Configuration Manager – IIS Log Maintenance

The majority of SCCM administrators will have included a list of maintenance tasks for ensuring optimum performance of their environment. One area that often gets overlooked however is the maintenance of IIS logs. The logs are obviously useful for troubleshooting purposes, however do you really need to know what was happening say over 30 days ago. The truth is if there was an issue you probably would have spotted it very early on and dealt with it.

So how do you deal with log files within your IIS directory filling up your disks?. The answer can be to setup a configuration item and let SCCM take care of its own compliance.

Creating Your SCCM Server Device Collection

To start with you will need to create a Device Collection to deploy the Configuration Item and subsequent Baseline to. This can be achieved by creating a device collection using the following query;

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceNames in (Select ServerName FROM SMS_DistributionPointInfo)

Creating Your SCCM IIS Prune Logs Configuration Item

Once you have the device collection created and populated you can go on to create the Configuration Item to be used. To speed up this process I have exported the CI CAB for you to download, below are some screen shots of the manual creation process;

Download – Prune IIS Logs

  1. Create Configuration Item

  2. Select Supported Platforms

    In this section we will pick which operating systems are applicable for SCCM distribution points

  3. Settings

    Here we will create a new setting entry that will contain both the discovery and remediation scripts required

    Discovery Script

    # Specify the maximum log age file to maintain
    $MaxDays = 7
    
    function DiscoverIISLogs ($MaxDays)
    {
    	try
    	{
    		# Import IIS WebAdmin Module
    		Import-Module WebAdministration
    		
    		# Return list of IIS webistes
    		$IISSites = Get-Website
    		# Loop for each IIS site
    		foreach ($Site in $IISSites)
    		{
    			# Return path for IIS logs
    			$IISLogs = $Site.LogFile.Directory
    			# Condition to replace DOS %SystemDrive% variable with Powershell variable
    			If ($IISLogs -like "*%SystemDrive%*")
    			{
    				$IISLogs = $IISLogs -replace "%SystemDrive%", "$env:SystemDrive"
    			}
    			# Count IIS Log files to prune
    			$LogCount = $LogCount + (Get-ChildItem -Path $IISLogs -Recurse -Filter "*.log" | Where-Object { $(Get-Date).Subtract($_.LastWriteTime).Days -gt $MaxDays}).count
    		}
    		Return $LogCount
    	}
    	catch { return -1 }
    }
    
    DiscoverIISLogs ($MaxDays)

    Remediation Script

    # Specify the maximum log age file to maintain
    $MaxDays = 30
    
    function PurgeIISLogs ($MaxDays)
    {
    	try
    	{
    		# Import IIS WebAdmin Module
    		Import-Module WebAdministration
    		
    		# Return list of IIS webistes
    		$IISSites = Get-Website
    		# Loop for each IIS site
    		foreach ($Site in $IISSites)
    		{
    			# Return path for IIS logs
    			$IISLogs = $Site.LogFile.Directory
    			# Condition to replace DOS %SystemDrive% variable with Powershell variable
    			If ($IISLogs -like "*%SystemDrive%*")
    			{
    				$IISLogs = $IISLogs -replace "%SystemDrive%", "$env:SystemDrive"
    			}
    			# Purge IIS Log files
    			Get-ChildItem -Path $IISLogs -Recurse -Filter "*.log" | Where-Object { $(Get-Date).Subtract($_.LastWriteTime).Days -gt $MaxDays } | Foreach-Object { Remove-Item $_.FullName -Force -Verbose }
    		}
    	}
    
    catch {  }
    }
    
    PurgeIISLogs ($MaxDays)
    

     

  4. Compliance Rules

    Here we will specify when to run the remediation script you created in the previous step

Configuration Baseline

Now in order to apply the Configuration Item we will need to create a Configuration Baseline for the SCCM Server Device Collection.

  1. Create a new Configuration Baseline

  2. Set Evaluation Conditions

    Here we will add the Configuration Baseline we created earlier;

  3. Deploy the Configuration Baseline

    Set your schedule and generate an alert if required..

Monitoring

Now sit back, relax and watch your good work take hold across your estate;

Savings Examples

Below we have the before and after results of a distribution point running a low workload;

Before (Manual Run)

After (Manual Run)

When you have a large environment with thousands of clients you can clearly see the storage recovery benefits!.

Manual Script

If you want to run the script manually or deploy as a scheduled task, you can use the below PowerShell script (Download from https://gallery.technet.microsoft.com/scriptcenter/IIS-Log-Maintenance-6f357306);

<#	
	.NOTES
	===========================================================================
	 Created on:   	07/11/2016 22:05
	 Created by:   	Terence Beggs & Maurice Daly - DeployEverything.com
	 Organization: 	
	 Filename:     	PruneIISLogs.ps1
	===========================================================================
	.DESCRIPTION
		Clear up script for IIS logs. Removes logs older than the value specified 
		in the MaxDays variable.

		The script can be used as part of a Configuration Item in SCCM or as a scheduled
		task.
#>

# Specify the maximum log age file to maintain
$MaxDays = 7

function DiscoverIISLogs ($MaxDays)
{
	try
	{
		# Import IIS WebAdmin Module
		Import-Module WebAdministration
		
		# Return list of IIS webistes
		$IISSites = Get-Website
		# Loop for each IIS site
		foreach ($Site in $IISSites)
		{
			# Return path for IIS logs
			$IISLogs = $Site.LogFile.Directory
			# Condition to replace DOS %SystemDrive% variable with Powershell variable
			If ($IISLogs -like "*%SystemDrive%*")
			{
				$IISLogs = $IISLogs -replace "%SystemDrive%", "$env:SystemDrive"
			}
			# Count IIS Log files to prune
			$LogCount = $LogCount + (Get-ChildItem -Path $IISLogs -Recurse -Filter "*.log" | Where-Object { $(Get-Date).Subtract($_.LastWriteTime).Days -gt $MaxDays}).count
		}
		Return $LogCount
	}
	catch { return -1 }
}

DiscoverIISLogs ($MaxDays)

function PurgeIISLogs ($MaxDays)
{
	try
	{
		# Import IIS WebAdmin Module
		Import-Module WebAdministration
		
		# Return list of IIS webistes
		$IISSites = Get-Website
		# Loop for each IIS site
		foreach ($Site in $IISSites)
		{
			# Return path for IIS logs
			$IISLogs = $Site.LogFile.Directory
			# Condition to replace DOS %SystemDrive% variable with Powershell variable
			If ($IISLogs -like "*%SystemDrive%*")
			{
				$IISLogs = $IISLogs -replace "%SystemDrive%", "$env:SystemDrive"
			}
			# Purge IIS Log files
			Get-ChildItem -Path $IISLogs -Recurse -Filter "*.log" | Where-Object { $(Get-Date).Subtract($_.LastWriteTime).Days -gt $MaxDays } | Foreach-Object { Remove-Item $_.FullName -Force -Verbose }
		}
	}

catch {  }
}

PurgeIISLogs ($MaxDays)

References

A special thanks goes out to Johan Arwidmark for sharing this clean up script on his DeploymentResearch blog (http://deploymentresearch.com/Research/Post/563/A-little-bit-of-ConfigMgr-housekeeping).

Java Version Cleanup PowerShell Script

If you still have to maintain Java installations in your environment you will probably come up against having machines with multiple versions installed, unless you are running a clean up script for the old releases.

It is however sometimes a requirement to keep a specific release of Java for application compatibility, so what do you do in those scenarios where you want to clean up your old installs but the required version.

The below PowerShell script will do just that. It looks at your installed versions of Java, removes all previous versions and provides you with the option of specifying a version to keep during the process.

Script Download Link – https://gallery.technet.microsoft.com/scriptcenter/Java-Version-Cleaner-4a73f6be


<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.128
Created on: 13/11/2016 22:13
Created by: Maurice.Daly
Organization:
Filename: JavaVersionCleaner.ps1
===========================================================================
.DESCRIPTION
This script removes previous versions of Oracle Java.
The script supports the option to specify specific versions to keep
during the uninstall process.
.EXAMPLE
.\JavaVersionCleaner.ps1 -MinJavaVersion jre1.8.0_100
Using this will keep the current version of Java and also jre1.8.0_100

.\JavaVersionCleaner.ps1
This will remove all versions bar the current version of Java
#>
[CmdletBinding(SupportsShouldProcess = $true)]
param (
[parameter(Mandatory = $false, HelpMessage = "Specify Java Version to maintain", Position = 1)]
[ValidateNotNullOrEmpty()]
[string]$MinJavaVersion
)

function JavaX64Uninstall ($MinJavaVersion)
{
Write-Debug "Running X64 Uninstalls"
# Read registry for Java 64 bit versions
$JavaX64Installs = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -Recurse | Get-ItemProperty | Where-Object { ($_.displayName -like "*Java*Update*") -and ($_.displayName -notlike "*Java*Auto*") } | Select Displayname, UninstallString, InstallDate, InstatallLocation
$JavaX64Count = $JavaX64Installs.Count

foreach ($JavaX64Install in ($JavaX64Installs | Sort-Object InstallDate))
{
if (($JavaX64Count) -gt 1)
{
if ($JavaX64Install.InstallLocation -notlike "*$($MinJavaVersion)*")
{
$MSIString = $JavaX64Install.Uninstallstring | Split-Path -Leaf
Write-Debug "Uninstalling $($JavaX64Install.Displayname)"
Write-Debug "MSIString $($MSIString)"
Start-Process MSIEXEC.EXE -ArgumentList (" /" + $MSIString + " /QN")
}
$JavaX64Count--
}
}
}

function JavaX86Uninstall ($MinJavaVersion)
{
Write-Debug "Running X86 Uninstalls"
# Read registry for Java 32 bit versions
$JavaX86Installs = Get-ChildItem -Path HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall -Recurse | Get-ItemProperty | Where-Object { ($_.displayName -like "*Java*Update*") -and ($_.displayName -notlike "*Java*Auto*") } | Select Displayname, UninstallString, InstallDate, InstallLocation
$JavaX86Count = $JavaX86Installs.Count
foreach ($JavaX86Install in ($JavaX86Installs | Sort-Object InstallDate))
{
if (($JavaX86Count) -gt 1)
{
if ($JavaX86Install.InstallLocation -notlike "*$($MinJavaVersion)*")
{
$MSIString = $JavaX86Install.UninstallString | Split-Path -Leaf
Write-Debug "Uninstalling $($JavaX86Install.Displayname)"
Write-Debug "MSIString $($MSIString)"
Start-Process MSIEXEC.EXE -ArgumentList (" /" + $MSIString + " /QN")
}
$JavaX86Count--
}
}
}

# Check for Windows 32 or 64 bit and process functions
if ((Test-Path -Path "C:\Program Files (x86)") -eq $true)
{
JavaX64Uninstall ($MinJavaVersion)
JavaX86Uninstall ($MinJavaVersion)
}else{
JavaX86Uninstall ($MinJavaVersion)
}

Staff Off-Boarding with Office 365

office-365

Over time in any environment the day will come around when the inevitable happens and staff leave. This happens due to lots of different reasons but there is often a question as to what to do with user accounts when this happens. This is particularly true in smaller companies with no set process for IT departments off-boarding staff.

In my own environment, I decided to set up a standard script which would work with Active Directory and Office 365 to achieve the following;

  1. Connects to your local DC for active directory functions and Office 365 for mailbox functions
  2. Disable the employee’s user account (verifies the user details before proceeding)
  3. Stamp details on the disabled user account with the IT person who disabled the account for audit purposes
  4. Move the disabled user account to a separate OU
  5. Disable all forms of remote mail access (OWA, ActiveSync, POP, etc)
  6. Set an Out of Office stating that the employee has left the company
  7. Place the mailbox into Legal hold for data retention purposes
  8. Hides the account from the GAL
  9. Emails the former employee’s manager advising that the account has been disabled

The user account is then maintained for a period of 30 days before being deleted and thus returning any assigned Office 365 licenses to the pool etc.

This might help to give you some ideas about setting up your own scripting process for dealing with this issue.

Script Download Link – https://gallery.technet.microsoft.com/scriptcenter/Staff-Off-Boarding-Script-430bdd0a


<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.128
Created on: 04/11/2016 21:00
Created by: Maurice Daly
Filename: DisableUserOffice365.ps1
===========================================================================
.DESCRIPTION
This script provides a standard off-boarding method for staff leaving
the company.

The script does the following;
1. Disables the specified user account
2. Updates the user description with the user who disabled the account
and the time/date when the account was disabled
3. Moves the account to the disabled user account OU (needs to exist)
4. Sets an out of office reply stating that the employee has left the company
5. Disables activesync, pop3, imap etc
6. Places mail account into legal hold for 7 years (requires Office 365 E3)
7. Hides the mail account from the GAL
8. Emails the former employee's manager advising that the account has been disabled

Version 1.0
Initial release

Use : This script is provided as it and I accept no responsibility for
any issues arising from its use.

Twitter : @modaly_it
Blog : https://modalyitblog.wordpress.com/
#>

Write-Host " **************** PLEASE ENTER ACTIVE DIRECTORY ADMIN CREDENTIALS **************** "
$Credential = Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME"
$DC = $env:LOGONSERVER.Substring(2)

#Initiate Remote PS Session to local DC
$ADPowerShell = New-PSSession -ComputerName $DC -Authentication Negotiate -Credential $Credential

# Import-Module ActiveDirectory
write-host "Importing Active Directory PowerShell Commandlets"
Invoke-Command -Session $ADPowerShell -scriptblock { import-module ActiveDirectory }
Import-PSSession -Session $ADPowerShell -Module ActiveDirectory -AllowClobber -ErrorAction Stop

# Retrieve AD Details
$ADDetails = Get-ADDomain
$Domain = $ADDetails.DNSRoot
Clear-Host

write-host "Importing Office 365 PowerShell Commandlets"
Write-Host -ForegroundColor White -BackgroundColor DarkBlue " **************** PLEASE ENTER OFFICE 365 ADMIN CREDENTIALS **************** "
$Office365Credential = Get-Credential
$Office365PowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Office365Credential -Authentication Basic -AllowRedirection
Import-PSSession $Office365PowerShell
Clear-Host

write-host " **************** Disable Active Directory User Account & Enable Out Of Office **************** "
write-host " "

# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail

# Prompt for AD Username
$Employee = Read-Host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties *
If ($EmployeeDetails.Manager -ne $null)
{
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
}

Clear-Host

# Prompt for confirmation
write-host " ******************************** CONFIRM USER DISABLE REQUEST ******************************** "
write-host " "
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
$EmployeeDetails | fl Name, Title, Company, @{ Expression = { $_.mail }; Label = "Email Address" }, @{Expression = { $_.Created }; Label = "Employment Started"}

$choice = " "
while ($choice -notmatch "[y|n]")
{
$choice = read-host "Do you want to continue? (Y/N)"
}

# Actions
if ($choice -eq "y")
{
Clear-Host
write-host " ******************************** DISABLING USER ACCOUNT ******************************** "
write-host " "
write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
Disable-ADAccount $Employee
write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
write-host " "
Move-ADObject -Identity $EmployeeDetails.DistinguishedName -targetpath "OU=Disabled User Accounts,DC=YOURDOMAIN,DC=SUFFIX"
write-host "Waiting 5 seconds for AD & Exchange OU update to complete"
sleep -Seconds 5
write-host " "
write-host "Refreshing Employee Details for Exchange Modification."
write-host " "
Get-ADUser $Employee -Properties Description | Format-List Name, Enabled, Description
write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
Set-MailboxAutoReplyConfiguration -Identity $EmployeeDetails.Mail -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for $($EmployeeDetails.company) as of $LeaveDate." -ExternalMessage "Please note that I no longer work for $($EmployeeDetails.company) as of $LeaveDate. Direct all correspondence to info@yourdomain.suffix."
Write-Host "Step 5. Disabling POP,IMAP, OWA and ActiveSync access for $User" -ForegroundColor Yellow
Set-CasMailbox -Identity $EmployeeDetails.mail -OWAEnabled $false -POPEnabled $false -ImapEnabled $false -ActiveSyncEnabled $false
Write-Host "Step 6. Placing mailbox $($EmployeeDetails.name) into Ligitgation hold for 7 years" -ForegroundColor Yellow
Set-Mailbox -Identity $EmployeeDetails.mail -LitigationHoldEnabled $true -LitigationHoldDuration 2555
Write-Host "Step 7. Hiding $($EmployeeDetails.name) from Global Address lists" -ForegroundColor Yellow
Set-ADUser -identity $Employee -add @{ msExchHideFromAddressLists = "True" }
Set-ADUser -instance $EmployeeDetails -whatif
If ($Manager.Mail -like "*@*")
{
Write-Host "Step 8. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient("youroffice365mailserveraddress")
$msg.From = "Support@yourdomain.suffix"
$msg.To.Add("$($Manager.Mail)")
$msg.subject = "IT Notification - Employee Leaver Confirmation"
$msg.body = "This email is confirm that $($EmployeeDetails.Name)'s account has been disabled. An out of office notification advising that $($EmployeeDetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days."
$smtp.Send($msg)
}
}else{
write-host " "
write-host "Employee disable request cancelled" -ForegroundColor Yellow
}

 

SCCM Viglen Client Driver Autodownload PowerShell Script

viglen

In October of 2016 I released a script that downloaded drivers and bios updates for Dell client systems and created associated driver packs in SCCM (https://modalyitblog.wordpress.com/2016/10/10/sccm-dell-client-bios-driver-autodownload-ps-script/).

A friend of mine works in the UK educational system as an admin and thought it would be nice to have a similar script for his environment, mainly consisting of the UK educational hardware builder Viglen.

So here is version 1.0 of the download script adjusted for Viglen client systems.

The below scripts requires you to specify your driver file share and your SCCM site server name as a variable, it then does the following;

  1. Queries SCCM for a full list of Viglen client products
  2. Downloads the driver INF zip file for each model
  3. Extract the driver INF zip
  4. Import the drivers in the extracted ZIP folder
  5. Create a Category based on the machine model
  6. Create a Driver Package based on the machine model
  7. Imports the associated drivers into the newly created Driver Package

The downloads are stored within sub-folders within the share you specified, e.g;

\\MySCCMServer\Drivers\Viglen 820s\Driver ZIP\
\\MySCCMServer\Drivers\Viglen 820s\Extracted Drivers\

This slideshow requires JavaScript.

PowerShell Script

To run the script use the following syntax;

.\ViglenSCCMDownload.ps1 -SiteServer YOURSITESERVER -RepositoryPath “\\YOURSERVER\DRIVERREPO\” -PackagePath “\\YOURSERVER\DRIVERPACKPATH”

The script has Windows 10 x64 specified, however you can change this under the #Define Operating Systems section. Note I have tested Windows 7 & 10 only during building this.


<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.128
Created on: 03/11/2016 13:00
Created by: Maurice Daly
Filename: ViglenSCCMDownloads.ps1
==========================================================================
.DESCRIPTION
This script allows you to automate the process of keeping your
driver sources up to date. The script reads the Viglen support download
site for models found within SCCM and then downloads the corresponding
drivers

Version 1.0
Initial release

Notes
You can skip the driver package creation process by changing the
$DriverPackageCreation variable to $False.
The system architecture can also be changed by modifying the
$Architecture variable and using x64 or x86
You can limit the number of concurrent jobs by specifying
your max value in the $MaxConcurrent jobs variable

To run the script use the following syntax;

.\ViglenSCCMDownload.ps1 -SiteServer YOURSITESERVER -RepositoryPath UNCTEMPDRIVERPATH -PackagePath UNCDRIVERPACKAGEPATH

To re-enable error messaging for troubleshooting purpose
comment out the Error and Warning Preference values below

Use : This script is provided as it and I accept no responsibility for
any issues arising from its use.

Twitter : @modaly_it
Blog : https://modalyitblog.wordpress.com/
#>

# Define SCCM Site Server
[CmdletBinding(SupportsShouldProcess = $true)]
param (
[parameter(Mandatory = $true, HelpMessage = "Site server where the SMS Provider is installed", Position = 1)]
[ValidateNotNullOrEmpty()]
[ValidateScript({ Test-Connection -ComputerName $_ -Count 1 -Quiet })]
[string]$SiteServer,
[parameter(Mandatory = $true, HelpMessage = "UNC path for downloading and extracting drivers")]
[ValidateNotNullOrEmpty()]
[ValidateScript({ Test-Path $_ })]
[string]$RepositoryPath,
[parameter(Mandatory = $true, HelpMessage = "UNC path of your driver package repository")]
[ValidateNotNullOrEmpty()]
[ValidateScript({ Test-Path $_ })]
[string]$PackagePath
)

$ErrorActionPreference = 'SilentlyContinue'
$WarningPreference = 'SilentlyContinue'

# Import SCCM PowerShell Module
Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"

# Define Maximum Number Of Simultaneously Running Jobs
$MaxConcurrentJobs = 5

# Query SCCM Site Code
function QuerySiteCode ($SiteServer)
{
Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
$SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
foreach ($SiteCodeObject in $SiteCodeObjects)
{
if ($SiteCodeObject.ProviderForLocalSite -eq $true)
{
$SiteCode = $SiteCodeObject.SiteCode
Write-Debug "SiteCode: $($SiteCode)"

}
}
Return [string]$SiteCode
}

function QueryModels ($SiteCode)
{
# ArrayList to store the Viglen models in
$ViglenProducts = New-Object -TypeName System.Collections.ArrayList
# Enumerate through all models
#$Models = "VIG430P","VIG665W","Vig670W","Vig800S","Vig820S","Vig830S"
$Models = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_G_System_COMPUTER_SYSTEM | Select-Object -Property Model | Where-Object { $_.Model -like "*Vig*" }
# Add model to ArrayList if not present
if ($Models -ne $null)
{
foreach ($Model in $Models)
{
if ($Model.Model -notin $ViglenProducts)
{
$ViglenProducts.Add($Model.Model) | Out-Null
}
}
}
#$ViglenProducts = "VIG430P", "VIG665W", "Vig670W", "Vig800S", "Vig820S", "Vig830S"
Return $ViglenProducts
}

function StartDownloadAndPackage ($PackagePath, $RepositoryPath)
{
$RunDownloadJob = {
Param ($Model,
$SiteCode,
$PackagePath,
$RepositoryPath)

# =================== DEFINE VARIABLES =====================

# Directory used for driver downloads
$DriverRepositoryRoot = ($RepositoryPath.Trimend("\") + "\Viglen\")
Write-Host "Driver package path set to $DriverRepositoryRoot"

# Directory used by SCCM for driver package
$DriverPackageRoot = ($PackagePath.Trimend("\") + "\Viglen\")
Write-Host "Driver package path set to $DriverPackageRoot"

# Define Operating System
$OperatingSystem = "Windows"
$OperatingSystemVersion = "10"
$Architecture = "64"

# Define Viglen Download Sources
$ViglenBaseURL = "http://download.viglen.co.uk"
$ViglenDownloadList = "/files/Motherboards/"
$ViglenBIOSFolder = "BIOS/"
$ViglenDriverFolder = "Drivers/"

# Import Driver Packs?
$DriverPackCreation = $true

# Import SCCM PowerShell Module
Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"

# =================== INITIATE DOWNLOADS ===================

Write-Host "Getting download URL for Viglen client model: $Model"
$ModelLink = (Invoke-WebRequest -Uri ($ViglenBaseURL + $ViglenDownloadList) -UseBasicParsing).Links | Where-Object { $_.href -like "*$Model*" }
$ModelURL = ($ViglenBaseURL + $ModelLink.href)

# Correct slash direction issues
$ModelURL = $ModelURL.Replace("\", "/")

# ============= SCCM Driver Cab Download ==================

Write-Host "Getting SCCM driver pack link for model: $Model"
$ViglenInfFolder = (((Invoke-WebRequest -Uri ($ModelURL + $ViglenDriverFolder) -UseBasicParsing).links | Where-Object { $_.href -like "*INF*" }).href | Split-Path -Leaf) + "/"
$SCCMDriverDownload = ((Invoke-WebRequest -Uri ($ModelURL + $ViglenDriverFolder + $ViglenInfFolder) -UseBasicParsing).Links | Where-Object { $_.href -like "*$($OperatingSystem.trim("dows"))*$OperatingSystemVersion*.zip" } | Select-Object -Last 1).href
if ($SCCMDriverDownload -eq $null)
{
# Check for driver folder for specified OS
$DriverOSSubFolder = ((Invoke-WebRequest -Uri ($ModelURL + $ViglenDriverFolder + $ViglenInfFolder) -UseBasicParsing).Links | Where-Object { $_.outerHTML -like "*$OperatingSystem*$OperatingSystemVersion*" }).href | Split-Path -Leaf
if ($DriverOSSubFolder -eq $null)
{
Write-Host -ForegroundColor White -BackgroundColor Red "Driver does not exist for $Model running $OperatingSystem $OperatingSystemVersion"
Break
}
else
{
$SCCMDriverDownload = ((Invoke-WebRequest -Uri ($ModelURL + $ViglenDriverFolder + $ViglenInfFolder + $DriverOSSubFolder) -UseBasicParsing).Links | Where-Object { $_.href -like "*$($OperatingSystem.trim("dows"))*$OperatingSystemVersion*.zip" } | Select-Object -Last 1).href
}
}
else
{
# $SCCMDriverDownload = $SCCMDriverDownload.href
}

$SCCMDriverZIP = ($SCCMDriverDownload | Split-Path -Leaf)

# Check for destination directory, create if required and download the driver zip
if ((Test-Path -Path ($DriverRepositoryRoot + $Model + "\Driver ZIP\")) -eq $true)
{
if ((Test-Path -Path ($DriverRepositoryRoot + $Model + "\Driver ZIP\" + $SCCMDriverZIP)) -eq $true)
{
Write-Host -ForegroundColor Yellow "Skipping $SCCMDriverZIP... File already downloaded..."
$SkipDriver = $true
}
else
{
Start-BitsTransfer -Source ($ViglenBaseURL + $SCCMDriverDownload) -Destination ($DriverRepositoryRoot + $Model + "\Driver ZIP\" + $SCCMDriverZIP) -DisplayName "Downloading $Model driver ZIP file"
$SkipDriver = $false
}
}
else
{
Write-Host -ForegroundColor Green "Creating $Model download folder"
New-Item -Type dir -Path ($DriverRepositoryRoot + $Model + "\Driver ZIP")
Start-BitsTransfer -Source ($ViglenBaseURL + $SCCMDriverDownload) -Destination ($DriverRepositoryRoot + $Model + "\Driver ZIP\" + $SCCMDriverZIP) -DisplayName "Downloading $Model driver ZIP file"
}

# =================== CREATE DRIVER PACKAGE AND IMPORT DRIVERS ===================

Write-Host -ForegroundColor Green "Starting extract and import process"
$DriverSourceFile = ($DriverRepositoryRoot + $Model + "\Driver ZIP\" + $SCCMDriverZIP)
$DriverExtractDest = ($DriverRepositoryRoot + $Model + "\Extracted Drivers")
$DriverPackageDir = ($DriverSourceFile | Split-Path -Leaf)
$DriverPackageDir = $DriverPackageDir.Substring(0, $DriverPackageDir.length - 4)
$DriverFileDest = $DriverPackageRoot + "Viglen\" + $DriverPackageDir

if ($DriverPackCreation -eq $true)
{
if ((Test-Path -Path $DriverExtractDest) -eq $false)
{
New-Item -Type dir -Path $DriverExtractDest
}
else
{
Get-ChildItem -Path $DriverExtractDest -Recurse | Remove-Item -Recurse -Force
}
New-Item -Type dir -Path $DriverFileDest
Set-Location -Path ($SiteCode + ":")
$CMDDriverPackage = "Viglen " + $Model + " " + $OperatingSystem + " " + $OperatingSystemVersion + " " + $Architecture + "bit"
if (Get-CMDriverPackage -Name $CMDDriverPackage)
{
Write-Host -ForegroundColor Yellow "Skipping.. Driver package already exists.."
}
else
{
Write-Host -ForegroundColor Green "Creating driver package"
Set-Location -Path $env:SystemDrive
Add-Type -assembly "system.io.compression.filesystem"
[io.compression.zipfile]::ExtractToDirectory($DriverSourceFile, $DriverExtractDest)
$DriverINFFiles = Get-ChildItem -Path $DriverExtractDest -Recurse -Filter "*.inf"
}
Set-Location -Path ($SiteCode + ":")
New-CMDriverPackage -Name $CMDDriverPackage -path ($DriverPackageRoot + $Model + "\" + $OperatingSystem + " " + $OperatingSystemVersion + "\" + $Architecture)
if (Get-CMCategory -CategoryType DriverCategories -name ("Viglen " + $Model))
{
Write-Host -ForegroundColor Yellow "Category already exists"
$DriverCategory = Get-CMCategory -CategoryType DriverCategories -name ("Viglen " + $Model)
}
else
{
Write-Host -ForegroundColor Green "Creating category"
$DriverCategory = New-CMCategory -CategoryType DriverCategories -name ("Viglen " + $Model)
}
$DriverPackage = Get-CMDriverPackage -Name $CMDDriverPackage
foreach ($DriverINF in $DriverINFFiles)
{
$DriverInfo = Import-CMDriver -UncFileLocation ($DriverINF.FullName) -ImportDuplicateDriverOption AppendCategory -EnableAndAllowInstall $True -AdministrativeCategory $DriverCategory | Select-Object *
Add-CMDriverToDriverPackage -DriverID $DriverInfo.CI_ID -DriverPackageName $CMDDriverPackage
}
}
Set-Location -Path $env:SystemDrive
}
$TotalModelCount = $ViglenProducts.Count
$RemainingModels = $TotalModelCount
foreach ($Model in $ViglenProducts)
{
write-progress -activity "Initiate Driver Download & Driver Package Jobs" -status "Progress:" -percentcomplete (($TotalModelCount - $RemainingModels)/$TotalModelCount * 100)
$RemainingModels--
$Check = $false
while ($Check -eq $false)
{
if ((Get-Job -State 'Running').Count -lt $MaxConcurrentJobs)
{
Start-Job -ScriptBlock $RunDownloadJob -ArgumentList $Model, $SiteCode, $PackagePath, $RepositoryPath -Name ($Model + " Download")
$Check = $true
}
}
}
Get-Job | Wait-Job | Receive-Job
Get-Job | Remove-Job
}


# Get SCCM Site Code
$SiteCode = QuerySiteCode ($SiteServer)

Write-Debug $PackagePath
Write-Debug $RepositoryPath

if ($SiteCode -ne $null)
{
# Query Viglen Products in SCCM using QueryModels function
$ViglenProducts = QueryModels ($SiteCode)
# Output the members of the ArrayList
if ($ViglenProducts.Count -ge 1)
{
foreach ($ModelItem in $ViglenProducts)
{
$PSObject = [PSCustomObject]@{
"Viglen Models Found" = $ModelItem
}
Write-Output $PSObject
}
}
# Start download, extract, import and package process
Write-Host -ForegroundColor Green "Starting download, extract, import and driver package build process.."
StartDownloadAndPackage ($PackagePath) ($RepositoryPath) ($SiteCode)
}

SCCM Dell Client Bios & Driver Autodownload PowerShell Script

dell
If you are a Dell hardware house then this script might come in useful for you.

As you are probably aware Dell provide excellent support for SCCM deployments via their Dell Command integration software and up to date driver cab files via their Enterprise Client Deployment site at http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-command-deploy-driver-packs-for-enterprise-client-os-deployment.

dellsccmscreen1

When I was refreshing my driver and bios update file repository I got thinking wouldn’t it be nice if I could just run a script that would download these update files based on the models of Dell client systems listed in my SCCM device collections?.

I found a script on Dustin Hedges blog (https://deploymentramblings.wordpress.com/2014/04/17/downloading-dell-driver-cab-files-automagically-with-the-driver-pack-catalog/) but I wanted to automate this further.

So here is my resulting effort. The below scripts requires you to specify your driver file share and your SCCM site server name as a variable, it then does the following;

  1. Queries SCCM for a full list of Dell enterprise client products (Optiplex & Latitude)
  2. Downloads BIOS updates for each model
  3. Downloads the driver CAB for each model
  4. Extract the driver CAB
  5. Import the drivers in the extracted CAB folder
  6. Create a Category based on the machine model
  7. Create a Driver Package based on the machine model and filename
  8. Imports the associated drivers into the newly created Driver Package
  9. Creates a BIOS Update Package based on machine model
  10. Creates a BIOS update deployment PowerShell script for each model using the latest BIOS update and silent switches

Progress bars have also been added for both the system model and driver import stage.

The downloads are stored within sub-folders within the share you specified, e.g;

\\MySCCMServer\Drivers\Dell Optiplex 7040\BIOS
\\MySCCMServer\Drivers\Dell Optiplex 7040\Driver Cabs\

This slideshow requires JavaScript.

Automatically created SCCM Driver Packages:

dellsccmscreen7

SCCM Driver Package Contents;

dellsccmscreen8

 

Multi-Threaded Script

To run the script use the following syntax;

.\DellDownloads.ps1 -SiteServer YOURSITESERVER -RepositoryPath “\\YOURSERVER\DRIVERREPO\” -PackagePath “\\YOURSERVER\DRIVERPACKPATH”

dellmultithread
Multi-Thread Script In Use (Running Code in PS Console)

Task Sequence BIOS Update Script

In the latest release BIOS packaging is included, it also generates a PowerShell script for use at deployment time which is contained within the BIOS folder of the model and uses the latest BIOS exe with silent switches for a silent upgrade.

Note: If you are using a BIOS setup password (which you should be), you will need to specify this within the script (unless you want me to update the script to look for this run running it from the shell).

Modify the following line – $BIOSSwitches = ” -noreboot -nopause /p=%YOURBIOSPASSWORD ”

This slideshow requires JavaScript.

 

UPDATE LOG

08/11/2016
The script has been updated with the following functionality;

  1. Creates BIOS packages for each model downloaded
  2. Creates a deployment PowerShell script containing the latest BIOS exe name and switches for a silent / no reboot update of the BIOS
  3. If the script is re-run it will automatically update the BIOS exe to use in the deployment PS script and update the distribution points.

28/10/2016
As a response to feedback, I have added a $MaxConcurrent jobs variable into the multi-threaded script that lets you specify the max number of jobs in order to control CPU utilization.

26/10/2016
I have added in an additional script below which is multi-threaded. This should help reduce the overall time to download, extract and create the driver packages in large environments with a wide range of models.

16/10/2016
Additional functionality has been added to now automate the process of extracting the CAB, creating computer categories, import the drivers into SCCM and create a driver pack for each of the models / driver packs downloaded.

Script Download Link – https://gallery.technet.microsoft.com/scriptcenter/SCCM-Dell-Client-Bios-ee577b04?redir=0

<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.128
Created on: 16/10/2016 13:00
Created by: Maurice Daly
Filename: DellDownloads.ps1
===========================================================================
.DESCRIPTION
This script allows you to automate the process of keeping your Dell
driver and BIOS update sources up to date. The script reads the Dell
SCCM driver pack site for models you have specified and then downloads
the corresponding latest driver packs and BIOS updates.

Version 1.0
Retreive Dell models and download BIOS and Driver Packs
Version 2.0
Added driver CAB file extract, create new driver pack, category creation
and import driver functions.
Version 2.1
Added multi-threading
Version 2.2
Added Max Concurrent jobs setting for limiting CPU utilisation
Version 2.3
Replaced Invoke-WebRequest download with BITS enabled downloads for
improved performance
Version 2.4
Updated code and separated functions. Added required variables via commandline
Version 3.0
Creates BIOS Packages for each model and writes update powershell file for deployment
with SCCM.

Notes
You can skip the driver package creation process by changing the
$DriverPackageCreation variable to $False.
The system architecture can also be changed by modifying the
$Architecture variable and using x64 or x86

To re-enable error messaging for troubleshooting purpose
comment out the Error and Warning Preference values below

Use : This script is provided as it and I accept no responsibility for
any issues arising from its use.

Twitter : @modaly_it
Blog : https://modalyitblog.com/
#>
[CmdletBinding(SupportsShouldProcess = $true)]
param (
[parameter(Mandatory = $true, HelpMessage = "Site server where the SMS Provider is installed", Position = 1)]
[ValidateNotNullOrEmpty()]
[ValidateScript({ Test-Connection -ComputerName $_ -Count 1 -Quiet })]
[string]$SiteServer,
[parameter(Mandatory = $true, HelpMessage = "UNC path for downloading and extracting drivers")]
[ValidateNotNullOrEmpty()]
[ValidateScript({ Test-Path $_ })]
[string]$RepositoryPath,
[parameter(Mandatory = $true, HelpMessage = "UNC path of your driver package repository")]
[ValidateNotNullOrEmpty()]
[ValidateScript({ Test-Path $_ })]
[string]$PackagePath
)

$ErrorActionPreference = 'SilentlyContinue'
$WarningPreference = 'SilentlyContinue'

# Define Maximum Number Of Simultaneously Running Jobs
$MaxConcurrentJobs = 5

$ErrorActionPreference = 'SilentlyContinue'
$WarningPreference = 'SilentlyContinue'

# Import SCCM PowerShell Module
$ModuleName = (get-item $env:SMS_ADMIN_UI_PATH).parent.FullName + "\ConfigurationManager.psd1"
Import-Module $ModuleName

# Query SCCM Site Code
function QuerySiteCode ($SiteServer)
{
Write-Debug "Determining SiteCode for Site Server: '$($SiteServer)'"
$SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
foreach ($SiteCodeObject in $SiteCodeObjects)
{
if ($SiteCodeObject.ProviderForLocalSite -eq $true)
{
$SiteCode = $SiteCodeObject.SiteCode
Write-Debug "SiteCode: $($SiteCode)"

}
}
Return [string]$SiteCode
}

function QueryModels ($SiteCode)
{
# ArrayList to store the Dell models in
$DellProducts = New-Object -TypeName System.Collections.ArrayList
# Enumerate through all models
$Models = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_G_System_COMPUTER_SYSTEM | Select-Object -Property Model | Where-Object { ($_.Model -like "*Optiplex*") -or ($_.Model -like "*Latitude*") }
# Add model to ArrayList if not present
if ($Models -ne $null)
{
foreach ($Model in $Models)
{
if ($Model.Model -notin $DellProducts)
{
$DellProducts.Add($Model.Model) | Out-Null
}
}
}
Return $DellProducts
}

function StartDownloadAndPackage ($PackagePath, $RepositoryPath, $SiteCode, $DellProducts)
{
$RunDownloadJob = {
Param ($Model,
$SiteCode,
$PackagePath,
$RepositoryPath)

# =================== DEFINE VARIABLES =====================
# Import SCCM PowerShell Module
$ModuleName = (get-item $env:SMS_ADMIN_UI_PATH).parent.FullName + "\ConfigurationManager.psd1"
Import-Module $ModuleName

# Directory used for driver downloads
$DriverRepositoryRoot = ($RepositoryPath.Trimend("\") + "\Dell\")
Write-Host "Driver package path set to $DriverRepositoryRoot"

# Directory used by SCCM for driver package
$DriverPackageRoot = $PackagePath
Write-Host "Driver package path set to $DriverPackageRoot"

# Define Operating System
$OperatingSystem = "Windows 10"
$Architecture = "x64"

# Define Dell Download Sources
$DellDownloadList = "http://downloads.dell.com/published/Pages/index.html"
$DellDownloadBase = "http://downloads.dell.com"
$DellSCCMDriverList = "http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-command-deploy-driver-packs-for-enterprise-client-os-deployment"
$DellSCCMBase = "http://en.community.dell.com"

# Import Driver Packs?
$DriverPackCreation = $true

# =================== INITIATE DOWNLOADS ===================

# ============= BIOS Upgrade Download ==================

Write-Host "Getting download URL for Dell client model: $Model"
$ModelLink = (Invoke-WebRequest -Uri $DellDownloadList).Links | Where-Object { $_.outerText -eq $Model }
$ModelURL = (Split-Path $DellDownloadList -Parent) + "/" + ($ModelLink.href)

# Correct slash direction issues
$ModelURL = $ModelURL.Replace("\", "/")
$BIOSDownload = (Invoke-WebRequest -Uri $ModelURL -UseBasicParsing).Links | Where-Object { ($_.outerHTML -like "*BIOS*") -and ($_.outerHTML -like "*WINDOWS*") } | select -First 1
$BIOSFile = $BIOSDownload.href | Split-Path -Leaf

# Check for destination directory, create if required and download the BIOS upgrade file
if ((Test-Path -Path ($DriverRepositoryRoot + $Model + "\BIOS")) -eq $true)
{
if ((Test-Path -Path ($DriverRepositoryRoot + $Model + "\BIOS\" + $BIOSFile)) -eq $false)
{
Write-Host -ForegroundColor Green "Downloading $($BIOSFile) BIOS update file"
# Invoke-WebRequest ($DellDownloadBase + $BIOSDownload.href) -OutFile ($DriverRepositoryRoot + $Model + "\BIOS\" + $BIOSFile) -UseBasicParsing
Start-BitsTransfer ($DellDownloadBase + $BIOSDownload.href) -Destination ($DriverRepositoryRoot + $Model + "\BIOS\" + $BIOSFile)
}
else
{
Write-Host -ForegroundColor Yellow "Skipping $BIOSFile... File already downloaded..."
}
}
else
{
Write-Host -ForegroundColor Green "Creating $Model download folder"
New-Item -Type dir -Path ($DriverRepositoryRoot + $Model + "\BIOS")
Write-Host -ForegroundColor Green "Downloading $($BIOSFile) BIOS update file"
# Invoke-WebRequest ($DellDownloadBase + $BIOSDownload.href) -OutFile ($DriverRepositoryRoot + $Model + "\BIOS\" + $BIOSFile) -UseBasicParsing
Start-BitsTransfer ($DellDownloadBase + $BIOSDownload.href) -Destination ($DriverRepositoryRoot + $Model + "\BIOS\" + $BIOSFile)
}

# ============= SCCM Driver Cab Download ==================

Write-Host "Getting SCCM driver pack link for model: $Model"
$ModelLink = (Invoke-WebRequest -Uri $DellSCCMDriverList -UseBasicParsing).Links | Where-Object { ($_.outerHTML -like "*$Model*") -and ($_.outerHTML -like "*$OperatingSystem*") } | select -First 1
$ModelURL = $DellSCCMBase + ($ModelLink.href)

# Correct slash direction issues
$ModelURL = $ModelURL.Replace("\", "/")
$SCCMDriverDownload = (Invoke-WebRequest -Uri $ModelURL -UseBasicParsing).Links | Where-Object { $_.href -like "*.cab" }
$SCCMDriverCab = $SCCMDriverDownload.href | Split-Path -Leaf

# Check for destination directory, create if required and download the driver cab
if ((Test-Path -Path ($DriverRepositoryRoot + $Model + "\Driver Cab\")) -eq $true)
{
if ((Test-Path -Path ($DriverRepositoryRoot + $Model + "\Driver Cab\" + $SCCMDriverCab)) -eq $false)
{
Write-Host -ForegroundColor Green "Downloading $($SCCMDriverCab) driver cab file"
# Invoke-WebRequest ($SCCMDriverDownload.href) -OutFile ($DriverRepositoryRoot + $Model + "\Driver Cab\" + $SCCMDriverCab) -UseBasicParsing
Start-BitsTransfer -Source ($SCCMDriverDownload.href) -Destination ($DriverRepositoryRoot + $Model + "\Driver Cab\" + $SCCMDriverCab)
$SkipDriver = $false
}
else
{
Write-Host -ForegroundColor Yellow "Skipping $SCCMDriverCab... File already downloaded..."
$SkipDriver = $true
}
}
else
{
Write-Host -ForegroundColor Green "Creating $Model download folder"
New-Item -Type dir -Path ($DriverRepositoryRoot + $Model + "\Driver Cab")
Write-Host -ForegroundColor Green "Downloading $($SCCMDriverCab) driver cab file"
#Invoke-WebRequest ($SCCMDriverDownload.href) -OutFile ($DriverRepositoryRoot + $Model + "\Driver Cab\" + $SCCMDriverCab)
Start-BitsTransfer -Source ($SCCMDriverDownload.href) -Destination ($DriverRepositoryRoot + $Model + "\Driver Cab\" + $SCCMDriverCab)
}

# =================== CREATE BIOS UPDATE PACKAGE ===========================

$BIOSUpdatePackage = ("Dell" + " " + $Model + " " + "BIOS UPDATE")
$BIOSUpdateRoot = ($DriverRepositoryRoot + $Model + "\BIOS\")

Set-Location -Path ($SiteCode + ":")
if ((Get-CMPackage -name $BIOSUpdatePackage) -eq $null)
{
Write-Host -ForegroundColor Green "Creating BIOS Package"
New-CMPackage -Name "$BIOSUpdatePackage" -Path $BIOSUpdateRoot -Description "Dell $Model BIOS Updates" -Manufacturer "Dell" -Language English
}
Set-Location -Path $env:SystemDrive
$BIOSUpdateScript = ($BIOSUpdateRoot + "BIOSUpdate.ps1")
$CurrentBIOSFile = Get-ChildItem -Path $BIOSUpdateRoot -Filter *.exe -Recurse | Sort-Object $_.LastWriteTime | select -First 1
if ((Test-Path -Path $BIOSUpdateScript) -eq $False)
{
# Create BIOSUpdate.ps1 Deployment Script
New-Item -Path ($BIOSUpdateRoot + "BIOSUpdate.ps1") -ItemType File
$BIOSSwitches = " -noreboot -nopause "
Add-Content -Path $BIOSUpdateScript ('$CurrentBIOSFile=' + '"' + $($CurrentBIOSFile.name) + '"')
Add-Content -Path $BIOSUpdateScript ('$BIOSSwitches=' + '"' + $($BIOSSwitches) + '"')
Add-Content -Path $BIOSUpdateScript ('Start-Process $CurrentBIOSFile -ArgumentList $BIOSSwitches')
}
else
{
# Check if older BIOS update exists and update BIOSUpdate deployment script
$BIOSFileCount = (Get-ChildItem -Path $BIOSUpdateRoot -Filter *.exe -Recurse).count
if ($BIOSFileCount -gt 1)
{
$OldBIOSFiles = Get-ChildItem -Path $BIOSUpdateRoot -Filter *.exe -Recurse | Where-Object { $_.Name -ne $CurrentBIOSFile.name }

foreach ($OldBIOS in $OldBIOSFiles)
{
(Get-Content -Path $BIOSUpdateScript) -replace $OldBIOS.name, $CurrentBIOSFile.name | Set-Content -Path $BIOSUpdateScript
}
}
}
# Refresh Distribution Points
Get-CMPackage -name $BIOSUpdatePackage | Update-CMDistributionPoint
}

# =================== CREATE DRIVER PACKAGE AND IMPORT DRIVERS ===================

$DriverSourceCab = ($DriverRepositoryRoot + $Model + "\Driver Cab\" + $SCCMDriverCab)
$DriverExtractDest = ($DriverRepositoryRoot + $Model + "\Extracted Drivers")
$DriverPackageDir = ($DriverSourceCab | Split-Path -Leaf)
$DriverPackageDir = $DriverPackageDir.Substring(0, $DriverPackageDir.length - 4)
$DriverCabDest = $DriverPackageRoot + "\Dell\" + $DriverPackageDir

if ($DriverPackCreation -eq $true)
{
if ((Test-Path -Path $DriverExtractDest) -eq $false)
{
New-Item -Type dir -Path $DriverExtractDest
}
else
{
Get-ChildItem -Path $DriverExtractDest -Recurse | Remove-Item -Recurse -Force
}
New-Item -Type dir -Path $DriverCabDest
Set-Location -Path ($SiteCode + ":")
$CMDDriverPackage = "Dell " + $Model + " " + "(" + $DriverPackageDir + ")" + " " + $Architecture
if (Get-CMDriverPackage -Name $CMDDriverPackage)
{
Write-Host -ForegroundColor Yellow "Skipping.. Driver package already exists.."
}
else
{
Write-Host -ForegroundColor Green "Creating driver package"
Set-Location -Path $env:SystemDrive
Expand "$DriverSourceCab" -F:* "$DriverExtractDest"
$DriverINFFiles = Get-ChildItem -Path $DriverExtractDest -Recurse -Filter "*.inf" | Where-Object { $_.FullName -like "*$Architecture*" }
Set-Location -Path ($SiteCode + ":")
# Get-Location | Out-File -FilePath C:\Location2.txt
New-CMDriverPackage -Name $CMDDriverPackage -path ($DriverPackageRoot + "\Dell\" + $DriverPackageDir + "\" + $OperatingSystem + "\" + $Architecture)
if (Get-CMCategory -CategoryType DriverCategories -name ("Dell " + $Model))
{
Write-Host -ForegroundColor Yellow "Category already exists"
$DriverCategory = Get-CMCategory -CategoryType DriverCategories -name ("Dell " + $Model)
}
else
{
Write-Host -ForegroundColor Green "Creating category"
$DriverCategory = New-CMCategory -CategoryType DriverCategories -name ("Dell " + $Model)
}
$DriverPackage = Get-CMDriverPackage -Name $CMDDriverPackage
foreach ($DriverINF in $DriverINFFiles)
{
$DriverInfo = Import-CMDriver -UncFileLocation ($DriverINF.FullName) -ImportDuplicateDriverOption AppendCategory -EnableAndAllowInstall $True -AdministrativeCategory $DriverCategory | Select-Object *
Add-CMDriverToDriverPackage -DriverID $DriverInfo.CI_ID -DriverPackageName $CMDDriverPackage
}
}
Set-Location -Path $env:SystemDrive
}

$TotalModelCount = $DellProducts.Count
$RemainingModels = $TotalModelCount
foreach ($Model in $DellProducts)
{
write-progress -activity "Initiate Driver Download &amp;amp;amp; Driver Package Jobs" -status "Progress:" -percentcomplete (($TotalModelCount - $RemainingModels)/$TotalModelCount * 100)
$RemainingModels--
$Check = $false
while ($Check -eq $false)
{
if ((Get-Job -State 'Running').Count -lt $MaxConcurrentJobs)
{
Start-Job -ScriptBlock $RunDownloadJob -ArgumentList $Model, $SiteCode, $PackagePath, $RepositoryPath -Name ($Model + " Download")
$Check = $true
}
}
}
Get-Job | Wait-Job | Receive-Job
Get-Job | Remove-Job
}

# Get SCCM Site Code
$SiteCode = QuerySiteCode ($SiteServer)

Write-Debug $PackagePath
Write-Debug $RepositoryPath

if ($SiteCode -ne $null)
{
# Query Dell Products in SCCM using QueryModels function
$DellProducts = QueryModels ($SiteCode)
# Output the members of the ArrayList
if ($DellProducts.Count -ge 1)
{
foreach ($ModelItem in $DellProducts)
{
$PSObject = [PSCustomObject]@{
"Dell Models Found" = $ModelItem
}
Write-Output $PSObject
Write-Debug $PSObject
}
}
# Start download, extract, import and package process
Write-Host -ForegroundColor Green "Starting download, extract, import and driver package build process.."
StartDownloadAndPackage ($PackagePath) ($RepositoryPath) ($SiteCode) ($DellProducts)
}

Custom PowerShell Reboot GUI

When deploying software via SCCM I thought wouldn’t it be nice if there was greater flexibility regarding system reboot prompts for the end user. Sure you can enable a maintenance window and push your software out during that time, but we have at times been caught where a software push is needed during business hours.

So I came up with this PowerShell script which you can run as part of a task sequence when deploying emergency/unscheduled software installs. The script generates a GUI which provides the end-user with three options;

  1. Restart the computer
  2. Schedule a restart (note in here I have hard-coded this for 6pm)
  3. Cancel the restart

The script also starts a count-down timer to automatically restart the computer after 3 minutes if no user interaction occurs.

customrestart

Example Script Use – SCCM TS

In the below example we are going to create a Package in SCCM which contains the script file, you will also need to include two exe files from MDT which allow you to run the script in interactive mode.

Locate ServiceUI.exe and TSProgressUI.exe (obviously picking the x86 or x64 where applicable) and add these into your package source. You should have something that looks like this ;

rebootfiles

Now add a Run Command Line entry into your TS and use the following command line;

ServiceUI.exe -process:TSProgressUI.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File CustomRestart.ps1

rebootts

When the Task Sequence is run, you should now have the restart prompt appear;

rebootcapture

Script Source


<#
 .NOTES
 --------------------------------------------------------------------------------
 Code generated by: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.128
 Generated on: 04/10/2016 10:13
 Generated by: Maurice.Daly
 --------------------------------------------------------------------------------
 .DESCRIPTION
 Provides an reboot prompt which counts down from 3 minutes and allows the
 end user to schedule or cancel the reboot.
#>

#----------------------------------------------
#region Import Assemblies
#----------------------------------------------
[void][Reflection.Assembly]::Load('System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089')
[void][Reflection.Assembly]::Load('System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089')
[void][Reflection.Assembly]::Load('System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a')
#endregion Import Assemblies

#Define a Param block to use custom parameters in the project
#Param ($CustomParameter)

function Main {
<#
 .SYNOPSIS
 The Main function starts the project application.

 .PARAMETER Commandline
 $Commandline contains the complete argument string passed to the script packager executable.

 .NOTES
 Use this function to initialize your script and to call GUI forms.

 .NOTES
 To get the console output in the Packager (Forms Engine) use:
 $ConsoleOutput (Type: System.Collections.ArrayList)
#>
 Param ([String]$Commandline)

 #--------------------------------------------------------------------------
 #TODO: Add initialization script here (Load modules and check requirements)

 #--------------------------------------------------------------------------

 if((Call-MainForm_psf) -eq 'OK')
 {

 }

 $global:ExitCode = 0 #Set the exit code for the Packager
}

#endregion Source: Startup.pss

#region Source: MainForm.psf
function Call-MainForm_psf
{

 #----------------------------------------------
 #region Import the Assemblies
 #----------------------------------------------
 [void][reflection.assembly]::Load('System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089')
 [void][reflection.assembly]::Load('System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089')
 [void][reflection.assembly]::Load('System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a')
 #endregion Import Assemblies

 #----------------------------------------------
 #region Generated Form Objects
 #----------------------------------------------
 [System.Windows.Forms.Application]::EnableVisualStyles()
 $MainForm = New-Object 'System.Windows.Forms.Form'
 $panel2 = New-Object 'System.Windows.Forms.Panel'
 $ButtonCancel = New-Object 'System.Windows.Forms.Button'
 $ButtonSchedule = New-Object 'System.Windows.Forms.Button'
 $ButtonRestartNow = New-Object 'System.Windows.Forms.Button'
 $panel1 = New-Object 'System.Windows.Forms.Panel'
 $labelITSystemsMaintenance = New-Object 'System.Windows.Forms.Label'
 $labelSecondsLeftToRestart = New-Object 'System.Windows.Forms.Label'
 $labelTime = New-Object 'System.Windows.Forms.Label'
 $labelInOrderToApplySecuri = New-Object 'System.Windows.Forms.Label'
 $timerUpdate = New-Object 'System.Windows.Forms.Timer'
 $InitialFormWindowState = New-Object 'System.Windows.Forms.FormWindowState'
 #endregion Generated Form Objects

 #----------------------------------------------
 # User Generated Script
 #----------------------------------------------
 $TotalTime = 180 #in seconds

 $MainForm_Load={
 #TODO: Initialize Form Controls here
 $labelTime.Text = "{0:D2}" -f $TotalTime #$TotalTime
 #Add TotalTime to current time
 $script:StartTime = (Get-Date).AddSeconds($TotalTime)
 #Start the timer
 $timerUpdate.Start()
 }

 $timerUpdate_Tick={
 # Define countdown timer
 [TimeSpan]$span = $script:StartTime - (Get-Date)
 #Update the display
 $labelTime.Text = "{0:N0}" -f $span.TotalSeconds
 $timerUpdate.Start()
 if ($span.TotalSeconds -le 0)
 {
 $timerUpdate.Stop()
 Restart-Computer -Force
 }

 }

 $ButtonRestartNow_Click = {
 # Restart the computer immediately
 Restart-Computer -Force
 }

 $ButtonSchedule_Click={
 # Schedule restart for 6pm
 (schtasks /create /sc once /tn "Post Maintenance Restart" /tr "shutdown - r -f ""restart""" /st 18:00 /f)
 $MainForm.Close()
 }

 $ButtonCancel_Click={
 #TODO: Place custom script here
 $MainForm.Close()
 }

 $labelITSystemsMaintenance_Click={
 #TODO: Place custom script here

 }

 $panel2_Paint=[System.Windows.Forms.PaintEventHandler]{
 #Event Argument: $_ = [System.Windows.Forms.PaintEventArgs]
 #TODO: Place custom script here

 }

 $labelTime_Click={
 #TODO: Place custom script here

 }
 # --End User Generated Script--
 #----------------------------------------------
 #region Generated Events
 #----------------------------------------------

 $Form_StateCorrection_Load=
 {
 #Correct the initial state of the form to prevent the .Net maximized form issue
 $MainForm.WindowState = $InitialFormWindowState
 }

 $Form_StoreValues_Closing=
 {
 #Store the control values
 }

 $Form_Cleanup_FormClosed=
 {
 #Remove all event handlers from the controls
 try
 {
 $ButtonCancel.remove_Click($buttonCancel_Click)
 $ButtonSchedule.remove_Click($ButtonSchedule_Click)
 $ButtonRestartNow.remove_Click($ButtonRestartNow_Click)
 $panel2.remove_Paint($panel2_Paint)
 $labelITSystemsMaintenance.remove_Click($labelITSystemsMaintenance_Click)
 $labelTime.remove_Click($labelTime_Click)
 $MainForm.remove_Load($MainForm_Load)
 $timerUpdate.remove_Tick($timerUpdate_Tick)
 $MainForm.remove_Load($Form_StateCorrection_Load)
 $MainForm.remove_Closing($Form_StoreValues_Closing)
 $MainForm.remove_FormClosed($Form_Cleanup_FormClosed)
 }
 catch [Exception]
 { }
 }
 #endregion Generated Events

 #----------------------------------------------
 #region Generated Form Code
 #----------------------------------------------
 $MainForm.SuspendLayout()
 $panel2.SuspendLayout()
 $panel1.SuspendLayout()
 #
 # MainForm
 #
 $MainForm.Controls.Add($panel2)
 $MainForm.Controls.Add($panel1)
 $MainForm.Controls.Add($labelSecondsLeftToRestart)
 $MainForm.Controls.Add($labelTime)
 $MainForm.Controls.Add($labelInOrderToApplySecuri)
 $MainForm.AutoScaleDimensions = '6, 13'
 $MainForm.AutoScaleMode = 'Font'
 $MainForm.BackColor = 'White'
 $MainForm.ClientSize = '373, 279'
 $MainForm.MaximizeBox = $False
 $MainForm.MinimizeBox = $False
 $MainForm.Name = 'MainForm'
 $MainForm.ShowIcon = $False
 $MainForm.ShowInTaskbar = $False
 $MainForm.StartPosition = 'CenterScreen'
 $MainForm.Text = 'Systems Maintenance'
 $MainForm.TopMost = $True
 $MainForm.add_Load($MainForm_Load)
 #
 # panel2
 #
 $panel2.Controls.Add($ButtonCancel)
 $panel2.Controls.Add($ButtonSchedule)
 $panel2.Controls.Add($ButtonRestartNow)
 $panel2.BackColor = 'ScrollBar'
 $panel2.Location = '0, 205'
 $panel2.Name = 'panel2'
 $panel2.Size = '378, 80'
 $panel2.TabIndex = 9
 $panel2.add_Paint($panel2_Paint)
 #
 # ButtonCancel
 #
 $ButtonCancel.Location = '250, 17'
 $ButtonCancel.Name = 'ButtonCancel'
 $ButtonCancel.Size = '77, 45'
 $ButtonCancel.TabIndex = 7
 $ButtonCancel.Text = 'Cancel'
 $ButtonCancel.UseVisualStyleBackColor = $True
 $ButtonCancel.add_Click($buttonCancel_Click)
 #
 # ButtonSchedule
 #
 $ButtonSchedule.Font = 'Microsoft Sans Serif, 8.25pt, style=Bold'
 $ButtonSchedule.Location = '139, 17'
 $ButtonSchedule.Name = 'ButtonSchedule'
 $ButtonSchedule.Size = '105, 45'
 $ButtonSchedule.TabIndex = 6
 $ButtonSchedule.Text = 'Schedule - 6pm'
 $ButtonSchedule.UseVisualStyleBackColor = $True
 $ButtonSchedule.add_Click($ButtonSchedule_Click)
 #
 # ButtonRestartNow
 #
 $ButtonRestartNow.Font = 'Microsoft Sans Serif, 8.25pt, style=Bold'
 $ButtonRestartNow.ForeColor = 'DarkRed'
 $ButtonRestartNow.Location = '42, 17'
 $ButtonRestartNow.Name = 'ButtonRestartNow'
 $ButtonRestartNow.Size = '91, 45'
 $ButtonRestartNow.TabIndex = 0
 $ButtonRestartNow.Text = 'Restart Now'
 $ButtonRestartNow.UseVisualStyleBackColor = $True
 $ButtonRestartNow.add_Click($ButtonRestartNow_Click)
 #
 # panel1
 #
 $panel1.Controls.Add($labelITSystemsMaintenance)
 $panel1.BackColor = '0, 114, 198'
 $panel1.Location = '0, 0'
 $panel1.Name = 'panel1'
 $panel1.Size = '375, 67'
 $panel1.TabIndex = 8
 #
 # labelITSystemsMaintenance
 #
 $labelITSystemsMaintenance.Font = 'Microsoft Sans Serif, 14.25pt'
 $labelITSystemsMaintenance.ForeColor = 'White'
 $labelITSystemsMaintenance.Location = '11, 18'
 $labelITSystemsMaintenance.Name = 'labelITSystemsMaintenance'
 $labelITSystemsMaintenance.Size = '269, 23'
 $labelITSystemsMaintenance.TabIndex = 1
 $labelITSystemsMaintenance.Text = 'IT Systems Maintenance'
 $labelITSystemsMaintenance.TextAlign = 'MiddleLeft'
 $labelITSystemsMaintenance.add_Click($labelITSystemsMaintenance_Click)
 #
 # labelSecondsLeftToRestart
 #
 $labelSecondsLeftToRestart.AutoSize = $True
 $labelSecondsLeftToRestart.Font = 'Microsoft Sans Serif, 9pt, style=Bold'
 $labelSecondsLeftToRestart.Location = '87, 176'
 $labelSecondsLeftToRestart.Name = 'labelSecondsLeftToRestart'
 $labelSecondsLeftToRestart.Size = '155, 15'
 $labelSecondsLeftToRestart.TabIndex = 5
 $labelSecondsLeftToRestart.Text = 'Seconds left to restart :'
 #
 # labelTime
 #
 $labelTime.AutoSize = $True
 $labelTime.Font = 'Microsoft Sans Serif, 9pt, style=Bold'
 $labelTime.ForeColor = '192, 0, 0'
 $labelTime.Location = '237, 176'
 $labelTime.Name = 'labelTime'
 $labelTime.Size = '43, 15'
 $labelTime.TabIndex = 3
 $labelTime.Text = '00:60'
 $labelTime.TextAlign = 'MiddleCenter'
 $labelTime.add_Click($labelTime_Click)
 #
 # labelInOrderToApplySecuri
 #
 $labelInOrderToApplySecuri.Font = 'Microsoft Sans Serif, 9pt'
 $labelInOrderToApplySecuri.Location = '12, 84'
 $labelInOrderToApplySecuri.Name = 'labelInOrderToApplySecuri'
 $labelInOrderToApplySecuri.Size = '350, 83'
 $labelInOrderToApplySecuri.TabIndex = 2
 $labelInOrderToApplySecuri.Text = 'In order to apply security patches and updates for your system, your machine must be restarted. 

If you do not wish to restart you computer at this time please click on the cancel button below.'
 #
 # timerUpdate
 #
 $timerUpdate.add_Tick($timerUpdate_Tick)
 $panel1.ResumeLayout()
 $panel2.ResumeLayout()
 $MainForm.ResumeLayout()
 #endregion Generated Form Code

 #----------------------------------------------

 #Save the initial state of the form
 $InitialFormWindowState = $MainForm.WindowState
 #Init the OnLoad event to correct the initial state of the form
 $MainForm.add_Load($Form_StateCorrection_Load)
 #Clean up the control events
 $MainForm.add_FormClosed($Form_Cleanup_FormClosed)
 #Store the control values when form is closing
 $MainForm.add_Closing($Form_StoreValues_Closing)
 #Show the Form
 return $MainForm.ShowDialog()

}
#endregion Source: MainForm.psf

#Start the application
Main ($CommandLine)

Download Link
The script is available to download from:
https://gallery.technet.microsoft.com/scriptcenter/Custom-PowerShell-GUI-7c7fbda8

Powershell – Check Client Machine Uptime

Want to check the last time all of your client machines booted in a particular OU?. Well here is a nice little two liner to do so.

$SearchBase = Get-ADComputer -SearchBase "OU=OUTARGET,DC=YOURDOMAIN,DC=YOURDOMAIN" -Filter * | ForEach-Object (Write-Output {$_.name})
Get-CimInstance -ComputerName $SearchBase -ClassName win32_operatingsystem -ErrorAction SilentlyContinue | select pscomputername, lastbootuptime, Description | Sort-Object -Property lastbootuptime -Descending | Out-GridView

Office365 – Listing all members of both static and dynamic distrubiton groups

Here is a nice little script that connects to your Office365 environment, reads the contents of all distribution groups both static and dynamic and exports the filtered contents into a CSV file thus allowing you to apply filters etc in Excel.


<#
    .NOTES
    ===========================================================================
     Created with:     SAPIEN Technologies, Inc., PowerShell Studio 2015 v4.2.85
     Created on:       12/06/2015 9:47 a.m.
     Created by:       Maurice Daly
     Filename:     GetDistributionGroupMembers.ps1
    ===========================================================================
    .DESCRIPTION
        List all members of all static and dynamic distribution groups from your
        Office 365 portal and export the contents into a CSV.
#>

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

$DistributionGroups = Get-DistributionGroup
$DynDistributionGroups = Get-DynamicDistributionGroup

$FilePath = "C:\DistributionGroupMembers.csv"

# Read Static Distribution Groups
foreach ($DistributionGroup in $DistributionGroups) {
    Get-DistributionGroupMember $DistributionGroup.PrimarySMTPAddress | Sort-Object name | Select-Object @{ Label = "Distribution Group"; Expression = { $DistributionGroup.name } }, Name | Export-Csv -Path $FilePath -Delimiter ";" -NoTypeInformation -Append -Force
}

# Read Dynamic Distribution Groups
foreach ($DynDistributionGroup in $DynDistributionGroups)
{
    Get-Recipient -RecipientPreviewFilter $DynDistributionGroup.RecipientFilter | Sort-Object name | Select-Object @{ Label = "Distribution Group"; Expression = { $DynDistributionGroup.name } }, Name | Export-Csv -Path $FilePath -Delimiter ";" -NoTypeInformation -Append -Force
}

# Close Remote PS Session
Get-PSSession | Remove-PSSession

Automating Management of Local Administrator Passwords – Microsoft LAPS

Managing Local Administrator Passwords

So you have a complex password policy on your domain, ensuring that users change their password every 60-90 days, passwords are complex, their passwords can’t be re-used and your users are not local admins but one thing poses a security risk, the local administrator password.

The chances are you have deployed your standard Windows image using a password specified within the image/MDT or SCCM task sequence and in some cases you do not have the IT resources to ensure that this password is changed on a regular basis and even if you are, are you ensuring that the passwords are being documented and stored securely?.

Security Risk – Local Administrator Rights

If you do not have a well maintained local administrator password strategy it opens your network up to security vulnerabilities including elevation of privilege. It isn’t going to go down well when your standard local workstation admin password is shared and users add themselves to the local admin group, potentially in a worst case scenario adding malware, key loggers etc.

The Answer – Microsoft Local Administrator Password Solution (LAPS)

Microsoft LAPS is a free tool released back on May 1st 2015 and allows you to automate the process of updating local administrator passwords on your workstations and servers across your Active Directory domain/forest. LAPS uses a local agent in conjunction with GPO deployed settings to update the local administrator password at set intervals, based on complexity settings that you specify and most importantly it automatically stores backups of this info within Active Directory.

Deploying Microsoft LAPS

First of all you will need to download the installer from the following URL – https://www.microsoft.com/en-us/download/details.aspx?id=46899. In the below section we will run through the entire installation and configuration process;

  1. Management Server Installation

    A single installer is used for both the server and client installs, the only real difference being that the management tools need to be installed on the management server. Run the LAPS.x86 or LAPS.x64 installer as per your system architecture, then run through the following;

    1. Launch the installer

      install6

    2. At the custom setup screen select the management tools and select run from my computer and then click Next

      install4

    3. Click on the Finish button to finalise the install

      install1

  2. Active Direct Schema Modification

    In order for computers to write back their local administrator passwords and expiry date/time, a schema update is required. The update adds the following two values:

    ms-Mcs-AdmPwd – Stores the password in clear text
    ms-Mcs-AdmPwdExpirationTime – Stores the time to reset the password

    To add these values, launch a PowerShell session on your management server and perform the following actions;

    • Type – Import-Module AdmPwd.PS to import the required LAPS module

      psscreen1

    • Type – Update-AdmPwdADSchema

      psscreen2

      Note: If you have an RODC installed in the environment and you need to replicate the value of the attribute ms-Mcs-AdmPwd to the RODC, you will need to change the 10th bit of the searchFlags attribute value for ms-Mcs-AdmPwd schema objet to 0 (substract 512 from the current value of the searchFlags attribute). For more information on Adding Attributes to or Removing attributes from the RODC Filtered Attribute Set, please refer to http://technet.microsoft.com/en-us/library/cc754794(v=WS.10).aspx.


  3. Active Directory Rights


    Computer Rights

    In order for computer accounts to write values to the ms-Mcs-AdmPwdExpirationTime and ms-Mcs-AdmPwd attributes in Active Directory, the following PowerShell command needs to be run (note if closed the previous PowerShell window you will need to run Import-Module AdmPwd.ps again)

    Set-AdmPwdComputerSelfPermission -OrgUnit <name of the OU to delegate permissions>
    


    User Rights
    By default members of the Domain Admins group will have rights to view the local administrator passwords stored in Active Directory, however what happens if you want your desktop support team to view them?. To facilitate this you will need to delegate rights.

    To do so use the following PS command:

    Set-AdmPwdReadPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>
    

    Going another step further you can also delegate rights to allow groups or individuals to force a password change. To do so use the following PS command:

    Set-AdmPwdResetPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>
    


  4. Group Policy Configuration

    First of all you will need to copy the LAPS ADMX and ADML files to your central store. The two files are located in the %WINDIR%\PolicyDefinitions folder on the management server.

    Now follow the below;

    1. Open Group Policy Manager and either create or modify a GPO that you wish to apply the LAPS settings.

    2. Expand Computer Configuration\Policies\Administrative Templates\LAPS

    gposettings1

    3. Configure your Password Settings, Name of the Local Admin Account and Enable Password Management, as per the below examples:

     

  5. Deploying the LAPS client
    Deploying the client is a simple process. Using the same MSI installation files you can deploy the client to your x86 and x64 clients via GPO, SCCM or other third party application deployment systems. Simply use the /quiet switch for client deployments.
  6. Check its working..Active Directory Users & Computers

    Opening the Active Directory Users & Computers console and viewing the Attribute Editor of a machine located within the OU that you earlier deployed your LAPS enabled GPO to, should result in values being available as per the below screenshot;

    aducscreen

    LAPS Admin GUI

    On the management server that earlier installed LAPS on, you will have the LAPS GUI. This will allow you to both look up details from computers but also set a new expiration date for the existing local admin password;

    lapsadmin

For more info on LAPS, visit Microsoft TechNet – https://technet.microsoft.com/en-us/mt227395.aspx

WMUG 10th Anniversary Event – 13th July

WMUG

1_454x340

The WMUG team are hosting their 10th anniversary event in Microsoft, Paddington on the 13th of July 2016. The event is shaping up to be one of the biggest so far with guest speakers including;

  • Aaron Czechowski – @AaronCzechowski
    Senior Product Manager at Microsoft for both ConfigMgr and MDT
  • Nickolaj Andersen  – @NickolajA
    Senior consultant with Lumagate in Sweden, specialising in ConfigMgr – blog http://www.scconfigmgr.com/)
  • Marcus Robinson – @techdiction
    Technical Evangelist with Microsoft UK

From the WMUG team, Peter Egerton will be running a session pitting the audience “Geeks” against the panel of experts “Guests” and I am honoured to be co-hosting a session on Azure Multi Factor Authentication with Terence Beggs.

1E are sponsoring the event and will be providing free lunch and refreshments throughout the day.

The full agenda is as follows;

Speaker name Session title Abstract Time
  Registration & Coffee   09:00
WMUG Welcome A quick welcome and introduction from the WMUG team 09:30
1E 1e Products A technical dive into the 1E product suite. 09:45
  BREAK BREAK 10:30
Nickolaj Andersen PowerShell and Configuration Manager An overview of Powershell coolness with Configuration Manager 10:45
Marcus Robinson Azure Automation DSC Azure Automation DSC for server based configuration management 11:30
  LUNCH LUNCH 12:15
Maurice Daly and  Terence Beggs MFA Goodness Microsoft Azure Multi-factor Authentication 13:00
Robert Marshall TBC TBC 13:45
  BREAK BREAK 14:30
Peter Egerton Geeks vs Guests We put the audience head to head against our panel of experts to see who knows more about being an IT Pro. 14:45
Q&A Open questions A chance to ask questions, get answers and openly discuss any thoughts you may have around Windows Management. 15:30
Giveaways Prize giveaways We have a System Center Universe Europe ticket to give away. 16:00
Aaron Czechowski What’s new in Configuration Manager Live and direct from Redmond, Aaron will tell us what we can look forward to in Configuration Manager. 16:10
  Close & Thanks   16:55

Registration is now open on the WMUG site – http://wmug.co.uk/c/e/10

We will also be giving away a FREE ticket to System Center Universe Europe in Berlin to one lucky attendee.