MDT – Page 3 – SCCMOG – Deployment Blog

4th March 20174th March 2017

Get Logged On User WMI PowerShell

Ever needed to figure out who is logged on when deploying software to a machine with SCCM?
Maybe you needed to do so… like me… to copy a specific file into that users AppData?

Anyway quick PowerShell script to figure out the currently logged on user of a Machine.

################################################################################
#Author: SCCMOG.COM - Richie Schuster                                          #
#Date: 04/03/2017                                                              #
#Script Name: Get Logged on User                                               #
################################################################################

#Get logged on User
$Loggedon = Get-WmiObject -ComputerName $env:COMPUTERNAME -Class Win32_Computersystem | Select-Object UserName
#Split User and Domain
$Domain,$User = $Loggedon.Username.split('\',2)
Write-Host $Domain
Write-Host $User

################################################################################

################################################################################

#Author: SCCMOG.COM - Richie Schuster #

#Date: 04/03/2017 #

#Script Name: Get Logged on User #

################################################################################

#Get logged on User

$Loggedon = Get-WmiObject -ComputerName $env:COMPUTERNAME -Class Win32_Computersystem | Select-Object UserName

#Split User and Domain

$Domain,$User = $Loggedon.Username.split('\',2)

Write-Host $Domain

Write-Host $User

################################################################################

3rd March 20173rd March 2017

SCCM PowerCLI Silent deployment script

A couple of months ago I was asked by a client to create a method of patching to automatically snap shot a VM before applying the monthly patches with SCCM.

This as I’m sure your thinking has to be done by Task Sequence with the use of SCCM. If you not then that is how I would suggest you do it. The issue was PowerCLI and how to deploy that silently to all servers to allow for the Task Sequence to harness the PowerShell commands locally on the box without using remote PowerShell. I came across a great blog here discussing the silent install and then decided to write a PowerShell wrapper to deploy the software silently and with the use of SCCM.

The following script can be run as an Application or Package that is purely up to you. There are 2 modes, Install and Uninstall. Add these deployment command lines to your application or program to silently install PowerCLI or just run them locally:

[code language=”text”]
Powershell.exe -Executionpolicy Bypass -File "Deploy_PowerCLI_Silent.ps1 -MODE Install"
Powershell.exe -Executionpolicy Bypass -File "Deploy_PowerCLI_Silent.ps1 -MODE Uninstall"
[/code]

You will probably notice that to uninstall it silently you need to remove “VMware Remote Console Plug-in 5.1” followed by the “VMware vSphere PowerCLI” software.
The script build the arguments to do so, but if you are using a different version you will have to change:

[code language=”powershell”]$RemConsole = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware Remote Console Plug-in 5.1" }[/code]

name to match
Just change the “VMware Remote Console Plug-in 5.1” portion to the same text as seen in your “Programs and Features” (Appwiz.cpl).
Make sure the VMware-PowerCLI.exe is in the same folder as the script.
The Script:

#########################################################################################################
#Script Name:   Deploy VMware PowerCLI 6.3 Silently                                                     #
#Script Author: SCCMOG - Richie Schuster 16/12/2016 WWW.SCCMOG.COM                                      #
#########################################################################################################
#Script Usage: "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.#
#########################################################################################################

#Install Mode Parameter
PARAM (
    [string]$MODE
)

#If entery is input run script
If ($mode -ne $null){
    
    #If Mode input is Install run install.
    If ($MODE -eq "Install"){
        #Install VMware PowerCLI 6.3 Silently and Remote Console silently
        Start-Process "$PSScriptRoot\VMware-PowerCLI-6.3.0-3737840.exe" -ArgumentList '/b"C:\Windows\Temp" /VADDLOCAL=ALL /S /V"/qn ALLUSERS=1 REBOOT=ReallySuppress' -wait -NoNewWindow
        }
    #If Mode input uninstall run uninstall
    ElseIf ($MODE -eq "Uninstall"){
        ##Get all Applications in SMS namespace
        $InstalledProducts = Get-WmiObject -Namespace 'root\cimv2\sms' -Class SMS_InstalledSoftware

        #Grab PowerCLI related
        $RemConsole = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware Remote Console Plug-in 5.1" }
        $PowerCLI = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware vSphere PowerCLI" }

        #Get store local msi for uninstall arguements
        $REMCLP = $RemConsole.LocalPackage
        $PCLILP = $PowerCLI.LocalPackage

        #Get process that must be killed to uninstall silently
        $Running = Get-Process -Name vmware-usbarbitrator64 -ErrorAction SilentlyContinue

            #Check if process is running
            If ($Running -ne $null){
                #Kill process if it is
                Stop-Process -Name vmware-usbarbitrator64 -Force
                #Start Removal of VMware Remote Console Plug-in 5.1
                Start-Process "msiexec.exe" -ArgumentList "/x $REMCLP /qn /L*v $env:windir\temp\Uninstall_VMwareREMConsolePlg5.1.log /norestart" -wait -NoNewWindow
                #Start Removal of VMware vSphere PowerCLI
                Start-Process "msiexec.exe" -ArgumentList "/x $PCLILP /qn /L*v $env:windir\temp\Uninstall_VMwarevSpherePowerCLI.log /norestart" -wait -NoNewWindow
            }
            Else{
                #Start Removal of VMware Remote Console Plug-in 5.1
                Start-Process "msiexec.exe" -ArgumentList "/x $REMCLP /qn /L*v $env:windir\temp\Uninstall_VMwareREMConsolePlg5.1.log /norestart" -wait -NoNewWindow
                #Start Removal of VMware vSphere PowerCLI
                Start-Process "msiexec.exe" -ArgumentList "/x $PCLILP /qn /L*v $env:windir\temp\Uninstall_VMwarevSpherePowerCLI.log /norestart" -wait -NoNewWindow
            }
    }
    #If mode input does not match inform user.
    Else{
        Write-host 'Incorrect Params please format this way: "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.'
    }
}
#If params are not specified then inform.
Else{
    Write-host 'Script Params must be used : "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.'
    }
#########################################################################################################

#########################################################################################################

#Script Name: Deploy VMware PowerCLI 6.3 Silently #

#Script Author: SCCMOG - Richie Schuster 16/12/2016 WWW.SCCMOG.COM #

#########################################################################################################

#Script Usage: "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.#

#########################################################################################################

#Install Mode Parameter

PARAM (

[string]$MODE

)

#If entery is input run script

If ($mode -ne $null){

#If Mode input is Install run install.

If ($MODE -eq "Install"){

#Install VMware PowerCLI 6.3 Silently and Remote Console silently

Start-Process "$PSScriptRoot\VMware-PowerCLI-6.3.0-3737840.exe" -ArgumentList '/b"C:\Windows\Temp" /VADDLOCAL=ALL /S /V"/qn ALLUSERS=1 REBOOT=ReallySuppress' -wait -NoNewWindow

}

#If Mode input uninstall run uninstall

ElseIf ($MODE -eq "Uninstall"){

##Get all Applications in SMS namespace

$InstalledProducts = Get-WmiObject -Namespace 'root\cimv2\sms' -Class SMS_InstalledSoftware

#Grab PowerCLI related

$RemConsole = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware Remote Console Plug-in 5.1" }

$PowerCLI = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware vSphere PowerCLI" }

#Get store local msi for uninstall arguements

$REMCLP = $RemConsole.LocalPackage

$PCLILP = $PowerCLI.LocalPackage

#Get process that must be killed to uninstall silently

$Running = Get-Process -Name vmware-usbarbitrator64 -ErrorAction SilentlyContinue

#Check if process is running

If ($Running -ne $null){

#Kill process if it is

Stop-Process -Name vmware-usbarbitrator64 -Force

#Start Removal of VMware Remote Console Plug-in 5.1

Start-Process "msiexec.exe" -ArgumentList "/x $REMCLP /qn /L*v $env:windir\temp\Uninstall_VMwareREMConsolePlg5.1.log /norestart" -wait -NoNewWindow

#Start Removal of VMware vSphere PowerCLI

Start-Process "msiexec.exe" -ArgumentList "/x $PCLILP /qn /L*v $env:windir\temp\Uninstall_VMwarevSpherePowerCLI.log /norestart" -wait -NoNewWindow

}

Else{

#Start Removal of VMware Remote Console Plug-in 5.1

Start-Process "msiexec.exe" -ArgumentList "/x $REMCLP /qn /L*v $env:windir\temp\Uninstall_VMwareREMConsolePlg5.1.log /norestart" -wait -NoNewWindow

#Start Removal of VMware vSphere PowerCLI

Start-Process "msiexec.exe" -ArgumentList "/x $PCLILP /qn /L*v $env:windir\temp\Uninstall_VMwarevSpherePowerCLI.log /norestart" -wait -NoNewWindow

}

#If mode input does not match inform user.

Else{

Write-host 'Incorrect Params please format this way: "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.'

}

#If params are not specified then inform.

Else{

Write-host 'Script Params must be used : "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.'

}

#########################################################################################################

5th November 20165th November 2016

Persist all Drivers at Sysprep stage

Ok, So I was capturing a very specific build for a government Audiology department the other day and needed to keep all drivers in the image as there were Hearing Aid and Hearing measurement devices that would need to be operated from these machines.

To do this is quite simple actually, just make sure BEFORE you kick off sysprep, whether that’s through SCCM, MDT or manually that you change these registry keys.

Navigate to:

HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Settings\sppnp

Keep drivers during sysprep phase.

And then set:

PersistAllDeviceInstalls to 1 – This will keep all drivers for hardware that is connected to the machine at the time of sysprep.
DoNotCleanUpNonPresentDevices to 1 – This coupled with the above will addtionally keep all drivers for hardware that are not connected to the machine at the time of sysprep.

Note…

If you are using an answer file for sysprep configure your answer file to persist the drivers by adding the PersistAllDeviceInstalls setting in the Microsoft-Windows-PnPSysprep and giving it a value of true.

31st October 201624th May 2017

Deploying the OneDrive Client with SCCM MDT PowerShell

So a week or two ago I was asked by my Client to deploy the new OneDrive Sync Client. This after a little research I discovered was not quite as easy as I had first thought.

There are 2 ways to deploy the OneDrive Sync Client:

Personal – User logs in with their own credentials not linked to the organisation.
Business – Pass though is enabled in the background and a Azure tenant ID must be linked to the OneDrive Client.

So the deployment for the personal Client is pretty Simple.. Download the latest OneDrive client from here. Then create the new application in SCCM or MDT using “OneDrive.exe /Silent” as the install CMD line and “/uninstall” CMD line for… you guessed it, uninstall. Now this is a must “Install for User” deployment setting as this application is installed to the local APPDATA of the users account. The only slightly challenging thing, if you are not used to it that is, is to use a PowerShell script as a detection method for a ConfigMgr application. This is done due to ConfigMgr not being able to detect the local APPDATA of the user due to all installs being carried out by Software Center being driven by the System account of the machine.

[code language=”powershell”]
if( ( Test-Path "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe" ) -and ( test-path "HKCU:\SOFTWARE\Microsoft\OneDrive\17.3.6390.0509" ) )
{
Write-Host "installed"
}
else
{
}[/code]

So… Simple script, tests the local APPDATA of the user that is logged in for the Exe and then also checks the HKCU (HKEY_CURRENT_USER). If it finds it it shouts out to ConfigMgr and ConfigMgr then considers that application installed. If not it says nothing and ConfigMgr will report the application not detect the application after install (Appenforce.log/Appdiscovery.log). Remember to update the version number to the current OneDrive version that you are installing.

So now we have the detection method lets talk about the script.

This deployment script took me a little time to work out as there are many steps that had to be done to ensure that the client installed and launched in the correct way as documented by Microsoft here. For those of you who kept on reading and didn’t read the documentation well, I will explain quickly how it works.

Firstly there must be a registry value which consists of your azure tenant ID under the key:

HKU:\*****userSID****\SOFTWARE\Microsoft\OneDrive\Accounts\Business1

The Registry String Value is:

ConfiguredTenantID

And the Property of that string is your azure tenant id e.g:

12345678-1234-1234-1234-123456789012

This is because when you launch the OneDrive.exe with the CMD line:

OneDrive.exe /configure_business:12345678-1234-1234-1234-123456789012

OneDrive knows to go off and check in that location in the registry in order to match it and kick off as OneDrive for Business instead of personal. This allows for pass-through and all the other goodies to be taken advantage of also. The only issue is that the simple installation is still the way it is installed, you then must launch OneDrive as the user to allow for the key to be checked and correct authentication to happen.

Note – OneDrive does not like being launched with Administrator rights.

Wait! I hear you shout… How do I then launch it as the user if ConfigMgr has installed it, the silent install just completes quietly in the background!?

Well this is where my simple but effective script comes in. It will figure out the logged on user and their domain and launch the application as them, this will however require them to pop in a password to authenticate and don’t worry.. I launch a warning before that happens to make sure they don’t freak out and click Cancel! So heres the script…

[code language=”powershell”]
####Deploy OneDrive Script – SCCMOG######################################################################################
####03/06/2016####################################################################################################################

##Variables
$TenantID = "xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxxx"

##Windows 10 removal
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 10*’)
{
Start-Process "$env:windir\SysWow64\OneDriveSetup.exe" -ArgumentList "/uninstall" -Wait -NoNewWindow
}

#Get User Logged on SID – Domain Account
$objUser = New-Object System.Security.Principal.NTAccount($env:USERDOMAIN, $env:username)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

#Get User Logged on SID – LOCAL
#$objUser = New-Object System.Security.Principal.NTAccount($env:username)
#$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
#$strSID.Value

#Load HKEY_Users Hive
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS

#Create OneDr
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft -Name OneDrive –Force
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft\OneDrive -Name Accounts –Force
New-Item -Path HKU:\$strSID\SOFTWARE\Microsoft\OneDrive\Accounts -Name Business1 –Force

$OneDriveID = "HKU:\$strSID\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"

#Configure Tenant ID
Set-ItemProperty -Path $OneDriveID -Name ConfiguredTenantID -Value $TenantID -Force

#Unmount HKU
Remove-PSDrive -Name HKU

## Install OneDrive
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 7*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 8*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}
If ((Get-WmiObject -Class Win32_OperatingSystem).caption -like ‘*Windows 10*’)
{
Start-Process "$PSScriptRoot\OneDriveSetup.exe" -ArgumentList "/silent" -Wait -NoNewWindow
}

##Start OneDrive With TenantID and User Credentials, Prompt for User understanding.
$OneDriveInstalled = "$env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe"

If (Test-Path $OneDriveInstalled)
{
Add-Type -AssemblyName System.Windows.Forms | Out-Null
[System.Windows.Forms.MessageBox]::Show("OneDrive for Business has been Successfully installed. Please enter your credentials into the next window to continue.", "SCCMOG – OneDrive",
[System.Windows.Forms.MessageBoxButtons]::OK,
[System.Windows.Forms.MessageBoxIcon]::Warning)
Start-Process "$OneDriveInstalled" -ArgumentList "/Configure_business:$TenantID" -credential "SCCMOG\$env:username"
}
Else
{
[System.Windows.Forms.MessageBox]::Show("OneDrive for Business has failed to install. Please contact the SCCMOG Service Desk on: 555-555-555.", "SCCMOG – OneDrive Failed",
[System.Windows.Forms.MessageBoxButtons]::OK,
[System.Windows.Forms.MessageBoxIcon]::Warning)
}

###The End 🙂
#######################################################################################################################################
[/code]