SCCMOG – Page 8 – SCCMOG

3rd November 20165th November 2016

SCCM PowerShell Script Detection Method

Ever wanted to know how to use the script detection method of an application in ConfigMgr with PowerShell, its quite simple really once you have been shown what ConfigMgr expects to be returned.

The detection method bellow is a PowerShell Test-Path statement. If the statement returns “True”, meaning the file is there, then the script shouts out to the ConfigMgr client to say the detection method is satisfied. You MUST keep the Else clause in the script empty or it will fail to evaluate although there is nothing to be run in it.

[code language=”powershell”]
if( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" )

{
Write-Host "installed"
}

else
{
}
[/code]

Now as i’m sure you’ve guessed with the example this becomes really usefull when deploying applications that install in the users %LocalAPPDATA% as ConfigMgr currently cannot query that location as all installs run as system.

Here is another testing two paths.

[code language=”powershell”]
if( ( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" ) -and ( test-path "HKCU:\SOFTWARE\Microsoft\OneDrive\17.3.6390.0509" ) )

{
Write-Host "installed"
}

else
{
}
[/code]

These examples should let you build all sorts of detection methods now. It doesn’t have to be test path either, it could be anything like checking if a registry entry value is “greater than or equal to”.

3rd November 20163rd August 2018

Deploy a PowerShell Script as a SCCM Application or Program

This is just a quick post to help those who are struggling to find the correct syntax to place into the program (CMD line) field when deploying a PowerShell Script as an application or program for that matter using SCCM.

For an “Application” “Deployment type” just place this into the Program line.

Powershell.exe -ExecutionPolicy ByPass -File Your-Scriptfilename.PS1

1	Powershell.exe -ExecutionPolicy ByPass -File Your-Scriptfilename.PS1

For a “Package” “Program ” just place this into the CMD line.

"%Windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command .\Your-Scriptfilename.ps1

1	"%Windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command .\Your-Scriptfilename.ps1

Note: When using MDT install applications step in you task sequence (Customsettings or MDT DB driven) to install programs this also works a treat!

You can add other properties also like -NoProfile but to be honest I have found this to work 100% of the time without the need for those extras. Just make sure you detection method is solid!

31st October 20165th November 2016

Deploying .Net 4.5.1 – 4.6.1 Silently With SCCM

So today I created a deployment for .Net 4.6.1 and 4.5.1 Windows 7 Enterprise.
.Net is notoriously difficult to deploy silently, I have done it before many times and every time I did it I would refer to a text file I had saved with the commands in it, let me add that finding those commands was a “that will be useful” moment and I didn’t save it to my normal One Drive archive!
So yes I lost it… Anyways I’m sure you’ve probably already skipped to the good bit and if you haven’t you are wanting me to stop blabbering and give you the command..
So here it is:

“dotNetFx40_Full_x86_x64.exe /q /norestart /ChainingPackage ADMINDEPLOYMENT”

Also in the deployment Type settings you must check the checkbox:

Run installation and uninstall program as a 32bit process on 64-bit clients.

Just place that into the command line box for the Application or Program, change the exe name to what you have, check the box and also make sure the quotes don’t copy over incorrectly if you are building a script.
Hope this saves some time!

31st October 201624th May 2017

Deploying the OneDrive Client with SCCM MDT PowerShell

So a week or two ago I was asked by my Client to deploy the new OneDrive Sync Client. This after a little research I discovered was not quite as easy as I had first thought.

There are 2 ways to deploy the OneDrive Sync Client:

Personal – User logs in with their own credentials not linked to the organisation.
Business – Pass though is enabled in the background and a Azure tenant ID must be linked to the OneDrive Client.

So the deployment for the personal Client is pretty Simple.. Download the latest OneDrive client from here. Then create the new application in SCCM or MDT using “OneDrive.exe /Silent” as the install CMD line and “/uninstall” CMD line for… you guessed it, uninstall. Now this is a must “Install for User” deployment setting as this application is installed to the local APPDATA of the users account. The only slightly challenging thing, if you are not used to it that is, is to use a PowerShell script as a detection method for a ConfigMgr application. This is done due to ConfigMgr not being able to detect the local APPDATA of the user due to all installs being carried out by Software Center being driven by the System account of the machine.

[code language=”powershell”]
if( ( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" ) -and ( test-path "HKCU:\SOFTWARE\Microsoft\OneDrive\17.3.6390.0509" ) )
{
Write-Host "installed"
}
else
{
}[/code]

So… Simple script, tests the local APPDATA of the user that is logged in for the Exe and then also checks the HKCU (HKEY_CURRENT_USER). If it finds it it shouts out to ConfigMgr and ConfigMgr then considers that application installed. If not it says nothing and ConfigMgr will report the application not detect the application after install (Appenforce.log/Appdiscovery.log). Remember to update the version number to the current OneDrive version that you are installing.

So now we have the detection method lets talk about the script.

This deployment script took me a little time to work out as there are many steps that had to be done to ensure that the client installed and launched in the correct way as documented by Microsoft here. For those of you who kept on reading and didn’t read the documentation well, I will explain quickly how it works.

Firstly there must be a registry value which consists of your azure tenant ID under the key:

HKU:\*****userSID****\SOFTWARE\Microsoft\OneDrive\Accounts\Business1

The Registry String Value is:

ConfiguredTenantID

And the Property of that string is your azure tenant id e.g:

12345678-1234-1234-1234-123456789012

This is because when you launch the OneDrive.exe with the CMD line:

OneDrive.exe /configure_business:12345678-1234-1234-1234-123456789012

OneDrive knows to go off and check in that location in the registry in order to match it and kick off as OneDrive for Business instead of personal. This allows for pass-through and all the other goodies to be taken advantage of also. The only issue is that the simple installation is still the way it is installed, you then must launch OneDrive as the user to allow for the key to be checked and correct authentication to happen.

Note – OneDrive does not like being launched with Administrator rights.

Wait! I hear you shout… How do I then launch it as the user if ConfigMgr has installed it, the silent install just completes quietly in the background!?

Well this is where my simple but effective script comes in. It will figure out the logged on user and their domain and launch the application as them, this will however require them to pop in a password to authenticate and don’t worry.. I launch a warning before that happens to make sure they don’t freak out and click Cancel! So heres the script…

[code language=”powershell”]
####Deploy OneDrive Script – SCCMOG######################################################################################
####03/06/2016####################################################################################################################

##Variables
$TenantID = "xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxxx"

##Windows 10 removal
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 10*’)
{
Start-Process "$env:windir\SysWow64\OneDriveSetup.exe" -ArgumentList "/uninstall" -Wait -NoNewWindow
}

#Get User Logged on SID – Domain Account
$objUser = New-Object System.Security.Principal.NTAccount($env:USERDOMAIN, $env:username)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

#Get User Logged on SID – LOCAL
#$objUser = New-Object System.Security.Principal.NTAccount($env:username)
#$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
#$strSID.Value

#Load HKEY_Users Hive
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS

#Create OneDr
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft -Name OneDrive –Force
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft\OneDrive -Name Accounts –Force
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft\OneDrive\Accounts -Name Business1 –Force

$OneDriveID = "HKU:\$strSID\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"

#Configure Tenant ID
Set-ItemProperty -Path $OneDriveID -Name ConfiguredTenantID -Value $TenantID -Force

#Unmount HKU
Remove-PSDrive -Name HKU

## Install OneDrive
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 7*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 8*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 10*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}

##Start OneDrive With TenantID and User Credentials, Prompt for User understanding.
$OneDriveInstalled = "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe"

If (Test-Path $OneDriveInstalled)
{
Add-Type -AssemblyName System.Windows.Forms | Out-Null
[System.Windows.Forms.MessageBox]::Show("OneDrive for Business has been Successfully installed. Please enter your credentials into the next window to continue.", "SCCMOG – OneDrive",
[System.Windows.Forms.MessageBoxButtons]::OK,
[System.Windows.Forms.MessageBoxIcon]::Warning)
Start-Process "$OneDriveInstalled" -ArgumentList "/Configure_business:$TenantID" -credential "SCCMOG\$env:username"
}
Else
{
[System.Windows.Forms.MessageBox]::Show("OneDrive for Business has failed to install. Please contact the SCCMOG Service Desk on: 555-555-555.", "SCCMOG – OneDrive Failed",
[System.Windows.Forms.MessageBoxButtons]::OK,
[System.Windows.Forms.MessageBoxIcon]::Warning)
}

###The End 🙂
#######################################################################################################################################
[/code]