Deployment – Page 4 – SCCMOG

6th November 20166th November 2016

.Net 4 Downgrade PowerShell Script

Recently I re-captured a clients Windows 7 Gold image and published it out in there Production Windows 7 OSD Task Sequence. This was all fine for a month or 2 until a machine using the software “Information at Work” needed to be rebuilt by their Service Desk as there were issues.

The problem was that Information at Work required .Net 4.5.* and no other version. This it seems must have been coded into the installer and the application. VERY frustrating…

So I had to create a script to downgrade it for Windows 7 Clients and here it is.

[code language=”powershell”]

#Commented due to PS version 5 only — $Release = Get-ItemPropertyValue -Name Release -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"

##Create Detection key function for ConfigMgr
$Unique = "InfoAtWork"
$DetectKey = "HKLM:\SOFTWARE\SOJ\SCRIPTS\$Unique"
function set-detectionKeys()
{
New-Item -Path HKLM:\SOFTWARE\ -Name SOJ –Force
New-Item -Path HKLM:\SOFTWARE\SOJ -Name SCRIPTS –Force
New-Item -Path HKLM:\SOFTWARE\SOJ\SCRIPTS -Name $Unique –Force

}

##Get .Net Version from Registry and hold it in variable $Release
$Key = ‘HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full’

If (Test-Path $Key)
{

$Release = (Get-ItemProperty -Path $Key -Name Release).Release

##Check Release version is 4.5
if ($Release -eq 378389)

{
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name NetVersion -Value $Release -Force
Write-Host "Correct Version Found Exiting"
Exit 0
}
##If it is not 4.5 uninstall and reinstall 4.5

Else
{
##Get all applications installed
$InstalledProducts = Get-WmiObject -Namespace ‘root\cimv2\sms’ -Class SMS_InstalledSoftware
#Filter out .Net
$DotNet = $InstalledProducts | where { $_.ARPDisplayName -imatch ‘NET Framework 4’ }
#Get uninstall string
#$Uninstall = $DotNet.UninstallString
$CachedMSI = $DotNet.LocalPackage
#Uninstall Dot Net
$Passthru = Start-Process ‘msiexec.exe’ -ArgumentList "/x $CachedMSI /qb /L*v $env:windir\temp\DotNetRelease$Release.log /norestart" -Wait -NoNewWindow
$Exitcode = [string]$Passthru.ExitCode

if($Exitcode -eq 0 -Or 3010)
{
#Write successfuly removal to the registry
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name Removed -Value $Release -Force
#Install .Net 4.5.1
Start-Process "$PSScriptroot\SetupNet451.exe" -ArgumentList "/q /norestart /ChainingPackage ADMINDEPLOYMENT" -Wait -NoNewWindow
#Set Detection Keys
$ReleaseInst = (Get-ItemProperty -Path $Key -Name Release).Release
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name Installed451 -Value $ReleaseInst -Force
#Tell ConfigMgr to Reboot
Exit 3010
}
Else
{
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name FailedRemoval -Value "ExitCode: $Exitcode" -Force
Exit 9999

}
}

}
Else
{
#Write not found and install 4.5.1
#set-detectionKeys
#Set-ItemProperty -Path $DetectKey -Name DotNet4 -Value ‘NotFound Installing 451’ -Force
#Install .Net 4.5.1
Start-Process "$PSScriptroot\SetupNet451.exe" -ArgumentList "/q /norestart /ChainingPackage ADMINDEPLOYMENT" -Wait -NoNewWindow
#Set Detection Keys
$ReleaseInst = (Get-ItemProperty -Path $Key -Name Release).Release
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name Installed451 -Value $ReleaseInst -Force
#Tell ConfigMgr to Reboot
Exit 3010

}

[/code]

First I create the function to create the detection keys in the registry.
Then I test the version of the .Net client installed in the registry by using this version information chart from Microsoft.
If it matches, happy days if it doesn’t match… find the uninstall string, create it and remove it (if its not found at all.. then jump to line 74 and install a fresh copy).
Check exit code “0” being success and “3010” being reboot, else fail the script and write to registry.
Re-install .Net 4.5.1 from the directory of the script, set detection keys and then tell the ConfigMgr client to reboot the device gracefully.

This I deployed using a Task Sequence as the “Information at Work” Software is deployed in that way. Also note that this will only work on Windows 7, so you might want to set a requirement on your application or task sequence step for “All Windows 7” Only.

If you need help creating the command line to run this as an application or task sequence CMD line check out this post.

5th November 20165th November 2016

Persist all Drivers at Sysprep stage

Ok, So I was capturing a very specific build for a government Audiology department the other day and needed to keep all drivers in the image as there were Hearing Aid and Hearing measurement devices that would need to be operated from these machines.

To do this is quite simple actually, just make sure BEFORE you kick off sysprep, whether that’s through SCCM, MDT or manually that you change these registry keys.

Navigate to:

HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Settings\sppnp

Keep drivers during sysprep phase.

And then set:

PersistAllDeviceInstalls to 1 – This will keep all drivers for hardware that is connected to the machine at the time of sysprep.
DoNotCleanUpNonPresentDevices to 1 – This coupled with the above will addtionally keep all drivers for hardware that are not connected to the machine at the time of sysprep.

Note…

If you are using an answer file for sysprep configure your answer file to persist the drivers by adding the PersistAllDeviceInstalls setting in the Microsoft-Windows-PnPSysprep and giving it a value of true.

3rd November 20165th November 2016

SCCM PowerShell Script Detection Method

Ever wanted to know how to use the script detection method of an application in ConfigMgr with PowerShell, its quite simple really once you have been shown what ConfigMgr expects to be returned.

The detection method bellow is a PowerShell Test-Path statement. If the statement returns “True”, meaning the file is there, then the script shouts out to the ConfigMgr client to say the detection method is satisfied. You MUST keep the Else clause in the script empty or it will fail to evaluate although there is nothing to be run in it.

[code language=”powershell”]
if( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" )

{
Write-Host "installed"
}

else
{
}
[/code]

Now as i’m sure you’ve guessed with the example this becomes really usefull when deploying applications that install in the users %LocalAPPDATA% as ConfigMgr currently cannot query that location as all installs run as system.

Here is another testing two paths.

[code language=”powershell”]
if( ( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" ) -and ( test-path "HKCU:\SOFTWARE\Microsoft\OneDrive\17.3.6390.0509" ) )

{
Write-Host "installed"
}

else
{
}
[/code]

These examples should let you build all sorts of detection methods now. It doesn’t have to be test path either, it could be anything like checking if a registry entry value is “greater than or equal to”.

3rd November 20163rd August 2018

Deploy a PowerShell Script as a SCCM Application or Program

This is just a quick post to help those who are struggling to find the correct syntax to place into the program (CMD line) field when deploying a PowerShell Script as an application or program for that matter using SCCM.

For an “Application” “Deployment type” just place this into the Program line.

Powershell.exe -ExecutionPolicy ByPass -File Your-Scriptfilename.PS1

For a “Package” “Program ” just place this into the CMD line.

"%Windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command .\Your-Scriptfilename.ps1

Note: When using MDT install applications step in you task sequence (Customsettings or MDT DB driven) to install programs this also works a treat!

You can add other properties also like -NoProfile but to be honest I have found this to work 100% of the time without the need for those extras. Just make sure you detection method is solid!