Tag Archives | PowerShell

PowerShell script to force download and install WindowsUpdates

I have been using the UpdateHF.vbs vbscript for years to patch all my servers. I wrote a simple HTA to wrap it, and it gets executed by psexec. I wanted to take that script, strip it down, and convert it to PowerShell. My intension was to  run it through a PSSession but I get access denied. Maybe I will try launching it with SCCM?

I found these three scripts, that I chopped to together for a script that I wanted:

Function JBMURPHY-Install-WindowsUpdates {
PARAM([switch]$Install,[switch]$reboot)
	if($(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired")){
		if (!($reboot)){
    		write-host "There are pending reboots, please pass the reboot command"
    		return
		}
		else{
		restart-computer
		return
		}
	}

	Write-Host -nonewline " + Searching for Updates: "
	$UpdateSession = New-Object -ComObject Microsoft.Update.Session
	$Updates=$updateSession.CreateupdateSearcher().Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0").Updates
	Write-Host " Found [$($Updates.count)] Updates to Download and install`n`n"

	$UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
	$UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
	foreach ($Update in $Updates){

		# Add Update to Collection
		if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
		$UpdatesCollection.Add($Update) | out-null

		# Download
		Write-Host -NoNewline " + Downloading Update $($Update.Title)"
		$UpdatesDownloader.Updates = $UpdatesCollection
		$DownloadResult = $UpdatesDownloader.Download()
		$DownloadResultResultCode = switch -exact ($DownloadResult.ResultCode)
		{
		  0   {"NotStarted"}
		  1   {"InProgress"}
		  2   {"Succeeded"}
		  3   {"SucceededWithErrors"}
		  4   {"Failed"}
		  5   {"Aborted"}
		}
		$Message = " [{0}] " -f ($DownloadResultResultCode)
		Write-Host -ForegroundColor Green $message
	}
	if (($Install) -and ($($Updates.count) -gt 0)) {
	write-host "`n`nInstalling updates"
	$Installer = $UpdateSession.CreateUpdateInstaller()
	$Installer.Updates = $UpdatesCollection
	$InstallerResult = $Installer.Install()
	$InstallerResultCode = switch -exact ($InstallerResult.ResultCode)
		{
		  0   {"NotStarted"}
		  1   {"InProgress"}
		  2   {"Succeeded"}
		  3   {"SucceededWithErrors"}
		  4   {"Failed"}
		  5   {"Aborted"}
		}
		$Message = " Installation [{0}] " -f ($InstallerResultCode)
		Write-Host $message
		Write-Host
	}
	if (($reboot) -and ($($Updates.count) -gt 0)) {
	if($(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired"))
		{
    		write-host "Rebooting"
    		restart-computer
		}
	}
}

Thanks to those that put the original scripts together

PowerShell script to “process” scripts/functions

I was not happy with the code I wrote in this post. The goal was to write my functions with a “generic” naming convention, and then “process them” – change the naming convention to match my employer’s company name. For example JBMURPHY-AD-GetCurrentSite would be “processed” to Company-AD-GetCurrentSite. In the previous post, I just looped thought and created an alias for each function that matched a RegEx.

I think figured out a better way. Instead of creating aliases, I read the contents of the script line by line, replacing strings as I go, and then create a new file with the new naming conventions.

First I created a hash table with my search and replace strings:

	$SearchAndReplace = @{
	"JBMURPHY-" = "COMPANY-";
	"server.domain.com" = "realservername.company.com";
	}

Next I loop through the files, get their content line by line, loop through the hash table replacing the matching text and output to a temp file.

      foreach ($file in $(gci $SourcePath)) {
    	$tempFile = [System.IO.Path]::GetTempFileName()
    	get-content $file | %{
    	$OutPut=$_
    	ForEach ($key in $SearchAndReplace.Keys) {
    	  $OutPut=$OutPut -Replace $key,$SearchAndReplace[$key]
    	}
    	$OutPut >> $tempFile
    	}
    	move-item $tempFile $destination -force
    	}

Much cleaner, and I can keep adding search and replace terms to my hash table.

PowerShell to create Aliases for all your functions

I have a naming convention for all the function that I write, for example: JBMURPHY-AD-GetGroup. I wanted to create aliases for all my functions with my employers’s name, for example CompanyName-AD-GetGroup. I created the following function to “grep” all the function names and create an “Alias” file. This file would have all the set-alias commands that would be sourced on PowerShell start up. This function contains Regular Expressions (my weakness), which I borrowed from here.

FUNCTION JBMURPHY-CreateAliases{
PARAM($OLDNAME="JBMURPHY-",$NEWNAME="CompanyName-")
$tempFile = [System.IO.Path]::GetTempFileName()

Select-String -Pattern "function\s+(\w+-\w+-\w+)\b" *.ps1 | %{
$FUNCTIONS=$_.Matches | %{$_.groups[0].Value -Replace "Function ",""}
Write-host "set-alias $($FUNCTIONS -Replace $OLDNAME,$NEWNAME) $FUNCTIONS -Option AllScope"
Out-File $tempFile -encoding ascii -append -inputobject "set-alias $($FUNCTIONS -Replace $OLDNAME,$NEWNAME) $FUNCTIONS -Option AllScope"
}
move-item $tempFile "$($NEWNAME)ALIASES.ps1" -force
}

PowerShell, Active Setup and running a SCCM package “before log on”

I have been struggling with the following idea for a while: How to run a package before before a person logs on using SCCM. There is a setting in SCCM that runs when no one is logged on, but if a person reboots and logs on before SCCM fires, the package will never run. Basically I wanted the ability to make SCCM work like Software Deployment in AD (AD prevents you from logging on until software is completely installed).

The missing piece, for me, was “Active Setup”. Active Setup is pretty well documented here. Combining Active Setup with PowerShell and SCCM, I believe I can run packages before people log on (or at least before they launch any programs).

Here are my steps

  • Step 1 : I need to create an Active Setup registry entry on everyone’s machine that will run a PowerShell script
    • I created this PowerShell script to create the Active Setup registry entries. This will put a StubPath that launches the PowerShell script.
  • Step 2 : Pop up an info message telling the user we are doing some work before the finish logging in.
  • Step 3 : Launch the SCCM Advertised program that you want. Since Active Setup is running as the user, you have to use SCCM to run anything that needs “administrative privileges”. The following code is used inside a PowerShell script to launch an advertisement on the local machine (you need to know the ProgramID and the PackageID):
Function JBMURPHY-SCCM-UIExecuteProgram {
 Param([parameter(Mandatory = $true)]$ProgramID,
       [parameter(Mandatory = $true)]$PackageID)
 $UIResource = New-Object -ComObject UIResource.UIResourceMgr
 $UIResource.ExecuteProgram($ProgramID, $PackageID,$true)
}

Kinda complicated, but I think it will work. Have you used these methods?

PowerShell Query to find a users computer name in SCCM

We rely on Remote Assistance. Usually, I just type “msra /offerra” in to my PowerShell session and lookup a the user’s computer name in the SCCM report named “Computers for a specific user name”. I wanted to make that process quicker. I wrote the following script to query SCCM for the “list of computer’s who’s last logged on user” is the person I am looking for.

FUNCTION JBMURPHY-SCCM-GetComputerByLastLoggedOnUser {
Param([parameter(Mandatory = $true)]$SamAccountName,
	$SiteName="JBM",
	$SCCMServer="SCCMServer.domain.local")
	$SCCMNameSpace="root\sms\site_$SiteName"
	Get-WmiObject -namespace $SCCMNameSpace -computer $SCCMServer -query "select Name from sms_r_system where LastLogonUserName='$SamAccountName'" | select Name
}

Let me know if this is useful to you!

PowerShell scripts to create a WinPE 4.0 wim/ISO

I have been  a WinPE hacker since it was only available to SA subscribers. With Vista it was free to the world, and I started moving all my setup processes to it. I have always used the dos batch scripts found in this forum to create a new WinPE ISO. Since WinPE 4.0 is coming out with Windows 8 (if not before (I don’t know timelines)), I wanted to modify the dos batch files I rely on to work with WinPE 4.0. Since WinPE 4.0 has PowerShell in it, I wanted to migrate those dos batch files to PowerShell functions. Working from the dos batch files linked above and this post I created the functions below. They have numbers in their names because they are the steps to follow when creating a new ISO.


Function JBMURPHY-WinPE-1MakePEDirectory{
	Param($OSArchitecture="x86")

 remove-item -force "c:\PE\winpe_$OSArchitecture"
 New-Item c:\PE\winpe_$OSArchitecture\ISO\sources -type directory -force
 New-Item c:\PE\winpe_$OSArchitecture\mount -type directory -force
 copy-item "C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\$OSArchitecture\winpe.wim" "c:\PE\winpe_$OSArchitecture\ISO\sources\boot.wim"
 copy-item "C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\$OSArchitecture\Media\*" "c:\PE\winpe_$OSArchitecture\ISO\" -recurse
 copy-item "C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment and Imaging Tools\$OSArchitecture\Oscdimg\etfsboot.com" "c:\PE\winpe_$OSArchitecture\"

}

Function JBMURPHY-WinPE-2Mount{
	Param($OSArchitecture="x86",$WimFile="c:\PE\winpe_$OSArchitecture\ISO\sources\boot.wim")
	DISM.exe /Mount-Wim /WimFile:$WimFile /index:1 /MountDir:C:\PE\winpe_$OSArchitecture\mount
}

Function JBMURPHY-WinPE-3.0AddPAckages{
	Param($OSArchitecture="x86",$WimFile="c:\PE\winpe_$OSArchitecture\ISO\sources\boot.wim")
	$OCsPATH="C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\$OSArchitecture\WinPE_OCs"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-Scripting.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-Scripting_en-us.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-WMI.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-WMI_en-us.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-MDAC.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-MDAC_en-us.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-HTA.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-HTA_en-us.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-NetFx4.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-NetFx4_en-us.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-PowerShell3.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-PowerShell3_en-us.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\WinPE-DismCmdlets.cab"
	dism /image:C:\PE\winpe_$OSArchitecture\mount /add-package /packagepath:"$OCsPATH\en-us\WinPE-DismCmdlets_en-us.cab"
}

Function JBMURPHY-WinPE-5UnMount-NoCommit{
	Param($OSArchitecture="x86",$WimFile="c:\PE\winpe_$OSArchitecture\ISO\sources\boot.wim")
	DISM.exe /unmount-Wim /MountDir:C:\PE\winpe_$OSArchitecture\mount /discard
}
Function JBMURPHY-WinPE-5UnMount{
	Param($OSArchitecture="x86",$WimFile="c:\PE\winpe_$OSArchitecture\ISO\sources\boot.wim")
	DISM.exe /unmount-Wim /MountDir:C:\PE\winpe_$OSArchitecture\mount /Commit
}

Function JBMURPHY-WinPE-6MakeISO {
	Param($OSArchitecture="x86",$WimFile="c:\PE\winpe_$OSArchitecture\ISO\sources\boot.wim")
	$command="C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment and Imaging Tools\$OSArchitecture\Oscdimg\oscdimg.exe"
	&$command  -n -bc:\PE\winpe_$OSArchitecture\etfsboot.com c:\PE\winpe_$OSArchitecture\ISO c:\PE\winpe_$OSArchitecture\winpe_$OSArchitecture.iso
}

I have not tried this on x64, but I think you would need to pass -OSArchitecture amd64 to each function . Is it me or does Microsoft flip-flop between x64 and amd64 naming conventions?

Quick PowerShell script to run a command on every machine in an OU

I wanted to run a command on all machines in an OU. I know this documented all over the place, but this is the syntax I like:

foreach ($COMPUTER in $(Get-ADComputer -Filter * -Searchbase 'OU=SubOU,OU=TopLevelOU,DC=DOMAIN,DC=LOCAL')){
  write-host "Connecting to $($COMPUTER.Name)"
  Invoke-Command $COMPUTER.Name {ipconfig /renew}
}

Install OpenManage Server Administrator on ESXi5 via PowerCLI

Dell has changed how you install OpenManage Server Administrator on ESXi5. To do this via PowerCLI, use the following steps.

  1. Download the new vib file: OM-SrvAdmin-Dell-Web-6.5.0-542907.VIB-ESX50i_A02.zip (most recent can be found here)
  2. Extract it and upload the folder via the vSphere client (browse datastore and upload the extracted folder)
  3. Put the ESXi5 box into maintenance mode.
  4. From PowerShell with the PowerCLI installed:
    1. Connect- VIServer -Server x.x.x.x
    2. Install-VMHostPatch -HostPath /vmfs/volumes/datastore1/OM-SrvAdmin-Dell-Web-6.5.0-542907.VIB-ESX50i_A02/metadata.zip (or where ever you uploaded it)

Note: You can no longer connect directly to that web interface on port 1311 of the ESXi5 box. Now, you now have to go to a different OpenManage Server Administrator install (log out if you are auto logged in) and select “Manage remote node”. That is a pain.

PowerShell script to add Active Setup registry entries

I am interested in using Active Setup more throughout our environment. The thing I like about Active Setup is that if I screw up, it will only run once and not over and over! Kidding, but the “run one” nature of Active Setup is nice. I wanted a PowerShell function to create Active Setup registry entries, so I can script the updates on multiple machine. Here is that function:

Function JBMURPHY-AddToActiveSetup {
  Param([parameter(Mandatory = $true)]$ActiveSetupUniqueName,
	[parameter(Mandatory = $true)]$ActiveSetupStubPath,
	[parameter(Mandatory = $true)]$ActiveSetupVersion)
  $ParentKey="HKLM:Software\Microsoft\Active Setup\Installed Components"
  $Key=$ParentKey + "\" + $ActiveSetupUniqueName
  # Check for key
  if (!(Test-Path $Key)){
    New-Item -type Directory $($ParentKey + "\" + $ActiveSetupUniqueName)
  }
  else {
    write-host "Key exists"
  }
  Set-ItemProperty $($Key) -name "StubPath" -value $ActiveSetupStubPath
  Set-ItemProperty $($Key) -name "Version" -value $ActiveSetupVersion
}

Updated PowerShell to determine if a user is visiting the office

I made an error. More like an incorrect assumption in this post, specifically this code.:

Function JBMURPHY-AD-GetHomeSite {
Param($username=$(cat env:username))
foreach ($group in "OfficeGroup1","OfficeGroup2","OfficeGroup3") {
    foreach ($user in $(Get-ADGroupMember $group)){
    if ($user.SamAccountName -eq $username) {return $group}
    }
}
}

My incorrect assumption was that the AD PowerShell components were installed on every machine (they are only my machine). I needed to rewire this code above to use ADSI, since Get-ADGroupMember is not on everyone’s machine. Below is that code:

Function JBMURPHY-AD-GetHomeSite {
Param($username=$($env:USERNAME))
$groups=([AdsiSearcher]"samaccountname=$username").Findone().properties.memberof | % {([adsi]"LDAP://$_").cn}
foreach ($officegroup in "OfficeGroup2","OfficeGroup2","OfficeGroup3") {
    foreach ($group in $groups){
    if ($group -eq $officegroup) {return $group}
    }
}
}

Powered by WordPress. Designed by WooThemes