Thursday, 24 October 2024

SCCM Configuration Baseline to Initiate Available Task Sequence

 PowerShell Script Monitor

Function Get-RegistryValue12 {

        param (

            [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Path,

            [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Name

        )

        Return (Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name

    }

$compliance = "Compliant"

$Registry = "HKLM:\SOFTWARE\SOFTWARE\WOW6432Node\Notepad++"

$name = "InstallerLanguage"

$value = Get-RegistryValue12 -path $registry -name $name

$Ver = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").currentBuild

If ($Ver -like '1033')

{

$compliance = 'Non-Compliant'

}

$compliance


PowerShell Script Remediation

Function Execute-TaskSequence {

    Param (

        [parameter(Mandatory = $true)]

        [string]$Name

    )

    Try {

        Write-Host "Connecting to the SCCM client Software Center..."

        $softwareCenter = New-Object -ComObject "UIResource.UIResourceMgr"

    }

    Catch {

        Throw "Could not connect to the client Software Center."

    }

    If ($softwareCenter) {

        Write-Host "Searching for deployments for task sequence [$name]..."

        $taskSequence = $softwareCenter.GetAvailableApplications() | Where-Object { $_.PackageName -eq "$Name" }

        If ($taskSequence) {

            $taskSequenceProgramID = $taskSequence.ID

            $taskSequencePackageID = $taskSequence.PackageID

            Write-Host "Found task sequence [$name] with package ID [$taskSequencePackageID]."

            # Execute the task sequence

            Try {

                Write-Host "Executing task sequence [$name]..."

                $softwareCenter.ExecuteProgram($taskSequenceProgramID,$taskSequencePackageID,$true)

                Write-Host "Task Sequence executed."

            }

            Catch {

                Throw "Failed to execute the task sequence [$name]"

            }

        }

        Else {

            Write-Host "No Deployments found matching name = [$name]!"

            exit 100

        }

    }

}

Execute-TaskSequence -name "Custom Task Sequence"

Tuesday, 22 October 2024

SCCM Collection Optimization using PowerShell Script

 SQL Query to Get the current collection evaluation schedule


Select

CG.CollectionName,

CG.SITEID AS [Collection ID],

CASE VC.CollectionType

WHEN 0 THEN ‘Other’

WHEN 1 THEN ‘User’

WHEN 2 THEN ‘Device’

ELSE ‘Unknown’ END AS CollectionType,

CG.schedule, case

WHEN CG.Schedule like ‘%000102000’ THEN ‘Every 1 minute’

WHEN CG.Schedule like ‘%00010A000’ THEN ‘Every 5 mins’

WHEN CG.Schedule like ‘%000114000’ THEN ‘Every 10 mins’

WHEN CG.Schedule like ‘%00011E000’ THEN ‘Every 15 mins’

WHEN CG.Schedule like ‘%000128000’ THEN ‘Every 20 mins’

WHEN CG.Schedule like ‘%000132000’ THEN ‘Every 25 mins’

WHEN CG.Schedule like ‘%00013C000’ THEN ‘Every 30 mins’

WHEN CG.Schedule like ‘%000150000’ THEN ‘Every 40 mins’

WHEN CG.Schedule like ‘%00015A000’ THEN ‘Every 45 mins’

WHEN CG.Schedule like ‘%000100100’ THEN ‘Every 1 hour’

WHEN CG.Schedule like ‘%000100200’ THEN ‘Every 2 hours’

WHEN CG.Schedule like ‘%000100300’ THEN ‘Every 3 hours’

WHEN CG.Schedule like ‘%000100400’ THEN ‘Every 4 hours’

WHEN CG.Schedule like ‘%000100500’ THEN ‘Every 5 hours’

WHEN CG.Schedule like ‘%000100600’ THEN ‘Every 6 hours’

WHEN CG.Schedule like ‘%000100700’ THEN ‘Every 7 hours’

WHEN CG.Schedule like ‘%000100B00’ THEN ‘Every 11 Hours’

WHEN CG.Schedule like ‘%000100C00’ THEN ‘Every 12 Hours’

WHEN CG.Schedule like ‘%000101000’ THEN ‘Every 16 Hours’

WHEN CG.Schedule like ‘%000100008’ THEN ‘Every 1 days’

WHEN CG.Schedule like ‘%000100010’ THEN ‘Every 2 days’

WHEN CG.Schedule like ‘%000100028’ THEN ‘Every 5 days’

WHEN CG.Schedule like ‘%000100038’ THEN ‘Every 7 Days’

WHEN CG.Schedule like ‘%000192000’ THEN ‘1 week’

WHEN CG.Schedule like ‘%000080000’ THEN ‘Update Once’

WHEN CG.SChedule = ” THEN ‘Manual’

END AS [Update Schedule],

Case VC.RefreshType

when 1 then ‘Manual’

when 2 then ‘Scheduled’

when 4 then ‘Incremental’

when 6 then ‘Scheduled and Incremental’

else ‘Unknown’

end as RefreshType,

VC.MemberCount

from

dbo.collections_g CG

left join v_collections VC on VC.SiteID = CG.SiteID

order by

CG.Schedule DESC


Powershell Script to update the evaluation schedule


# site code.

$sitecode = '123'


# name of server hosting the sms provider.

$provider = 'ServerName'


# create a recuring interval token with a cycle of x days.

# the start time will be randomised, but always on the hour.

function new-token($days = 1) {

  $class = gwmi -list -name root\sms\site_$sitecode -class sms_st_recurinterval -comp $provider

  $interval = $class.createinstance()

  $interval.dayspan = $days

  $interval.starttime = get-date (get-date '1/1/2016').addhours((get-random -max 24)) -format yyyyMMddHHmmss.000000+***

  return $interval

}


# get the names of all collections enabled for incremental updates.

function get-incremental() {

  $collections = @()

  gwmi -name root\sms\site_$sitecode -class sms_collection -comp $provider | %{

    $collection = [wmi]$_.__path

    if ($collection.refreshtype -band 4 -and $collection.collectionid -notlike 'sms*') {

      $collections += $collection.name

    }

  }

  return $collections

}


# configure the refresh cycle for an array of collections.

# set $type to 2 for periodic refresh only, and 6 for incremental and periodic.

# set $days to the number days between each periodic refresh.

function set-schedule([array]$collections, $type, $days) {

  $collections | %{

    if (! ($collection = gwmi -name root\sms\site_$sitecode -class sms_collection -comp $provider -filter "name = '$_'")) { return }

    $collection.refreshtype = $type

    $collection.refreshschedule = new-token $days

    #$collection.psbase()

    $collection.put() | out-null

  }

}


# disable incremental updates.

# i.e. enable periodic updates only, with a refresh cycle of 1 day.

function disable-incremental([array]$collections) {

  set-schedule $collections 2 7

}


# enable incremental updates.

# i.e. enable incremental and periodic updates, with a refresh cycle of 7 days.

function enable-incremental([array]$collections) {

  set-schedule $collections 6 7

}

#To retrieve the name of all collections enabled for incremental updates:


#get-incremental

#To disable incremental updates on all collections listed in a file named disable.txt, and enable periodic updates with a daily cycle:


disable-incremental (get-content "C:\Temp\Collection.txt")

#To enable incremental and periodic updates on all collections listed in a file named disable.txt, with a weekly periodic refresh cycle:


#enable-incremental (get-content enable.txt)

Thursday, 3 October 2024

Intune Blocking Store App and allow them updated

 Below configuration profile will help to block the store app 

Administrative Templates\Windows Components\Store

Turn off the Store application (User) and set Enabled


Administrative Templates\Start Menu and Taskbar

Do not allow pinning Store app to the Taskbar (User) and set Enabled


Regardless of how you are blocking or allowing the Microsoft Store, remembering that the store needs to be available to allow for apps from Microsoft Intune to be deployed, we should at least configure devices to allow for updates


Administrative Templates\Windows Components\Store

Allow apps from Microsoft app store to auto update


You can also use the remediation script to allow store app auto update


Detection Script


$Path = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"

$Name = "AutoDownloaded"

$Value = 4


Try {

    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name

    If ($Registry -eq $Value){

        Write-Output "Compliant"

        Exit 0

    } 

    Write-Warning "Not Compliant"

    Exit 1

Catch {

    Write-Warning "Not Compliant"

    Exit 1

}


Remediation Script


Write-Host "Required Auto Update"

$store = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"

If (!(Test-Path $store)) {

    New-Item $store

}

Set-ItemProperty $store AutoDownloaded -Value 4


SCCM SQL Query Online device by Management Point

 SCCM SQL Query Online device by Management Point select srl.SiteCode, srl.ServerName, srl.InternetEnabled, srl.Shared, srl.SslState, SUM(br...