Install – Page 3 – SCCMOG

3rd May 20173rd May 2017

Set Site Proxy Account and Address SCCM PowerShell

I was at a clients the other day and wanted to update the proxy account information for the Primary Site Server so thought I would script it quickly. This Script will create an account in ConfigMgr and then associate that with the Proxy details specified to the Site System. It must be run with access to the ConfigMgr Module for PowerShell and administrative rights.
Here it is:

#########################################################################################################################
#Author:       SCCMOG - Richie Schuster - SCCMOG.COM                                                                    #
#Date:         02/05/2017                                                                                               #
#Name:         Set-CMProxyAccount.ps1                                                                                   #
#RunAs CMD:    Powershell.exe -Executionpolicy Bypass -File Set-CMProxyAccount.ps1 -Account SCCMOG\Admin                #
#              -Password CantCrackMe -SSFQDN CM-01.SCCMOG.COM -SiteCode SOG -ProxSName proxy.sccmog.com -ProxySPort 8080#
#              Just running the script will prompt for all parameters.                                                  #
#Description:  This script will add a new account to the site and then associate it with the proxy account for the site #
#              system.                                                                                                  #
#########################################################################################################################


Param
(
[parameter(mandatory=$true,HelpMessage="Please, provide a account name. Domain\Account or Account")][ValidateNotNullOrEmpty()]$Account,
[parameter(mandatory=$true,HelpMessage="Please, provide the password to be used.")][ValidateNotNullOrEmpty()]$Password,
[parameter(mandatory=$true,HelpMessage="Please, provide the Site Server FQDN.")][ValidateNotNullOrEmpty()]$SSFQDN,
[parameter(mandatory=$true,HelpMessage="Please, provide the Code.")][ValidateNotNullOrEmpty()]$SiteCode,
[parameter(mandatory=$true,HelpMessage="Please, provide Proxy Server Name.")][ValidateNotNullOrEmpty()]$ProxySName,
[parameter(mandatory=$true,HelpMessage="Please, provide Proxy Server Port.")][ValidateNotNullOrEmpty()]$ProxySPort
)

# Check for elevation
Write-Host "Checking for elevation"
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
    Write-Warning "Aborting script..."
    Break
}

# Import the ConfigurationManager.psd1 module 
Write-Host "Importing ConfigMgr Module..." -ForegroundColor Yellow
Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"
# Set the current location to be the site code.
Write-Host "Setting Location to ConfigMgr Drive..." -ForegroundColor Yellow
Set-Location "$SiteCode`:"


#Store the pass as a secure string
Write-Host "Storing Password securely...." -ForegroundColor Yellow
$Secure = ConvertTo-SecureString -String $Password -AsPlainText -Force
#Create Account
Write-Host "Creating New Account $Account...." -ForegroundColor Yellow
New-CMAccount -UserName $Account -Password $Secure -SiteCode $SiteCode

#Set Site Server Proxy
Write-Host "Setting Proxy information...." -ForegroundColor Yellow
Set-CMSiteSystemServer -SiteSystemServerName $SSFQDN -SiteCode $SiteCode -EnableProxy $True -ProxyServerName $ProxySName`
                       -ProxyServerPort $ProxySPort -ProxyAccessAccount (Get-CMAccount $Account) -PassThru

########################################################################################################################

#########################################################################################################################

#Author: SCCMOG - Richie Schuster - SCCMOG.COM #

#Date: 02/05/2017 #

#Name: Set-CMProxyAccount.ps1 #

#RunAs CMD: Powershell.exe -Executionpolicy Bypass -File Set-CMProxyAccount.ps1 -Account SCCMOG\Admin #

# -Password CantCrackMe -SSFQDN CM-01.SCCMOG.COM -SiteCode SOG -ProxSName proxy.sccmog.com -ProxySPort 8080#

# Just running the script will prompt for all parameters. #

#Description: This script will add a new account to the site and then associate it with the proxy account for the site #

# system. #

#########################################################################################################################

Param

(

[parameter(mandatory=$true,HelpMessage="Please, provide a account name. Domain\Account or Account")][ValidateNotNullOrEmpty()]$Account,

[parameter(mandatory=$true,HelpMessage="Please, provide the password to be used.")][ValidateNotNullOrEmpty()]$Password,

[parameter(mandatory=$true,HelpMessage="Please, provide the Site Server FQDN.")][ValidateNotNullOrEmpty()]$SSFQDN,

[parameter(mandatory=$true,HelpMessage="Please, provide the Code.")][ValidateNotNullOrEmpty()]$SiteCode,

[parameter(mandatory=$true,HelpMessage="Please, provide Proxy Server Name.")][ValidateNotNullOrEmpty()]$ProxySName,

[parameter(mandatory=$true,HelpMessage="Please, provide Proxy Server Port.")][ValidateNotNullOrEmpty()]$ProxySPort

)

# Check for elevation

Write-Host "Checking for elevation"

If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`

[Security.Principal.WindowsBuiltInRole] "Administrator"))

{

Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."

Write-Warning "Aborting script..."

Break

}

# Import the ConfigurationManager.psd1 module

Write-Host "Importing ConfigMgr Module..." -ForegroundColor Yellow

Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"

# Set the current location to be the site code.

Write-Host "Setting Location to ConfigMgr Drive..." -ForegroundColor Yellow

Set-Location "$SiteCode`:"

#Store the pass as a secure string

Write-Host "Storing Password securely...." -ForegroundColor Yellow

$Secure = ConvertTo-SecureString -String $Password -AsPlainText -Force

#Create Account

Write-Host "Creating New Account $Account...." -ForegroundColor Yellow

New-CMAccount -UserName $Account -Password $Secure -SiteCode $SiteCode

#Set Site Server Proxy

Write-Host "Setting Proxy information...." -ForegroundColor Yellow

Set-CMSiteSystemServer -SiteSystemServerName $SSFQDN -SiteCode $SiteCode -EnableProxy $True -ProxyServerName $ProxySName`

-ProxyServerPort $ProxySPort -ProxyAccessAccount (Get-CMAccount $Account) -PassThru

########################################################################################################################

Demonstration of running the script:

Site System Properties after running Script:

Account Properties:

27th March 201727th March 2017

SCCM Auto Snapshot a VM before Patching Task Sequence – PowerCLI

A while ago I mentioned in a post about creating a bespoke patching task sequence for a client who wanted to snap shot every VM before patching. To do this I created a silent install wrapper for PowerCLI using PowerShell.

Anyway, as per the request… here is the script I used to snapshot a VM before patching it during the Task sequence. It must be run as a command line step and using an account that has access to VSphere.

########################################################################################################################
#Author:       SCCMOG - Richie Schuster - SCCMOG.COM                                                                   #
#Date:         05/01/2017                                                                                              #
#Name:         Auto Snapshot VM before Patching                                                                        #
#RunAs CMD:    Powershell.exe -Executionpolicy Bypass -File PrePatchSnapShot.ps1                                       #
#Description:  This script has been created to auto snapshot a VM before patching by a task sequence from SCCM.        #
#              The script must be run as a Command Line in the task sequence by an account with access to VSphere.     #
########################################################################################################################

#Variables
$VMname = "$env:COMPUTERNAME.YOURDOMAIN.COM"
$VIserver = "YOURVISERVER.YOURDOMAIN.COM"
#$Username = "YourDomain\admin-SCCMOG"
#$Password = "CrazyPass"

#Create Credential to pass securely
#$Cred = New-Object System.Management.Automation.PSCredential($Username, (ConvertTo-SecureString $Password -AsPlainText -Force))

#Add the VMware snapin if not added
If ((Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {
    Add-PSSnapin VMware.VimAutomation.Core
    }

#Connect to VIC001
If ($global:DefaultVIServer -eq $null ) {
    Connect-VIServer -Server $VIserver #-Credential $Cred -Verbose
    }
ElseIF ($global:DefaultVIServer -ne $VIserver ) {
    #Disconnect all server connections
    Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null
    #Re-connect to specific server
    Connect-VIServer -Server $VIserver
    }

#Reset Connected Variable
$Connected = $global:DefaultVIServer.Name -eq $VIserver

If ($Connected -eq $true) {

    #Snapshot Time
    #Time Date for Snapshot name
    $Date = Get-Date
    $DateShort = $Date.ToShortDateString() -replace '[/]'
    $TimeShort = $Date.ToShortTimeString()
    $Snapshotname = "Before Patching $TimeShort $DateShort"

    #Take Snapshot
    New-Snapshot -VM $VMname -Name $Snapshotname -Description "This Snapshot was taken before patching the VM from the SCCM TaskSequence. $Date" -Verbose

    #Check Snapshot complete
    $SnapShots = Get-Snapshot -VM $VMname
    $Taken = $Snapshots.Name.Contains($Snapshotname)
    
    #If found Disconnect and Exit Script Success 0
    If ($Taken -eq $true) {
        Disconnect-VIServer -Server $VIserver -Force -Confirm:$false -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null
        Exit 0
        }
    #If Failed Exit Script 999 Failing the Tasksequence
    Else {
    Exit 999
    }
}

Elseif ($Connected -eq $false) {
    Exit 911
    }
Else {
    Exit 912
    }
    
######################################################################################################################

########################################################################################################################

#Author: SCCMOG - Richie Schuster - SCCMOG.COM #

#Date: 05/01/2017 #

#Name: Auto Snapshot VM before Patching #

#RunAs CMD: Powershell.exe -Executionpolicy Bypass -File PrePatchSnapShot.ps1 #

#Description: This script has been created to auto snapshot a VM before patching by a task sequence from SCCM. #

# The script must be run as a Command Line in the task sequence by an account with access to VSphere. #

########################################################################################################################

#Variables

$VMname = "$env:COMPUTERNAME.YOURDOMAIN.COM"

$VIserver = "YOURVISERVER.YOURDOMAIN.COM"

#$Username = "YourDomain\admin-SCCMOG"

#$Password = "CrazyPass"

#Create Credential to pass securely

#$Cred = New-Object System.Management.Automation.PSCredential($Username, (ConvertTo-SecureString $Password -AsPlainText -Force))

#Add the VMware snapin if not added

If ((Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {

Add-PSSnapin VMware.VimAutomation.Core

}

#Connect to VIC001

If ($global:DefaultVIServer -eq $null ) {

Connect-VIServer -Server $VIserver #-Credential $Cred -Verbose

}

ElseIF ($global:DefaultVIServer -ne $VIserver ) {

#Disconnect all server connections

Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null

#Re-connect to specific server

Connect-VIServer -Server $VIserver

}

#Reset Connected Variable

$Connected = $global:DefaultVIServer.Name -eq $VIserver

If ($Connected -eq $true) {

#Snapshot Time

#Time Date for Snapshot name

$Date = Get-Date

$DateShort = $Date.ToShortDateString() -replace '[/]'

$TimeShort = $Date.ToShortTimeString()

$Snapshotname = "Before Patching $TimeShort $DateShort"

#Take Snapshot

New-Snapshot -VM $VMname -Name $Snapshotname -Description "This Snapshot was taken before patching the VM from the SCCM TaskSequence. $Date" -Verbose

#Check Snapshot complete

$SnapShots = Get-Snapshot -VM $VMname

$Taken = $Snapshots.Name.Contains($Snapshotname)

#If found Disconnect and Exit Script Success 0

If ($Taken -eq $true) {

Disconnect-VIServer -Server $VIserver -Force -Confirm:$false -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null

Exit 0

}

#If Failed Exit Script 999 Failing the Tasksequence

Else {

Exit 999

}

Elseif ($Connected -eq $false) {

Exit 911

}

Else {

Exit 912

}

######################################################################################################################

6th March 2017

SCCM WSUS Proxy – Allow Basic Authentication

I was at a clients today and came across the issue to do with Credentials for a proxy that are required to be sent as clear text. The exact tick box wording is:

“Allow Basic Authentication (password is sent in cleartext)”

Anyway after hunting around to find a solution for SCCM 2012 and above installations, I came to the conclusion that it would be quicker to write a script to check the configuration and change if it has been removed by SCCM. This script runs as a scheduled task and I have included the XML for that also below.

The Script:

################################################################################
# Author  : SCCMOG - Richie Schuster C5                                        #
# Website : www.sccmog.com                                                     #
# Usage   : .\Set-WSUSCredsNonSSL                                              #
# Version : 2.7                                                                #
# Created : 2014/07/17                                                         #
# Purpose : This script was created to be run as a scheduled task to reset the #
#         : "Allow Basic Authentication" in the proxy server settingd of WSUS  #
#         : as SCCM removes this setting while performaing maintanance tasks.  #
################################################################################


#Connect to WSUS Configuration
#Set WSUS server to connect to
$wsusserver = "SCCMOG-CM-01"

#Load required assemblies
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

#Connect to WSUS Remote
#$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$false)
#Connect to WSUS Local
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

#$WSUS | FL *
#$WSUS | Get-Member

$Config = $wsus.GetConfiguration()
$CurrentSetting = $Config.AllowProxyCredentialsOverNonSsl

If ($CurrentSetting -ne $true){
    Write-Host "Incorrect... Correcting!" -ForegroundColor Yellow
    $Config.AllowProxyCredentialsOverNonSsl = $true
    $Config.Save()
    Exit 0
    }
Else {
    Write-Host "Still Correct!" -ForegroundColor Green
    Exit 0
    }

################################################################################

################################################################################

# Author : SCCMOG - Richie Schuster C5 #

# Website : www.sccmog.com #

# Usage : .\Set-WSUSCredsNonSSL #

# Version : 2.7 #

# Created : 2014/07/17 #

# Purpose : This script was created to be run as a scheduled task to reset the #

# : "Allow Basic Authentication" in the proxy server settingd of WSUS #

# : as SCCM removes this setting while performaing maintanance tasks. #

################################################################################

#Connect to WSUS Configuration

#Set WSUS server to connect to

$wsusserver = "SCCMOG-CM-01"

#Load required assemblies

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

#Connect to WSUS Remote

#$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$false)

#Connect to WSUS Local

$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

#$WSUS | FL *

#$WSUS | Get-Member

$Config = $wsus.GetConfiguration()

$CurrentSetting = $Config.AllowProxyCredentialsOverNonSsl

If ($CurrentSetting -ne $true){

Write-Host "Incorrect... Correcting!" -ForegroundColor Yellow

$Config.AllowProxyCredentialsOverNonSsl = $true

$Config.Save()

Exit 0

}

Else {

Write-Host "Still Correct!" -ForegroundColor Green

Exit 0

}

################################################################################

The Scheduled Task XML to be imported:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2017-03-06T20:11:59.7036984</Date>
    <Author>LAB\SCCM-Admin</Author>
  </RegistrationInfo>
  <Triggers>
    <TimeTrigger>
      <Repetition>
        <Interval>PT1M</Interval>
        <StopAtDurationEnd>false</StopAtDurationEnd>
      </Repetition>
      <StartBoundary>2017-03-06T20:13:05</StartBoundary>
      <Enabled>true</Enabled>
    </TimeTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>Powershell.exe</Command>
      <Arguments>-Executionpolicy Bypass -file E:\Change\ToYourLocation\Set-WSUSCredsNonSSL.ps1</Arguments>
    </Exec>
  </Actions>
</Task>

<?xml version="1.0" encoding="UTF-16"?>

<Author>LAB\SCCM-Admin</Author>

</RegistrationInfo>

<StopAtDurationEnd>false</StopAtDurationEnd>

</Repetition>

</TimeTrigger>

</Triggers>

<RunLevel>HighestAvailable</RunLevel>

</Principal>

</Principals>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<StartWhenAvailable>false</StartWhenAvailable>

<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<Hidden>false</Hidden>

<RunOnlyIfIdle>false</RunOnlyIfIdle>

<WakeToRun>false</WakeToRun>

</Settings>

<Exec>

<Command>Powershell.exe</Command>

<Arguments>-Executionpolicy Bypass -file E:\Change\ToYourLocation\Set-WSUSCredsNonSSL.ps1</Arguments>

</Exec>

</Actions>

</Task>

4th March 20174th March 2017

Get Logged On User WMI PowerShell

Ever needed to figure out who is logged on when deploying software to a machine with SCCM?
Maybe you needed to do so… like me… to copy a specific file into that users AppData?

Anyway quick PowerShell script to figure out the currently logged on user of a Machine.

################################################################################
#Author: SCCMOG.COM - Richie Schuster                                          #
#Date: 04/03/2017                                                              #
#Script Name: Get Logged on User                                               #
################################################################################

#Get logged on User
$Loggedon = Get-WmiObject -ComputerName $env:COMPUTERNAME -Class Win32_Computersystem | Select-Object UserName
#Split User and Domain
$Domain,$User = $Loggedon.Username.split('\',2)
Write-Host $Domain
Write-Host $User

################################################################################

################################################################################

#Author: SCCMOG.COM - Richie Schuster #

#Date: 04/03/2017 #

#Script Name: Get Logged on User #

################################################################################

#Get logged on User

$Loggedon = Get-WmiObject -ComputerName $env:COMPUTERNAME -Class Win32_Computersystem | Select-Object UserName

#Split User and Domain

$Domain,$User = $Loggedon.Username.split('\',2)

Write-Host $Domain

Write-Host $User

################################################################################