How to disable automatic updates in Debug Diagnostics 2.1 using PowerShell
Greetings all. I am writing a PowerShell script to do an unattended install of Debug Diagnostics Tool version 2.2.0.14. The installer is an x64 .msi. The unattended install works fine, but I am unable to find the correct switch/command to disable automatic updates for the tool. Here is the latest code I tried: Execute-MSI -Action 'Install' -Path "<filepath>\DebugDiagx64.msi" -Parameters "/qn /norestart ALLUSERS=2 DISABLE_AUTOUPDATES=1" Other switches I have tried for disabling updates includes DISABLE_UPDATES=1, UPDATES=0 and UPDATES=FALSE. None of these work. Updates can be disabled manually through the Options & Settings GUI. Screenshots for this are attached. I really need a way to disable the automatic updates through PowerShell during an unattended installation through SCCM . Thanks.
Disable Exclusive Mode for All Audio Devices via PS
Hi all 🙂 Currently I am working on a script that will disable Exclusive Mode for all audio devices in Windows 10. So far I created this script: $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\" Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" } When I ran it as administrator I can see that it can find requested value on all registry keys under: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\" But scripts ends with permission denied error: PS C:\WINDOWS\system32> $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\" Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" } Set-ItemProperty : Requested registry access is not allowed. At line:2 char:123 + ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...073}\Properties:String) [Set-ItemProperty], SecurityException + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand Set-ItemProperty : Requested registry access is not allowed. At line:2 char:123 + ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...3b4}\Properties:String) [Set-ItemProperty], SecurityException + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand PS C:\WINDOWS\system32> So I know that at least the finding part is working properly. I created a script in MECM and deployed for test computer as the script should be ran with System Account permission and it ends with successful state but values are not being changed. Could someone share some advice regarding this case? Thanks DamianDevice registration in Co-Management - Error 0x8018002b
Hi All, I am a bit stumped as we have been experiencing issues getting devices into the co-managed state correctly on several of our machines. We did extensive testing on this several months ago and successfully joined 10-15 machines before refocusing our efforts on building out our policies. Machines are showing up in both EPM(Endpoint Manager) and AAD (Azure Active Directory) but have SCCM listed as the MDM authority in AAD. Image 1, Source AAD Image 2, Source EPM Interestingly on the users devices the co-management status is set to 1 we are unable to push apps such as the company portal down to the machine. This value is managed by the Co-Management sliders in SCCM and increases based on how much of the load is managed by Intune. Therefore currently Intune is not managing the device at all, despite it showing up in Intune as Co-Managed. All test cases of this are part of the Pilot collection in SCCM and all sliders are set to Intune Pilot. I have collected logs on all of the devices that have this issue and have noticed this error is present on all of them and users are not getting the MFA prompt to set up intune in the first instance. "Auto MDM Enroll: Device Credential (0x0). Failed (Unknown Win32 Error code 0x8018002b)" This leads me to believe that devices are using the incorrect credential (Device) to sign up for Microsoft EPM despite the following Policy. I have tried the below solutions to no success: Microsoft Solution https://docs.microsoft.com/en-in/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors One of the following conditions should be the cause UPN Contains an unverified or non-routable domain, such as .local - Checked @edu address used MDM user Scope set to None - Checked, set to Some. User is in included group with licenses assigned Community Solution https://community.spiceworks.com/topic/2278963-intune-with-aadj-cannot-auto-enroll Wait 12 hours… , Waited 48h no change Ensure MDM enrolment Group Policy uses user credential, not device - Checked, See image of Policy above It could be that i am missing something obvious but I would appreciate help finding that component :).
Need powershell script to update microsoft edge in wvd environment
> Need help in creating a powershell script to update Microsoft Edge in WVD environment ( VM's ) > OS : Windows 2019 Server Requirement steps: 1 - close all sessions in the WVD VM. 2 - launch Edge and open the About page 3 - close edge after a couple of mins and then update it 4. a lot of time through the edge browser is just pending a restart to finish installing it. So is there a way to also force it to check for an update to be included in the script.Bug in Get-CMSoftwareUpdateDeploymentStatus cmdlet
When I run the Get-CMSoftwareUpdateDeploymentStatus cmdlet I get the following message; Get-CMSoftwareUpdateDeploymentStatus : Operation could not complete because the currently connected account does not have the required security rights to perform this operation. I have the Full Administrator role I can run Get-CMPackageDeployment -DeploymentId "XX12008C" | Get-CMPackageDeploymentStatus and Get-CMApplicationDeployment -DeploymentId "{9462...43F34}" | Get-CMApplicationDeploymentStatus both work flawlessly but I can't do the same for Software Updates I run the following command; Get-CMSoftwareUpdateDeployment -DeploymentId "{7047...d3fe}" | Get-CMSoftwareUpdateDeploymentStatusRun Script from SCCM
I am a novice at PowerShell. I have a request to run a script from SCCM to install a list of printer drivers. Script is as follows... # Ricoh Universal Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\Universal Print Driver ver4_27\disk1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Ricoh SP3410dn Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\SP 3410DN\PCL6\DISK1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Ricoh SP3510dn Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\SP 3510DN\PCL6\DISK1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Ricoh SPC232dn Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\SP C232DN\PCL6\DISK1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # HP T1300 Print Driver Get-ChildItem "\\server\d$\Print_Drivers\HP\T1300 PS Server 2016\win_x64_ps3_drv\win_x64_ps3_drv" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Zebra ZDesigner GX420t Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Other\Zebra\ZD5-1-16-7110\ZBRN" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } I can run this script locally on a machine & it runs fine, takes about 90 seconds to complete. When I create an application for it in SCCM & deploy it, its like it doesn't have time to complete the installs before PowerShell shuts down. Then the app shows as failed in Software Center. How do I make it wait to finish running the script before closing out PowerShell?
PowerShell Automation for Verifying MST
Just finished putting together a script to Apply an MST to an MSI then read out the property table. This is for an automation process to verify a submited MSI and MST meet our packaging standards. Need a little sanity check as working with COM objects is not a strong point for me. Really want to make sure I am closing the files correctly after applying the transform then querying the database. I wasn't able to delete the temp files running in Powershell ISE until I did the ReleaseComObject. I didn't have to do that when working with the straight MSI and just pull the properties from it so I hope this is not corrupting any files. # Apply MST to an MSI # Based on Code from: https://hinchley.net/articles/update-cab-file-and-msi-transform-via-command-line/ $SourceMSI = "C:\Temp\MSI\MSI-x64.msi" $SourceMST = "C:\Temp\MSI\MSI.mst" $TempMSI = "$SourceMSI.tmp" $TempMST = "$SourceMST.tmp" Copy-Item $SourceMSI $TempMSI -Force Copy-Item $SourceMST $TempMST -Force $WindowsInstaller = New-Object -ComObject WindowsInstaller.Installer #Open the database in Direct read/write without Transaction (2) $MSIDatabase1 = $WindowsInstaller.GetType().InvokeMember('OpenDatabase' , 'InvokeMethod' , $Null, $WindowsInstaller, @($TempMSI, 2)) #$MSIDatabase1.applytransform($TempMST, 0) $MSIDatabase1.GetType().InvokeMember('ApplyTransform' , 'InvokeMethod' , $Null , $MSIDatabase1 , @($TempMST, 0)) $Query = ("SELECT Property,Value FROM Property") #Opens a data view to the MSI based on the query created. $View = $MSIDatabase1.GetType().InvokeMember('OpenView', 'InvokeMethod', $null, $MSIDatabase1, ($Query)) $null = $View.GetType().InvokeMember('Execute', 'InvokeMethod', $null, $View, $null) $hash = @{} # Add File information (Note this adds the full File information Porperties so can call with <Var>.File |Select * $hash.Add('File',$TempMSI) WHILE ($Record = $View.GetType().InvokeMember('Fetch', 'InvokeMethod', $null, $View, $null)) { $name = $Record.GetType().InvokeMember('StringData', 'GetProperty', $null, $Record, 1) $value = $hashMSIValue = $Record.GetType().InvokeMember('StringData', 'GetProperty', $null, $Record, 2) $hash.Add($name,$value) } # Push Hash table into a PSCustom object $msiProperties = [pscustomobject]$hash # I'm not sure If I have everything required to close out here properly from applying the transform. $null = $MSIDatabase1.GetType().InvokeMember('Commit' , 'InvokeMethod' , $Null , $MSIDatabase1 , $Null) $null = $view.GetType().InvokeMember('Close', 'InvokeMethod', $null, $view, $null) # Really important part to be able to release the opened files and delete $null = [Runtime.Interopservices.Marshal]::ReleaseComObject($view) $null = [Runtime.Interopservices.Marshal]::ReleaseComObject($MSIDatabase1) $null = [Runtime.Interopservices.Marshal]::ReleaseComObject($WindowsInstaller) [GC]::Collect()
Calculate Percent on Compliance SCCM Powershell by Device collection
I have a function that pulls compliance status of a software update deployment (assignment ID). I want to configure this to calculate percent of the status types (Success, Error, In Progress, Unknown) and I would also like to pull compliance status based on device collection name instead of the deployment ID as it is shown below. What I want to accomplish is automatically take a list of device collection names and run a software update deployment which organizes each collection by compliance percent (for each status), and then receive it by email every morning. I have several locations based on device collection, and I want to be able to differentiate which locations and devices are the problematic ones. This method makes tracking and reporting much easier and SCCM console will not have to be launched each individual time to get reporting. function Get-SCCMSoftwareUpdateStatus { [CmdletBinding()] param( [Parameter()] [switch] $DeploymentIDFromGUI, [Parameter(Mandatory = $false)] [Alias('ID', 'AssignmentID')] [string] $DeploymentID, [Parameter(Mandatory = $false)] [ValidateSet('Success', 'InProgress', 'Error', 'Unknown')] [Alias('Filter')] [string] $Status ) BEGIN { $Site_Code = 'ABC' $Site_Server = 'SYSTEMCENTERSERVERNAME' $HasErrors = $False if ($Status -eq 'Success') { $StatusType = 1 } if ($Status -eq 'InProgress') { $StatusType = 2 } if ($Status -eq 'Unknown') { $StatusType = 4 } if ($Status -eq 'Error') { $StatusType = 5 } } PROCESS { try { if ($DeploymentID -and $DeploymentIDFromGUI) { Write-Error "Select the DeploymentIDFromGUI or DeploymentID Parameter. Not Both" $HasErrors = $True throw } if ($DeploymentIDFromGUI) { $ShellLocation = Get-Location Import-Module (Join-Path $(Split-Path $env:SMS_ADMIN_UI_PATH) ConfigurationManager.psd1) #Checking to see if module has been imported. If not abort. if (Get-Module ConfigurationManager) { Set-Location "$($Site_Code):\" $DeploymentID = Get-CMSoftwareUpdateDeployment | select AssignmentID, AssignmentName | Out-GridView -OutputMode Single -Title "Select a Deployment and Click OK" | Select -ExpandProperty AssignmentID Set-Location $ShellLocation } else { Write-Error "The SCCM Module wasn't imported successfully. Aborting." $HasErrors = $True throw } } if ($DeploymentID) { $DeploymentNameWithID = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID" | select AssignmentID, AssignmentName $DeploymentName = $DeploymentNameWithID.AssignmentName | select -Unique } else { Write-Error "A Deployment ID was not specified. Aborting." $HasErrors = $True throw } if ($Status) { $Output = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID and StatusType = $StatusType" | ` select DeviceName, CollectionName, @{Name = 'StatusTime'; Expression = {$_.ConvertToDateTime($_.StatusTime) }}, @{Name = 'Status' ; Expression = {if ($_.StatusType -eq 1) {'Success'} elseif ($_.StatusType -eq 2) {'InProgress'} elseif ($_.StatusType -eq 5) {'Error'} elseif ($_.StatusType -eq 4) {'Unknown'} }} } else { $Output = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID" | ` select DeviceName, CollectionName, @{Name = 'StatusTime'; Expression = {$_.ConvertToDateTime($_.StatusTime) }}, @{Name = 'Status' ; Expression = {if ($_.StatusType -eq 1) {'Success'} elseif ($_.StatusType -eq 2) {'InProgress'} elseif ($_.StatusType -eq 5) {'Error'} elseif ($_.StatusType -eq 4) {'Unknown'} }} } if (-not $Output) { Write-Error "A Deployment with ID: $($DeploymentID) is not valid. Aborting" $HasErrors = $True throw } } catch { } finally { if (($HasErrors -eq $false) -and ($Output)) { Write-Output "" Write-Output "Deployment Name: $DeploymentName" Write-Output "Deployment ID: $DeploymentID" Write-Output "" Write-Output $Output | Sort-Object Status } } } END {} }Windows 10 1903 Group Policy Issues after OSD
Hi, We've recently started deploying Windows 10 1903 (First Win 10 version too...) with SCCM 1902 with MDT and group policy appears to apply, according to the logs but then we find certain settings not actually applied, even though a gpresult shows them as being applied. Checking the various reg keys etc. for our policy settings on a client, I have seen that all of our GPO settings get applied and then some but not all get mysteriously removed, for example the Interactive Logon message gets applied but then removed, as in the registry value is removed. Running a gpupdate /force after this has happened, appears to fix the issue. However using the SMSTSPostAction variable to run a script or command to update Group Policy, doesn't work either, the script/command runs (As per log files) but the above does still occur until we run a gpupdate /force (A ordinary gpupdate does nothing, so most of the time reboots etc. do nothing). We have no Group Policy related Group Policy settings (As in the ones that control whether CSEs process during slow links etc. and whether they process even though there are no changes) and we cannot find any other reason for this not to work correctly. I think until we find a fix, using the RunOnce reg key/value maybe the workaround... Would someone at Microsoft be able to confirm whether this is a confirmed issue at Microsoft and whether there is a fix for it please? Or if there is a fix incoming as potentially some of our security related GPOs are not being correctly applied. Many thanks, LukePowershell for SCCM
I am new to Powershell and I want to run a powershell to query to SCCM Deployement status. 1)If appenforcement state is 1000 or 1001 for multple application names then the powershell output should be TRUE else FALSE. 2)IF the query inside for-each loop does not return any row ,then the counter must be incremented. If the output from 1 is FALSE or counter>0 in step 2 then final output should be FALSE else true PFB the query $ApplicationName = "Add Support Group,Notepad-PlusPlus-7.6.6" $AppNames = $ApplicationName -split "," $sqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $dataTable = New-Object System.Data.DataTable $dataSource = "dataSource" $database = "database" # Get Start Time $startDTM = (Get-Date) # Open a connection #cls #Write-host "Opening a connection to '$database' on '$dataSource'" #Using windows authentication, or.. $connectionString = "Server=$dataSource;Database=$database;Integrated Security=SSPI;" # Using SQL authentication #$connectionString = "Server=$dataSource;Database=$database;uid=ConfigMgrDB_Read;pwd=Pa$$w0rd;Integrated Security=false" $connection = New-Object System.Data.SqlClient.SqlConnection $connection.ConnectionString = $connectionString $connection.Open() $command = $connection.CreateCommand() foreach ($AppName in $AppNames) { Write-Output $AppName $query = " select distinct ae.AppEnforcementState from v_R_System_Valid s1 join vAppDTDeploymentResultsPerClient ae on ae.ResourceID=s1.ResourceID join v_CICurrentComplianceStatus ci2 on ci2.CI_ID=ae.CI_ID AND ci2.ResourceID=s1.ResourceID join v_ApplicationAssignment aa on ae.AssignmentID = aa.AssignmentID where ae.AppEnforcementState is not null and aa.ApplicationName = '$AppName' and s1.netbios_name0 =$Computer " $command.CommandText = $query $sqlAdapter.SelectCommand = $command $result = $command.ExecuteReader() $result.Close() $result = $sqlAdapter.Fill($dataTable) } Write-Output -Verbose $dataTable $connection.Close() write-host "Starting after connection close" $success for($i=0;$i -lt $dataTable.Rows.Count;$i++) { Write-Output $dataTable.Rows[$i][0] if ( $dataTable.Rows[$i][0] -eq 1000 -Or $dataTable.Rows[$i][0] -eq 1001 ){ $success = "true" } else { $success = "false" break } } Write-Output $success
