Powershell script to retrieve all detection method scripts and output them


Last year i wrote a blogpost about how to get all the powershell scripts used as detection methods and since then i have refined that script a bit and also added logic for it to now output any detection method using scripts regardless if its Powershell, VBScript or Javascript.

I hope this can be useful to someone out there in cyberspace.

 

The Script

 


<#	
	.NOTES
	===========================================================================
	 Created on:   	12/06/2016 
	 Modified on:   3/31/2017 
	 Created by:   	Timmy Andersson
	 Contact: 		@Timmyitdotcom
	===========================================================================
	.DESCRIPTION
		Retreives and outputs scripts used by detection methods. 
#>
[CmdletBinding(DefaultParameterSetName = 'DestinationPath')]
param
(
[Parameter(Mandatory = $true,
Position = 1)]
$DestinationPath
)

BEGIN
{
[String]$Filepath = $DestinationPath

$SiteCodeObjs = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $env:COMPUTERNAME -ErrorAction Stop
foreach ($SiteCodeObj in $SiteCodeObjs)
{
if ($SiteCodeObj.ProviderForLocalSite -eq $true)
{
$SiteCode = $SiteCodeObj.SiteCode
}
}
$SitePath = $SiteCode + ":"

Import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0, $Env:SMS_ADMIN_UI_PATH.Length - 5) + '\ConfigurationManager.psd1')

}
PROCESS
{
if (-not (Test-Path $DestinationPath))
{
new-item -Path $DestinationPath -ItemType Directory -Force
}

Set-location $SitePath

$Apps = (Get-CMApplication)
foreach ($App in $Apps)
{

$Script = ([Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($App.SDMPackageXML)).DeploymentTypes[0].Installer
if ($Script.DetectionScript -ne $Null)
{
$PSscript = ([Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::DeserializeFromString($App.SDMPackageXML)).DeploymentTypes[0].Installer.DetectionScript

Switch ($PSscript.Language)
{
"PowerShell" { Out-File -FilePath "$Filepath$($App.LocalizedDisplayName).ps1" -InputObject $PSscript.Text }
"VBScript" { Out-File -FilePath "$Filepath$($App.LocalizedDisplayName).vbs" -InputObject $PSscript.Text }
"JavaScript" { Out-File -FilePath "$Filepath$($App.LocalizedDisplayName).JS" -InputObject $PSscript.Text }
}

}

}

}
END
{
}

Example

 

You need to run script locally from your siteserver.

get-DetectionMethodScripts.ps1 -DestinationPath "C:\temp\scripts\"

 

and it will output all the detection methods that uses scripts to that folder. One for each application and names the file after the application.

 

Until next time, cheers !

You can find me over at

Powershell script to output every direct rule WMI query used by device collections in ConfigMgr

I want to share a script that came about after i wanted to get hold of all the WMI-queries that’s been created and used for populating different device collections without need to go in to every single one of them and extract the query manually. Especially if you are dealing with larger environments who might have hundreds of device collections and first of all figuring out which one actually uses WMI-queries and who doesn’t.

 

What do we want to achieve

Extracts all the WMI-queries used in SCCM and outputs them in to a .txt files for each Device Collection.

 

The Script

 

<#	
	.NOTES
	===========================================================================
	 Created on:   	3/30/2017 
	 Created by:   	Timmy Andersson
	 Contact: 	@Timmyitdotcom
	===========================================================================
	.DESCRIPTION
		Extracts all the WMI-queries used in SCCM and outputs them in to a .txt files for each Device Collection. 
#>
[CmdletBinding(DefaultParameterSetName = 'DestinationPath')]
param
(
	[Parameter(Mandatory = $true,
			   Position = 1)]
	$DestinationPath
)

BEGIN
{
	[String]$Filepath = $DestinationPath
	
	$SiteCodeObjs = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $env:COMPUTERNAME -ErrorAction Stop
	foreach ($SiteCodeObj in $SiteCodeObjs)
	{
		if ($SiteCodeObj.ProviderForLocalSite -eq $true)
		{
			$SiteCode = $SiteCodeObj.SiteCode
		}
	}
	$SitePath = $SiteCode + ":"
	
	Import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0, $Env:SMS_ADMIN_UI_PATH.Length - 5) + '\ConfigurationManager.psd1')
	
}
PROCESS
{
	if (-not (Test-Path $DestinationPath))
	{
		new-item -Path $DestinationPath -ItemType Directory -Force
	}
	
	Set-location $SitePath
	
	$AllDC = (Get-CMDeviceCollection).Name
	Foreach ($Devicecollection in $AllDc)
	{
		$CollectionMR = Get-CMDeviceCollectionQueryMembershipRule -CollectionName "$Devicecollection"
		if ($CollectionMR -ne $null)
		{
			$Query = $CollectionMR.QueryExpression
			Out-File -FilePath "$DestinationPath$($Devicecollection).txt" -InputObject $Query
		}
		
	}
}
END
{
}




Example

 

Run this script from your Site server, only variable you need to pass through to the script is the destination path you want the source files to be output to

Note: If the folder doesn’t exist the script will create it for you

 

Get-DeviceCollectionsQueries.ps1 -DestinationPath "C:\Temp\Queries\"

When the script is finished go to your destination folder and you will find the all the different device collections and their WMI queries.


 

Until next time, cheers !

You can find me over at

#configmgr, #device-collections, #powershell, #sccm, #wmi

LAPS Powershell installation script for Domain controllers

Continuing with LAPS, if you don’t know what LAPS is you should read this

https://technet.microsoft.com/en-us/mt227395.aspx?f=255&MSPPError=-2147217396

And take a look at my earlier post

https://timmyit.com/2017/03/19/quick-overview-of-local-administrator-password-solution-laps/

 

Steps to Install

So, I created a powershell script that will help install LAPS on your DC and configure most of the things automatically tho there’s still a few steps that needs to be done manually which i will go through below. with that said i highly recommend you go through the documentation from Microsoft so you have a good understanding on what LAPS is and how to Install it manually and all the prerequisites before you use this script because this script doesn’t cover every installation scenario that’s possible and you need to be able to understand when this script is suitable and when its not and make the desired changes needed to make it work for your specific scenario.

 

1. Download the LAPS installation files from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=46899

2. Copy the files to your Domain Controller you wish to install it on

3. Put the Install-DC.ps1 in the same folder as the installation files

 

     4. Create a security group that will contain members who will be able to read/reset the LAPS Password (For example a group called PwdAdmins)

      5. Navigate to the OU in AD where all the computer objects are located that you will manage

6. Remove Extended rights on all the groups that shouldn’t be able to retrieve or change the LAPS Password (For me information see Section 2.2.1 Removing Extended Rights in LAPS_OperationsGuide.docx document from Microsoft)

 

6. Open Powershell as an Administrator and navigate to the source folder

7. Run the following command Install-DC.ps1 -ADCompOU <Your OU> -ADUserGroup <Your user security group> (Example. Install-DC.ps1 -ADCompOU Win10PCs -ADUserGroup PwdAdmins)

 

 

The Script

 

param (
 [Parameter(Mandatory = $true, HelpMessage = 'AD OU that contains the computers you want to manage LAPS with')]
 [string]$ADCompOU,
 [Parameter(Mandatory = $true, HelpMessage = 'AD Security group that contains users who should get access to read LAPS PW')]
 [string]$ADUserGroup
)
 
 
 
 $Props = ("ADDLOCAL=Management.UI", "ADDLOCAL=Management.PS", "ADDLOCAL=Management.ADMX")
 
 foreach ($Prop in $Props)
 {
 if ([System.Environment]::Is64BitProcess)
 { 
 msiexec /q /i LAPS.x64.msi $Prop ALLUSERS=2
 }
 Else
 {
 msiexec /q /i LAPS.x86.msi $Prop ALLUSERS=2
 }
 }
 
 Import-module AdmPwd.PS
 Update-AdmPwdADSchema

 
 Set-AdmPwdComputerSelfPermission -Identity $ADCompOU
 Set-AdmPwdReadPasswordPermission -Identity $ADCompOU -AllowedPrincipals $ADusergroup
 Set-AdmPwdResetPasswordPermission -Identity $ADCompOU -AllowedPrincipals $ADusergroup
 

 

Until next time, cheers !

You can find me over at

#domain-controllers, #install-laps, #laps, #powershell

Hardware inventory – Add firmware property to WMI class Win32_Diskdrive in ConfigMgr

 

There was a question on the Tech konnect facebook group the other day if there was any way of collecting disk name and firmware version from your clients in ConfigMgr.

Yes you can do this with the help of Hardware inventory and the Win32_DiskDrive WMI Class and use the following properties Caption and Firmware Revision but the thing is that the property Firmware Revision isn’t available by default so we need to add this
to the Win32_DiskDrive class in ConfigMgr Hardware inventory and i’m going to show you how to do this with the help of Powershell.

 

Getting started

First of all lets have a look on a Win10 client pc just to show of the information we want to gather. Caption is a good way of finding out the name and model of the disk tho different manufactures has there own way of naming things and then Firmware Revision to find out what firmware its running.

 

Get-WmiObject -Class Win32_DiskDrive | Format-List -Property Caption, Firmwarerevision

 

 

 

If we turn to ConfigMgr and Hardware Inventory classes Administration – Client Settings – <Your Client Setting> – Properties – Hardware Inventory – Set Classes

We can see that under the Win32_DiskDrive class we already have Caption but there’s no Firmware Revision property to be found.

 

 

 

Adding Firmware Revision to the Win32_DiskDrive class in ConfigMgr

 

We are going to this with the help of Powershell and here’s the script

Note: Make sure to modify the $Namespace variable so that the Site_Code is correct for your environment

 

  

#Modify Namespace to your correct Site ID
$Namespace = "root\SMS\site_TS1"

$Win32_DiskDrive = (Get-WmiObject -Namespace $Namespace -Class SMS_InventoryClass -ComputerName localhost | Where-Object {$_.ClassName -like "Win32_DiskDrive"})
$Classprop = [wmiclass]"$($Namespace):SMS_InventoryClassProperty"

$Prop = $Classprop.CreateInstance()
$Prop.PropertyName = 'FirmwareRevision'
$Prop.IsKey = $false
$Prop.Type = 8
$Win32_DiskDrive.Properties += [System.Management.ManagementObject]$Prop
$Win32_DiskDrive.Put()

 

Run the script on your ConfigMgr Siteserver

 

 

Go back to ConfigMgr and Administration – Client Settings – <Your Client Setting> – Properties – Hardware Inventory – Set Classes

and under Win32_DiskDrive you will now find “FirmwareRevision” and lets mark that checkbox and press “ok”

 

 


 Now you need to wait for the next Hardware inventory data to get back in to ConfigMgr and onces thats done you can go to “Assets and Compliance – Devices – <Right click on a Client> – Start – Resource Explorer”

 

 

 

 And from here go to “Hardware – Disk Drives” and double click on the row to the right which indicates the different disk and you will get a list of all properties and there you also have Firmware Revision

 

 

 

Now when you have the data in ConfigMgr  you can make a report out of it or build collections and so on.

Post any question below or hit me up on twitter.

 

 

Until next time, cheers !

You can find me over at

#modify

Remote Software Center – Concept Preview

One thing always leads to another and that’s exactly how this project came to start. Last year i did a blog post on how to Invoke Software Updates remotely with Powershell and one on Applications and just last week i followed up on OSD Task sequence. Combining all of those with the mindset of trying to simplify tasks and helping people i started out to create this tool i call Remote Software Center.

 

What is Remote Software Center  ?

It’s a Windows Form GUI made in Sapiens Powershell Studio combined with Powershell scripting using WMI and CIM instructions to call different built in functions in Software Center.  The goal is to have the same and more functionalities as the Software Center application on each client but managed remotely instead so one does’t have to log on to the local computer to perform tasks you do inside in Software Center.

 

Current version is available for Download over at Technet both as .PS1 format and .EXE

https://gallery.technet.microsoft.com/Remote-software-center-044e3514

 

Watch the video below to see it in action.

 

Current version

 

This is how it looks in its current form. First you need to enter a computer name and “connect” after that the comboboxes will populate with all the available software being OSD Task Sequence, Applications and Software Updates that’s available on the client.

More features will be added in the future.

 

2

3

4

Technical information

The script runs under current user context which means that you need to have the sufficient rights to access the other computer or else it won’t work.

More info will be added.

 

Example

 

 

Would love to get some feedback and ideas on this, post your comment below or hit me up on twitter

 

Until next time, cheers Timmy !

You can find me over at

 

Invoke OSD Task sequence remotely with Powershell

 

Earlier blog posts on invoking Installations:

Applications 

Software Updates

 

This is a continuation on how to invoke or trigger installations in Software center remotely with the help of Powershell. This blog post came about after i got a question from a user called Sonik on the Application post i did.

 

Question:

Will this work to install Operating System as well? I have the operating system image available in the software center and It works when I manually select and install. But not with this script. Any idea?

 

Answer:

Hey, No it won’t work because Configuration Manager uses different built in functions to trigger OSD then applications. I don’t know which WMI class it is right now but i will take a look and see if i can figure it out.

 

And below is the result on how to do it. Hope this will help you Sonik.

 

What do we want to Achieve?

 

We wan’t to be able to invoke an installation of an available OSD Task Sequence in Software Center remotely on a system.

One might wonder why and it’s pretty simple, it saves us time and we are lazy 😀

1

 

The Script

 


function Invoke-OSDInstall
{
Param
(
[String][Parameter(Mandatory=$True, Position=1)] $Computername,
[String][Parameter(Mandatory=$True, Position=2)] $OSDName

)
Begin
{

$CIMClass = (Get-CimClass -Namespace root\ccm\clientsdk -ComputerName $Computername -ClassName CCM_ProgramsManager)
$OSD = (Get-CimInstance -ClassName CCM_Program -Namespace "root\ccm\clientSDK" -ComputerName $Computername | Where-Object {$_.Name -like "$OSDName"})

$Args = @{PackageID = $OSD.PackageID
ProgramID = $OSD.ProgramID
}
}

Process
{

Invoke-CimMethod -CimClass $CIMClass -ComputerName $Computername -MethodName "ExecuteProgram" –Arguments $Args

}
End {}
}

 

The script is also available for download over at Technet https://gallery.technet.microsoft.com/Invoke-Installation-of-OSD-ff6f2eb0

 

Example

 

Until next time, cheers Timmy !

You can find me over at

Making a GUI with Powershell Studio to run cmrcviewer.exe with logging

 

 

I did a blog post few weeks back talking about how to do logging with Cmrcviewer and powershell (Here)

That works great but if you intend to give it to someone else for example help desk you might wanna consider to make GUI for it instead of having a powershell-prompt running all the time and that’s exactly what i want to showcase on how to do a simple GUI with the help of Powershell Studio 2016 from SAPIEN. I’ve been using Powershell studio for almost a year now when i need to make a GUI and i really like how simple it is as soon as you understand how its works. They have a 45-day trial version where you can try it out with some limitations but i highly recommend you try it out.

 

 

 

Until next time, cheers Timmy !

You can find me over at

#cmrcviewer-exe, #gui, #powershell, #powershell-studio, #sapien