Powershell – Page 4 – SCCMOG

6th March 2017

SCCM WSUS Proxy – Allow Basic Authentication

I was at a clients today and came across the issue to do with Credentials for a proxy that are required to be sent as clear text. The exact tick box wording is:

“Allow Basic Authentication (password is sent in cleartext)”

Anyway after hunting around to find a solution for SCCM 2012 and above installations, I came to the conclusion that it would be quicker to write a script to check the configuration and change if it has been removed by SCCM. This script runs as a scheduled task and I have included the XML for that also below.

The Script:

################################################################################
# Author  : SCCMOG - Richie Schuster C5                                        #
# Website : www.sccmog.com                                                     #
# Usage   : .\Set-WSUSCredsNonSSL                                              #
# Version : 2.7                                                                #
# Created : 2014/07/17                                                         #
# Purpose : This script was created to be run as a scheduled task to reset the #
#         : "Allow Basic Authentication" in the proxy server settingd of WSUS  #
#         : as SCCM removes this setting while performaing maintanance tasks.  #
################################################################################


#Connect to WSUS Configuration
#Set WSUS server to connect to
$wsusserver = "SCCMOG-CM-01"

#Load required assemblies
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

#Connect to WSUS Remote
#$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$false)
#Connect to WSUS Local
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

#$WSUS | FL *
#$WSUS | Get-Member

$Config = $wsus.GetConfiguration()
$CurrentSetting = $Config.AllowProxyCredentialsOverNonSsl

If ($CurrentSetting -ne $true){
    Write-Host "Incorrect... Correcting!" -ForegroundColor Yellow
    $Config.AllowProxyCredentialsOverNonSsl = $true
    $Config.Save()
    Exit 0
    }
Else {
    Write-Host "Still Correct!" -ForegroundColor Green
    Exit 0
    }

################################################################################

The Scheduled Task XML to be imported:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2017-03-06T20:11:59.7036984</Date>
    <Author>LAB\SCCM-Admin</Author>
  </RegistrationInfo>
  <Triggers>
    <TimeTrigger>
      <Repetition>
        <Interval>PT1M</Interval>
        <StopAtDurationEnd>false</StopAtDurationEnd>
      </Repetition>
      <StartBoundary>2017-03-06T20:13:05</StartBoundary>
      <Enabled>true</Enabled>
    </TimeTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>Powershell.exe</Command>
      <Arguments>-Executionpolicy Bypass -file E:\Change\ToYourLocation\Set-WSUSCredsNonSSL.ps1</Arguments>
    </Exec>
  </Actions>
</Task>

4th March 20174th March 2017

Get Logged On User WMI PowerShell

Ever needed to figure out who is logged on when deploying software to a machine with SCCM?
Maybe you needed to do so… like me… to copy a specific file into that users AppData?

Anyway quick PowerShell script to figure out the currently logged on user of a Machine.

################################################################################
#Author: SCCMOG.COM - Richie Schuster                                          #
#Date: 04/03/2017                                                              #
#Script Name: Get Logged on User                                               #
################################################################################

#Get logged on User
$Loggedon = Get-WmiObject -ComputerName $env:COMPUTERNAME -Class Win32_Computersystem | Select-Object UserName
#Split User and Domain
$Domain,$User = $Loggedon.Username.split('\',2)
Write-Host $Domain
Write-Host $User

################################################################################

3rd March 20173rd March 2017

Disable or Enable Sophos Services PowerShell Script

I was working at a clients the other month and was getting frustrated with Sophos interfering with what I was try to accomplish.

Here is a quick script to Disable the Sophos services when needed and then Enable the Sophos services when you have finished. Commands are in the info of the script.

#########################################################################################################
#Script Name:   Disable/Enable Sophos                                                                   #
#Script Author: SCCMOG - Richie Schuster 03/03/2017 WWW.SCCMOG.COM                                      #
#########################################################################################################
#Script Usage: "Disable-Enable_Sophos.ps1 -Mode Disable" to disable and "-Mode enable" to enable.       #
#########################################################################################################
 
 #Install Mode Parameter
PARAM (
    [string]$MODE
)
 
#Sophos Service names
$SophosServices = @("Sophos Agent", "SAVService", "SAVAdminService",`
                    "Sophos AutoUpdate Service", "Sophos Device Control Service",`
                    "Sophos Message Router", "SntpService", "sophossps",`
                    "Sophos Web Control Service", "swi_service", "swi_update_64")

#If entry is input run script
If ($mode -ne $null){   
    #If Mode input is Enable - Enable sophos services
    If ($MODE -eq "Enable"){
        foreach ($Service in $SophosServices){
                Set-Service -Name $Service -StartupType Automatic
                start-Service -Name $Service -Force
                }
        }
    #If Model is Disable - Disable sophos  services
    If ($MODE -eq "Disable"){                
        foreach ($Service in $SophosServices){
                Set-Service -Name $Service -StartupType Disabled
                Stop-Service -Name $Service -Force
                }
        }
    #If mode input does not match inform user.
    Else{
        Write-host 'Incorrect Params please format this way: "Disable-Enable_Sophos.ps1 -Mode Disable"`
                    to disable and "-Mode enable" to enable.'
    }
}
#If params are not specified then inform.
Else{
    Write-host 'Script Params must be used : "Disable-Enable_Sophos.ps1 -Mode Disable" to disable and`
               "-Mode enable" to enable.'
    }
#########################################################################################################

3rd March 20173rd March 2017

SCCM PowerCLI Silent deployment script

A couple of months ago I was asked by a client to create a method of patching to automatically snap shot a VM before applying the monthly patches with SCCM.

This as I’m sure your thinking has to be done by Task Sequence with the use of SCCM. If you not then that is how I would suggest you do it. The issue was PowerCLI and how to deploy that silently to all servers to allow for the Task Sequence to harness the PowerShell commands locally on the box without using remote PowerShell. I came across a great blog here discussing the silent install and then decided to write a PowerShell wrapper to deploy the software silently and with the use of SCCM.

The following script can be run as an Application or Package that is purely up to you. There are 2 modes, Install and Uninstall. Add these deployment command lines to your application or program to silently install PowerCLI or just run them locally:

[code language=”text”]
Powershell.exe -Executionpolicy Bypass -File "Deploy_PowerCLI_Silent.ps1 -MODE Install"
Powershell.exe -Executionpolicy Bypass -File "Deploy_PowerCLI_Silent.ps1 -MODE Uninstall"
[/code]

You will probably notice that to uninstall it silently you need to remove “VMware Remote Console Plug-in 5.1” followed by the “VMware vSphere PowerCLI” software.
The script build the arguments to do so, but if you are using a different version you will have to change:

[code language=”powershell”]$RemConsole = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware Remote Console Plug-in 5.1" }[/code]

name to match
Just change the “VMware Remote Console Plug-in 5.1” portion to the same text as seen in your “Programs and Features” (Appwiz.cpl).
Make sure the VMware-PowerCLI.exe is in the same folder as the script.
The Script:

#########################################################################################################
#Script Name:   Deploy VMware PowerCLI 6.3 Silently                                                     #
#Script Author: SCCMOG - Richie Schuster 16/12/2016 WWW.SCCMOG.COM                                      #
#########################################################################################################
#Script Usage: "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.#
#########################################################################################################

#Install Mode Parameter
PARAM (
    [string]$MODE
)

#If entery is input run script
If ($mode -ne $null){
    
    #If Mode input is Install run install.
    If ($MODE -eq "Install"){
        #Install VMware PowerCLI 6.3 Silently and Remote Console silently
        Start-Process "$PSScriptRoot\VMware-PowerCLI-6.3.0-3737840.exe" -ArgumentList '/b"C:\Windows\Temp" /VADDLOCAL=ALL /S /V"/qn ALLUSERS=1 REBOOT=ReallySuppress' -wait -NoNewWindow
        }
    #If Mode input uninstall run uninstall
    ElseIf ($MODE -eq "Uninstall"){
        ##Get all Applications in SMS namespace
        $InstalledProducts = Get-WmiObject -Namespace 'root\cimv2\sms' -Class SMS_InstalledSoftware

        #Grab PowerCLI related
        $RemConsole = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware Remote Console Plug-in 5.1" }
        $PowerCLI = $InstalledProducts | where { $_.ARPDisplayName -eq "VMware vSphere PowerCLI" }

        #Get store local msi for uninstall arguements
        $REMCLP = $RemConsole.LocalPackage
        $PCLILP = $PowerCLI.LocalPackage

        #Get process that must be killed to uninstall silently
        $Running = Get-Process -Name vmware-usbarbitrator64 -ErrorAction SilentlyContinue

            #Check if process is running
            If ($Running -ne $null){
                #Kill process if it is
                Stop-Process -Name vmware-usbarbitrator64 -Force
                #Start Removal of VMware Remote Console Plug-in 5.1
                Start-Process "msiexec.exe" -ArgumentList "/x $REMCLP /qn /L*v $env:windir\temp\Uninstall_VMwareREMConsolePlg5.1.log /norestart" -wait -NoNewWindow
                #Start Removal of VMware vSphere PowerCLI
                Start-Process "msiexec.exe" -ArgumentList "/x $PCLILP /qn /L*v $env:windir\temp\Uninstall_VMwarevSpherePowerCLI.log /norestart" -wait -NoNewWindow
            }
            Else{
                #Start Removal of VMware Remote Console Plug-in 5.1
                Start-Process "msiexec.exe" -ArgumentList "/x $REMCLP /qn /L*v $env:windir\temp\Uninstall_VMwareREMConsolePlg5.1.log /norestart" -wait -NoNewWindow
                #Start Removal of VMware vSphere PowerCLI
                Start-Process "msiexec.exe" -ArgumentList "/x $PCLILP /qn /L*v $env:windir\temp\Uninstall_VMwarevSpherePowerCLI.log /norestart" -wait -NoNewWindow
            }
    }
    #If mode input does not match inform user.
    Else{
        Write-host 'Incorrect Params please format this way: "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.'
    }
}
#If params are not specified then inform.
Else{
    Write-host 'Script Params must be used : "Deploy_PowerCLI_Silent.ps1 -Mode Install" to install and "-Mode Uninstall" to uninstall.'
    }
#########################################################################################################