Need to create an Intune Proactive Remediation and don’t want to start from scratch? These simple template scripts can be used to easily create an Intune Proactive Remediation, which reports back success or error messages to the Intune portal.
I sometimes hear device management professionals saying something like, “I haven’t got around to using PowerShell yet” or “I haven’t had time to look into InTune and Azure yet”. Most people in the industry will agree that this is the future of device management, but getting started with a new technology takes some effort getting…
Yeah I know that cloud is the way to go and that everyone should use OneDrive and Teams instead of old style SMB drives. BUT…if you still need to do some dynamic drive mapping e.g. based on a user’s Active Directory group membership or the existence of a server or share, read on. To map…
Have you ever needed to start a program as a different user AND as an administrator at the same time?
Do you you suddenly get this error during OSD after upgrading to SCCM 1806?
Update 2021-03-12: I have corrected the description of this script to be more accurate. I have used this script on PC clients in production to check if BitLocker is already enabled and that the necessary protectors are created. If not, the script will add a TPM protector and a recovery password protector which will be…
If you get this error at the first logon after Windows 10 OSD: “The Group Policy Client service failed the sign-in. The universal unique identifier (UUID) type is not supported.”
This script will summarize the utilization of BranchCache on a single PC client…
Want to replace the TPM protector on an operating system volume the easy way? Grab this PowerShell script. Why would you want to do this? Because the default TPM platform validation profile (PCR values) on Windows 7 clients is quite sensitive to changes in the boot order, MBR, partition table, attached USB drives etc. If…
This PowerShell script can be used to control the TPM Platform Validation Profile used when protecting a BitLocker encrypted volume…
This command can be run from a CMD prompt to get the percentage of free disk space on the C:\ drive:
Run this command as a pre-start command on your boot image to set the keyboard layout. This way you don’t have to remember how the default US keyboard is arranged.
Run this task sequence command line step immediately after the computer boots up in WinPE. This will reduce the time it takes to complete the “Apply operating system” step.
Let’s say you want to re-image a computer in your active directory domain. But you want it to move from e.g. the Windows 7 OU to the Windows 10 OU. If the PC already exists in AD, it will not be moved even if you specify the new OU in your SCCM task sequence in…
To deploy a customized Windows 10 start menu and task bar in a deployment or capture task sequence
Need to get a list of PST files in use in your enterprise? Look no further!
Script which moves a computer object from one OU to another in AD. This script can e.g. be run on an SCCM server as a status filter rule whenever a task sequence has completed on a PC in your enterprise. It won’t work in WinPE since the AD powershell module is not present in the…
Task sequence script which adds a computer to SoftwareCentral application deployment collections. It also removes a computer from one or more predefined OSD deployment collections. The script can be triggered by a Status Filter Rule in SCCM or as a “Run command line” step in an OSD task sequence.
SQL query which will return the computers, where a given application is NOT installed…
This script can be used for exporting user account onformation fra Active Directory…
Dim objFSO, myLog, dt, dtformatted Const For_Writing = 2 Set objFSO = CreateObject("Scripting.FileSystemObject") Set myLog = objFSO.OpenTextFile("C:\temp\my.log", For_Writing, True) 'Main script writelog "yes it works now" myLog.Close Function LPad (str, pad, length) LPad = String(length - Len(str), pad) & str End Function Function WriteLog (str) dt = Now dtformatted = year(dt) & "-" & LPad(Month(dt),…
This script can be used in a task sequence (MDT or SCCM) to upgrade the BIOS on Lenovo PCs eg. during Operating System Deployment.
Don’t waste a lot of time like I did 🙁 Here’s how to do it…
With two levels nested group memberships…
Get-ChildItem -Path E:\T450S -Filter *.exe -Exclude getw10ver.exe -Depth 1 | ForEach { write-host $_.Fullname Start-Process $_.Fullname -ArgumentList '/VERYSILENT /Extract="YES" /DIR="c:\tempdriver"' -Wait } If you are running an older version of PowerShell you can use this alternative script: Get-ChildItem -Path 'E:\ThinkPad T480s' -Filter *.exe -Exclude getw10ver.exe,getw10ver4 -Recurse | ForEach { write-host $_.Fullname Start-Process $_.Fullname -ArgumentList '/VERYSILENT…
Run command line: DISM.exe /Image:C:\ /Add-Driver /Driver:.\ /Recurse Package: SCCM package with no program TS step conditions: WMI Namespace: root\cimv2 WQL query: select Model from Win32_ComputerSystem where Model like "%THINKPAD T450s%" and / or WMI Namespace: root\cimv2 WQL query: SELECT * FROM Win32_ComputerSystemProduct WHERE Version LIKE “%ThinkPad T420%”
Open SQL Server Studio Management (SSMS), select the Config Manager db and create a new query: select * from SEDO_LockState where LockStateID <> 0 Execute the query and copy the ID from the output. Then create a new query: DELETE from SEDO_LockState where LockID = '<LockID of the record identified in the previous query>' Execute…
Scenario: You have enabled BitLocker in your enterprise with default settings. Now the service desk gets frequent calls from end users because their PCs have entered BitLocker recovery mode after a reboot.
Scenario: You want to check which TPM Platform Validation Profile is in effect on a BitLocker enabled volume on a Windows 7 computer.
Behold, my first attempt at writing a blog. Subject…all things Windows with an emphasis on the management of the client OS using Active Directory, Group Policy Settings, PowerShell, SCCM (Configuration Manager) etc. /Peter J . Madsen