Create User collections based on AD department attribute with Powershell

If you are an organization who uses the Department attribute in Active directory and want to target users withing those departments for different deployments but you have a lot of departments and you don't know where to start, well then this post might be useful for you.   The script in this post retrieves all the departments that gets collected by the Users AD attribute by ConfigMgr (Not turned on by default needs to get added. See guide below) and from those departments it creates a user collection with a query that populates the collection with all users who are [...]

By | 2017-12-14T19:41:24+00:00 December 14th, 2017|Configuration Manager (SCCM), Powershell, Scripting|6 Comments

ConfigMgr PowerShell and WMI Excel spreadsheet

I just posted on Github updated version of Excel spreadsheet where you can find all the ConfigMgr PowerShell cmdlets, Primary Site WMI namespace methods, ConfigMgr Client WMI methods and COM object methods as well. You can download the Excel spreadsheet from here - https://github.com/Kaidja/ConfigMgrSDK/blob/master/ConfigMgr_cmdlets.xlsx

By | 2017-12-08T09:48:01+00:00 December 7th, 2017|Configuration Manager (SCCM), Powershell, Scripting|0 Comments

Intune: Use PowerShell management extension to enable BitLocker on a modern managed Win10 device

I wrote a blog post back in April on "how to manage BitLocker on a Azure AD Joined Windows 10 Device managed by Intune", where I also wrote a PowerShell script to automate the encryption process for the day that we would get PowerShell support in Intune. Well Microsoft announced in September the Management extension for Intune which basically lets you deploy PowerShell scripts via. Intune to Windows 10 devices. My co-worker Peter Daalmans wrote a great blog post about it right after, where he explained in more detail about the extension. I have a link for that post at [...]

PowerShell Script for updating Runbook Steps in a Task Sequence!

The MDT Toolkit is great! One very useful feature is the “Execute Runbook” Step, which can execute a runbook in Orchestrator. Unfortunately Orchestrator has a little quirk, when moving to new environment, such as moving from Test to Prod. All runbooks get a new GUID, and runbook parameters might get a new GUID.  Besides this, the Server names usually needs to be changed too! This can be a trivial task, which an automation guy like me hate to do! Everytime Server name is updated, all parameters has to be setup again. This also makes the task prone to errors! So [...]

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

By | 2017-09-26T02:35:29+00:00 September 26th, 2017|Automation, Enterprise Mobility Suite (EMS), Powershell|3 Comments

Enhanced Sync-VSTSGit runbook that support Pull Requests

My colleague Andreas and me was preparing demos for our Azure Automation – Advanced runbook design session at Experts Live EU More info on the session hereUse thís runbook to support automatic synchronization from visual studio git repositories! (See the session recording for WHY!)It is based on the script provided by MSFT at https://github.com/azureautomation/runbooks/blob/master/Utility/ARM/Sync-VSTS.ps1We will make sure to submit a pull request to get the enchanced code implemented in that version.This version add’s support for multiple branches and pull requests, while the original runbook only supports synchronizing direct commits.To setup the solution, follow the guide described here:https://docs.microsoft.com/en-us/azure/automation/automation-scenario-source-control-integration-with-vstsGood luck! [crayon-5a3322e07e4bc537182559/]

By | 2017-08-25T14:11:40+00:00 August 24th, 2017|Powershell|0 Comments

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

By | 2017-07-29T11:17:31+00:00 July 29th, 2017|Configuration Manager (SCCM), Powershell|2 Comments

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Watch out when using $PSModuleAutoLoadingPreference = “none” in a PS Remote Session in Windows Server 2016

Recently I discovered a change in the default behavior of PSRemoting Sessions in Windows Server 2012 R2 vs. Server 2016. I was migrating a script from 2012R2 to 2016 and surprisingly, I got this error:   The term 'Get-Date' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included , verify that the path is correct and try again. + CategoryInfo : ObjectNotFound: (Get-Date:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException + PSComputerName : ctaa01   When I vestigated the issue I found that [...]

VIP Users Part 2 or how to synchronize group membership from AD to SCSM

Dealing with VIP users is a common practice within Service Management. This old blogpost explains a very good approach to mark VIP users in SCSM as VIP users. We simply extend the User class with an extra boolean property (true/false) and we then expose that property on the Incident right under the Affected User. That way Analysts can quickly see if the person is VIP and you can also make various workflows or notifications based on this property.   What is missing in the above post is how we figure out who is VIP or not. For many, this relationship [...]

By | 2017-08-30T11:48:15+00:00 November 15th, 2016|Automation, Powershell, Service Manager (SCSM)|2 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Example of setting up a custom monitor in SCOM with a Powershell Script – Monitor NIC teams in SCOM

In this blogpost, I'll run through an example of how to configure a monitor from the ground up, going through every step, for making a monitor in Powershell for SCOM. It's a very basic script, but it have a value we measure on, so you have all the basic building blocks. But first… What time is it? ADVENTURE TIME! The other day I was transferring an OS Image to one of our new Hyper-V servers, and the transfer speed was around 10 Mbit on our internal network. Asking the guy responsible for the server if there was something wrong, and [...]

Azure PowerShell: How to assign access to a subscription using PowerShell (RBAC)

I had this question from a customer recently, and when I searched the net I wouldn’t find any specific examples. This example assigns a user as a Contributor to the subscription. When you assign roles to resources, all you need is the URL for the resource and provide it to this cmdlet. Here you go: [crayon-5a3322e07fb65586222052/] That’s all for today!

By | 2016-02-18T13:41:05+00:00 February 18th, 2016|Azure, Powershell|0 Comments

FTP / SFTP monitor for SCOM

In this post we'll make a script for a FTP / SFTP monitor that can monitor the FTP/SFTP status, by doing the following operations: -Log in -Upload a file -Download a file -Delete the file Since Powershell doesn't have any built-in ftp support I was looking for some alternatives, and since I use WinSCP normally for ftp/sftp I found that they also support Powershell scripting, so why not take advantage of this? This guide was written with great help from WinSCP's own page: https://winscp.net/eng/docs/library_powershell Get the SSH fingerprint (This part is only nessary for the SFTP solution). Since we need the SSH [...]

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = 'DP01.4demo4.com' $SiteCode = 'PS1' # Test the connection to server     Test-Connection         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature         -Name Web-ISAPI-Ext,Web-Windows-Auth,Web-Metabase,Web-WMI,RDC         [...]

December 2nd: Part 2: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

It's December 2nd and Christmas is just around the corner! Yesterday Jakob kicked off the Coretech December Calendar with a great post about "Triggering a webhook from a SharePoint workflow using Out-of-the-box Activities" (Check out his blog post here: http://bit.ly/1N16fte).  That was the  first, this is the second post in the Coretech blog series that will continue until December 24th - Christmas Eve! :) In Part 1 (http://bit.ly/1PlnDPr) I explained how you can utilize ConfigMgr Compliance Baselines for uninstalling software like Java, Adobe etc. with the help of PowerShell and WMI. Well in Part 1 we used the Win32_Product class which is not recommended [...]

Part 1: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

Compliance Items and Compliance Baselines in ConfigMgr is so powerful! And with some PowerShell magic you can almost use it to do anything you like on a Windows based computer – Only your imagination that will be the showstopper! Here I will show how you can uninstall software using WMI and Compliance Items in SCCM. However, it is important that you read the following articles as the uninstallation process uses win32_product WMI class which is known for its evilness. Thanks to Kaido, Jürg and Torsten for pointing this one out. A updated post as been created using a better and more [...]

Upgrade System Center Configuration Manager Console with PowerShell

Since Service Pack 1 was released to SCCM 2012 R2 I have been upgraded several environments. A couple of customers wanted me to create a PowerShell script to uninstall existing ConfigMgr Console and install the new updated version with the latest cumulative updates and hotfixes. If you create a package to distribute it with SCCM make sure you point the Data source to the location of the Client installations files, Script, KB3084586-msp and kb3074857-msp. Installation command for the program will then be: PowerShell.exe -file "script.ps1". Remember to set PowerShell execution policy to "Bypass" under Client Settings. This will not affect [...]

Automate Signature And Status Reports With PowerShell – Windows Defender (.txt file)

What you will be able to after reading this blog: Get the latest information about "your" Signature- & Anti Virus reports in Windows Defender and make it into a text file. How to automate it, so it will run every day and give you a status report with time and date. Being able to look at what time and date the latest updates have been completed. First of all, we have to create a folder/directory where the status reports can be stored in. Open up PowerShell in administrative mode and run this script only by copy-paste: [crayon-5a3322e082ddd877634152/] Now that the [...]

PowerShell Script That Creates A Folder And A Shortcut On Your Desktop

Basic example of a script that creates a folder in your Local Disk "C"  and then makes a shortcut on desktop so you have easy access to the folder. First of all, open your powershell as administrator and make sure you are at a place where you are able to create folders such as the C:\ drive. PS C:\WINDOWS\system32> cd .. PS C:\WINDOWS> cd .. PS C:\> And now you are able to run the script! - Copy and paste what is written below [crayon-5a3322e0830ac839899322/] Now that we have tried to create one folder, why not try to create 2 [...]