot){$PSScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent} 5 | 6 | #VHD Path 7 | $vhd = (Get-ChildItem $PSScriptRoot\*.vhd) 8 | 9 | Try{ 10 | #Mount VHD and get its Drive Letter for use in the installation command. 11 | #Drive will be writeable by default to allow for installers that write temp files. Add -ReadOnly to Mount-DiskImage if this is not desired. 12 | $Volume_Letter = (Mount-DiskImage $vhd -PassThru | Get-DiskImage | Get-Disk | Get-Partition | Get-Volume).DriveLetter 13 | }Catch{ 14 | Exit 1 15 | } 16 | 17 | Try{ 18 | #Execute your silent install command here. Example of AutoDesk Maya. 19 | Start-Process "$($Volume_Letter):\Img\Setup.exe" -ArgumentList "/qb /I $($Volume_Letter):\Img\Maya2018_Silent.ini /Trial /language en-us" -Wait 20 | }Catch{ 21 | #Unmount the VHD if we fail. 22 | Dismount-DiskImage $vhd 23 | } 24 | 25 | Try{ 26 | #Unount the VHD when we are done. 27 | Dismount-DiskImage $vhd 28 | }Catch{ 29 | Exit 1 30 | } 31 | -------------------------------------------------------------------------------- /Applications/Scripts/VHD_Application_Install/readme.md: -------------------------------------------------------------------------------- 1 | *NOTE:* This is better handled by using AppV or MSIX. This is a very legacy way of handling this. 2 | 3 | For installations with thousands of files, it's more efficient to transfer one large VHD. This script will mount the VHD, run the installation, then unmount the VHD. 4 | 5 | To create a VHD: 6 | 7 | 1. Run Computer Management and select the Disk Management node. 8 | 2. Select Action -> Create VHD 9 | 3. Browse to the Save Location. 10 | 4. Set the VHD Size. 11 | 5. Use VHD for backward compatibility. (The included script assumes .VHD files, so adjust accordingly). 12 | 6. Fixed vs. Dynamic is up to you. 13 | 7. Once created, the VHD will attach in the Disk Management window. 14 | 8. Right click its row header(the "Disk 3, Unknown, Not Initialized" box) and select "Initialize Disk". MBR is fine unless you have a specific need for GPT. 15 | 9. Right click the unallocated space and create / format a new Volume. 16 | 10. In Windows Explorer, copy your installation source files to the mounted VHD. 17 | 11. Right click and "Eject" when finished. 18 | 19 | To Use: 20 | 21 | 1. Modify PS_VHD_Install.ps1 with your installation command line. 22 | 2. Include the VHD and the PS_VHD_Install.ps1 script in the root of your application source. 23 | 3. Create your application in SCCM as normal and run PS_VHD_Install.ps1 as your installation program. -------------------------------------------------------------------------------- /Collections/Dogfood.MOF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Collections/Dogfood.MOF -------------------------------------------------------------------------------- /Collections/HealthCollections.MOF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Collections/HealthCollections.MOF -------------------------------------------------------------------------------- /Collections/SCCMServerRoles.MOF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Collections/SCCMServerRoles.MOF -------------------------------------------------------------------------------- /Collections/SecurityHealthCollections.MOF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Collections/SecurityHealthCollections.MOF -------------------------------------------------------------------------------- /Collections/readme: -------------------------------------------------------------------------------- 1 | WARNING: If you do not first import the hardware inventory MOF (HealthChecksHINV.mof) first, these collections may not import. Import the HINV settings first *THEN* import the collections. 2 | 3 | To add the collections, either download the whole repository or just the MOF file. (If you try to copy and paste you might screw up the formatting, but you can try.) 4 | 5 | To import: https://technet.microsoft.com/en-us/library/cc181056.aspx#EBAA 6 | 7 | SecurityHealthCollections.MOF - For straight up pure security goodness. Anything that directly relates to client security information (UEFI, Bitlocker, Defender, etc). 8 | 9 | HealthCollections.MOF - For client health, because if the SCCM client isn't working, what good is anything else? 10 | 11 | Dogfood.MOF - For Windows Update health. Not strictly required for Windows Updates, but can be a quick and easy way to build out a phased update strategy. 12 | -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Google Chrome.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Google Chrome.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows 10 1703.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows 10 1703.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows 7.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows 7.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows 8.1.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows 8.1.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2008 R2.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2008 R2.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2008.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2008.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2012 R2.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2012 R2.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2012.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2012.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2016.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/CIS Baselines/CIS Microsoft Windows Server 2016.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/CIS Baselines/README.md: -------------------------------------------------------------------------------- 1 | This is the naming convention CIS uses. I'm sorry. 2 | 3 | * Chromev1.2.0 4 | * Server2008(non-R2)v3.1.0 5 | * Server2008R2v3.1.0 6 | * Server2012(non-R2)v2.1.0 7 | * Server2012R2v2.3.0 8 | * Server2016v1.0.0 9 | * Windows7v3.1.0 10 | * Windows8.1v2.3.0 11 | * Windows10v1.3.0 12 | 13 | These baselines include both level 1 and level 2. You will need to modify them to only apply the levels that you desire. 14 | -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/D0D STIG Baselines/README.md: -------------------------------------------------------------------------------- 1 | These are converted from the published DoD STIGs. 2 | https://public.cyber.mil/stigs/gpo/ 3 | 4 | There are a couple of caveats. One is that they do not contain any GPP settings. Additionally, there is one setting missing from each of the baselines below that did not convert over properly (due to being a multistring registry item). 5 | 6 | STIG 1804 DoD Windows 10 v1r13 [2] 7 | STIG 1804 DoD Windows 7 v1r30 [2] 8 | STIG 1804 DoD Windows Server 2008 R2 MS and DC v1r26 [1] 9 | STIG 1804 DoD Windows Server 2008 R2 MS and DC v1r26 [3] 10 | -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/D0D STIG Baselines/STIG 1804 DoD Baselines.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/D0D STIG Baselines/STIG 1804 DoD Baselines.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/D0D STIG Baselines/STIG 1811 DoD Baselines.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/D0D STIG Baselines/STIG 1811 DoD Baselines.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows 10 1709.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows 10 1709.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows 10 1809.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows 10 1809.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows 10 and Server 2016 (1803).cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows 10 and Server 2016 (1803).cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows Server 2012 R2.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows Server 2012 R2.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows Server 2019.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/Microsoft Baselines/MSFT Windows Server 2019.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Baselines/Windows Security Hardening.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Baselines/Windows Security Hardening.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/CB - Deprovisioned AppX via PoSh.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/CB - Deprovisioned AppX via PoSh.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/CB - Deprovisioned AppX via Registry.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/CB - Deprovisioned AppX via Registry.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/CB - Reprovision AppX.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/CB - Reprovision AppX.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/CI - Windows Analytics.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/CI - Windows Analytics.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/ClientHealth.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/ClientHealth.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/Disable DualScan.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/Disable DualScan.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/Office 365 - Channel.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/Office 365 - Channel.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/WinRM Configuration.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/WinRM Configuration.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/WinRM Configuration.md: -------------------------------------------------------------------------------- 1 | WinRM Configuration.cab - Originally built by Roger Zander, and later edited by Sherry Kissinger. 2 | Availble at https://mnscug.org/blogs/sherry-kissinger/299-compliance-setting-to-enable-winrm. 3 | -------------------------------------------------------------------------------- /Compliance Settings/CIs/Client Configuration/Windows Defender Passive Mode.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Client Configuration/Windows Defender Passive Mode.cab -------------------------------------------------------------------------------- /Compliance Settings/CIs/README.md: -------------------------------------------------------------------------------- 1 | Quick rundown of the various Compliance Settings packages. 2 | 3 | ### Baselines ### 4 | 5 | CIS Baselines - CIS GPO Baselines converted to CIs 6 | 7 | D0D STIG Baselines - DoD GPO STIGs converted to CIs 8 | 9 | Microsoft Baselines - Microsoft GPO Baselines converted to CIs 10 | 11 | ### Client Configuration ### 12 | 13 | CB - Deprovisioned AppX via PoSh - CI to deprovision Appx Packages in Windows 10 1803+ 14 | 15 | CB - Deprovisioned AppX via Registry - CI to deprovision Appx Packages via registry (requires updaing each version of Windows as package names change) 16 | 17 | Windows Security Hardening - General Windows OS hardening configuration 18 | 19 | WinRM Configuration - CI to enable WinRM and ensure it is configured correctly 20 | 21 | ### Server Configuration ### 22 | 23 | System Center Configuration Manager - Distribution Point (Pull) - Set of CIs to configure a client in preperation to install a Pull DP on it 24 | -------------------------------------------------------------------------------- /Compliance Settings/CIs/Server Configuration/System Center Configuration Manager - Role Configuration.cab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Compliance Settings/CIs/Server Configuration/System Center Configuration Manager - Role Configuration.cab -------------------------------------------------------------------------------- /Compliance Settings/Script/Convert-GPOtoCI_1.2.6/README.md: -------------------------------------------------------------------------------- 1 | Original script from: 2 | https://blogs.technet.microsoft.com/samroberts/2017/06/19/create-configmgr-configuration-items-from-group-policy-object/ 3 | 4 | 5 | This script has been modified to skip any imports that fail. Previously the entire CI would fail to import because of a single setting. -------------------------------------------------------------------------------- /Compliance Settings/Script/Convert-GPOtoCI_1.2.6/xmlTemplates/rule.xml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /Compliance Settings/Script/Convert-GPOtoCI_1.2.6/xmlTemplates/setting.xml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /Compliance Settings/Script/MigrateGPOBaselinesToDCM.ps1: -------------------------------------------------------------------------------- 1 | # REQUIRES Convert-GPOtoCI.ps1 2 | # 3 | # Fetch off WinAdmins Github or: 4 | # https://blogs.technet.microsoft.com/samroberts/2017/06/19/create-configmgr-configuration-items-from-group-policy-object/ 5 | # 6 | # Press 'F5' to run this script. Running this script will load the ConfigurationManager 7 | # module for Windows PowerShell and will connect to the site. 8 | # 9 | # This script was auto-generated at '4/18/2018 7:16:37 PM'. 10 | 11 | 12 | param( 13 | [parameter(Mandatory=$true)] 14 | [String] 15 | $GPOName, 16 | [parameter(Mandatory=$true)] 17 | [String] 18 | $TargetDomain, 19 | [parameter(Mandatory=$true)] 20 | [ValidateLength(3,3)] 21 | [String] 22 | $SCCMSiteCode, 23 | [parameter(Mandatory=$true)] 24 | [String] 25 | $SCCMSiteServerFQDN 26 | ) 27 | 28 | # Uncomment the line below if running in an environment where script signing is 29 | # required. 30 | #Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process 31 | 32 | # Customizations 33 | $initParams = @{} 34 | 35 | # Do not change anything below this line 36 | 37 | # Import the ConfigurationManager.psd1 module 38 | if($null -eq (Get-Module ConfigurationManager)) { 39 | Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" @initParams 40 | } 41 | 42 | # Connect to the site's drive if it is not already present 43 | if($null -eq (Get-PSDrive -Name $SCCMSiteCode -PSProvider CMSite -ErrorAction SilentlyContinue)) { 44 | New-PSDrive -Name $SCCMSiteCode -PSProvider CMSite -Root $SCCMSiteServerFQDN @initParams 45 | } 46 | 47 | # Set the current location to be the site code. 48 | Set-Location "$($SCCMSiteCode):\" @initParams 49 | 50 | 51 | $GPOs = Get-GPO -All 52 | 53 | ForEach ($GPO in $GPOs) 54 | { 55 | if ($GPO.DisplayName -like '*'+$GPOName+'*') 56 | { 57 | Write-Debug "Converting: " $GPO.DisplayName 58 | & $PSScriptRoot\Convert-GPOtoCI_1.2.6\Convert-GPOtoCI.ps1 -GpoTarget $GPO.DisplayName -DomainTarget $TargetDomain -SiteCode $SCCMSiteCode -Remediate -Severity Critical 59 | } 60 | else 61 | { 62 | Write-Debug "Skipping: " $GPO.DisplayName 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_AD.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 0 9 | 0 10 | 0 11 | 0 12 | 0 13 | 0 14 | 0 15 | 0 16 | 0 17 | 0 18 | 0 19 | 0 20 | 0 21 | 22 | 23 | 0 24 | 0 25 | 0 26 | 0 27 | 0 28 | 0 29 | 0 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_DHCP.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 0 9 | 0 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_DNS.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_HyperV.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 0 9 | 10 | 11 | 0 12 | 0 13 | 0 14 | 0 15 | 0 16 | 0 17 | 18 | 19 | 0 20 | 0 21 | 0 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_IIS.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 8 | 9 | 0 10 | 0 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_SCCMClient.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 0 9 | 0 10 | 0 11 | 0 12 | 0 13 | 14 | 15 | 0 16 | 0 17 | 0 18 | 0 19 | 0 20 | 21 | 22 | 0 23 | 0 24 | 0 25 | 0 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_SQL.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 0 9 | 0 10 | 0 11 | 0 12 | 0 13 | 14 | 15 | 0 16 | 0 17 | 0 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_WINS.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /Defender/Antivirus/Exclusions_Windows.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 0 6 | 0 7 | 0 8 | 0 9 | 0 10 | 0 11 | 0 12 | 0 13 | 0 14 | 0 15 | 0 16 | 0 17 | 0 18 | 0 19 | 0 20 | 0 21 | 0 22 | 0 23 | 0 24 | 0 25 | 0 26 | 0 27 | 0 28 | 0 29 | 0 30 | 0 31 | 0 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /Exploit Guard/README.md: -------------------------------------------------------------------------------- 1 | DOD_EP_V2.XML 2 | Exploit Guard from the DoD STIG. 3 | https://iase.disa.mil/stigs/os/windows/Pages/win10.aspx 4 | 5 | ProcessMitigation.xml 6 | Example mitigations from Microsoft. 7 | https://demo.wd.microsoft.com/Page/EP 8 | -------------------------------------------------------------------------------- /Hardware Inventory/HP_CMI_SMS_DEF.mof: -------------------------------------------------------------------------------- 1 | #pragma namespace(""); 2 | 3 | [ SMS_Report(TRUE), SMS_Group_Name("CMI BIOS Setting Data"), SMS_Class_ID("HP|HP_BIOSSetting|1.0"), SMS_Namespace(FALSE), Namespace("\\\\.\\root\\HP\\InstrumentedBIOS") ] 4 | class HP_BIOSSetting : SMS_Class_Template 5 | { 6 | [SMS_Report (TRUE)] string Name; 7 | [SMS_Report (TRUE)] string Value; 8 | [SMS_Report (TRUE)] string Path; 9 | [SMS_Report (TRUE)] uint32 IsReadOnly; 10 | [SMS_Report (TRUE)] uint32 DisplayInUI; 11 | [SMS_Report (TRUE)] uint32 RequiresPhysicalPresence; 12 | [SMS_Report (TRUE)] uint32 Sequence; 13 | [SMS_Report (TRUE)] string Prerequisites[]; 14 | }; 15 | 16 | [ SMS_Report(TRUE), SMS_Group_Name("CMI BIOS String Data"), SMS_Class_ID("HP|HP_BIOSString|1.0"), SMS_Namespace(FALSE), Namespace("\\\\.\\root\\HP\\InstrumentedBIOS") ] 17 | class HP_BIOSString : SMS_Class_Template 18 | { 19 | [SMS_Report (TRUE)] uint32 MinLength; 20 | [SMS_Report (TRUE)] uint32 MaxLength; 21 | }; 22 | 23 | [ SMS_Report(TRUE), SMS_Group_Name("CMI BIOS Integer Data"), SMS_Class_ID("HP|HP_BIOSInteger|1.0"), SMS_Namespace(FALSE), Namespace("\\\\.\\root\\HP\\InstrumentedBIOS") ] 24 | class HP_BIOSInteger : SMS_Class_Template 25 | { 26 | [SMS_Report (TRUE)] uint32 LowerBound; 27 | [SMS_Report (TRUE)] uint32 UpperBound; 28 | [SMS_Report (TRUE)] uint32 IntValue; 29 | }; 30 | 31 | [ SMS_Report(TRUE), SMS_Group_Name("CMI BIOS Enumeration Data"), SMS_Class_ID("HP|HP_BIOSEnumeration|1.0"), SMS_Namespace(FALSE), Namespace("\\\\.\\root\\HP\\InstrumentedBIOS") ] 32 | class HP_BIOSEnumeration : SMS_Class_Template 33 | { 34 | [SMS_Report (TRUE)] string CurrentValue; 35 | [SMS_Report (TRUE)] uint32 Size; 36 | [SMS_Report (TRUE)] string PossibleValues[]; 37 | }; 38 | 39 | [ SMS_Report(TRUE), SMS_Group_Name("CMI BIOS Ordered List Data"), SMS_Class_ID("HP|HP_BIOSOrderedList|1.0"), SMS_Namespace(FALSE), Namespace("\\\\.\\root\\HP\\InstrumentedBIOS") ] 40 | class HP_BIOSOrderedList : SMS_Class_Template 41 | { 42 | [SMS_Report (TRUE)] uint32 Size; 43 | [SMS_Report (TRUE)] string Elements[]; 44 | }; 45 | 46 | [ SMS_Report(TRUE), SMS_Group_Name("CMI BIOS Password Data"), SMS_Class_ID("HP|HP_BIOSPassword|1.0"), SMS_Namespace(FALSE), Namespace("\\\\.\\root\\HP\\InstrumentedBIOS") ] 47 | class HP_BIOSPassword : SMS_Class_Template 48 | { 49 | [SMS_Report (TRUE)] uint32 MinLength; 50 | [SMS_Report (TRUE)] uint32 MaxLength; 51 | [SMS_Report (TRUE)] string SupportedEncoding[]; 52 | [SMS_Report (TRUE)] uint32 IsSet; 53 | }; 54 | 55 | -------------------------------------------------------------------------------- /Hardware Inventory/readme.md: -------------------------------------------------------------------------------- 1 | HealthCheacksHINV - Inventory for health check collections 2 | 3 | OMCI_SMS_DEF - Dell Command | Monitor inventory (bios settings, etc) 4 | 5 | HINV Inventoy extension must be run against the default policy. If required you can revert the individual changes (turn off extended inventory) made by the MOF and then manually create a new policy to re-enable the changes. 6 | -------------------------------------------------------------------------------- /Intune/Device Configuration Profiles/Endpoint Protection/readme.md: -------------------------------------------------------------------------------- 1 | Contains Device Configuration Policies for Exploit Guard (Exploit Protection, Network Protection, and Attack Surface Reduction), Credential Guard, and SmartScreen. 2 | -------------------------------------------------------------------------------- /Intune/Device Configuration Profiles/Google Chrome/CIS Level 1 - Chrome Browser policies for Microsoft Intune.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Intune/Device Configuration Profiles/Google Chrome/CIS Level 1 - Chrome Browser policies for Microsoft Intune.xlsx -------------------------------------------------------------------------------- /Intune/Device Configuration Profiles/Google Chrome/Readme.md: -------------------------------------------------------------------------------- 1 | CIS Level 1 Benchmark (1.3.0) for Google Chrome 2 | Also Installs the following browser extensions: 3 | * Windows Defender Browser Protection 4 | * My Apps Secure Sign-in Extension 5 | * Windows 10 Accounts 6 | -------------------------------------------------------------------------------- /Intune/Device Configuration Profiles/Office 365/Office 365 - MSFT Baseline.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Intune/Device Configuration Profiles/Office 365/Office 365 - MSFT Baseline.xlsx -------------------------------------------------------------------------------- /Intune/Device Configuration Profiles/Office 365/Readme.md: -------------------------------------------------------------------------------- 1 | Office 365/2016 Microsoft Security Baseline 2 | Broken into multiple JSON files to improve responsiveness within Intune management console 3 | Office2016.admx trimmed down to just what is necessary as part of the baselines, ingesting the entire file causes failures on the client. 4 | -------------------------------------------------------------------------------- /Intune/Device Configuration Profiles/Readme.md: -------------------------------------------------------------------------------- 1 | Contains Device Configuration Profiles that can be imported into an Intune tenant using the following: 2 | https://github.com/microsoftgraph/powershell-intune-samples/blob/master/DeviceConfiguration/DeviceConfiguration_Import_FromJSON.ps1 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ConfigMgr 2 | 3 | A repo of useful items for the everyday ConfigMgr admin. 4 | 5 | To download, click the big green "Code" button above and click "Download ZIP". 6 | 7 | Need help? Check out our Discord community: https://winadmins.io/discord 8 | 9 | NOTE: All items stored in this repository are community sourced, provided, and curated. Please test things in a non-production environment to be sure that things work as expected. While we strive to ensure that all items submitted are in a working/useful state, the WinAdmins community takes no responsibility for any issues caused by imporper use or modification of items contained within this repository. -------------------------------------------------------------------------------- /Reports/README.md: -------------------------------------------------------------------------------- 1 | For reporting purposes only. -------------------------------------------------------------------------------- /Reports/Reporting for the Rest of Us - Deployment Status Dashboard.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Reports/Reporting for the Rest of Us - Deployment Status Dashboard.pbit -------------------------------------------------------------------------------- /Reports/TS Fail Status.sql: -------------------------------------------------------------------------------- 1 | SELECT 2 | DISTINCT 3 | rs.Netbios_Name0 AS 'Hostname' 4 | ,usr.Full_User_Name0 AS 'Name' 5 | ,usr.User_Name0 AS 'Username' 6 | ,usr.Mail0 AS 'Email' 7 | ,rs.AD_Site_Name0 AS 'Site' 8 | ,tse.ActionName AS 'Step' 9 | ,tse.GroupName AS 'Group' 10 | ,CONVERT(VARCHAR,DATEADD(hour, -5,tse.ExecutionTime),111) AS 'Date' 11 | ,CONVERT ([VARCHAR],DATEADD(HOUR,-5,tse.ExecutionTime),8) AS 'Time' 12 | ,CASE 13 | WHEN tse.AdvertisementID = '## TS Advertisement ID ##' THEN 'Phase 1' 14 | WHEN tse.AdvertisementID = '## TS Advertisement ID ##' THEN 'Phase 2' 15 | END AS 'Phase' 16 | --,tse.ExecutionTime 17 | FROM 18 | vSMS_TaskSequenceExecutionStatus AS tse 19 | JOIN v_R_System AS rs ON rs.ResourceID=tse.ResourceID 20 | JOIN v_R_User AS usr ON usr.User_Name0=rs.User_Name0 21 | WHERE 22 | tse.ExitCode != 0 23 | AND tse.PackageID = '## TS Package ID ##' 24 | AND DATALENGTH(tse.ActionName) > 0 25 | AND DATALENGTH(tse.GroupName) > 0 26 | ORDER BY [Date] DESC, [Time] DESC, [Name] 27 | 28 | --Failed step count 29 | SELECT 30 | tse.ActionName 31 | ,COUNT(tse.ActionName) AS 'Error Count' 32 | FROM 33 | vSMS_TaskSequenceExecutionStatus AS tse 34 | JOIN v_R_System AS rs ON rs.ResourceID=tse.ResourceID 35 | JOIN v_R_User AS usr ON usr.User_Name0=rs.User_Name0 36 | WHERE 37 | tse.ExitCode != 0 38 | --or if you want ot use the advertisement ID tse.AdvertisementID = '## TS Advertisement ID' 39 | AND tse.PackageID = '## TS Package ID ##' 40 | AND tse.GroupName != 'FaiIure Group' 41 | AND DATALENGTH(tse.ActionName) > 0 42 | AND DATALENGTH(tse.GroupName) > 0 43 | GROUP BY tse.ActionName 44 | -------------------------------------------------------------------------------- /SQL/Find Asset and User Data by Installed Application Name (ARP).sql: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | 4 | Purpose: Gather Information about Assets with defined application in Add/Remove Programs 5 | 6 | Author(s): Chris Kibble (www.ChristopherKibble.com) 7 | Contributor(s): 8 | Created: 2019-04-29 9 | Last Updated: 2019-04-29 10 | 11 | To Use: 12 | 13 | 1) Connect to your SCCM database. 14 | 2) Modify the LIKE clause to identify the application as necessary. 15 | 3) Execute. 16 | 17 | Comments: 18 | 19 | * Using condition in JOIN so that not all applications are returned and instead we only join the view when the application exists. Open to better ways of doing this. 20 | * Requires that you be collecting Unique_User_Name0, cn0, and Mail0 during Active Directory User discovery or those fields may return errors. 21 | 22 | */ 23 | 24 | 25 | select v_r_system.name0 26 | , v_add_remove_programs.Publisher0 27 | , v_add_remove_programs.displayname0 28 | , v_add_remove_programs.Version0 29 | , v_add_remove_programs.installdate0 30 | , v_R_User.Unique_User_Name0 31 | , v_R_User.cn0 32 | , v_R_User.Mail0 33 | from v_r_system 34 | join v_add_remove_programs 35 | on v_r_system.resourceid = v_add_remove_programs.resourceid 36 | and v_add_remove_programs.displayname0 like 'Microsoft Visio%' 37 | left join v_gs_system_console_usage 38 | on v_r_system.resourceid = v_gs_system_console_usage.resourceid 39 | left join v_r_user 40 | on v_gs_system_console_usage.topconsoleuser0 = v_r_user.Unique_User_Name0; 41 | -------------------------------------------------------------------------------- /SQL/Find Assets by Primary User Email.sql: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | 4 | Purpose: Find Assets by Primary User (Top Console User) 5 | 6 | Author(s): Chris Kibble (www.ChristopherKibble.com) 7 | Contributor(s): 8 | Created: 2019-04-29 9 | Last Updated: 2019-04-29 10 | 11 | To Use: 12 | 13 | 1) Connect to your SCCM database. 14 | 2) Modify the WHERE clause to include the user email address. 15 | 3) Execute. 16 | 17 | Comments: 18 | 19 | * Requires that you be collecting cn0 and Mail0 during Active Directory User discovery or those fields may return errors. 20 | 21 | */ 22 | 23 | 24 | select v_r_system.name0 25 | , v_r_system.Operating_System_Name_and0 26 | , v_R_User.Unique_User_Name0 27 | , v_R_User.cn0 28 | , v_R_User.Mail0 29 | from v_r_system 30 | join v_gs_system_console_usage 31 | on v_r_system.resourceid = v_gs_system_console_usage.resourceid 32 | join v_r_user 33 | on v_gs_system_console_usage.topconsoleuser0 = v_r_user.Unique_User_Name0 34 | where v_r_user.mail0 = 'chris@example.org'; -------------------------------------------------------------------------------- /SQL/Installed Web Browsers (IE, Chrome, Firefox, Opera, and Safari).sql: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | 4 | Purpose: Inventory installed web browsers across environment. 5 | 6 | Author(s): Chris Kibble (www.ChristopherKibble.com) 7 | Contributor(s): 8 | Created: 2019-04-29 9 | Last Updated: 2019-04-29 10 | 11 | To Use: 12 | 13 | 1) Connect to your SCCM database. 14 | 2) Execute. 15 | 16 | Comments: 17 | 18 | * This gets kludge at times, but has served me well and uses a lot of wildcards to find all possible variations of a browser. Open to suggestions. 19 | * May return errors if you're not capturing Full_User_Name0 or Mail0 in your Active Directory User Discovery, these can be removed as required. 20 | 21 | */ 22 | 23 | 24 | 25 | /* Find Firefox, Chrome (System), Opera, and Safari */ 26 | select distinct v_R_System.Name0 27 | , v_add_remove_programs.Publisher0 28 | , v_add_remove_programs.displayname0 29 | , case when charindex('Firefox', v_add_remove_programs.displayname0) > 0 then 'Mozilla Firefox' 30 | when charindex('Chrome', v_add_remove_programs.displayname0) > 0 then 'Google Chrome' 31 | when charindex('Opera', v_add_remove_programs.displayname0) > 0 then 'Opera' 32 | when charindex('Safari', v_add_remove_programs.displayname0) > 0 then 'Apple Safari' 33 | else v_add_remove_programs.displayname0 34 | end BrowserTitle 35 | , v_add_remove_programs.Version0 36 | , case when charindex('.',v_add_remove_programs.version0) > 0 then substring(v_add_remove_programs.version0, 1, charindex('.',v_add_remove_programs.version0)-1) 37 | else v_add_remove_programs.version0 38 | end version_major 39 | , v_r_user.Full_User_Name0 40 | , v_r_user.Mail0 41 | from v_R_System 42 | join v_Add_Remove_Programs 43 | on v_R_System.ResourceID = v_Add_Remove_Programs.ResourceID 44 | left join v_GS_SYSTEM_CONSOLE_USAGE 45 | on v_r_system.resourceid = v_GS_SYSTEM_CONSOLE_USAGE.ResourceID 46 | left join v_R_User 47 | on v_r_user.Unique_User_Name0 = v_GS_SYSTEM_CONSOLE_USAGE.TopConsoleUser0 48 | where (v_add_remove_programs.displayname0 like '%Firefox%' and v_Add_Remove_Programs.Publisher0 like '%Mozilla%') 49 | or (v_add_remove_programs.displayname0 like '%Safari%' and v_Add_Remove_Programs.Publisher0 like '%Apple%') 50 | or (v_add_remove_programs.displayname0 like '%Opera%' and v_Add_Remove_Programs.Publisher0 like '%Opera%') 51 | or v_add_remove_programs.displayname0 = 'Google Chrome' 52 | 53 | union all 54 | 55 | /* Union IE Users by File Name */ 56 | select distinct v_R_System.Name0 57 | , 'Microsoft' as Publisher0 58 | , 'Internet Explorer' as Displayname0 59 | , 'Internet Explorer' as BrowserTitle 60 | , v_GS_SoftwareFile.FileVersion as Version0 61 | , case when charindex('.',v_GS_SoftwareFile.FileVersion) > 0 then substring(v_GS_SoftwareFile.FileVersion, 1, charindex('.',v_GS_SoftwareFile.FileVersion)-1) 62 | else v_GS_SoftwareFile.FileVersion 63 | end version_major 64 | , v_r_user.Full_User_Name0 65 | , v_r_user.Mail0 66 | from v_R_System 67 | join v_GS_SoftwareFile 68 | on v_GS_SoftwareFile.ResourceID = v_R_System.ResourceID 69 | join v_GS_OPERATING_SYSTEM 70 | on v_GS_OPERATING_SYSTEM.ResourceID = v_R_System.ResourceID 71 | join v_GS_WORKSTATION_STATUS 72 | on v_GS_WORKSTATION_STATUS.ResourceID = v_R_System.ResourceID 73 | left join v_GS_SYSTEM_CONSOLE_USAGE 74 | on v_r_system.resourceid = v_GS_SYSTEM_CONSOLE_USAGE.ResourceID 75 | left join v_R_User 76 | on v_r_user.Unique_User_Name0 = v_GS_SYSTEM_CONSOLE_USAGE.TopConsoleUser0 77 | where v_GS_SoftwareFile.FileName = 'iexplore.exe' 78 | and v_GS_SoftwareFile.FilePath like '%:\Program Files%\Internet Explorer%' 79 | and v_GS_SoftwareFile.FilePath not like '%Recycle%' 80 | 81 | union all 82 | 83 | /* Union Google (User) */ 84 | select distinct v_R_System.Name0 85 | , 'Google' as Publisher0 86 | , 'Google Chrome' as Displayname0 87 | , 'Google Chrome' as BrowserTitle 88 | , v_GS_SoftwareFile.FileVersion as Version0 89 | , case when charindex('.',v_GS_SoftwareFile.FileVersion) > 0 then substring(v_GS_SoftwareFile.FileVersion, 1, charindex('.',v_GS_SoftwareFile.FileVersion)-1) 90 | else v_GS_SoftwareFile.FileVersion 91 | end version_major 92 | , v_r_user.Full_User_Name0 93 | , v_r_user.Mail0 94 | from v_R_System 95 | join v_GS_SoftwareFile 96 | on v_GS_SoftwareFile.ResourceID = v_R_System.ResourceID 97 | join v_GS_OPERATING_SYSTEM 98 | on v_GS_OPERATING_SYSTEM.ResourceID = v_R_System.ResourceID 99 | join v_GS_WORKSTATION_STATUS 100 | on v_GS_WORKSTATION_STATUS.ResourceID = v_R_System.ResourceID 101 | left join v_GS_SYSTEM_CONSOLE_USAGE 102 | on v_r_system.resourceid = v_GS_SYSTEM_CONSOLE_USAGE.ResourceID 103 | left join v_R_User 104 | on v_r_user.Unique_User_Name0 = v_GS_SYSTEM_CONSOLE_USAGE.TopConsoleUser0 105 | where v_GS_SoftwareFile.FileName = 'chrome.exe' 106 | and v_GS_SoftwareFile.FilePath like '%:\Users\%\AppData\Local\Google\Chrome%' 107 | and v_GS_SoftwareFile.FilePath not like '%Recycle%' 108 | and v_GS_SoftwareFile.FilePath not like '%Temporary Internet Files%' 109 | and v_GS_SoftwareFile.FilePath not like '%Chrome Frame%' 110 | and v_r_system.ResourceID not in (select ResourceID from v_Add_Remove_Programs where DisplayName0 = 'Google Chrome') 111 | -------------------------------------------------------------------------------- /SQL/List of Assets with Windows 10 Build Information.sql: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | 4 | Purpose: Maps Windows 10 Build Numbers to Version and gathers data on all assets running Windows 10. 5 | 6 | Author(s): Chris Kibble (www.ChristopherKibble.com) 7 | Contributor(s): 8 | Created: 2019-04-30 9 | Last Updated: 2019-04-30 10 | 11 | To Use: 12 | 13 | 1) Connect to your SCCM database. 14 | 2) Execute. 15 | 16 | Comments: 17 | 18 | * https://en.wikipedia.org/wiki/Windows_10_version_history (Build Number Source) 19 | * Requires that you be collecting Full_User_Name0 and Mail0 during Active Directory User discovery or those fields may return errors. 20 | 21 | */ 22 | 23 | -- 24 | 25 | select v_r_system.name0 26 | , v_GS_OPERATING_SYSTEM.Caption0 27 | , v_GS_OPERATING_SYSTEM.BuildNumber0 28 | , case when v_GS_OPERATING_SYSTEM.BuildNumber0 = '10240' then '1507' 29 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '10586' then '1511' 30 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '14393' then '1607' 31 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '15063' then '1703' 32 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '16299' then '1709' 33 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '17134' then '1803' 34 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '17763' then '1809' 35 | when v_GS_OPERATING_SYSTEM.BuildNumber0 = '18362' then '1903' 36 | else '????' 37 | end as Win10Version 38 | , v_R_User.Full_User_Name0 39 | , v_r_user.Mail0 40 | from v_r_system 41 | join v_gs_operating_system 42 | on v_r_system.ResourceID = v_gs_operating_system.ResourceID 43 | left join v_GS_SYSTEM_CONSOLE_USAGE 44 | on v_r_system.ResourceID = v_GS_SYSTEM_CONSOLE_USAGE.ResourceID 45 | left join v_R_User 46 | on v_R_User.Unique_User_Name0 = v_GS_SYSTEM_CONSOLE_USAGE.TopConsoleUser0 47 | where v_GS_OPERATING_SYSTEM.Caption0 like 'Microsoft Windows 10%' 48 | 49 | 50 | -------------------------------------------------------------------------------- /SQL/README.MD: -------------------------------------------------------------------------------- 1 | # SQL Scripts for ConfigMgr 2 | 3 | This folder contains a list of SQL Scripts you can use to pull data from ConfigMgr. 4 | 5 | -------------------------------------------------------------------------------- /Scripts/Bitlocker/BitlockerAudit.ps1: -------------------------------------------------------------------------------- 1 | $days = 90 2 | 3 | 4 | $ADComputers = Get-ADComputer -Filter 'PasswordLastSet -ge $days' 5 | 6 | # $resultsobj = new-object psobject 7 | $table = New-Object system.Data.DataTable “BLStatus” 8 | 9 | $col1 = New-Object system.Data.DataColumn Name,([string]) 10 | $col2 = New-Object system.Data.DataColumn Date,([string]) 11 | $col3 = New-Object system.Data.DataColumn PasswordID,([string]) 12 | $col4 = New-Object system.Data.DataColumn RecoveryPassword,([string]) 13 | 14 | #Add the Columns 15 | $table.columns.add($col1) 16 | $table.columns.add($col2) 17 | $table.columns.add($col3) 18 | $table.columns.add($col4) 19 | 20 | ForEach ($_ in $ADComputers) 21 | { 22 | $BLStatus = $_.Name | .\Get-BitlockerStatus.ps1 23 | 24 | $row = $table.NewRow() 25 | 26 | Write-Debug $_.Name 27 | 28 | If ($_.Name -eq "CLIENT2") 29 | { 30 | Write-Debug BREAK 31 | } 32 | 33 | 34 | If ($BLStatus) 35 | { 36 | #Enter data in the row 37 | $row.Name = $_.Name 38 | $row.Date = $BLStatus.Date 39 | $row.PasswordID = $BLStatus.PasswordID 40 | $row.RecoveryPassword = $BLStatus.RecoveryPassword 41 | 42 | 43 | # $resultsobj | Add-Member -MemberType NoteProperty -Name "Name" -Value $_.Name -PassThru | Add-Member -MemberType NoteProperty -Name "Date" -Value $BLStatus.Date | Add-Member -MemberType NoteProperty -Name "PasswordID" -Value $BLStatus.PasswordID | Add-Member -MemberType NoteProperty -Name "RecoveryPassword" -Value $BLStatus.RecoveryPassword 44 | # $row = [ordered]@{Name=$_.Name;Date=$BLStatus.Date;PasswordID=$BLStatus.PasswordID;RecoveryPassword=$BLStatus.RecoveryPassword} 45 | } 46 | Else 47 | { 48 | # $resultsobj | Add-Member -MemberType NoteProperty -Name "Name" -Value $_.Name -PassThru 49 | # $row = [ordered]@{Name=$_.Name} 50 | $row.Name = $_.Name 51 | } 52 | 53 | #Add the row to the table 54 | $table.Rows.Add($row) 55 | 56 | 57 | #Add-Member -in $resultsobj -membertype NoteProperty -name $p.name -value "" 58 | # $resultsobj | Add-Member -NotePropertyMembers $row 59 | # $resultsobj | Add-Member -Name $_.Name -membertype NoteProperty -value $row 60 | } 61 | 62 | $table | Format-Table -AutoSize | Out-File -FilePath .\BLStatus.txt -Force 63 | 64 | 65 | -------------------------------------------------------------------------------- /Scripts/CurrentLoggedOnUsers.ps1: -------------------------------------------------------------------------------- 1 | Function Get-QueryUser(){ 2 | 3 | # Found via: https://stackoverflow.com/questions/39212183/easier-way-to-parse-query-user-in-powershell 4 | 5 | Param([switch]$Json) # ALLOWS YOU TO RETURN A JSON OBJECT 6 | $HT = @() 7 | $Lines = @(query user).foreach({$(($_) -replace('\s{2,}',','))}) # REPLACES ALL OCCURENCES OF 2 OR MORE SPACES IN A ROW WITH A SINGLE COMMA 8 | $header=$($Lines[0].split(',').trim()) # EXTRACTS THE FIRST ROW FOR ITS HEADER LINE 9 | for($i=1;$i -lt $($Lines.Count);$i++){ # NOTE $i=1 TO SKIP THE HEADER LINE 10 | $Res = "" | Select-Object $header # CREATES AN EMPTY PSCUSTOMOBJECT WITH PRE DEFINED FIELDS 11 | $Line = $($Lines[$i].split(',')).foreach({ $_.trim().trim('>') }) # SPLITS AND THEN TRIMS ANOMALIES 12 | if($Line.count -eq 5) { $Line = @($Line[0],"$($null)",$Line[1],$Line[2],$Line[3],$Line[4] ) } # ACCOUNTS FOR DISCONNECTED SCENARIO 13 | for($x=0;$x -lt $($Line.count);$x++){ 14 | $Res.$($header[$x]) = $Line[$x] # DYNAMICALLY ADDS DATA TO $Res 15 | } 16 | $HT += $Res # APPENDS THE LINE OF DATA AS PSCUSTOMOBJECT TO AN ARRAY 17 | Remove-Variable Res # DESTROYS THE LINE OF DATA BY REMOVING THE VARIABLE 18 | } 19 | if($Json) { 20 | $JsonObj = [pscustomobject]@{ $($env:COMPUTERNAME)=$HT } | convertto-json # CREATES ROOT ELEMENT OF COMPUTERNAME AND ADDS THE COMPLETED ARRAY 21 | Return $JsonObj 22 | } else { 23 | Return $HT 24 | } 25 | } 26 | 27 | {Get-QueryUser | Where-Object {$_.STATE -ne "Active"}}.Count 28 | -------------------------------------------------------------------------------- /Scripts/Drivers/AutoApplyDrivers/AutoApplyDrivers.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Scripts/Drivers/AutoApplyDrivers/AutoApplyDrivers.zip -------------------------------------------------------------------------------- /Scripts/Drivers/AutoApplyDrivers/MODULE_Functions/MODULE_Functions.psd1: -------------------------------------------------------------------------------- 1 | # 2 | # Module manifest for module 'Functions' for 'AutoApplyDrivers' 3 | # 4 | # Generated by: Gabriel Bennett 5 | # 6 | 7 | @{ 8 | 9 | # Script module or binary module file associated with this manifest 10 | #RootModule = '' 11 | 12 | # Version number of this module. 13 | ModuleVersion = '1.0' 14 | 15 | # ID used to uniquely identify this module 16 | GUID = 'd0a9150d-b6a4-4b17-a325-e3a24fed0aa9' 17 | 18 | # Author of this module 19 | Author = 'Gabriel Bennett' 20 | 21 | # Company or vendor of this module 22 | CompanyName = '' 23 | 24 | # Copyright statement for this module 25 | Copyright = 'Copyleft' 26 | 27 | # Description of the functionality provided by this module 28 | # Description = '' 29 | 30 | # Minimum version of the Windows PowerShell engine required by this module 31 | # PowerShellVersion = '' 32 | 33 | # Name of the Windows PowerShell host required by this module 34 | # PowerShellHostName = '' 35 | 36 | # Minimum version of the Windows PowerShell host required by this module 37 | # PowerShellHostVersion = '' 38 | 39 | # Minimum version of the .NET Framework required by this module 40 | # DotNetFrameworkVersion = '' 41 | 42 | # Minimum version of the common language runtime (CLR) required by this module 43 | # CLRVersion = '' 44 | 45 | # Processor architecture (None, X86, Amd64) required by this module 46 | # ProcessorArchitecture = '' 47 | 48 | # Modules that must be imported into the global environment prior to importing this module 49 | # RequiredModules = @() 50 | 51 | # Assemblies that must be loaded prior to importing this module 52 | # RequiredAssemblies = @() 53 | 54 | # Script files (.ps1) that are run in the caller's environment prior to importing this module 55 | # ScriptsToProcess = @() 56 | 57 | # Type files (.ps1xml) to be loaded when importing this module 58 | # TypesToProcess = @() 59 | 60 | # Format files (.ps1xml) to be loaded when importing this module 61 | # FormatsToProcess = @() 62 | 63 | # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess 64 | NestedModules = @('MODULE_Functions.psm1', 'MODULE_Drivers.psm1', 'MODULE_LogIt.psm1', 'MODULE_SQL.psm1') 65 | 66 | # Functions to export from this module 67 | FunctionsToExport = '*' 68 | 69 | # Cmdlets to export from this module 70 | CmdletsToExport = '*' 71 | 72 | # Variables to export from this module 73 | VariablesToExport = '*' 74 | 75 | # Aliases to export from this module 76 | AliasesToExport = '*' 77 | 78 | # List of all modules packaged with this module 79 | # ModuleList = @() 80 | 81 | # List of all files packaged with this module 82 | # FileList = @() 83 | 84 | # Private data to pass to the module specified in RootModule/ModuleToProcess 85 | # PrivateData = '' 86 | 87 | # HelpInfo URI of this module 88 | HelpInfoURI = 'https://github.com/winadminsdotorg/SystemCenterConfigMgr/blob/master/Scripts/AutoApplyDrivers/Readme.md' 89 | 90 | # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. 91 | # DefaultCommandPrefix = '' 92 | 93 | } -------------------------------------------------------------------------------- /Scripts/Drivers/AutoApplyDrivers/MODULE_Functions/MODULE_LogIt.psm1: -------------------------------------------------------------------------------- 1 | Write-Debug "Loading: MODULE_LogIt" 2 | 3 | function LogIt 4 | { 5 | <# 6 | .SYNOPSIS 7 | Creates a log file in the CMTrace format 8 | .DESCRIPTION 9 | .EXAMPLE 10 | Example LogIt function calls 11 | LogIt -message ("Starting Logging Example Script") -component "Main()" -type Info 12 | LogIt -message ("Log Warning") -component "Main()" -type Warning 13 | LogIt -message ("Log Error") -component "Main()" -type Error 14 | LogIt -message ("Log Verbose") -component "Main()" -type Verbose 15 | LogIt -message ("Script Status: " + $Global:ScriptStatus) -component "Main()" -type Info 16 | LogIt -message ("Stopping Logging Example Script") -component "Main()" -type Info 17 | LogIt -message ("Stopping Logging Example Script") -component "Main()" -type Info -LogFile a.log 18 | #> 19 | 20 | param ( 21 | [Parameter(Mandatory=$true)] 22 | [string]$message, 23 | [Parameter(Mandatory=$true)] 24 | [string]$component, 25 | [ValidateSet("INFO","WARNING","ERROR","VERBOSE", "DEBUG")] 26 | [string]$type, 27 | [string]$LogFile 28 | ) 29 | 30 | # switch ($type) 31 | # { 32 | # 1 { $type = "Info" } 33 | # 2 { $type = "Warning" } 34 | # 3 { $type = "Error" } 35 | # 4 { $type = "Verbose" } 36 | # 5 { $type = "Debug" } 37 | # } 38 | 39 | If (-not $LogFile) 40 | { 41 | # Write-Host "Getting global log file" 42 | $LogFile = $Global:Logfile 43 | } 44 | 45 | If (-not $LogFile) 46 | { 47 | # Write-Host "Setting log file to default location." 48 | $LogFile = $PSScriptRoot + "\LogIt.log" 49 | } 50 | 51 | try 52 | { 53 | If (-not (Test-Path -Path $LogFile)) 54 | { 55 | write-host "Creating $LogFile in UTF-8" 56 | $filename = "$LogFile" 57 | $text = "" 58 | [IO.File]::WriteAllLines($filename, $text, [System.Text.Encoding]::UTF8) 59 | } 60 | Else 61 | { 62 | # Write-Host "Writing log to: $LogFile" 63 | } 64 | } 65 | catch 66 | { 67 | Write-Host -ForegroundColor Red "Unable to create the log file. No information will be logged." 68 | Write-Host $component": "$message 69 | Return 70 | } 71 | 72 | $type = $type.ToUpper() 73 | if ($type -eq "VERBOSE") 74 | { 75 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($type + ": " + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 76 | If ($VerbosePreference -ne "SilentlyContinue") 77 | { 78 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 79 | } 80 | Write-Verbose $message 81 | } 82 | elseif ($type -eq "ERROR") 83 | { 84 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($type + ": " + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 85 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 86 | Write-Host $message -foreground "Red" 87 | } 88 | elseif ($type -eq "WARNING") 89 | { 90 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($type + ": " + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 91 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 92 | Write-Warning $message 93 | } 94 | elseif ($type -eq "INFO") 95 | { 96 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 97 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 98 | Write-Host $message -foreground "White" 99 | } 100 | elseif ($type -eq "DEBUG") 101 | { 102 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 103 | If ($DebugPreference -ne "SilentlyContinue") 104 | { 105 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 106 | } 107 | Write-Debug $message 108 | } 109 | else 110 | { 111 | Write-Host $message -foreground "Gray" 112 | } 113 | 114 | # if (($type -eq 'Warning') -and ($Global:ScriptStatus -ne 'Error')) 115 | # { 116 | # $Global:ScriptStatus = $type 117 | # } 118 | # 119 | # if ($type -eq 'Error') 120 | # { 121 | # $Global:ScriptStatus = $type 122 | # } 123 | 124 | If (-not $Global:MaxLogSizeInKB) 125 | { 126 | $Global:MaxLogSizeInKB = 10240 127 | } 128 | 129 | if ((Get-Item $LogFile).Length/1KB -gt $MaxLogSizeInKB) 130 | { 131 | $log = $LogFile 132 | Remove-Item ($log.Replace(".log", ".lo_")) 133 | Rename-Item $LogFile ($log.Replace(".log", ".lo_")) -Force 134 | } 135 | 136 | 137 | } -------------------------------------------------------------------------------- /Scripts/Drivers/AutoApplyDrivers/Readme.md: -------------------------------------------------------------------------------- 1 | # Integral Design of Just In Time Modern Driver Management 2 | 3 | ### Use case: 4 | This is ideally used in one of two difference scenarios: 5 | 1) To stage drivers for an Upgrade in Place (UIP) scenario. You can use this to download just the drivers required by the OS, either to prestage or directly as part of the UIP task sequence. 6 | 2) To update online workstations (keeping drivers up to date). 7 | 8 | ### To Run: 9 | .\AutoApplyDrivers.ps1 -Path "c:\Temp\Drivers\" -SCCMServer cm1.corp.contoso.com -SCCMServerDB "ConfigMgr_CHQ" -Credential (Get-Credential -UserName "CORP\Drivers" -Message "Enter password") 10 | 11 | ## Requirements 12 | #### What *IS* required: 13 | 1) SCCM 14 | 2) Driver database populated with drivers 15 | 16 | #### What is *NOT* required: 17 | 1) New creation of driver packages 18 | 2) Web services 19 | 3) Expensive consulting engagements (unless you want to...) 20 | 21 | ## To setup 22 | #### SCCM 23 | 1) Create a package for the PoSh files. 24 | 2) Import the example task sequence. 25 | 3) Fix references in the task sequence. 26 | 4) Use inside a UIP TS or stand alone. 27 | 28 | #### Active Directory: 29 | 1) Create a domain service account. 30 | (Basic service account security principles apply) 31 | 32 | #### SQL: 33 | 1) In SQL Server Management Studio, browse to Security -> Logins 34 | 2) Right Click -> New Login 35 | 3) Add the domain service account created above. 36 | 4) Select User Mapping 37 | 5) Check the box under Map for the ConfigMgr_ database 38 | 6) In the Database role membership, check the box for db_datareader 39 | 7) Execute the following command (change the domain\account name): `GRANT EXECUTE ON dbo.MP_MatchDrivers TO [CORP\Drivers];` 40 | 41 | #### IIS: 42 | Note: Unsure as to which of these made this work (user group or folder perms). 43 | 1) Add the domain service account to the IIS_IUSRS group. 44 | 2) In Internet Information Services (IIS) Manager, select the Default Web Site. 45 | Note: If you created the distribution point under a different site, you will need to select that one. 46 | 3) Right click on SMS_DP_SMSPKG$ -> Edit Permission 47 | 4) Security -> Edit -> Add 48 | 5) Add the domain service account 49 | 6) Default permissions should suffice. Do not check Full Control, Modify, or Write 50 | 51 | 52 | 53 | ## Potential Gotchas 54 | 1) If the context the script executes under has no local administrator access, the script will be unable to compare the drivers found in SCCM to the local drivers, and will not be able to identify which drivers are newer. Thus all possible matching drivers will be downloaded. 55 | 2) If the context the script executes under has no local administrator access, the script will be unable to install drivers and installation must be handled outside of the script execution. 56 | 3) For an Upgrade in Place (UIP/IPU) scenario it's recommended you set the following to `$False`. If either is set to `$True` you have a much higher likelyhood of missing important/critical drivers as part of the upgrade. 57 | ``` 58 | [bool]$HardwareMustBePresent = $False, 59 | [bool]$UpdateOnlyDatedDrivers = $False, 60 | ``` 61 | -------------------------------------------------------------------------------- /Scripts/Drivers/BurnDriverDatabaseWithFire.ps1: -------------------------------------------------------------------------------- 1 | Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" # Import the ConfigurationManager.psd1 module 2 | 3 | $drivers = Get-CMDriver 4 | 5 | ForEach ($driver in $drivers) 6 | { 7 | Remove-CMDriver -InputObject $driver -Force 8 | Write-Debug "Removing driver: $($driver.LocalizedDisplayName)" 9 | 10 | } 11 | 12 | $CMCategories = $CMCategories = Get-CMCategory -CategoryType "DriverCategories" 13 | 14 | ForEach ($CMCategory in $CMCategories) 15 | { 16 | Remove-CMCategory -InputObject $CMCategory -Force 17 | Write-Debug "Removing driver category: $($CMCategory.LocalizedCategoryInstanceName)" 18 | } 19 | 20 | $CMDriverPackages = Get-CMDriverPackage 21 | 22 | ForEach ($CMDriverPackage in $CMDriverPackages) 23 | { 24 | Remove-CMDriverPackage -InputObject $CMDriverPackage -Force 25 | Write-Debug "Removing driver package: $($CMDriverPackage.Name)" 26 | } 27 | -------------------------------------------------------------------------------- /Scripts/Drivers/DriverSourceCheck.ps1: -------------------------------------------------------------------------------- 1 | #This is a quick and dirty script written to just dump the drivers and check to see if the source path/inf exists. 2 | #You will need to be connected to your ConfigMgr drive when you run this (which can be done by launching PowerShell via the console) 3 | 4 | 5 | Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager\ConfigurationManager.psd1" 6 | 7 | $Drivers = Get-CMDriver 8 | 9 | ForEach ($Driver in $Drivers) 10 | { 11 | #$Driver.ContentSourcePath 12 | #$Driver.DriverINFFile 13 | 14 | $DriverINF = $Driver.ContentSourcePath + $Driver.DriverINFFile 15 | 16 | #Write-Debug "Testing: $DriverINF" 17 | 18 | #if (Test-Path -Path FileSystem::$Driver.ContentSourcePath) 19 | if (Test-Path -Path $Driver.ContentSourcePath) 20 | { 21 | Write-Debug "Path does not exist: $Driver.ContentSourcePath" 22 | } 23 | 24 | #if (Test-Path -Path FileSystem::$Driver.ContentSourcePath+$Driver.DriverINFFile -PathType leaf) 25 | if (Test-Path -Path $DriverINF -PathType leaf) 26 | { 27 | Write-Debug "File does not exist: $DriverINF" 28 | } 29 | } -------------------------------------------------------------------------------- /Scripts/DynamicMWs/Dynamic Maintenance Windows.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Scripts/DynamicMWs/Dynamic Maintenance Windows.pdf -------------------------------------------------------------------------------- /Scripts/DynamicMWs/MW-Feeder.ps1: -------------------------------------------------------------------------------- 1 | #Point at the script to Remove the current MWs 2 | $RemoveWindows = "$PSScriptRoot\Remove-CMMaintenanceWindow.ps1" 3 | 4 | #Point at the script to Add the new MWs 5 | $CMMaintenance = "$PSScriptRoot\New-CMMaintenanceWindow.ps1" 6 | 7 | #Remove existing maintenance windows with the Remove-CMMantenanceWindow.ps1 8 | Write-Debug "Removing existing Maintenance Windows" 9 | Start-Process -FilePath powershell.exe -ArgumentList "-file $RemoveWindows" -Wait 10 | Write-Debug "Maintenance Windows Removed" -ForegroundColor Green 11 | 12 | #Import the CSV file containing the new MW information, and their intended targets 13 | Write-Debug "Applying new Maintenance Windows" 14 | $Windows = Import-Csv "$PSScriptRoot\Window_Source.csv" #If you use a different CSV name, make sure to change it here! 15 | 16 | #Loop through the Collections listed in the CSV, and create a MW based on the specifications on each of the Collections 17 | ForEach($Line in $Windows) { 18 | $SiteCode = "CON" #Sitecode 19 | $SiteServer = "configmgr" #Server name doesn't need to be FQDN 20 | $CollectionID = $line.CollectionID.Trim() #The Unique collection ID 21 | $HourDuration = $line.HourDuration.Trim() #Number of hours to open the window. 24 limitation imposed by SCCM 22 | $MinuteDuration = $line.MinuteDuration.Trim() #Limited to 59 minutes. Anything over will add one hour and all else will be ignored. Ex: 61 = 1 hour, no minutes 23 | $MaintenanceWindowName = $line.Patch_Bucket.Trim() #The name of the MW for ease of 24 | $AddDays = $line.PlusDays.Trim() #Based on Patch Tuesday. E.g.: +6 = Monday, +11 = Saturday, etc… Negative values do work. -1 = Monday before Patch Tuesday 25 | $StartHour = $line.StartHour.Trim() #24 hour format. Cannot exceed a value of 23. Must use "19", not "1900" 26 | $StartMinute = $line.StartMinute.Trim() #Limited to 59 minutes. Anything over will add one hour and all else will be ignored. Ex: 61 = 1 hour, no minutes 27 | 28 | #Add new MW, via Add-CMMaintenanceWindow.ps1, with the variables above pulled from the CSV 29 | Write-Debug "Processing"$MaintenanceWindowName 30 | Start-Process -FilePath powershell.exe -ArgumentList "-file $CMMaintenance -SiteCode $SiteCode -MaintenanceWindowName ""$MaintenanceWindowName"" -AddMaintenanceWindowNameMonth -CollectionID $collectionid -PatchTuesday -adddays $adddays -currentmonth -StartHour $StartHour -StartMinute $StartMinute -HourDuration $HourDuration -MinuteDuration $MinuteDuration -siteserver $siteserver" -NoNewWindow -Wait 31 | 32 | } -------------------------------------------------------------------------------- /Scripts/DynamicMWs/Remove-CMMaintenanceWindow.ps1: -------------------------------------------------------------------------------- 1 | # Uncomment the line below if running in an environment where script signing is 2 | # required. 3 | #Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process 4 | 5 | # Site configuration 6 | $SiteCode = "CON" # Site code 7 | $ProviderMachineName = "configmgr.contoso.com" # SMS Provider machine name 8 | 9 | # Customizations 10 | $initParams = @{} 11 | #$initParams.Add("Verbose", $true) # Uncomment this line to enable verbose logging 12 | #$initParams.Add("ErrorAction", "Stop") # Uncomment this line to stop the script on any errors 13 | 14 | # Do not change anything below this line 15 | 16 | # Import the ConfigurationManager.psd1 module 17 | if($null -eq (Get-Module ConfigurationManager)) { 18 | Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" @initParams 19 | } 20 | 21 | # Connect to the site's drive if it is not already present 22 | if($null -eq (Get-PSDrive -Name $SiteCode -PSProvider CMSite -ErrorAction SilentlyContinue)) { 23 | New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $ProviderMachineName @initParams 24 | } 25 | 26 | # Set the current location to be the site code. 27 | Set-Location "$($SiteCode):\" @initParams 28 | 29 | #Import the CSV file containing the new MW information, and their intended targets 30 | $Windows = Import-Csv "$PSScriptRoot\Window_Source.csv" 31 | 32 | #Loop through the Collections listed in the CSV, and delete all MW's found 33 | ForEach($Line in $Windows) { 34 | $CollectionID = $Line.collectionid 35 | $CollectionWindows = Get-CMMaintenanceWindow -CollectionID $CollectionID 36 | 37 | #Remove any and all MWs found on the collection 38 | Foreach($WindowName in $CollectionWindows) { 39 | If($WindowName) { 40 | $LoopWindowName = $WindowName.Name 41 | Write-Debug "Removing " $LoopWindowName 42 | Remove-CMMaintenanceWindow -CollectionID $CollectionID -Name $LoopWindowName -Force 43 | } Else { 44 | } 45 | } 46 | } -------------------------------------------------------------------------------- /Scripts/DynamicMWs/Window_Source.csv: -------------------------------------------------------------------------------- 1 | CollectionID,Patch_Bucket,PlusDays,StartHour,StartMinute,HourDuration,MinuteDuration 2 | COL0040C,MW_2Wed_0000_0400,1,0,0,4,0 3 | COL00408,MW_3Thu_2300_0500,8,23,0,6,0 4 | -------------------------------------------------------------------------------- /Scripts/DynamicMWs/readme.md: -------------------------------------------------------------------------------- 1 | Collection of scripts and a readme to dynamically create Maintenance Windows based on Patch Tuesday. 2 | -------------------------------------------------------------------------------- /Scripts/Fix Stuck BITS Jobs.ps1: -------------------------------------------------------------------------------- 1 | Set-Service MpsSvc -StartupType Automatic 2 | (Get-Service 'MpsSvc').Start() 3 | 4 | $A = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-command &{Get-BitsTransfer -AllUsers | Where-Object { $_.JobState -like "TransientError" } | Remove-BitsTransfer}' 5 | $T = New-ScheduledTaskTrigger -Once -At (get-date).AddSeconds(10); $t.EndBoundary = (get-date).AddSeconds(20).ToString('s') 6 | $S = New-ScheduledTaskSettingsSet -StartWhenAvailable -DeleteExpiredTaskAfter 00:02:00 7 | Register-ScheduledTask -Force -user SYSTEM -TaskName "Fix Stuck BITS" -Action $A -Trigger $T -Settings $S 8 | schtasks /run /tn "Fix Stuck BITS" 9 | 10 | $A1 = New-ScheduledTaskAction -Execute "powershell.exe" -Argument '-command &{Get-BitsTransfer -AllUsers | Where-Object { $_.JobState -like "SUSPENDED" } | Resume-BitsTransfer}' 11 | $T1 = New-ScheduledTaskTrigger -Once -At (get-date).AddSeconds(10); $t.EndBoundary = (get-date).AddSeconds(20).ToString('s') 12 | $S1 = New-ScheduledTaskSettingsSet -StartWhenAvailable -DeleteExpiredTaskAfter 00:02:00 13 | Register-ScheduledTask -Force -user SYSTEM -TaskName "Resume BITS" -Action $A1 -Trigger $T1 -Settings $S1 14 | schtasks /run /tn "Resume BITS" 15 | -------------------------------------------------------------------------------- /Scripts/NumberOfDaysSinceLastBoot.ps1: -------------------------------------------------------------------------------- 1 | $OBJ_OperatingSystem = Get-WmiObject -Class Win32_OperatingSystem 2 | $BootTime = [System.Management.ManagementDateTimeConverter]::ToDateTime($OBJ_OperatingSystem.LastBootUpTime) 3 | $LocalTime = [System.Management.ManagementDateTimeConverter]::ToDateTime($OBJ_OperatingSystem.LocalDateTime) 4 | $TimeSpan = New-TimeSpan -Start $BootTime -End $LocalTime 5 | Write-Output ($TimeSpan.Days).ToString() -------------------------------------------------------------------------------- /Scripts/ResetPolicy.ps1: -------------------------------------------------------------------------------- 1 | ([wmiclass]'ROOT\ccm:SMS_Client').ResetPolicy(1) >> $null 2 | Start-Sleep -Second 3 3 | ([wmiclass]'ROOT\ccm:SMS_Client').TriggerSchedule('{00000000-0000-0000-0000-000000000040}') >> $null 4 | ([wmiclass]'ROOT\ccm:SMS_Client').TriggerSchedule('{00000000-0000-0000-0000-000000000021}') >> $null 5 | Write-Output "SCCM Client Policy Reset" 6 | -------------------------------------------------------------------------------- /Scripts/Run CCMEval.ps1: -------------------------------------------------------------------------------- 1 | (start-process C:\WINDOWS\CCM\ccmeval.exe -PassThru).Id 2 | -------------------------------------------------------------------------------- /Scripts/SCCM Setup/README.md: -------------------------------------------------------------------------------- 1 | These scripts let you configure SCCM to quickly build out an environment. Super useful for lab environments. 2 | 3 | SUP_ADR_Creation.ps1 4 | Creates ADRs based on a set of rules (edit the PS1 to configure the ADRs you want to deploy). 5 | As default requires that the dogfood (phased deployment) collections be imported first. 6 | 7 | SUP_UpdateSelection.ps1 8 | Sets the updates that SCCM targets to import. 9 | -------------------------------------------------------------------------------- /Scripts/SCCM Setup/SUP_UpdateSelection.ps1: -------------------------------------------------------------------------------- 1 | # 2 | # Press 'F5' to run this script. Running this script will load the ConfigurationManager 3 | # module for Windows PowerShell and will connect to the site. 4 | # 5 | # This script was auto-generated at '5/31/2019 12:39:51 PM'. 6 | 7 | # Uncomment the line below if running in an environment where script signing is 8 | # required. 9 | #Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process 10 | 11 | # Site configuration 12 | $SiteCode = "CHQ" # Site code 13 | $ProviderMachineName = "CM1.corp.contoso.com" # SMS Provider machine name 14 | 15 | # Customizations 16 | $initParams = @{} 17 | #$initParams.Add("Verbose", $true) # Uncomment this line to enable verbose logging 18 | #$initParams.Add("ErrorAction", "Stop") # Uncomment this line to stop the script on any errors 19 | 20 | # Do not change anything below this line 21 | 22 | # Import the ConfigurationManager.psd1 module 23 | if((Get-Module ConfigurationManager) -eq $null) { 24 | Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" @initParams 25 | } 26 | 27 | # Connect to the site's drive if it is not already present 28 | if((Get-PSDrive -Name $SiteCode -PSProvider CMSite -ErrorAction SilentlyContinue) -eq $null) { 29 | New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $ProviderMachineName @initParams 30 | } 31 | 32 | # Set the current location to be the site code. 33 | Set-Location "$($SiteCode):\" @initParams 34 | 35 | # Set the Update Classifications 36 | Set-CMSoftwareUpdatePointComponent -AddUpdateClassification 'Critical Updates', 'Definition Updates', 'Feature Packs', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates', 'Upgrades' 37 | 38 | # Office 365 39 | Set-CMSoftwareUpdatePointComponent -AddProduct 'Office 365 Client' 40 | 41 | # Windows 10 42 | Set-CMSoftwareUpdatePointComponent -AddProduct 'Windows 10', 'Windows 10 Feature On Demand', 'Windows 10, version 1903 and later' 43 | Set-CMSoftwareUpdatePointComponent -AddProduct 'Windows 10 Language Interface Packs', 'Windows 10 Language Packs' 44 | Set-CMSoftwareUpdatePointComponent -AddProduct 'Windows 10 LTSB' 45 | 46 | # Windows Defender 47 | Set-CMSoftwareUpdatePointComponent -AddProduct 'Windows Defender' 48 | 49 | # Clean up selected languages 50 | Set-CMSoftwareUpdatePointComponent -RemoveLanguageSummaryDetail 'Arabic', 'Bulgarian', 'Chinese (Simplified, PRC)', 'Chinese (Traditional, Hong Kong S.A.R.)', 'Chinese (Traditional, Taiwan)', 'Croatian', 'Czech', 'Danish', 'Dutch', 'Estorian', 'Finnish', 'French', 'German', 'Greek', 'Hebrew', 'Hindi', 'Hungarian', 'Italian', 'Japanese', 'Korean', 'Latvia', 'Lituanian', 'Norwegian', 'Polish', 'Portugese', 'Portuguese (Brazil)', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovarian', 'Spanish', 'Swedish', 'Thai', 'Turkish', 'Ukranian' 51 | Set-CMSoftwareUpdatePointComponent -RemoveLanguageUpdateFile 'Arabic', 'Bulgarian', 'Chinese (Simplified, PRC)', 'Chinese (Traditional, Hong Kong S.A.R.)', 'Chinese (Traditional, Taiwan)', 'Croatian', 'Czech', 'Danish', 'Dutch', 'Estorian', 'Finnish', 'French', 'German', 'Greek', 'Hebrew', 'Hindi', 'Hungarian', 'Italian', 'Japanese', 'Korean', 'Latvia', 'Lituanian', 'Norwegian', 'Polish', 'Portugese', 'Portuguese (Brazil)', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovarian', 'Spanish', 'Swedish', 'Thai', 'Turkish', 'Ukranian' 52 | Set-CMSoftwareUpdatePointComponent -AddLanguageSummaryDetail 'English' 53 | Set-CMSoftwareUpdatePointComponent -AddLanguageUpdateFile 'English' 54 | -------------------------------------------------------------------------------- /Scripts/Service_WIM/readme.md: -------------------------------------------------------------------------------- 1 | This script automates a number of the .wim maintenance steps outlined in Dan Padgett's blog here: 2 | 3 | https://execmgr.net/2018/06/07/windows-10-image-maintenance/ 4 | 5 | In summary, it performs the following: 6 | 7 | - Exports a single index from a Windows 10 .wim file (Enterprise, Pro, etc.) 8 | - Runs dism to add available updates to the .wim file. 9 | - Runs dism cleanup / resetbase to optimize the .wim file size. 10 | - Exports the final modified .wim to further optimize the file size. 11 | 12 | ## Usage 13 | 14 | Place all update files (.cab or .msu) you'd like serviced into the .wim file in the same directory as the .wim. 15 | 16 | NOTE: If you are adding updates to the .wim, be sure to include the Servicing Stack Update and prefix the name of the update file with "1-" so that it is added first. 17 | 18 | https://support.microsoft.com/en-us/help/4132216/servicing-stack-update-for-windows-10-1607-may-17-2018 19 | https://support.microsoft.com/en-us/help/4132650/servicing-stack-update-for-windows-10-version-1709-may-21-2018 20 | https://support.microsoft.com/en-us/help/4338853/servicing-stack-update-for-windows-10-version-1803-june-26-2018 21 | https://support.microsoft.com/en-gb/help/4456655/servicing-stack-update-for-windows-10-version-1803-september-11-2018 22 | 23 | ## Examples 24 | 25 | Export a single Index, add updates, optimize .wim 26 | 27 | ```powershell 28 | .\Service_WIM.ps1 -SourceImage "C:\WIM-Source\install.wim" -MountDir "C:\WIM" -DestinationImage "C:\WIM-Source\install-new.wim" -WinVersion "Windows 10 Enterprise" 29 | ``` 30 | 31 | Remove Indexes only 32 | 33 | ```powershell 34 | .\Service_WIM.ps1 -IndexOnly -SourceImage "C:\WIM-Source\install.wim" -WinVersion "Windows 10 Enterprise" -DestinationImage "C:\WIM-Source\install-new.wim" 35 | ``` 36 | -------------------------------------------------------------------------------- /Scripts/Test-FileSystemAccess.ps1: -------------------------------------------------------------------------------- 1 | Function Test-FileSystemAccess { 2 | <# 3 | .SYNOPSIS 4 | Check for file system access on a given folder. 5 | .OUTPUTS 6 | [System.Enum] 7 | ERROR_SUCCESS (0) 8 | ERROR_PATH_NOT_FOUND (3) 9 | ERROR_ACCESS_DENIED (5) 10 | ERROR_ELEVATION_REQUIRED (740) 11 | .NOTES 12 | Authors: Patrick Seymour / Adam Cook 13 | Contact: @pseymour / @codaamok 14 | #> 15 | param 16 | ( 17 | [Parameter(Mandatory=$true)] 18 | [string]$Path, 19 | [Parameter(Mandatory=$true)] 20 | [System.Security.AccessControl.FileSystemRights]$Rights 21 | ) 22 | 23 | enum FileSystemAccessState { 24 | ERROR_SUCCESS 25 | ERROR_PATH_NOT_FOUND = 3 26 | ERROR_ACCESS_DENIED = 5 27 | ERROR_ELEVATION_REQUIRED = 740 28 | } 29 | 30 | [System.Security.Principal.WindowsIdentity]$currentIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent() 31 | [System.Security.Principal.WindowsPrincipal]$currentPrincipal = New-Object Security.Principal.WindowsPrincipal($currentIdentity) 32 | $IsElevated = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) 33 | $IsInAdministratorsGroup = $currentIdentity.Claims.Value -contains "S-1-5-32-544" 34 | 35 | if ([System.IO.Directory]::Exists($Path)) 36 | { 37 | try 38 | { 39 | [System.Security.AccessControl.FileSystemSecurity]$security = (Get-Item -Path ("FileSystem::{0}" -f $Path) -Force).GetAccessControl() 40 | if ($security -ne $null) 41 | { 42 | [System.Security.AccessControl.AuthorizationRuleCollection]$rules = $security.GetAccessRules($true, $true, [System.Security.Principal.SecurityIdentifier]) 43 | for([int]$i = 0; $i -lt $rules.Count; $i++) 44 | { 45 | if (($currentIdentity.Groups.Contains($rules[$i].IdentityReference)) -or ($currentIdentity.User -eq $rules[$i].IdentityReference)) 46 | { 47 | [System.Security.AccessControl.FileSystemAccessRule]$fileSystemRule = [System.Security.AccessControl.FileSystemAccessRule]$rules[$i] 48 | if ($fileSystemRule.FileSystemRights.HasFlag($Rights)) 49 | { 50 | return [FileSystemAccessState]::ERROR_SUCCESS 51 | } 52 | } 53 | } 54 | 55 | if (($IsElevated -eq $false) -And ($IsInAdministratorsGroup -eq $true) -And ($rules.Where( { ($_.IdentityReference -eq "S-1-5-32-544") -And ($_.FileSystemRights.HasFlag($Rights)) } ))) 56 | { 57 | # At this point we were able to read ACL and verify Administrators group access, likely because we were qualified by the object set as owner 58 | return [FileSystemAccessState]::ERROR_ELEVATION_REQUIRED 59 | } 60 | else 61 | { 62 | return [FileSystemAccessState]::ERROR_ACCESS_DENIED 63 | } 64 | 65 | } 66 | else 67 | { 68 | return [FileSystemAccessState]::ERROR_ACCESS_DENIED 69 | } 70 | } 71 | catch 72 | { 73 | return [FileSystemAccessState]::ERROR_ACCESS_DENIED 74 | } 75 | } 76 | else 77 | { 78 | return [FileSystemAccessState]::ERROR_PATH_NOT_FOUND 79 | } 80 | } 81 | 82 | Test-FileSystemAccess -Path "C:\Users\acc\Documents\New folder" -Rights Read 83 | -------------------------------------------------------------------------------- /Scripts/Windows_Update_Fix.ps1: -------------------------------------------------------------------------------- 1 | ################################### 2 | # 3 | #Automated Windows Update Fix 4 | #Gleaned from https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components 5 | # 6 | ################################### 7 | 8 | # Services, DLL lists, and locations 9 | $svcList = @( 10 | "bits", # Background Intelligent Transfer Service 11 | "wuauserv", #Windows Update Agent Service 12 | "appidsvc", #Application Identity Service 13 | "cryptsvc" # Crytographic Service 14 | ) 15 | $dllList = @( 16 | "urlmon.dll", # OLE functions 17 | "mshtml.dll", # HTML related fucntions 18 | "shdocvw.dll", # Add basic file and networking ops 19 | "browseui.dll", # Functions and resources for browser UI mgmt 20 | "jscript.dll", # Extra functionality to MS JavaScript 21 | "vbscript.dll", # API functions for VBScript 22 | "scrrun.dll", # Libraries for reading/writing scripts/text 23 | "msxml.dll", # IE 4.0+; Parse XML docs 24 | "msxml3.dll", # Microsoft MSXML 3.0 SP 7 25 | "msxml6.dll", # Microsoft MSXML 6.0 26 | "actxprxy.dll", # Functions for marshalling ActiveX COM interfaces 27 | "softpub.dll", # Functions that support encryption 28 | "wintrust.dll", # API functions to verify trust in files, catalogs, mem-blobs, sigs, and certs by third parties 29 | "dssenh.dll", # Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider 30 | "rsaenh.dll", # Implements MS enhanced CSP; 128-bit encryption 31 | "gpkcsp.dll", # Gemplus CSP 32 | "sccbase.dll", # Infineon SICRYPT® Base Smart Card CSP 33 | "slbcsp.dll", # Schlumberger CSP 34 | "cryptdlg.dll", # Microsoft Common Certificate Dialogs 35 | "oleaut32.dll", # Core OLE functions 36 | "ole32.dll", # Core OLE functions 37 | "shell32.dll", # Windows Shell API functions 38 | "initpki.dll", # Microsoft Trust Installation and Setup 39 | "wuapi.dll", # Windows Update Client API 40 | "wuaueng.dll", # Microsoft Windows Update 41 | "wuaueng1.dll", # Windows Update AutoUpdate Engine 42 | "wucltui.dll", # Windows Update Client UI Plugin 43 | "wups.dll", # Windows Update client proxy stub 44 | "wups2.dll", # Windows Update client proxy stub 45 | "wuweb.dll", # Windows Update Web Control 46 | "qmgr.dll", # Background Intelligent Transfer Service 47 | "qmgrprxy.dll", # Background Intelligent Transfer Service 48 | "wucltux.dll", # Windows Update Client User Experience 49 | "muweb.dll", # Microsoft Update Web Control 50 | "wuwebv.dll" # Windows Update Vista Web Control 51 | ) 52 | $userDL = "$env:ALLUSERSPROFILE\Microsoft\Network\Downloader" 53 | $swdFolder = "$env:WINDIR\SoftwareDistribution" 54 | $cr2Folder = "$env:WINDIR\system32\catroot2" 55 | 56 | # Stop BITS, WU, and Cryptographic services 57 | Get-Service -Name $svcList | Set-Service -StartupType Automatic -Status Stopped 58 | 59 | # Delete qmgr*.dat files under %ALLUSERSPROFILE% 60 | If (Test-path $userDL) { 61 | Get-ChildItem $userDL -Recurse -Force -Include qmgr*.dat | Remove-Item -Force 62 | Write-Debug "Deleting qmgr*.dat from the All Users Profile." 63 | } 64 | 65 | # Aggressive approach: Rename the Software Distribution & catroot2 folder's backup copies 66 | # First, check to see if its been done already; remove .bak if so, then rename current folder 67 | If (Test-Path ($swdFolder + ".bak")) { 68 | Remove-Item ($swdFolder + ".bak") -Recurse 69 | Write-Debug "$swdFolder.bak deleted; renaming current folder." 70 | Rename-Item $swdFolder "SoftwareDistribution.bak" 71 | } Else { 72 | Write-Debug "$swdFolder.bak does not exist; renaming current folder" 73 | Rename-Item $swdFolder "SoftwareDistribution.bak" 74 | } 75 | If (Test-Path ($cr2Folder + ".bak")) { 76 | Remove-Item ($cr2Folder + ".bak") 77 | Write-Debug "$cr2Folder.bak deleted; renaming current folder." 78 | Rename-Item $cr2Folder "catroot2.bak" 79 | } Else { 80 | Write-Debug "$cr2Folder.bak does not exist; renaming current folder." 81 | Rename-Item $cr2Folder "catroot2.bak" 82 | } 83 | # Reset BITS and WU service to the default descriptor 84 | cmd /c "sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)" 85 | cmd /c "sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)" 86 | 87 | #Re-register BITS and WU DLLs 88 | ForEach ($dll in $dllList) { 89 | 90 | If (Test-Path $env:WINDIR\system32\$dll) { 91 | regsvr32.exe /s $env:WINDIR\system32\$dll 92 | Write-Debug "Registering $dll." 93 | } Else { 94 | Write-Debug "$dll does not exist on your system." 95 | } 96 | } 97 | 98 | # Reset WinSock and WinHTTP Proxy 99 | netsh winsock reset 100 | netsh winhttp reset proxy 101 | 102 | # Restart BITS, WU, and Cryptographic services 103 | Get-Service -Name $svcList | Set-Service -StartupType Automatic -Status Running 104 | -------------------------------------------------------------------------------- /Scripts/_TestCI.ps1: -------------------------------------------------------------------------------- 1 | $DefineUnusedVar = $True 2 | -------------------------------------------------------------------------------- /SecurityRoles/Collection Resource Manager.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /SecurityRoles/readme.md: -------------------------------------------------------------------------------- 1 | Security Roles to import into ConfigMgr. 2 | -------------------------------------------------------------------------------- /Status Message Queries/All Status Messages for Task Sequence Components by Site.txt: -------------------------------------------------------------------------------- 1 | select stat.*, ins.*, att1.*, stat.Time 2 | from SMS_StatusMessage as stat 3 | left join SMS_StatMsgInsStrings as ins on ins.RecordID = stat.RecordID 4 | left join SMS_StatMsgAttributes as att1 on att1.RecordID = stat.RecordID 5 | where (stat.Component = "Task Sequence Engine" or stat.Component = "Task Sequence Manager") and 6 | stat.SiteCode = ##PRM:SMS_StatusMessage.SiteCode## and 7 | stat.Time >= ##PRM:SMS_StatusMessage.Time## 8 | order by stat.Time DESC 9 | -------------------------------------------------------------------------------- /Status Message Queries/PXE Service Point Status Messages.wql: -------------------------------------------------------------------------------- 1 | select SMS_StatusMessage.*, SMS_StatMsgInsStrings.*, SMS_StatMsgAttributes.* from SMS_StatusMessage left join SMS_StatMsgInsStrings on SMS_StatMsgInsStrings.RecordID = SMS_StatusMessage.RecordID left join SMS_StatMsgAttributes on SMS_StatMsgAttributes.RecordID = SMS_StatusMessage.RecordID where SMS_StatusMessage.Component = "SMS_PXE_SERVICE_POINT" 2 | -------------------------------------------------------------------------------- /Status Message Queries/readme: -------------------------------------------------------------------------------- 1 | Suggested Status Message Query name is the name of the file (without the .txt of course). The SQL query is the file contents. 2 | 3 | How to create a status message query: 4 | https://technet.microsoft.com/en-us/library/bb633077.aspx 5 | 6 | How to run a status message query: 7 | https://technet.microsoft.com/en-us/library/bb693596.aspx 8 | -------------------------------------------------------------------------------- /Task Sequences/MBR2GPT/MBR2GPT.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/MBR2GPT/MBR2GPT.zip -------------------------------------------------------------------------------- /Task Sequences/MBR2GPT/MBR2GPT_files/BIOS Security Configuration/multiplatform_201903120943.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/MBR2GPT/MBR2GPT_files/BIOS Security Configuration/multiplatform_201903120943.exe -------------------------------------------------------------------------------- /Task Sequences/MBR2GPT/MBR2GPT_files/BIOS Security Configuration/multiplatform_201903120943.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # File : Command Configure config script Linux/Unix 4 | # Generated by Ebag333 5 | # At Tue 03/12/2019 9:45:23.46 6 | # On DESKTOP-7N00NOT 7 | # 8 | # Generated by Command Configure Configuration Wizard 2.2 9 | # 10 | # Only for supported Linux and Ubuntu installations with cctk and srv-admin installed 11 | # Will need to be root or will require 'sudo' privileges 12 | 13 | SCRIPTNAME=`basename $0` 14 | LOG=`basename $0`.log 15 | 16 | # /etc/redhat-release -Linux or /etc/lsb-release -Ubuntu or /etc/lsb-release -Ubuntu-Core 17 | CCTKPATH=/opt/dell/dcc; 18 | CCTKEXE=cctk; 19 | INIBASE=.; 20 | if [[ -f /etc/os-release ]]; then 21 | . /etc/os-release #Sourcing into os-release 22 | if [[ $ID = ubuntu-core ]]; then # ID - ubuntu-core or ubuntu or rhel 23 | CCTKPATH=/snap/bin; 24 | CCTKEXE=dcc.cctk; 25 | INIBASE=/var/snap/dcc/current; 26 | fi 27 | fi 28 | CCTKWHICH=`which cctk 2> /dev/null` 29 | 30 | 31 | function err { 32 | echo "Error: ${SCRIPTNAME} : $1" 33 | exit $2 34 | } 35 | 36 | 37 | function hlp { 38 | echo "Help : ${SCRIPTNAME}" 39 | echo "Applies BIOS config exported from a host system" 40 | echo "A valid cctk installation is expected" 41 | echo "Should be run by the root user, or using a 'sudo' command" 42 | echo "Arguments:" 43 | echo "-h|--help this help message" 44 | } 45 | 46 | # Handle arguments 47 | if [ "x$2" != "x" ]; then 48 | hlp 49 | exit 0 50 | fi 51 | 52 | # Check cctk installation presence 53 | if [ "x${CCTKWHICH}" != "x" -a -f "${CCTKWHICH}" -a -x "${CCTKWHICH}" ]; then 54 | CCTK="${CCTKWHICH}" 55 | elif [ -f "${CCTKPATH}/${CCTKEXE}" -a -x "${CCTKPATH}/${CCTKEXE}" ]; then 56 | CCTK="${CCTKPATH}/${CCTKEXE}" 57 | else 58 | err "cctk installation not found" -1 59 | fi 60 | 61 | 62 | TMPINI=$INIBASE/.tmp.cctk.config.ini 63 | if [ -f ${TMPINI} ]; then 64 | rm -f ${TMPINI} 65 | fi 66 | 67 | cat > ${TMPINI} < ${LOG} 85 | if [ $? == 0 ]; then 86 | echo "BIOS settings applied successfully" 87 | else 88 | echo "Error applying BIOS settings." 89 | fi 90 | echo "Details in ${LOG}" 91 | exit $rtn 92 | 93 | -------------------------------------------------------------------------------- /Task Sequences/MBR2GPT/MBR2GPT_files/BIOS Security Configuration/multiplatform_201903120943_x64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/MBR2GPT/MBR2GPT_files/BIOS Security Configuration/multiplatform_201903120943_x64.exe -------------------------------------------------------------------------------- /Task Sequences/MBR2GPT/README.md: -------------------------------------------------------------------------------- 1 | This TS can be used to baseline an environment and handle converting workstations to UEFI/GPT post Win10 upgrade. 2 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD.zip -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/CopyFiles.vbs: -------------------------------------------------------------------------------- 1 | ' //*************************************************************************** 2 | ' // ***** Script Header ***** 3 | ' // 4 | ' // Solution: File copy relative to script location 5 | ' // File: CopyFiles.vbs 6 | ' // Author: Michael Petersen, Coretech A/S. info@coretech.dk 7 | ' // Purpose: Copy x number of files and folsders in a source folder to a target location 8 | ' // Usage: Place script i source folder, and define what to copy using arguments. (FIRST ARGUMENT MUST BE TARGET FOLDER) 9 | ' // 10 | ' // To copy one or more file(s) and Folder(s)located in the source folder sypplpy TARGET and FILE/FOLDER name(s) (remember extensions on files) 11 | ' // - Cscript.exe CopyFiles.vbs "TARGETFOLDER" "FILE1.XXX" "FOLDER1" "FILE2.XXX" "FOLDER2" 12 | ' // 13 | ' // To copy all files and folders located in the source folder only supply TARGET 14 | ' // - Cscript.exe CopyFiles.vbs "TARGETFOLDER" 15 | ' // 16 | ' // 17 | ' // CORETECH A/S History: 18 | ' // 1.0.0 MIP 17/01/2011 Created initial version. 19 | ' // Customer History: 20 | ' // 21 | ' // ***** End Header ***** 22 | ' //*************************************************************************** 23 | 24 | Set oFSO = CreateObject("Scripting.FileSystemObject") 25 | 26 | Const OverwriteExisting = True 27 | 28 | 'Get script location 29 | sScriptLocation = Replace(WScript.ScriptFullName,WScript.ScriptName,"") 30 | sSource = Mid(sScriptLocation,1,Len(sScriptLocation)-1) 31 | WScript.Echo "Source is: " & sSource 32 | 33 | 'Copy files and folders, or entire source 34 | sArgNumber = WScript.Arguments.Count 35 | 36 | If sArgNumber <> 0 Then 37 | sTargetFolder = WScript.Arguments.Item(0) 38 | WScript.Echo "Targetfolder is: " & sTargetFolder 39 | 'Make sure the taget is not a file 40 | If Not (Left(Right(sTargetFolder,4),1)) = "." then 41 | 'If only TARGET exists ad argument, everything will be copied 42 | If WScript.Arguments.Count = 1 Then 'If only 43 | oFSO.CopyFolder sSource, sTargetFolder, OverwriteExisting 44 | oFSO.DeleteFile(sTargetFolder & "\" & WScript.ScriptName) 45 | WScript.Echo "All files copied to Targetfolder " & sTargetFolder 46 | Else 47 | 'If files and folder arguments exist only these will be copied 48 | For i = 1 To sArgNumber -1 49 | sFileName = WScript.Arguments.Item(i) 50 | If oFSO.FileExists(sFileName) Then 51 | WScript.Echo "File: " & SFileName & " Copied to: " & sTargetFolder 52 | oFSO.CopyFile sSource & "\" & sFileName, sTargetFolder & "\" & sFileName, OverwriteExisting 53 | ElseIf oFSO.FolderExists(sFileName) Then 54 | WScript.Echo "folder: " & sFileName & " Copied to: " & sTargetFolder 55 | oFSO.CopyFolder sSource & "\" & sFileName, sTargetFolder& "\" & sFileName, OverwriteExisting 56 | ElseIf (Left(Right(sFileName,5),1)) = "*" Then 57 | WScript.Echo "All : " & SFileName & " files Copied to: " & sTargetFolder 58 | oFSO.CopyFile sSource & "\" & sFileName, sTargetFolder & "\", OverwriteExisting 59 | Else 60 | WScript.Echo "ERROR - " & sFileName & ": does not exist in the source folder!" 61 | End If 62 | Next 63 | End If 64 | Else 65 | WScript.Echo "ERROR - " & sTargetFolder & " Is not a valid FolderName. First Argument must be the tagret folder!" 66 | Wscript.Quit(1) 67 | End If 68 | Else 69 | WScript.Echo "ERROR - No Arguments present!" 70 | Wscript.Quit(1) 71 | End If 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/Custom.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/Custom.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/SageSet.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/SageSet.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/Win10Defaults.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/Win10Defaults.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/Windows10DiskCleanup.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/DiskCleanup/Windows10DiskCleanup.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/PowerCfg/DeploymentPowerScheme.pow: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/PowerCfg/DeploymentPowerScheme.pow -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/PowerCfg/PowerCfg.txt: -------------------------------------------------------------------------------- 1 | Change power plan (MAX POWER!) 2 | Power settings: 3 | powercfg -import DeploymentPowerScheme.pow 12345678-1337-1337-1337-1234567890ab 4 | powercfg -setactive 12345678-1337-1337-1337-1234567890ab 5 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/ProvisioningPackages/Default.ppkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/ProvisioningPackages/Default.ppkg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/ProvisioningPackages/Default.txt: -------------------------------------------------------------------------------- 1 | Basic provisioning package 2 | 3 | Local Admin Account: Administrator:password 4 | Computer Name: %SERIAL% -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/ProvisioningPackages/ProvisioningPackage.txt: -------------------------------------------------------------------------------- 1 | DISM /Image=%OSDisk% /Add-ProvisioningPackage /PackagePath:ProvisioningPack.ppkg 2 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_ThirdParty/Google-Disable-Chrome-Updates.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_ThirdParty/Google-Disable-Chrome-Updates.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Depreciated/DisableTelemetry.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection] 4 | "AllowTelemetry"=dword:00000000 5 | 6 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Depreciated/DisableTypingTelemetry.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Depreciated/DisableTypingTelemetry.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Depreciated/DisableUserGeneratedFeedback.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Depreciated/DisableUserGeneratedFeedback.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Depreciated/DisableWiFiSense.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config] 4 | "AutoConnectAllowedOEM"=dword:00000000 5 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableAdvertisingID.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableAdvertisingID.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableEdgeDesktopShortcutCreation_1803.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] 4 | "DisableEdgeDesktopShortcutCreation"=dword:00000001 5 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableFirstLogonAnimation.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableFirstLogonAnimation.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableIEFirstRun.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableIEFirstRun.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableMasterBrowser.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableMasterBrowser.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableMouseCursorSupression.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableMouseCursorSupression.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableOneDrive.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableOneDrive.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableStoreCloudContent.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableStoreCloudContent.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableSyncProviderAd.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ;Disables OneDrive advertising that shows up in file explorer 4 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] 5 | "ShowSyncProviderNotifications"=dword:00000000 6 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableSystemRestore.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] 4 | "DisableSR"=dword:00000001 5 | 6 | ;Delete existing system restores (check the drive letter during OSD or use the TS variable) 7 | ;vssadmin delete shadows /for=%OSDisk% /all -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableWebSearch.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableWebSearch.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableWindowsAutomaticUpdates.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/DisableWindowsAutomaticUpdates.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/GroupPolicyServiceConfiguration.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/GroupPolicyServiceConfiguration.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/LockScreenImage.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/LockScreenImage.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/MBAMStartupSettings.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/MBAMStartupSettings.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/PowerShellDefaultPolicies.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/PowerShellDefaultPolicies.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/SetAppPrivacy.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/SetAppPrivacy.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/ShowOldDesktopIcons.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/ShowOldDesktopIcons.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/WMIServiceConfiguration.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/WMIServiceConfiguration.reg -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Windows10DiskCleanup.reg.bak: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Registry_Windows10/Windows10DiskCleanup.reg.bak -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/CopyOSDLogs.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Name: CopyOSDLogs.ps1 3 | Version: 1.0 4 | Author: Johan Schrewelius, Onevinn AB 5 | Date: 2016-11-12 6 | Command: powershell.exe -executionpolicy bypass -file CopyOSDLogs.ps1 7 | Usage: Run in SCCM Task Sequence Error handling Section to zip and copy SMSTSLog folder to Share. 8 | Config: 9 | $ComputerNameVariable = "OSDComputerName" 10 | #> 11 | 12 | 13 | # Config Start 14 | 15 | $ComputerNameVariable = "OSDComputerName" 16 | 17 | # Config End 18 | 19 | function Authenticate { 20 | param( 21 | [string]$UNCPath = $(Throw "An UNCPath must be specified"), 22 | [string]$User, 23 | [string]$PW 24 | ) 25 | 26 | $pinfo = New-Object System.Diagnostics.ProcessStartInfo 27 | $pinfo.FileName = "net.exe" 28 | $pinfo.UseShellExecute = $false 29 | $pinfo.Arguments = "USE $($UNCPath) /USER:$($User) $($PW)" 30 | $p = New-Object System.Diagnostics.Process 31 | $p.StartInfo = $pinfo 32 | $p.Start() | Out-Null 33 | $p.WaitForExit() 34 | } 35 | 36 | function ZipFiles { 37 | param( 38 | [string]$ZipFileName, 39 | [string]$SourceDir 40 | ) 41 | 42 | Add-Type -Assembly System.IO.Compression.FileSystem 43 | $compressionLevel = [System.IO.Compression.CompressionLevel]::Optimal 44 | [System.IO.Compression.ZipFile]::CreateFromDirectory($SourceDir, $ZipFileName, $compressionLevel, $false) 45 | } 46 | 47 | try { 48 | $dt = get-date -Format "yyyy-MM-dd-HH-mm-ss" 49 | $tsenv = New-Object -ComObject Microsoft.SMS.TSEnvironment 50 | $LogPath = $tsenv.Value("SLShare") 51 | $CmpName = $tsenv.Value("$ComputerNameVariable") 52 | $source = $tsenv.Value("_SMSTSLogPath") 53 | $NaaUser = $tsenv.Value("_SMSTSReserved1-000") 54 | $NaaPW = $tsenv.Value("_SMSTSReserved2-000") 55 | 56 | New-Item "$source\tmp" -ItemType Directory -Force 57 | Copy-Item "$source\*" "$source\tmp" -Force -Exclude "tmp" 58 | $source = "$source\tmp" 59 | 60 | try { # Catch Error if already authenticated 61 | Authenticate -UNCPath $LogPath -User $NaaUser -PW $NaaPW 62 | } 63 | catch { 64 | Write-Debug "Error caught, most likely already authenticated." 65 | } 66 | 67 | $filename = Join-Path -Path "$LogPath" -ChildPath "$($CmpName )-$($dt).zip" 68 | ZipFiles -ZipFileName $filename -SourceDir $source 69 | 70 | Remove-Item -Path "$source" -Recurse -Force -ErrorAction SilentlyContinue 71 | } 72 | catch { 73 | Write-Output "$_.Exception.Message" 74 | exit 1 75 | } 76 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/GatherOSDLogs.ps1: -------------------------------------------------------------------------------- 1 | $tsenv = New-Object -ComObject Microsoft.SMS.TSEnvironment 2 | $SMSTSLogPath = $tsenv.Value("_SMSTSLogPath") 3 | 4 | $DesiredLogs = @( 5 | "$env:SystemRoot\INF\setupapi.setup.log", 6 | "$env:SystemRoot\Logs\CBS", 7 | "$env:SystemRoot\Logs\DISM", 8 | "$env:SystemRoot\Panther", 9 | "$env:SystemDrive\BT~.Windows\INF\setupapi.setup.log", 10 | "$env:SystemDrive\BT~.Windows\Logs\CBS", 11 | "$env:SystemDrive\BT~.Windows\Logs\DISM", 12 | "$env:SystemDrive\BT~.Windows\Panther" 13 | ) 14 | 15 | ForEach ($Log in $DesiredLogs) 16 | { 17 | if (Test-Path $Log) 18 | { 19 | Write-Debug "Copying: $Log" 20 | 21 | if ($Log -like "*BT~.Windows*") 22 | { 23 | $Destination = "$SMSTSLogPath\BT~.Windows" 24 | 25 | If (-not (Test-Path $Destination)) 26 | { 27 | New-Item $Destination -ItemType Directory -Force 28 | } 29 | } 30 | Else 31 | { 32 | $Destination = $SMSTSLogPath 33 | } 34 | 35 | Copy-Item -Recurse -Path $Log -Destination $Destination -Force 36 | } 37 | Else 38 | { 39 | Write-Debug "$Log does not exist." 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/MDT/CustomSettings.ini: -------------------------------------------------------------------------------- 1 | [Settings] 2 | Priority=Default 3 | Properties=MyCustomProperty 4 | 5 | [Default] 6 | OSInstall=Y 7 | SkipCapture=YES 8 | SkipAdminPassword=NO 9 | SkipProductKey=YES 10 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/MDT/x64/Microsoft.BDD.Utility.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/MDT/x64/Microsoft.BDD.Utility.dll -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/MDT/x86/Microsoft.BDD.Utility.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/MDT/x86/Microsoft.BDD.Utility.dll -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/MDT/ztiRunCommandHidden.wsf: -------------------------------------------------------------------------------- 1 | 2 | 28 | 29 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/RemoveWin10Apps.ps1: -------------------------------------------------------------------------------- 1 | ######################################## 2 | # Remove Windows 10 Modern Apps (System) 3 | ######################################## 4 | 5 | # To find app names use: 6 | # Get-AppxProvisionedPackage -online | Select DisplayName, PackageName 7 | 8 | 9 | $appxpackages = ( 10 | '3DBuilder', 11 | 'BingFinance', 12 | 'BingSports', 13 | 'CommsPhone', 14 | 'ConnectivityStore', 15 | 'GetHelp', 16 | 'Getstarted', 17 | 'HaloCamera', 18 | 'HaloItemPlayerApp', 19 | 'HaloShell', 20 | 'Messaging', 21 | 'Microsoft3DViewer', 22 | 'MicrosoftOfficeHub', 23 | 'MicrosoftSolitaireCollection', 24 | 'Office.Sway', 25 | 'OneConnect', 26 | 'People', 27 | 'Print3D', 28 | 'SkypeApp', 29 | 'WindowsFeedbackHub', 30 | 'WindowsPhone', 31 | 'Xbox.TCUI', 32 | 'XboxApp', 33 | 'ZuneMusic', 34 | 'ZuneVideo', 35 | 'windowscommunicationsapps' 36 | ) 37 | 38 | ForEach($package in $appxpackages) 39 | { 40 | try{ 41 | $packagenames=(Get-AppxProvisionedPackage -online | Where-Object{$_.DisplayName -like '*' + $package + '*'}).PackageName 42 | 43 | ForEach ($packagename in $packagenames) 44 | { 45 | DISM /online /remove-provisionedappxpackage /packagename:$packagename 46 | } 47 | } 48 | catch 49 | { 50 | # Do nothing 51 | Write-Host "Critical error removing package: " 52 | Write-Host $package 53 | } 54 | } 55 | 56 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/RunOnce.vbs: -------------------------------------------------------------------------------- 1 | Const HKLM = &H80000002 2 | 3 | Const REG_SZ = 1 4 | Const REG_EXPAND_SZ = 2 5 | Const REG_BINARY = 3 6 | Const REG_DWORD = 4 7 | Const REG_MULTI_SZ = 7 8 | 9 | computer = "." 10 | 11 | Set shell = CreateObject("WScript.Shell") 12 | 13 | Set registry = GetObject("winmgmts:" & computer & "rootdefault:StdRegProv") 14 | 15 | keyPath = "SOFTWAREMicrosoftWindowsCurrentVersionRunOnce" 16 | registry.EnumValues HKLM, keyPath, valueNames, valueTypes 17 | 18 | If Not IsNull(valueNames) Then 19 | 20 | For i = 0 To UBound(valueNames) 21 | text = valueNames(i) 22 | valueName = valueNames(i) 23 | 24 | Select Case valueTypes(i) 25 | 26 | Case REG_SZ 27 | registry.GetStringValue HKLM, keyPath, valueName, value 28 | WScript.Echo text & ": " & value 29 | 30 | returnCode = shell.Run(value, 1, True) 31 | 32 | If returnCode = 0 Then 33 | registry.DeleteValue HKLM, keyPath, valueName 34 | End If 35 | 36 | End Select 37 | 38 | Next 39 | End If -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/RunOnce64.vbs: -------------------------------------------------------------------------------- 1 | Const HKLM = &H80000002 2 | 3 | Const REG_SZ = 1 4 | Const REG_EXPAND_SZ = 2 5 | Const REG_BINARY = 3 6 | Const REG_DWORD = 4 7 | Const REG_MULTI_SZ = 7 8 | 9 | computer = "." 10 | 11 | Set shell = CreateObject("WScript.Shell") 12 | 13 | Set registry = GetObject("winmgmts:" & computer & "rootdefault:StdRegProv") 14 | 15 | keyPath = "SOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce" 16 | registry.EnumValues HKLM, keyPath, valueNames, valueTypes 17 | 18 | If Not IsNull(valueNames) Then 19 | 20 | For i = 0 To UBound(valueNames) 21 | text = valueNames(i) 22 | valueName = valueNames(i) 23 | 24 | Select Case valueTypes(i) 25 | 26 | Case REG_SZ 27 | registry.GetStringValue HKLM, keyPath, valueName, value 28 | WScript.Echo text & ": " & value 29 | 30 | returnCode = shell.Run(value, 1, True) 31 | 32 | If returnCode = 0 Then 33 | registry.DeleteValue HKLM, keyPath, valueName 34 | End If 35 | 36 | End Select 37 | 38 | Next 39 | End If -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/SetNetworkInterfacePrivate.ps1: -------------------------------------------------------------------------------- 1 | $interfaces = (Get-NetConnectionProfile).InterfaceIndex 2 | 3 | ForEach ($interface in $interfaces) 4 | { 5 | Set-NetConnectionProfile -InterfaceIndex $interface -NetworkCategory Private 6 | } 7 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/TSVarsSafeDump.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Name: TSVarsSafeDump.ps1 3 | Version: 1.0 4 | Author: Johan Schrewelius, Onevinn AB 5 | Date: 2016-11-24 6 | Command: powershell.exe -executionpolicy bypass -file TSVarsSafeDump.ps1 7 | Usage: Run in SCCM Task Sequence to Dump TS-Varibles to disk ("_SMSTSLogPath"). 8 | Variables known to contain sensitive information will be excluded. 9 | Config: List of variables to exclude, edit as needed: 10 | $ExcludeVariables = @('_OSDOAF','_SMSTSReserved','_SMSTSTaskSequence') 11 | #> 12 | 13 | # Config Start 14 | 15 | $ExcludeVariables = @('_OSDOAF','_SMSTSReserved','_SMSTSTaskSequence') 16 | 17 | # Config End 18 | 19 | $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 20 | $logPath = $tsenv.Value("_SMSTSLogPath") 21 | $now = Get-Date -Format "yyyy-MM-dd-HH-mm-ss" 22 | $logFile = "TSVariables-$now.log" 23 | $logFileFullName = Join-Path -Path $logPath -ChildPath $logFile 24 | 25 | function MatchArrayItem { 26 | param ( 27 | [array]$Arr, 28 | [string]$Item 29 | ) 30 | 31 | $result = ($null -ne ($Arr | Where-Object { $Item -match $_ })) 32 | return $result 33 | } 34 | 35 | $tsenv.GetVariables() | ForEach-Object { 36 | if(!(MatchArrayItem -Arr $ExcludeVariables -Item $_)) { 37 | "$_ = $($tsenv.Value($_))" | Out-File -FilePath $logFileFullName -Append 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/TSVarsUNSafeDump.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Name: TSVarsSafeDump.ps1 3 | Version: 1.0 4 | Author: Johan Schrewelius, Onevinn AB 5 | Date: 2016-11-24 6 | Command: powershell.exe -executionpolicy bypass -file TSVarsSafeDump.ps1 7 | Usage: Run in SCCM Task Sequence to Dump TS-Varibles to disk ("_SMSTSLogPath"). 8 | Variables known to contain sensitive information will be excluded. 9 | Config: List of variables to exclude, edit as needed: 10 | $ExcludeVariables = @('_OSDOAF','_SMSTSReserved','_SMSTSTaskSequence') 11 | #> 12 | 13 | # Config Start 14 | 15 | $ExcludeVariables = @() 16 | 17 | # Config End 18 | 19 | $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 20 | $logPath = $tsenv.Value("_SMSTSLogPath") 21 | $now = Get-Date -Format "yyyy-MM-dd-HH-mm-ss" 22 | $logFile = "TSVariables-$now.log" 23 | $logFileFullName = Join-Path -Path $logPath -ChildPath $logFile 24 | 25 | function MatchArrayItem { 26 | param ( 27 | [array]$Arr, 28 | [string]$Item 29 | ) 30 | 31 | $result = ($null -ne ($Arr | Where-Object { $Item -match $_ })) 32 | return $result 33 | } 34 | 35 | $tsenv.GetVariables() | ForEach-Object { 36 | if(!(MatchArrayItem -Arr $ExcludeVariables -Item $_)) { 37 | "$_ = $($tsenv.Value($_))" | Out-File -FilePath $logFileFullName -Append 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/Scripts/Test-RebootPending.ps1: -------------------------------------------------------------------------------- 1 | #Adapted from https://gist.github.com/altrive/5329377 2 | #Based on 3 | function Test-PendingReboot 4 | { 5 | if (Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -EA SilentlyContinue) { return $true } 6 | if (Get-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -EA SilentlyContinue) { return $true } 7 | if (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name PendingFileRenameOperations -EA SilentlyContinue) { return $true } 8 | try { 9 | $util = [wmiclass]"\\.\root\ccm\clientsdk:CCM_ClientUtilities" 10 | $status = $util.DetermineIfRebootPending() 11 | if(($null -ne $status) -and $status.RebootPending){ 12 | return $true 13 | } 14 | } 15 | catch { 16 | Write-Debug "Failed to query WMI" 17 | } 18 | 19 | return $false 20 | } 21 | 22 | $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 23 | $tsenv.Value('RebootPending') = Test-PendingReboot 24 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/StartMenu/ExampleStartMenu.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/StartMenu/sample.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/ModularOSD_files/OSD Configuration/unattend.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Silence Cortana during Setup 8 | 1 9 | reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v DisableVoice /t REG_DWORD /d 1 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | true 18 | true 19 | true 20 | true 21 | true 22 | Work 23 | 1 24 | en-US 25 | en-US 26 | en-US 27 | en-US 28 | true 29 | true 30 | 31 | 32 | 33 | Re-Enable Cortana After Setup 34 | 1 35 | reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v DisableVoice /f 36 | false 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /Task Sequences/Modular OSD/PoSh Export Command.ps1: -------------------------------------------------------------------------------- 1 | Get-CMTaskSequence -Name "OSD - Modular OSD" | Export-CMTaskSequence -ExportFilePath "C:\Temp\Modular OSD Export\ModularOSD.zip" -WithDependence $true -WithContent $true 2 | -------------------------------------------------------------------------------- /Task Sequences/README.md: -------------------------------------------------------------------------------- 1 | ### How to use 2 | 1. Download the entire repository. You can do this using the Github Desktop application, or by browsing to the root and clicking on the green `Download` button. 3 | 2. Extract the entire repository to a temporary location. 4 | 3. Import the desired task sequence. Note that you will need to point to a UNC path, and to ignore dependencies. (See note below) 5 | 4. Edit the task sequence, and fix all missing packages (and paths, if you changed the source file paths). 6 | 5. Distribute and deploy. 7 | 8 | To import: 9 | 1) Copy files to the package source. Note that the location you copy the files to will be the package source path for the packages used by the task sequence. 10 | 2) Import the task sequence. 11 | 3) Distribut packages. 12 | 4) Deploy and :beer: 13 | 14 | 15 | - `MBR2GPT` - Task Sequence to convert from MBR2GPT (and BIOS to UEFI). Can be deployed standalone or as part of OSD. 16 | - `Modular OSD` - Newer version of the master deployment, requires SCCM CB 1710+ with nested task sequences enabled. 17 | - As soon as these are imported please copy the task sequence, reimporting later will overwrite the task sequence 18 | -------------------------------------------------------------------------------- /Task Sequences/_Legacy/Modular OSD/ModularOSD.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/_Legacy/Modular OSD/ModularOSD.zip -------------------------------------------------------------------------------- /Task Sequences/_Legacy/README.md: -------------------------------------------------------------------------------- 1 | This is a legacy TS kept here for archival purposes. It is not recommended you use it. -------------------------------------------------------------------------------- /Task Sequences/_Legacy/Win10 Master Deployment/Win10MasterDeployment.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/Task Sequences/_Legacy/Win10 Master Deployment/Win10MasterDeployment.zip -------------------------------------------------------------------------------- /_CI/build-all-steps.yml: -------------------------------------------------------------------------------- 1 | parameters: 2 | os: '' 3 | 4 | steps: 5 | 6 | # Clean 7 | - checkout: self 8 | clean: true 9 | 10 | - task: PowerShell@2 11 | displayName: 'Dump SourcesDirectory' 12 | inputs: 13 | targetType: 'inline' 14 | script: 'Get-ChildItem -Path $(Build.Repository.LocalPath)' 15 | 16 | - task: PowerShell@2 17 | displayName: 'Install Pester' 18 | inputs: 19 | targetType: 'inline' 20 | script: 'Install-Module -Name Pester -SkipPublisherCheck -Force -Verbose -Scope CurrentUser' 21 | 22 | - task: PowerShell@2 23 | displayName: 'Install PSScriptAnalyzer' 24 | inputs: 25 | targetType: 'inline' 26 | script: 'Install-Module -Name PSScriptAnalyzer -SkipPublisherCheck -Force -Verbose -Scope CurrentUser' 27 | 28 | - task: PowerShell@2 29 | displayName: 'Run PSScriptAnalyzer 2' 30 | inputs: 31 | targetType: 'inline' 32 | script: 'Invoke-ScriptAnalyzer -Path $(Build.SourcesDirectory) -EnableExit -IncludeDefaultRules -ReportSummary -Recurse' 33 | 34 | -------------------------------------------------------------------------------- /_CI/build-single-steps.yml: -------------------------------------------------------------------------------- 1 | steps: 2 | 3 | # Clean 4 | - checkout: self 5 | clean: true 6 | 7 | # Start collect diagnostics 8 | - powershell: ./_CI/start-collect-diagnostics.ps1 9 | displayName: Start collect diagnostics 10 | condition: and(succeeded(), eq(variables.os, 'Windows_NT'), eq(variables.collect_diagnostics, 'true')) 11 | 12 | # Use node 8, npm 5 13 | - task: NodeTool@0 14 | displayName: Use node 8 15 | inputs: 16 | versionSpec: "8.x" 17 | 18 | # npm install 19 | - script: npm install 20 | displayName: npm install 21 | 22 | # Build 23 | - script: node make.js build --task "$(task)" 24 | displayName: Build 25 | 26 | # Stage hotfix 27 | - script: node ./_CI/stage-hotfix.js 28 | condition: and(succeeded(), eq(variables.os, 'Windows_NT')) 29 | displayName: Stage hotfix 30 | 31 | # Publish hotfix artifact 32 | - task: PublishBuildArtifacts@1 33 | displayName: Publish hotfix artifact 34 | condition: and(succeeded(), eq(variables.os, 'Windows_NT')) 35 | inputs: 36 | pathToPublish: _package/hotfix-layout 37 | artifactName: hotfix 38 | publishLocation: container 39 | 40 | # Test 41 | - script: node make.js test 42 | displayName: Test with node 6 43 | - script: node make.js testLegacy --task "$(task)" 44 | displayName: Legacy tests with node 6 45 | 46 | # Publish test results 47 | - task: PublishTestResults@2 48 | displayName: Publish Test Results test-*.xml 49 | inputs: 50 | testResultsFiles: 'test-*.xml' 51 | testRunTitle: 'Node 6 Test Results' 52 | searchFolder: '$(System.DefaultWorkingDirectory)/testresults' 53 | 54 | 55 | # Test 56 | - script: node make.js test --node 5 --runner ts 57 | displayName: Test with node 5 58 | - script: node make.js testLegacy --node 5 --runner ts --task "$(task)" 59 | displayName: Legacy tests with node 5 60 | - task: PublishTestResults@2 61 | displayName: Publish Test Results test-*.xml 62 | inputs: 63 | testResultsFiles: 'test-*.xml' 64 | testRunTitle: 'Node 5 Test Results' 65 | searchFolder: '$(System.DefaultWorkingDirectory)/testresults' 66 | 67 | # Stop collect diagnostics 68 | - powershell: ./_CI/stop-collect-diagnostics.ps1 69 | displayName: Stop collect diagnostics 70 | condition: and(always(), eq(variables.os, 'Windows_NT'), eq(variables.collect_diagnostics, 'true')) 71 | -------------------------------------------------------------------------------- /_Legacy/Driver Import Script/Readme.txt: -------------------------------------------------------------------------------- 1 | Driver Import 2 | 3 | 4 | Requirements: 5 | *Running as user with permissions to connect to the SCCM server and perform necessary tasks (import drivers, create packages, etc) 6 | *Running as user with permissions to create/modify/delete driver files and folders 7 | *Running from system with System Center Configuration Manager Cmdlet Library installed 8 | -https://technet.microsoft.com/en-us/library/dn958404(v=sc.20)aspx 9 | *PowerShell 3.0 or later installed 10 | *If script signing is required, the scripts were signed with the Code Signing cert. This cert (and the parent cert) must be trusted. 11 | *CM Console is recommended but *NOT* required 12 | *If you are not starting with a clean (empty) driver database, see the caveats below. 13 | 14 | 15 | Pre-Flight steps: 16 | *Create driver folder structure 17 | -Folder structure *MUST* adhere to the standard 3 tier structure. 18 | +\\\ 19 | +EXAMPLE: \Microsoft\SurfacePro3\Win10x64\ 20 | -Note: Slight exceptions for WinPE and VM (and other) drivers 21 | +WinPE drivers go under the manufacturer in a WinPE folder. The WinPE version and architecture goes under this (for the third tier). 22 | +Oddball and one-off drivers go under the "Other" folder. Because of this, they are only two layers deep ("Other" counts for the first tier). 23 | +EXAMPLE: \Other\Dell\DockDriver\ 24 | +If it's something that's versioned and changes, you can add a layer for versioning. (This is actually better than the example above.) 25 | +EXAMPLE: \DisplayLink\10.0.0.1\Win10x64\ 26 | *If a driver package needs to be re-run for any reason, manually delete the *.hash file found in the driver package folder. 27 | 28 | 29 | Running the script: 30 | *Open command prompt 31 | *Run the command: powershell 32 | *Run the command: \\\Source$\OSD\Drivers\_Scripts\ImportDrivers.ps1 33 | *When process is complete, update distribution points as needed 34 | 35 | 36 | Notes: 37 | *The default variables are hard coded into the script, but can be overridden by passing them in. 38 | -Most likely the only variable that will need to be changed is to set -VerboseLogging $true 39 | 40 | *The script will output a log to the directory in which it's run from. The log is created in cmtrace format for readability. 41 | -The script will log a date/time stamp each time it is run. 42 | -Unless -VerboseLogging is set to $true, the script will only log very high level steps and errors. 43 | 44 | *After each driver package is run, a hash file is created. This will cause that driver package to be skipped on future runs, unless the hash file is different than the current hash. 45 | -Deleting, adding, or modifying files will cause the hash to change. 46 | *Each driver is checked to see if it already exists in the database. In order to be a match, the driver .INF file name and location must match the content source path in Configuration Manager, and the driver must already be in the current driver package that we are processing. If any of these are not true, the driver will be reimported. 47 | -This means if someone removes the driver from the category but *NOT* the package, it will not reimport, and this won't be fixed. 48 | *When a driver is imported, we attach it to the current category and driver package. The driver is enabled and allowed to be installed. If this is a duplicate driver, we append the new category to any existing ones. We *DO NOT* update any distribution points. 49 | *Once a driver has been imported, *YOU CANNOT REMOVE OR MOVE THE SOURCE PATH*!!! This will wreak havoc on your driver database. You must remove all references to the driver (by deleting it) from inside the console, then make changes and rerun the import. 50 | 51 | 52 | Unclean! Unclean driver database! 53 | If you already have drivers in your database, the recommendation is to NUKE THEM ALL. There is a script provided that will eliminate all drivers, packages, and categories. 54 | The reason for this is that the way that the GUI imports drivers is not the exact same. Ironically both use PowerShell cmdlets, but the GUI seems to be less aggressive at finding duplicate drivers. 55 | Additionally, the initial driver structure is unlikely to match the structure required by the script. While you *COULD* leave the old structure in place, newly imported drivers (under the new structure) could be duplicates of drivers under the old structure, so this is...messy. The "new" driver will point to the old driver, and things get really complex really fast. 56 | Additionally, it's the rare driver database that does not have issues. Very likely if you're reading this, your driver database has missing, overwritten, moved, or renamed files. This breaks drivers, and often the effects are not noticed until weeks or months down the road. 57 | So, nuke the database, migrate all the old drivers into the new three tiered driver structure, and reimport it all via the script. Even for very large databases this entire process shouldn't take more than 1-2 days. In the end you will have something very clean, and avoid a lot of common issues. 58 | -------------------------------------------------------------------------------- /_Legacy/Driver Import Script/Signdrivers.txt: -------------------------------------------------------------------------------- 1 | $cert = (dir cert:currentuser\my\ -CodeSigningCert); Set-AuthenticodeSignature .\ImportDrivers.ps1 $cert -------------------------------------------------------------------------------- /_Legacy/Misc/Needs to be cleaned up and organized.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/_Legacy/Misc/Needs to be cleaned up and organized.txt -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/Application_Example.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Microsoft_Bob 2019 5 | Microsoft 6 | 2019 7 | No 8 | No 9 | No 10 | 11 | 12 | Test 4 13 | \\\Source$\Apps\Microsoft\Bob\2019\ 14 | Setup.exe 15 | Uninstall.exe 16 | InstallForSystem 17 | CHANGE ME 18 | VBS 19 | 20 | 21 | 22 | 23 | Microsoft_Bob 2020 24 | Microsoft 25 | 2020 26 | No 27 | No 28 | No 29 | 30 | 31 | \\\Source$\Apps\Microsoft\Bob\2020\MicrosoftBob.msi 32 | InstallForSystem 33 | 34 | 35 | Microsoft Bob 2020 - VBS Script 36 | \\\Source$\Apps\Microsoft\Bob\2020\ 37 | MicrosoftBob.exe /silent 38 | Uninstall.exe 39 | InstallForSystem 40 | One line scripts only please 41 | 42 | VBScript 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/AutoGenerateApplicationDeployments - Copy.ps1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/_Legacy/Misc/SCCM Scripts/AutoGenerateApplicationDeployments - Copy.ps1.txt -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/AutoGenerateApplicationDeployments.ps1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/_Legacy/Misc/SCCM Scripts/AutoGenerateApplicationDeployments.ps1.txt -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/AutoGenerateApplicationInstalledCollections.ps1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/_Legacy/Misc/SCCM Scripts/AutoGenerateApplicationInstalledCollections.ps1.txt -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/Autologon.ps1.txt: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | This script will retrive autologon credentials from ConfigMgr Task Sequence variables and set them using Sysinternals Autologon.exe. 4 | .Example 5 | ./Autologon.ps1 6 | .Description 7 | This script will retrive autologon credentials from ConfigMgr Task Sequence variables and set them using Sysinternals Autologon.exe. 8 | It requires Autologon.exe within the same content location as this script. 9 | .Notes 10 | NAME: Autologon.ps1 11 | AUTHOR: Anthony Fontanez (ajfrcc@gmail.com) 12 | VERSION: 1.0 13 | LASTEDIT: 2017-04-15 14 | CHANGELOG: 15 | 1.0 (2017-04-15) Initial script creation 16 | #> 17 | 18 | $LogFile = "$env:SystemDrive\Logs\Autologon.log" 19 | 20 | Start-Transcript -Path "$LogFile" | Out-Null 21 | 22 | $TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment 23 | $AutologonUsername = $TSEnv.Value("AutologonUsername") 24 | $AutologonPassword = $TSEnv.Value("AutologonPassword") 25 | $AutologonDomain = $TSEnv.Value("AutologonDomain") 26 | $RegistryPath = "HKCU:\Software\Sysinternals\Autologon" 27 | $Name = "EulaAccepted" 28 | $Value = "1" 29 | $ScriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition 30 | 31 | New-Item -Path $RegistryPath -Force 32 | New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force 33 | Start-Process -FilePath "$($ScriptDirectory)\Autologon.exe" -ArgumentList "$AutologonUsername $AutologonDomain $AutologonPassword" 34 | 35 | Stop-Transcript | Out-Null -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/MODULE_LogIt/MODULE_LogIt.psm1.txt: -------------------------------------------------------------------------------- 1 | function LogIt 2 | { 3 | <# 4 | .SYNOPSIS 5 | Creates a log file in the CMTrace format 6 | .DESCRIPTION 7 | .EXAMPLE 8 | Example LogIt function calls 9 | LogIt -message ("Starting Logging Example Script") -component "Main()" -type Info 10 | LogIt -message ("Log Warning") -component "Main()" -type Warning 11 | LogIt -message ("Log Error") -component "Main()" -type Error 12 | LogIt -message ("Log Verbose") -component "Main()" -type Verbose 13 | LogIt -message ("Script Status: " + $Global:ScriptStatus) -component "Main()" -type Info 14 | LogIt -message ("Stopping Logging Example Script") -component "Main()" -type Info 15 | LogIt -message ("Stopping Logging Example Script") -component "Main()" -type Info -LogFile a.log 16 | #> 17 | 18 | param ( 19 | [Parameter(Mandatory=$true)] 20 | [string]$message, 21 | [Parameter(Mandatory=$true)] 22 | [string]$component, 23 | [Parameter(Mandatory=$true)] 24 | [ValidateSet("Info","Warning","Error","Verbose")] 25 | [string]$type, 26 | [string]$LogFile = $PSScriptRoot + "\LogIt.log" 27 | ) 28 | 29 | # switch ($type) 30 | # { 31 | # 1 { $type = "Info" } 32 | # 2 { $type = "Warning" } 33 | # 3 { $type = "Error" } 34 | # 4 { $type = "Verbose" } 35 | # } 36 | 37 | if (($type -eq "Verbose") -and ($Global:Verbose)) 38 | { 39 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($type + ": " + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 40 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 41 | Write-Host $message 42 | } 43 | elseif ($type -eq "Error") 44 | { 45 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($type + ": " + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 46 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 47 | Write-Host $message -foreground "red" 48 | } 49 | elseif ($type -eq "Warning") 50 | { 51 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($type + ": " + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 52 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 53 | Write-Host $message -foreground "yellow" 54 | } 55 | elseif ($type -eq "Info") 56 | { 57 | $toLog = "{0} `$$<{1}><{2} {3}>" -f ($message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid 58 | $toLog | Out-File -Append -Encoding UTF8 -FilePath $LogFile 59 | Write-Host $message -foreground "white" 60 | } 61 | 62 | # if (($type -eq 'Warning') -and ($Global:ScriptStatus -ne 'Error')) 63 | # { 64 | # $Global:ScriptStatus = $type 65 | # } 66 | # 67 | # if ($type -eq 'Error') 68 | # { 69 | # $Global:ScriptStatus = $type 70 | # } 71 | 72 | if ((Get-Item $LogFile).Length/1KB -gt $MaxLogSizeInKB) 73 | { 74 | $log = $LogFile 75 | Remove-Item ($log.Replace(".log", ".lo_")) 76 | Rename-Item $LogFile ($log.Replace(".log", ".lo_")) -Force 77 | } 78 | 79 | 80 | } -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/Remove_SCCM_Client_GUID/Remove_SCCM_Client_Settings.cmd: -------------------------------------------------------------------------------- 1 | %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File %~dp0Remove_SCCM_Client_Settings.PS1 2 | -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/Remove_SCCM_Client_GUID/Remove_SCCM_Client_Settings.ps1.txt: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = “SilentlyContinue” 2 | 3 | # Get the current directory 4 | $ScriptPath = Split-Path -parent $MyInvocation.MyCommand.Definition 5 | 6 | $Server = $env:computername 7 | 8 | # Stop SCCM client 9 | # set-service -Name CcmExec -StartupType disabled 10 | Stop-Service -Name CcmExec -Force 11 | 12 | # Remove CCM WMI Name Space 13 | Get-WmiObject -query "Select * From __Namespace Where Name='CCM'" -Namespace "root" -ComputerName $Server | Remove-WmiObject 14 | 15 | # Delete C:\windows\SMSCFG.INI 16 | If (test-path "C:\windows\SMSCFG.INI") {remove-item "C:\windows\SMSCFG.INI" -Force} 17 | 18 | # Delete Certificates for the SCCM client 19 | If (test-path "$ScriptPath\ccmdelcert.exe") {& "$ScriptPath\ccmdelcert.exe"} 20 | 21 | -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/Remove_SCCM_Client_GUID/ccmdelcert.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/windows-admins/ConfigMgr/11d6bd66ad68f2e309186e1148d77d39ab800baa/_Legacy/Misc/SCCM Scripts/Remove_SCCM_Client_GUID/ccmdelcert.exe -------------------------------------------------------------------------------- /_Legacy/Misc/SCCM Scripts/correct-BaseVars.ps1.txt: -------------------------------------------------------------------------------- 1 | <# 2 | Function: This script will fix any issues with gaps in a dynamic variable list used to install ConfigMgr / SCCM applications. 3 | Usage: .\correct-BaseVars.ps1 $NameOfBaseVariable $LengthSuffix 4 | $LengthSuffix should usually be 2 if you use Applications 5 | 6 | Author: David O'Brien, david.obrien@gmx.de , Microsoft Enterprise Client Management MVP 2013 7 | Date: 02.01.2014 8 | #> 9 | 10 | if ($args.Count -eq 1) 11 | { 12 | $BaseVariableName = $args[0] 13 | } 14 | elseif ($args.Count -eq 2) 15 | { 16 | $BaseVariableName = $args[0] 17 | $LengthSuffix = $args[1] 18 | 19 | } 20 | 21 | Function Write-Message( [parameter(Mandatory=$true)] [ValidateSet("Info", "Warning", "Error", "Verbose")] [String] $Severity, [parameter(Mandatory=$true)] [String] $Message ) { if((Test-Path -Path $LogFile)) { Add-Content -Path "$($LogFile)" -Value "$(([System.DateTime]::Now).ToString()) $Severity - $Message" } else { New-Item -Path $LogFile -ItemType File } Switch ($Severity) { "Info" {$FColor="gray"} "Warning" {$FColor="yellow"} "Error" {$FColor="red"} "Verbose" {$FColor="green"} Default {$FColor="gray"} } Write-Output "$(([System.DateTime]::Now).ToString()) $Severity - $Message" -fore $FColor } 22 | 23 | $BaseVariableList = @() 24 | #$BaseVariableName = "BasisVariable" 25 | #$LengthSuffix = 2 26 | 27 | 28 | $objSMSTS = New-Object -ComObject Microsoft.SMS.TSEnvironment 29 | 30 | $SMSTSVars = $objSMSTS.GetVariables() 31 | 32 | $SMSTSLogPath = $objSMSTS.Value("_SMSTSLogPath") 33 | 34 | if (Test-Path $SMSTSLogPath) 35 | { 36 | $LogFile = $(Join-Path $SMSTSLogPath CorrectBaseVars.log) 37 | } 38 | 39 | #Writing the Variables to Logfile 40 | Write-Message -Severity Info -Message "This is the Dynamic Variable List BEFORE rebuilding it." 41 | 42 | foreach ($Var in $objSMSTS.GetVariables()) 43 | { 44 | if ( $Var.ToUpper().Substring(0,$var.Length-$LengthSuffix) -eq $BaseVariableName) 45 | { 46 | Write-Message -Severity Info -Message "$($Var) = $($objSMSTS.Value($Var))" 47 | $BaseVariableList += @{$Var=$objSMSTS.Value($Var)} 48 | } 49 | } 50 | 51 | $objects = @() 52 | $fixed = @() 53 | $objects = $BaseVariableList 54 | 55 | [int]$x = 1 56 | # Writing the variables to Logfile after being reordered 57 | Write-Message -Severity Info -Message "------------------------------------------------------" 58 | Write-Message -Severity Info -Message "" 59 | Write-Message -Severity Info -Message "This is the Dynamic Variable List AFTER rebuilding it." 60 | 61 | foreach ($i in $objects) 62 | { 63 | $Name = "$($BaseVariableName){0:00}" -f $x 64 | $Value = "$($i.Values)" 65 | $fixed += @{$Name=$Value} 66 | 67 | Write-Message -Severity Info -Message "$($Name) = $($Value)" 68 | 69 | $x++ 70 | $Name = "" 71 | $Value = "" 72 | 73 | } 74 | 75 | $BaseVariableListFixed = @() 76 | $BaseVariableListFixed += $fixed 77 | 78 | 79 | 80 | foreach ($BaseVariable in $BaseVariableListFixed) 81 | { 82 | 83 | "" 84 | $objSMSTS.Value("$($BaseVariable.Keys)") = "$($BaseVariable.Values)" 85 | } 86 | -------------------------------------------------------------------------------- /azure-pipelines.yml: -------------------------------------------------------------------------------- 1 | #trigger: 2 | #- master 3 | #- releases/* 4 | 5 | 6 | jobs: 7 | 8 | # All tasks on Windows 9 | - job: build_all_windows 10 | displayName: Build all tasks (Windows) 11 | condition: succeeded() 12 | pool: 13 | vmImage: vs2017-win2016 14 | steps: 15 | - template: _CI/build-all-steps.yml 16 | parameters: 17 | os: Windows_NT 18 | 19 | # Publish on Windows 20 | #- job: publish_windows 21 | # displayName: Publish 22 | # dependsOn: 23 | # - build_all_windows 24 | # condition: and(succeeded(), ne(variables['build.reason'], 'PullRequest'), eq(variables.os, 'Windows_NT')) 25 | # pool: 26 | # vmImage: vs2017-win2016 27 | # steps: 28 | # - template: _CI/publish-steps.yml 29 | 30 | # All tasks on Linux 31 | - job: build_all_linux 32 | displayName: Build all tasks (Linux) 33 | condition: succeeded() 34 | pool: 35 | vmImage: ubuntu-16.04 36 | steps: 37 | - template: _CI/build-all-steps.yml 38 | parameters: 39 | os: Linux 40 | 41 | # All tasks on macOS 42 | - job: build_all_darwin 43 | displayName: Build all tasks (macOS) 44 | condition: succeeded() 45 | pool: 46 | vmImage: macos-10.13 47 | steps: 48 | - template: _CI/build-all-steps.yml 49 | parameters: 50 | os: Darwin 51 | 52 | # Single task 53 | #- job: buildSingle 54 | # displayName: Build single task 55 | # condition: succeeded() 56 | # steps: 57 | # - template: _CI/build-single-steps.yml 58 | 59 | 60 | 61 | # Run directly 62 | - job: runNative 63 | displayName: Run PSScriptAnalyzer Natively 64 | condition: succeeded() 65 | steps: 66 | 67 | - task: PowerShell@2 68 | displayName: 'Dump SourcesDirectory' 69 | inputs: 70 | targetType: 'inline' 71 | script: 'Get-ChildItem -Path $(Build.Repository.LocalPath)' 72 | 73 | - task: PowerShell@2 74 | displayName: 'Install Pester' 75 | inputs: 76 | targetType: 'inline' 77 | script: 'Install-Module -Name Pester -SkipPublisherCheck -Force -Verbose -Scope CurrentUser' 78 | 79 | - task: PowerShell@2 80 | displayName: 'Install PSScriptAnalyzer' 81 | inputs: 82 | targetType: 'inline' 83 | script: 'Install-Module -Name PSScriptAnalyzer -SkipPublisherCheck -Force -Verbose -Scope CurrentUser' 84 | 85 | - task: PowerShell@2 86 | displayName: 'Run PSScriptAnalyzer 2' 87 | inputs: 88 | targetType: 'inline' 89 | script: 'Invoke-ScriptAnalyzer -Path $(Build.SourcesDirectory) -EnableExit -IncludeDefaultRules -ReportSummary -Recurse' 90 | --------------------------------------------------------------------------------