Import boundaries to SCCM with powershell

 
This is the second blog post in a series of two where the first one was about exporting boundaries from ConfigMgr to .CSV files and you can check out that post here: https://timmyit.com/2017/04/25/export-boundaries-from-sccm-with-powershell/

Now its time for us to import it to ConfigMgr and it’s very simple to do, all you need is the powershell script listed below (it’s also available over at technet for download https://gallery.technet.microsoft.com/Import-boundaries-from-46b9a894 )

 

What do we want to achieve?

We want to be able to import the boundaries we exported in to .CSV files from the https://timmyit.com/2017/04/25/export-boundaries-from-sccm-with-powershell/ guide and have them to show up in ConfigMgr. There’s no built in feature to export and import boundaries as of now in ConfigMgr so that’s why we turn to powershell to help us out with this process.

 

 

The Script

 

<#   
    .NOTES
    ===========================================================================
     Created on:    4/10/2017 
     Modified on:   4/21/2017 
     Created by:    Timmy Andersson
     Twitter:       @TimmyITdotcom
     Blog:          www.timmyit.com
    ===========================================================================
    .DESCRIPTION
        Import Subnet an IPRange Boundries to CSV files. This script needs to run on the siteserver to work. 
        Specify source path with the parameter -SourcePath
#>
[CmdletBinding(DefaultParameterSetName = 'SourcePath')]
param
(
[Parameter(Mandatory = $true,
Position = 1)]
$SourcePath
)

Begin{
$SiteCodeObjs = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $env:COMPUTERNAME -ErrorAction Stop
	foreach ($SiteCodeObj in $SiteCodeObjs)
	{
		if ($SiteCodeObj.ProviderForLocalSite -eq $true)
			{
			$SiteCode = $SiteCodeObj.SiteCode
			}
	}
$SitePath = $SiteCode + ":"
Import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0, $Env:SMS_ADMIN_UI_PATH.Length - 5) + '\ConfigurationManager.psd1')
}
Process
{
	$Subnets = (Import-csv "$SourcePath\BoundariesIPSubnet.csv") 
	$IPRanges = (Import-csv "$SourcePath\BoundariesIPRange.csv" )


Set-Location $SitePath
			If ($Subnets -ne $null)
			{
				Foreach ($Subnet in $Subnets)
					{
					 New-CMBoundary -Type IPSubnet -Value "$($Subnet.Value)" -Name "$($Subnet.Key)"
					}
			}

		If ($IPRanges -ne $null)
			{
				Foreach ($IPRange in $IPRanges)
					{
					 New-CMBoundary -Type IPRange -Value "$($IPRange.Value)" -Name "$($IPRange.Key)"
					}
			}
}


 

 

Example

  •  Save the script and run it from your site server
  • Call the script and specify the parameter -SourcePath for where you saved the .csv files that was created with the Export-Boundaries.ps1 script
    • Import-Boundaries.ps1 -SourcePath C:\temp\boundaries
  • Once the script finished the boundaries should be imported to your ConfigMgr environment.

 

 

Remember that you still need to create boundary groups and link them to your boundaries once your done with the import.

 

Until next time, cheers !

You can find me over at

Export boundaries from SCCM with powershell

This blog post is the first in a series of 2 where i will showcase how to export iprange and subnet boundaries and then how to import them with the help of a powershell script. I’m a big proponent for automating task to increase productivity and I believe in the mindset of always trying to improve what ever you are doing, regardless if that’s improving your workflow or learning something new to improve yourself. Invest time now to save time later but lets get back to the topic of this post and that’s about exporting boundaries from SCCM.

 

Part 2, Importing boundaries can be found here: https://timmyit.com/2017/05/02/import-boundaries-to-sccm-with-powershell/

What do we want to achieve?

For example If you are in the process of setting up a new ConfigMgr environment and there’s an existing ConfigMgr environment that’s getting decommissioned but you aren’t performing a site migration and there’s still information like boundaries that
will be reused then here’s a script that will help you export IPRange and Subnet boundaries to .csv so you later can import them in the new environment because there’s no built in function in ConfigMgr to do that at the moment.

In the picture below we have our boundaries we want to export in to a file (in this case a .csv) and then later be able to import them back in to ConfigMgr.

 

 

 

The script


<#   
    .NOTES
    ===========================================================================
     Created on:    4/10/2017 
     Modified on:   4/21/2017 
     Created by:    Timmy Andersson
     Twitter:       @TimmyITdotcom
     Blog:          www.timmyit.com
    ===========================================================================
    .DESCRIPTION
        Export Subnet an IPRange Boundaries to CSV files. This script needs to run on the siteserver to work. 
		Specify Destination path with the parameter $DestinationPath
#>
[CmdletBinding(DefaultParameterSetName = 'DestinationPath')]
param
(
[Parameter(Mandatory = $true,
Position = 1)]
$DestinationPath
)
BEGIN
{
 
$SiteCodeObjs = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $env:COMPUTERNAME -ErrorAction Stop
	foreach ($SiteCodeObj in $SiteCodeObjs)
	{
		if ($SiteCodeObj.ProviderForLocalSite -eq $true)
		{
		$SiteCode = $SiteCodeObj.SiteCode
		}
	}

$SitePath = $SiteCode + ":"
 
Import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0, $Env:SMS_ADMIN_UI_PATH.Length - 5) + '\ConfigurationManager.psd1')
 
}
PROCESS
{
	 
    Set-Location $SitePath
	$BoundriesSubnet = (Get-CMBoundary -BoundaryName * | Where-Object {$_.BoundaryType -like "0"})
	$BoundriesRange = (Get-CMBoundary -BoundaryName * | Where-Object {$_.BoundaryType -like "3"})
    $ErrorActionPreference = 'Continue'
    $IPrange = $null
    $IPrange = @{}
    $IPSubnet = $null
    $IPSubnet = @{}

	If ($BoundriesSubnet.count -gt "0")
	{
		foreach ($Boundry in $BoundriesSubnet)
			{
				$IPrange.Add($($Boundry.DisplayName),$($Boundry.Value))

			}
				$IPrange.GetEnumerator() | export-csv "$DestinationPath\BoundariesIPSubnet.csv" -NoTypeInformation -Encoding Unicode
	}
	If ($BoundriesRange.count -gt "0")
	{
		foreach ($Boundry in $BoundriesRange)
			{
				$IPSubnet.Add($($Boundry.DisplayName),$($Boundry.Value))

			}
				$IPSubnet.GetEnumerator() | export-csv "$DestinationPath\BoundariesIPRange.csv" -NoTypeInformation -Encoding Unicode
	}
		
}
END
{
	Invoke-Item $DestinationPath
}




Example

 

  •  Save the script and run it from your site server
  • Call the script and specify the parameter -DestinationPath for where you want to output the .csv files that gets created to.
    • Export-Boundaries.ps1 -DestinationPath C:\temp\boundaries
  • Once the script finished the destinationPath you specified will open up in explorer and you will find 1 files for iprange boundaries and one for subnet depending on what you have in your environment.

 

There you have it, its pretty simple and saves a lot of time if there’s a lot of boundaries to manually create in the new environment.

Next blog post will be about how to import the exported boundaries to ConfigMgr with the help of powershell.

Part 2, Importing boundaries can be found here: https://timmyit.com/2017/05/02/import-boundaries-to-sccm-with-powershell/

 

Until next time, cheers !

You can find me over at

LAPS Powershell installation script for Domain controllers

Continuing with LAPS, if you don’t know what LAPS is you should read this

https://technet.microsoft.com/en-us/mt227395.aspx?f=255&MSPPError=-2147217396

And take a look at my earlier post

https://timmyit.com/2017/03/19/quick-overview-of-local-administrator-password-solution-laps/

 

Steps to Install

So, I created a powershell script that will help install LAPS on your DC and configure most of the things automatically tho there’s still a few steps that needs to be done manually which i will go through below. with that said i highly recommend you go through the documentation from Microsoft so you have a good understanding on what LAPS is and how to Install it manually and all the prerequisites before you use this script because this script doesn’t cover every installation scenario that’s possible and you need to be able to understand when this script is suitable and when its not and make the desired changes needed to make it work for your specific scenario.

 

1. Download the LAPS installation files from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=46899

2. Copy the files to your Domain Controller you wish to install it on

3. Put the Install-DC.ps1 in the same folder as the installation files

 

     4. Create a security group that will contain members who will be able to read/reset the LAPS Password (For example a group called PwdAdmins)

      5. Navigate to the OU in AD where all the computer objects are located that you will manage

6. Remove Extended rights on all the groups that shouldn’t be able to retrieve or change the LAPS Password (For me information see Section 2.2.1 Removing Extended Rights in LAPS_OperationsGuide.docx document from Microsoft)

 

6. Open Powershell as an Administrator and navigate to the source folder

7. Run the following command Install-DC.ps1 -ADCompOU <Your OU> -ADUserGroup <Your user security group> (Example. Install-DC.ps1 -ADCompOU Win10PCs -ADUserGroup PwdAdmins)

 

 

The Script

 

param (
 [Parameter(Mandatory = $true, HelpMessage = 'AD OU that contains the computers you want to manage LAPS with')]
 [string]$ADCompOU,
 [Parameter(Mandatory = $true, HelpMessage = 'AD Security group that contains users who should get access to read LAPS PW')]
 [string]$ADUserGroup
)
 
 
 
 $Props = ("ADDLOCAL=Management.UI", "ADDLOCAL=Management.PS", "ADDLOCAL=Management.ADMX")
 
 foreach ($Prop in $Props)
 {
 if ([System.Environment]::Is64BitProcess)
 { 
 msiexec /q /i LAPS.x64.msi $Prop ALLUSERS=2
 }
 Else
 {
 msiexec /q /i LAPS.x86.msi $Prop ALLUSERS=2
 }
 }
 
 Import-module AdmPwd.PS
 Update-AdmPwdADSchema

 
 Set-AdmPwdComputerSelfPermission -Identity $ADCompOU
 Set-AdmPwdReadPasswordPermission -Identity $ADCompOU -AllowedPrincipals $ADusergroup
 Set-AdmPwdResetPasswordPermission -Identity $ADCompOU -AllowedPrincipals $ADusergroup
 

 

Until next time, cheers !

You can find me over at

#domain-controllers, #install-laps, #laps, #powershell

Hardware inventory – Add firmware property to WMI class Win32_Diskdrive in ConfigMgr

 

There was a question on the Tech konnect facebook group the other day if there was any way of collecting disk name and firmware version from your clients in ConfigMgr.

Yes you can do this with the help of Hardware inventory and the Win32_DiskDrive WMI Class and use the following properties Caption and Firmware Revision but the thing is that the property Firmware Revision isn’t available by default so we need to add this
to the Win32_DiskDrive class in ConfigMgr Hardware inventory and i’m going to show you how to do this with the help of Powershell.

 

Getting started

First of all lets have a look on a Win10 client pc just to show of the information we want to gather. Caption is a good way of finding out the name and model of the disk tho different manufactures has there own way of naming things and then Firmware Revision to find out what firmware its running.

 

Get-WmiObject -Class Win32_DiskDrive | Format-List -Property Caption, Firmwarerevision

 

 

 

If we turn to ConfigMgr and Hardware Inventory classes Administration – Client Settings – <Your Client Setting> – Properties – Hardware Inventory – Set Classes

We can see that under the Win32_DiskDrive class we already have Caption but there’s no Firmware Revision property to be found.

 

 

 

Adding Firmware Revision to the Win32_DiskDrive class in ConfigMgr

 

We are going to this with the help of Powershell and here’s the script

Note: Make sure to modify the $Namespace variable so that the Site_Code is correct for your environment

 

  

#Modify Namespace to your correct Site ID
$Namespace = "root\SMS\site_TS1"

$Win32_DiskDrive = (Get-WmiObject -Namespace $Namespace -Class SMS_InventoryClass -ComputerName localhost | Where-Object {$_.ClassName -like "Win32_DiskDrive"})
$Classprop = [wmiclass]"$($Namespace):SMS_InventoryClassProperty"

$Prop = $Classprop.CreateInstance()
$Prop.PropertyName = 'FirmwareRevision'
$Prop.IsKey = $false
$Prop.Type = 8
$Win32_DiskDrive.Properties += [System.Management.ManagementObject]$Prop
$Win32_DiskDrive.Put()

 

Run the script on your ConfigMgr Siteserver

 

 

Go back to ConfigMgr and Administration – Client Settings – <Your Client Setting> – Properties – Hardware Inventory – Set Classes

and under Win32_DiskDrive you will now find “FirmwareRevision” and lets mark that checkbox and press “ok”

 

 


 Now you need to wait for the next Hardware inventory data to get back in to ConfigMgr and onces thats done you can go to “Assets and Compliance – Devices – <Right click on a Client> – Start – Resource Explorer”

 

 

 

 And from here go to “Hardware – Disk Drives” and double click on the row to the right which indicates the different disk and you will get a list of all properties and there you also have Firmware Revision

 

 

 

Now when you have the data in ConfigMgr  you can make a report out of it or build collections and so on.

Post any question below or hit me up on twitter.

 

 

Until next time, cheers !

You can find me over at

#modify

Making a GUI with Powershell Studio to run cmrcviewer.exe with logging

 

 

I did a blog post few weeks back talking about how to do logging with Cmrcviewer and powershell (Here)

That works great but if you intend to give it to someone else for example help desk you might wanna consider to make GUI for it instead of having a powershell-prompt running all the time and that’s exactly what i want to showcase on how to do a simple GUI with the help of Powershell Studio 2016 from SAPIEN. I’ve been using Powershell studio for almost a year now when i need to make a GUI and i really like how simple it is as soon as you understand how its works. They have a 45-day trial version where you can try it out with some limitations but i highly recommend you try it out.

 

 

 

Until next time, cheers Timmy !

You can find me over at

#cmrcviewer-exe, #gui, #powershell, #powershell-studio, #sapien

Beginner Guide – How to populate device collection with the help of AD groups

 

I’ve wanted to try out and make guides in a video format for some time and mainly because some things is easier to show in a video and takes less time to prepare compared to writing a full blog post about it. So this is my first attempt and i will definitely changes some things for the next ones. It’s all trial and error and my first youtube video ever.

 

What do we want achieve?

We want to be able to link Active directory groups directly to Device collections so if we add a computer to a Active Directory group it will sync and then be added to the Device collection we linked the AD group with. It’s very simple and here’s how its done:

 

 

here’s the WQL-query mentioned in the guide

 


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client

from SMS_R_System

where SMS_R_System.SecurityGroupName = "COMPANY\\Special group"

 

 

Don’t forget to follow me on

Cheers,  Timmy

 

Alternative workaround if SUP Endpoint definition deployment fails

 

There will come a day when something isn’t working as it should any more, when that day arrives  we have to be able to estimate the situation and also preparing to do the necessary action to solve it. A big part of our job as administrators is to solve problems and come up with solutions. One important thing to always consider when troubleshooting something is if there’s another way to achieve the same result but in a different way then what just broke, finding a temporary workaround until you figured out what the actual cause of the problem is and how to fix it.

In this scenario we are playing with the idea that ADR is broke or just that Endpoint protection definitions aren’t being deployed successfully any more and after some brief troubleshooting one realize that i will probably take some time until the cause of the problem is found. What do you do in the mean time?

 

Goal

We wan’t to have a alternative way of being able to get the latest Endpoint Protection definitions and deploy them to all the machines needed on a set schedule so we can get the same result as if the ordinary Definition deployment was working properly.  We will do this with the help of ConfigMgr, Powershell and Schedule Task’s.

 

In ConfigMgr we will make a package containing the latest definition being deploy and with Powershell we will get the latest definitions and then update the package source files when there’s new one and we will make a Schedule task for this Powershell script to 3 times a day, every 8 hours.

 

The Script


# Configuration and variables 

[String]$SourcePath = "D:\Packages\Endpoint Definitions"
$DeploymentPackage = ("Endpoint Definition Delta x64" ,"Endpoint Definition Delta x86")

[String]$FullDefExe = "mpam-fe.exe"
[String]$DeltaDefExe = "mpam-d.exe"
[String]$NisDefExe = "nis_full.exe"

[String]$SCCMmodule = "D:\program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
Import-Module $SCCMmodule
# Creating folder structure 

$Allpaths = "$Sourcepath\x64\Full", "$Sourcepath\x64\Delta", "$Sourcepath\x64\Nis", "$Sourcepath\x86\Full", "$Sourcepath\x86\Delta", "$Sourcepath\x86\Nis"
Foreach ($Paths in $Allpaths)
{
If (Test-Path "$Paths")
{}
Else
{New-Item -Path $Paths -ItemType Directory}
}

# Downloading Updates

$Fullx64 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64", "$($SourcePath)\x64\Full\$FullDefExe")
$Deltax64 = ("http://go.microsoft.com/fwlink/?LinkId=211054", "$($SourcePath)\x64\Delta\$DeltaDefExe")
$Nisx64 = ("http://go.microsoft.com/fwlink/?LinkId=197094", "$($SourcePath)\x64\Nis\$NisDefExe")

$Fullx86 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86", "$($SourcePath)\x86\Full\$FullDefExe")
$Deltax86 = ("http://go.microsoft.com/fwlink/?LinkId=211053", "$($SourcePath)\x86\Delta\$DeltaDefExe")
$Nisx86 = ("http://go.microsoft.com/fwlink/?LinkId=197095", "$($SourcePath)\x86\Nis\$NisDefExe")

$WebClient = New-object System.Net.WebClient

$WebClient.DownloadFile($Fullx64[0], $Fullx64[1])
$WebClient.DownloadFile($Fullx86[0], $Fullx86[1])

$WebClient.DownloadFile($Deltax64[0], $Deltax64[1])
$WebClient.DownloadFile($Deltax86[0], $Deltax86[1])

$WebClient.DownloadFile($Nisx64[0], $Nisx64[1])
$WebClient.DownloadFile($Nisx86[0], $Nisx86[1])

#Update distrubution point with latest patches, don't forget to modify the Set-location to the correct Site code 

Set-Location TS1: 

Foreach ($Package in $DeploymentPackage)
{
Update-CMDistributionPoint -PackageName $Package
}

WordPress is messing with me and I’m not sure why. WP is adding what it looks like HTML characters to the variables containing URL’s “<a href=“but that’s only when i post the full script. Under the dissecting part it doesn’t. The characters does not appear in the in the Text editor at all. This is not the first time WP is adding unwanted characters in the code snippets but generally they appear while editing and can be removed manually but this time the chars doesn’t show up until its published and i cant remove it. If anyone have an idea how to fix this please let me know.

 

Here’s the code in plain text

 

$Fullx64 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64", "$($SourcePath)\x64\Full\$FullDefExe")
$Deltax64 = ("http://go.microsoft.com/fwlink/?LinkId=211054", "$($SourcePath)\x64\Delta\$DeltaDefExe")
$Nisx64 = ("http://go.microsoft.com/fwlink/?LinkId=197094", "$($SourcePath)\x64\Nis\$NisDefExe")

$Fullx86 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86", "$($SourcePath)\x86\Full\$FullDefExe")
$Deltax86 = ("http://go.microsoft.com/fwlink/?LinkId=211053", "$($SourcePath)\x86\Delta\$DeltaDefExe")
$Nisx86 = ("http://go.microsoft.com/fwlink/?LinkId=197095", "$($SourcePath)\x86\Nis\$NisDefExe")

 

Dissecting the script

 

We start out with these 2 variable’s you need to modify-

$DeploymentPackage you need change to the name of the Package you created that will be deployed (but you need to download the files before you create your package. More on that in the examples section)

$SourcePath is the actual path the source files. You just need to create the root folder and the script will create the rest.

 


$DeploymentPackage = ("Endpoint Definition Delta x64" ,"Endpoint Definition Delta x86")
[String]$SourcePath = "D:\Packages\Endpoint Definitions"

 

Next section needs only 1 change and thats

$SCCMmodule and that’s the path where you have installed SCCM and point to the ConfigurationManager.psd1 file that contains all the SCCM 2012 Powershell cmdlets.

 


[String]$FullDefExe = "mpam-fe.exe"
[String]$DeltaDefExe = "mpam-d.exe"
[String]$NisDefExe = "nis_full.exe"

[String]$SCCMmodule = "D:\program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
Import-Module $SCCMmodule

 

Next up is the creation of the sub folders in the source path you specified earlier in the $SourcePath variable and here’s no need for modification.

 


# Creating folder structure

$Allpaths = "$Sourcepath\x64\Full", "$Sourcepath\x64\Delta", "$Sourcepath\x64\Nis", "$Sourcepath\x86\Full", "$Sourcepath\x86\Delta", "$Sourcepath\x86\Nis"
Foreach ($Paths in $Allpaths)
{
If (Test-Path "$Paths")
{}
Else
{New-Item -Path $Paths -ItemType Directory}
}

 

The following section downloads the definitions to the correct folder.

 


$Fullx64 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64", "$($SourcePath)\x64\Full\$FullDefExe")
$Deltax64 = ("http://go.microsoft.com/fwlink/?LinkId=211054", "$($SourcePath)\x64\Delta\$DeltaDefExe")
$Nisx64 = ("http://go.microsoft.com/fwlink/?LinkId=197094", "$($SourcePath)\x64\Nis\$NisDefExe")

$Fullx86 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86", "$($SourcePath)\x86\Full\$FullDefExe")
$Deltax86 = ("http://go.microsoft.com/fwlink/?LinkId=211053", "$($SourcePath)\x86\Delta\$DeltaDefExe")
$Nisx86 = ("http://go.microsoft.com/fwlink/?LinkId=197095", "$($SourcePath)\x86\Nis\$NisDefExe")

$WebClient = New-object System.Net.WebClient

$WebClient.DownloadFile($Fullx64[0], $Fullx64[1])
$WebClient.DownloadFile($Fullx86[0], $Fullx86[1])

$WebClient.DownloadFile($Deltax64[0], $Deltax64[1])
$WebClient.DownloadFile($Deltax86[0], $Deltax86[1])

$WebClient.DownloadFile($Nisx64[0], $Nisx64[1])
$WebClient.DownloadFile($Nisx86[0], $Nisx86[1])

 

and the last step will update the distribution point with the latest files that’s been downloaded. Dont for get to modifie the Set-location to your sitecode.

 


Set-Location TS1:

Foreach ($Package in $DeploymentPackage)
{
Update-CMDistributionPoint -PackageName $Package
}

 

 

Example

 

Here i will go through all the steps necessary to setup and make this work.

 

Start with creating your empty source folder

2-3

 

Then Run this part of the script and modify the $SourcePath variable to the empty source folder you just created and dont forget to change the $SCCMmodule variable to the path where you have ConfigMgr installed

 

If you want to see which the latest definitions are you can do that here https://www.microsoft.com/security/portal/definitions/whatsnew.aspx

 

# Configuration and variables
$DeploymentPackage = ("Endpoint Definition Delta x64" ,"Endpoint Definition Delta x86")
[String]$SourcePath = "D:\Packages\Endpoint Definitions"

[String]$FullDefExe = "mpam-fe.exe"
[String]$DeltaDefExe = "mpam-d.exe"
[String]$NisDefExe = "nis_full.exe"

[String]$SCCMmodule = "D:\program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
Import-Module $SCCMmodule



# Creating folder structure and downloading files 

$Allpaths = "$Sourcepath\x64\Full", "$Sourcepath\x64\Delta", "$Sourcepath\x64\Nis", "$Sourcepath\x86\Full", "$Sourcepath\x86\Delta", "$Sourcepath\x86\Nis"
Foreach ($Paths in $Allpaths)
{
If (Test-Path "$Paths")
{}
Else
{New-Item -Path $Paths -ItemType Directory}
}
# Downloading Updates
$Fullx64 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64", "$($SourcePath)\x64\Full\$FullDefExe")
$Deltax64 = ("http://go.microsoft.com/fwlink/?LinkId=211054", "$($SourcePath)\x64\Delta\$DeltaDefExe")
$Nisx64 = ("http://go.microsoft.com/fwlink/?LinkId=197094", "$($SourcePath)\x64\Nis\$NisDefExe")

$Fullx86 = ("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86", "$($SourcePath)\x86\Full\$FullDefExe")
$Deltax86 = ("http://go.microsoft.com/fwlink/?LinkId=211053", "$($SourcePath)\x86\Delta\$DeltaDefExe")
$Nisx86 = ("http://go.microsoft.com/fwlink/?LinkId=197095", "$($SourcePath)\x86\Nis\$NisDefExe")

$WebClient = New-object System.Net.WebClient

$WebClient.DownloadFile($Fullx64[0], $Fullx64[1])
$WebClient.DownloadFile($Fullx86[0], $Fullx86[1])

$WebClient.DownloadFile($Deltax64[0], $Deltax64[1])
$WebClient.DownloadFile($Deltax86[0], $Deltax86[1])

$WebClient.DownloadFile($Nisx64[0], $Nisx64[1])
$WebClient.DownloadFile($Nisx86[0], $Nisx86[1])


 

When that’s done the source folder should me populated with the different Definitions

 

2-5

 

If you want both x86 and x64 definitions create 2 packages and in this example I’m just planing to deploy the delta definitions

 

1-4

 

Next step is to make a Custom interval under scheduling to this packages will run every 12 hours.

 

1-5

 

Next up is to create a schedule task that will run the powershell script so we can get the latest definitions and update the package in SCCM, but before we do that we will create a .BAT script that we will let the schedule task trigger that will trigger the powershell script this is because in my own experience, trigger a powershell script directly from schedule task is a bit iffy and it’s just more reliable to trigger a bat script that triggers the powershell script.

 

I will create the BAT script in C:\temp where i aslo have my Powershell script and make it execute the following command

 


powershell.exe -ExecutionPolicy Bypass -Command "C:\temp\SCEPDef.ps1"

 

2-7

 

Now lets go to the Task scheduler and create an advanced task that will run every 8 hours so we always have the latest definitions since Microsoft releases new definitions 3 times a day.

 

2-9

 

Triggers will be

 

2-8

 

And Actions will trigger the .Bat script we created earlier


3-0

 

after that we are pretty much set, don’t forget to point the source files on the package to the correct directory of the definition you want to deploy and you do this by right clicking on the package and choose properties.

 

3-2

 

3-1

 

After all of this you can just Run the schedule task for the first time and it will download the latest definitions and update the distribution points with the latest files and it will continue to do that every time the schedule task runs.  If you have the Configuration Manager R2 toolkit installed you can check this with the content library explorer as seen below and if you look at the Time modified column you can compare that date on the actual files in the Source folder and you can see which file is on the distribution point.

 

1-8 1-9

 

This is all for now and i hope this can come in handy for someone out there. If you liked this post or might now someone who might would then feel free to share this post.

Cheers Timmy.

 

You can find me over at

 

 

 

 

 

 

 

 

 

 

 

 

#update