Deployment – Page 5 – SCCMOG

So a week or two ago I was asked by my Client to deploy the new OneDrive Sync Client. This after a little research I discovered was not quite as easy as I had first thought.

There are 2 ways to deploy the OneDrive Sync Client:

Personal – User logs in with their own credentials not linked to the organisation.
Business – Pass though is enabled in the background and a Azure tenant ID must be linked to the OneDrive Client.

So the deployment for the personal Client is pretty Simple.. Download the latest OneDrive client from here. Then create the new application in SCCM or MDT using “OneDrive.exe /Silent” as the install CMD line and “/uninstall” CMD line for… you guessed it, uninstall. Now this is a must “Install for User” deployment setting as this application is installed to the local APPDATA of the users account. The only slightly challenging thing, if you are not used to it that is, is to use a PowerShell script as a detection method for a ConfigMgr application. This is done due to ConfigMgr not being able to detect the local APPDATA of the user due to all installs being carried out by Software Center being driven by the System account of the machine.

[code language=”powershell”]
if( ( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" ) -and ( test-path "HKCU:\SOFTWARE\Microsoft\OneDrive\17.3.6390.0509" ) )
{
Write-Host "installed"
}
else
{
}[/code]

So… Simple script, tests the local APPDATA of the user that is logged in for the Exe and then also checks the HKCU (HKEY_CURRENT_USER). If it finds it it shouts out to ConfigMgr and ConfigMgr then considers that application installed. If not it says nothing and ConfigMgr will report the application not detect the application after install (Appenforce.log/Appdiscovery.log). Remember to update the version number to the current OneDrive version that you are installing.

So now we have the detection method lets talk about the script.

This deployment script took me a little time to work out as there are many steps that had to be done to ensure that the client installed and launched in the correct way as documented by Microsoft here. For those of you who kept on reading and didn’t read the documentation well, I will explain quickly how it works.

Firstly there must be a registry value which consists of your azure tenant ID under the key:

HKU:\*****userSID****\SOFTWARE\Microsoft\OneDrive\Accounts\Business1

The Registry String Value is:

ConfiguredTenantID

And the Property of that string is your azure tenant id e.g:

12345678-1234-1234-1234-123456789012

This is because when you launch the OneDrive.exe with the CMD line:

OneDrive.exe /configure_business:12345678-1234-1234-1234-123456789012

OneDrive knows to go off and check in that location in the registry in order to match it and kick off as OneDrive for Business instead of personal. This allows for pass-through and all the other goodies to be taken advantage of also. The only issue is that the simple installation is still the way it is installed, you then must launch OneDrive as the user to allow for the key to be checked and correct authentication to happen.

Note – OneDrive does not like being launched with Administrator rights.

Wait! I hear you shout… How do I then launch it as the user if ConfigMgr has installed it, the silent install just completes quietly in the background!?

Well this is where my simple but effective script comes in. It will figure out the logged on user and their domain and launch the application as them, this will however require them to pop in a password to authenticate and don’t worry.. I launch a warning before that happens to make sure they don’t freak out and click Cancel! So heres the script…

[code language=”powershell”]
####Deploy OneDrive Script – SCCMOG######################################################################################
####03/06/2016####################################################################################################################

##Variables
$TenantID = "xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxxx"

##Windows 10 removal
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 10*’)
{
Start-Process "$env:windir\SysWow64\OneDriveSetup.exe" -ArgumentList "/uninstall" -Wait -NoNewWindow
}

#Get User Logged on SID – Domain Account
$objUser = New-Object System.Security.Principal.NTAccount($env:USERDOMAIN, $env:username)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

#Get User Logged on SID – LOCAL
#$objUser = New-Object System.Security.Principal.NTAccount($env:username)
#$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
#$strSID.Value

#Load HKEY_Users Hive
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS

#Create OneDr
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft -Name OneDrive –Force
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft\OneDrive -Name Accounts –Force
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft\OneDrive\Accounts -Name Business1 –Force

$OneDriveID = "HKU:\$strSID\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"

#Configure Tenant ID
Set-ItemProperty -Path $OneDriveID -Name ConfiguredTenantID -Value $TenantID -Force

#Unmount HKU
Remove-PSDrive -Name HKU

## Install OneDrive
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 7*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 8*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 10*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}

##Start OneDrive With TenantID and User Credentials, Prompt for User understanding.
$OneDriveInstalled = "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe"

If (Test-Path $OneDriveInstalled)
{
Add-Type -AssemblyName System.Windows.Forms | Out-Null
[System.Windows.Forms.MessageBox]::Show("OneDrive for Business has been Successfully installed. Please enter your credentials into the next window to continue.", "SCCMOG – OneDrive",
[System.Windows.Forms.MessageBoxButtons]::OK,
[System.Windows.Forms.MessageBoxIcon]::Warning)
Start-Process "$OneDriveInstalled" -ArgumentList "/Configure_business:$TenantID" -credential "SCCMOG\$env:username"
}
Else
{
[System.Windows.Forms.MessageBox]::Show("OneDrive for Business has failed to install. Please contact the SCCMOG Service Desk on: 555-555-555.", "SCCMOG – OneDrive Failed",
[System.Windows.Forms.MessageBoxButtons]::OK,
[System.Windows.Forms.MessageBoxIcon]::Warning)
}

###The End 🙂
#######################################################################################################################################
[/code]

Use SCCM or MDT to Uninstall all applications by a specific publisher or other unique ID using the SMS installed software class in WMI and PowerShell.

So that software….

If you have no idea what I’m talking about take a look at this post and it will come clear!

Unfortunately the Client had a huge variety of Versions of one specific piece of software, ranging from 4.1 to 4.3 with loads of revisions in the middle and it installed 3 products!

Usually to script a removal I can easily jump into the SMS software class and find all relevant entries to a specific software version and build the script from there.

Like this:

[code language=”powershell”]

##Get list of all products installed
$InstalledProducts = Get-WmiObject -Namespace ‘root\cimv2\sms’ -Class SMS_InstalledSoftware

## Check the matches
$InstalledProducts | where { $_.ARPDisplayName -imatch ‘eSigner’ }

## Add specific product to variable
$eSigner = $InstalledProducts | where { ($_.ARPDisplayName -eq ‘eSigner 4.2’) -and ($_.ProductVersion -eq ‘4.2.111’) }
[/code]

But this although a great way of doing it only allows me to remove specific versions that I know or the client knows are out there. Using the bellow:

[code language=”powershell”]
##Get list of all products installed
$InstalledProducts = Get-WmiObject -Namespace ‘root\cimv2\sms’ -Class SMS_InstalledSoftware

## Add specific product to variable
$eSigner = $InstalledProducts | where { ($_.ARPDisplayName -eq ‘eSigner 4.2’) -and ($_.ProductVersion -eq ‘4.2.111’) }

## Check its the right product
$eSigner

## Grab tje local package to a variable for the uninstall process
$CachedMSI = $eSigner.LocalPackage

##Start the uninstall with the local package and verbose logging
Start-Process ‘msiexec.exe’ -ArgumentList "/x $CachedMSI /qn /norestart /L*v %windir%\temp\uninstall_eSigner42.log" -Wait -NoNewWindow
[/code]

I could have also created some queries/reports find all the specific versions but this would have taken serious time and as the software was critical for BAU, the site and clients requiring it are fresh, scripting was the only way!

Anyway the script…

It grabs all software listed in the ‘root\cimv2\SMS’ ‘SMS_InstalledSoftware’ class in WMI.
Then it selects out all the Software with a specific Publisher (this can be changed).
If there is none it will write the detection key to the registry and then quit with exit code 0.
If there is then it sets the detection keys in the registry.
Loops through each product of the application installed finding the name of the product and local MSI package.
Starts MSIexec.exe with the arguments of local package and logs to the %WINDIR%\temp\uninstall_$packagename.log for each product installed.
It also write the name of the product to the detection key and the exit code of that uninstall (use full for troubleshooting).
After this it exits with exit code 3010 telling the Config Mgr client that reboot is required.

[code language=”powershell”]
##Mass Uninstall the Application by unique ID – Publisher
### To Deploy use program string: powershell.exe -Executionpolicy Bypass -File MassUninstallMSI.ps1
### SCCM_OG 16/07/2016

##Enter unique Identifier – Remember to change line from Publisher if not using that as unique.
$Unique = "Gemalto"
$DetectKey = "HKLM:\SOFTWARE\RSDELL\SCRIPTS\MassRemMSI\$Unique"
function set-detectionKeys()
{
New-Item -Path HKLM:\SOFTWARE\ -Name RSDELL –Force
New-Item -Path HKLM:\SOFTWARE\RSDELL -Name SCRIPTS –Force
New-Item -Path HKLM:\SOFTWARE\RSDELL\SCRIPTS -Name MassRemMSI –Force
New-Item -Path HKLM:\SOFTWARE\RSDELL\SCRIPTS\MassRemMSI -Name $Unique –Force

}

##Get all Applications in SMS namespace
$InstalledProducts = Get-WmiObject -Namespace ‘root\cimv2\sms’ -Class SMS_InstalledSoftware

#Grab all of those applications with Publisher of….
$AppArray = $InstalledProducts | where { $_.Publisher -like $Unique }

If ($AppArray.Length -eq 0)
{
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name Array -Value ‘NoneFound’ -Force
Write-Host "No applcations Found Exiting with code 0"
Exit 0
}

Elseif ($AppArray.Length -gt 0)

{
set-detectionKeys
#Uninstall the applications found
for ($i=0; $i -lt $AppArray.Length; $i++)
{
"`$AppArray[$i]=" + $AppArray[$i].ARPDisplayName
"`$AppArray[$i]=" + $AppArray[$i].Localpackage
$packagename = $AppArray[$i].ARPDisplayName
$packagename = $packagename -replace ‘\s’,”
$log = "/l*v $env:windir\temp\uninstall_$packagename.log"
$arguments = "/x " + $AppArray[$i].Localpackage + " /qn /norestart $log"
$Passthru = Start-Process ‘msiexec.exe’ -ArgumentList $arguments -Wait -NoNewWindow -PassThru
$Exitcode = [string]$Passthru.ExitCode
Set-ItemProperty -Path $DetectKey -Name $packagename -Value "ExitCode: $ExitCode" -Force
}

Write-Host "Applcations Found and removed. Exiting with code 3010 for reboot."
Exit 3010
}
Else
{
set-detectionKeys
Set-ItemProperty -Path $DetectKey -Name Else -Value ‘NoneFound’ -Force
Write-Host "No applcations Found Exiting with code 0"
Exit 0
}

##The End 🙂
########################################################

[/code]

Tag: Deployment

Deploying the OneDrive Client with SCCM MDT PowerShell

Mass Uninstall SCCM PowerShell Script by Publisher