I've been meaning to share this blog post for some time now, and finally got around to it. If you need to trigger a Windows update without using PowerShell, there is a way to do it. In newer versions of Windows 10, usoclient.exe is used to initiate an update scan. However, most of its parameters no longer work except for startinteractivescan. The issue I faced was that it had to be executed as the system account or as the end user in ConfigMgr. Although ConfigMgr runs installations with the system account, it did not work with usoclient.exe. The solution was to use psexec.exe with the -s param ..read more

If you have a system that has been infected or the drive had to be replaced, you'll need to lay down a new bare OS and then have autopilot finish up the configuration of the machine. For this, we are using MDT as it is easy to maintain and very fast at imaging.  I used this as a template to come up with the solution we are now using. The first thing I did was to use everything verbatim from the section of the blog named "How to get the Windows Autopilot payload". It is the next section How to customize the MDT Task Sequence for Autopilot that I diverged from. I could not get that sec ..read more

 I am working on a new package to upgrade one of the applications. This time, it requires I uninstall the old app first before installing the new version. There are two different versions, so I needed to retrieve the uninstall strings for both. That is when I decided to write this script that will scan the registry for the application and list the key values as shown below. It scans both the x86 and x64 Uninstall registry entries. The script was also written to be able to scan for wildcard values if there is more than one entry you are looking for.  You can download the script fro ..read more

The firm I am at has recently upgraded all systems to the newest model Dells. In doing so, some of the settings for configuring WOL have changed in the BIOS. I have rewritten this script to cover all changes to the OS, BIOS, and NIC. The script uses the DellSMBios PowerShell module to configure the BIOS settings. Thanks to these sites for pertinent information that helped with writing this tool: How to setup Wake on LAN on your Dell System How to Turn on/off Fast Startup in Windows 10 Information about power management setting on a network adapter And yes, I do realize I could have consolid ..read more

Recently, we started a cleanup of AD. Once the cleanup was completed, I wanted ConfigMgr cleaned up right away too. It is set to clean up old items, but it was not quick enough for me so I wrote the following tool that will query the All Systems collection via SQL and then reads the attributes in AD to see if the system is disabled. It will delete each disabled system from ConfigMgr at the end. Below is an example of it displaying a list of machines, to clean up, the count, and where it is deleting them.  Before executing this script in your environment, I highly recommend commenting o ..read more

I was recently writing a new PowerShell tool to clean up Configuration Manager of old systems. When I ran the import-module cmdlet, I got the message  The module was being imported from the Configuration Manager server. I always keep ConfigMgr up-to-date with the latest version within days of release and I saw the console was 5.2203.1063.2400. Doing a little digging, I found this was coming from the console that was installed on my laptop and not from the server. I also found that even if you import the PowerShell module from the server where it is the latest version, it will revert bac ..read more

This PowerShell script not only backs up the Bitlocker recovery password to AD but also cleans out previous backups made that do not match the current password associated with the machine.  The script retrieves the local bitlocker password along with all recovery passwords written to AD. It will then parse through the associated passwords and remove all that does not match the one associated with the local machine. This greatly helps keep AD clean of old passwords. This script can be set up to automatically execute on a machine through Azure Automation, Orchestrator, Intune, or ConfigMgr ..read more

Over the years, we have manually configured the TPM before imaging a system as part of our build process. Dell has since given the ability to automate the entire process after giving the option to automate clearing the TPM. That was always been the big stopper in full automation.  I wrote a series of scripts that I put into the build process that do all of the necessary steps in readying the TPM for bitlocker as shown below. The Smart Reporting, and Wake-On-LAN are additional features I added that do not pertain to the TPM and Bitlocker. The Conditional Reboot is another PowerShell script ..read more

If you have Carbon Black in your environment, you can use it to identify which machines a user account is logged into. Carbon Black collects a vast amount of data on machines and reports it to the cloud database. The following is how to use Carbon Black to list the machines: Log into the Carbon Black Cloud Portal Click the Investigate tab Enter process_username:<username> in the search field at the top. <username> needs to be changed to the actual username you are searching for. Change the time field to the right to within one day or less Click the magnifying glass on the far ri ..read more

Recently, we needed a report of the last boot time of all servers. I wrote this PowerShell script that queries AD for a list of all windows servers and then does a WMI query on each server for the LastBootUpTime. It then calculates the number of days and writes this to an object with the computer name and the number of days since the last reboot. It will write this info to a CSV file.  You can download the script from my GitHub site. Import-Module -Name ActiveDirectory -Force #Get list of windows based servers $Servers = Get-ADComputer -Filter * -Properties * | Where-Object {$_.Oper ..read more