As many of you know, CVE-2023-24932 will require Configuration Manager admins to update their boot media before their organization or Microsoft enforces the revocations. If you do not update your boot images before the revocations are applied, you will not be able to load an unpatched WinPE image. Community members like Gary Blok and Sassan Fanai have already shared some excellent scripts that will automatically update your boot image. I just wanted to take it an extra step by automating some of the manual steps that would have to be performed. Using the ConfigMgr Module, we’re able to query the boot images to determine which updates are needed, find the update source URL for the May CU, then eventually update the boot image and reload the boot image properties so the console shows the correct build number. This will hopefully streamline the process for the community.
Many thanks to Gary Blok for collaborating with me and helping improve the script!
The following function will automatically convert your ConfigMgr applications to .intunewin files that can be used in Intune to deploy Win32 applications. In my environment, we are using PSADT (Powershell App Deployment Toolkit) so this function worked great to convert my existing install scripts to something that I can use in Intune. Once the function has completed converting your applications, it will open the folder that will contain a subfolder for each Deployment Type that the application had. In those subfolders, you will find the .intunewin files.
Just keep in mind that if your install command in ConfigMgr is calling a file that is not in the content source path, the Convert-CMAppToIntune function will exit since the Win32 Content Prep Tool requires the setup file to exist with the content.
It’s been a while since my last post but I just wanted to share something that I have been working on. Lately I have been trying to migrate all of my WinForms to WPF with Powershell and since I have started learning how to create WPF forms , I wanted to share a tool that I created called “About Me”. This tool will give your users common information that support would need to assist them. If Outlook is installed, it will give users the ability to draft an email automatically with the information that is displayed in the tool. I also have included a “Tools” section that has some shortcuts to commonly used utilities in the OS.
Device Information: This is the first section that users will see when launching the About Me WPF tool. If you have Outlook installed, you will see the Email Info button. Otherwise you will only see a Copy Info button instead which will place the device information into the user’s clipboard.
Tools Section: This is the tools section that users will see when they click the Tools button. This will give users and support the ability to run gpupdate and launch commonly used operating system utilities.
Happy New Years everyone! I was recently reading a blog post by Gary Blok that explained how to upgrade to Windows 10 21H2 via Enablement Package using the ConfigMgr App Model. It is a great article and I actually plan on using an Enablement Package to upgrade all of my 20H2 PC’s to 21H2. However, due to my anxiety I didn’t like that I actually had to setup an ADR to download the Enablement Package. So instead of using an ADR, I wanted to see if I could accomplish this with the ConfigMgr Powershell CMDLETs. Fortunately with ConfigMgr 2107, Microsoft released a new CMDLET Get-CMSoftwareUpdateContentInfo that can help us easily retrieve the source path for the Enablement Package .cab files. All you need to make this work is a site with 2107 installed, ConfigMgr console installed on the device that you are running the script, Powershell 3.0 and above, and the following Products and Classifications:
These scripts were great but I noticed they depended on Get-ChildItem to find .jar files on systems. As you may know, Get-ChildItem can be VERY slow to run. Especially when you are scanning entire drives for specific files. That’s when I decided to find an alternative that could run faster and use less resources. I first tried to use .Net but unfortunately that didn’t go anywhere because the EnumerationOptions class is not available to use with Powershell 5.0. Then I started searching Google for other options and someone on StackOverFlow recommended using RoboCopy without copying anything instead. Let’s just say I ended up canceling Get-ChildItem because it was still running after RoboCopy finished querying all of my drives for .jar files.
As you can see in the script, I also decided to not depend on a text file from GitHub that the other scripts were using (https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes/raw/main/sha256sums.txt). It’s great that it was grabbing the latest .txt file but I didn’t feel comfortable using a file that could possibly be compromised at a later time. Instead I encoded the text file and decoded it so the script can be 100% standalone without any external dependencies.
Update 12/17/2021 – Since I have received a few requests to add custom file hashes, I have updated the script so you can easily add additional file hashes that the script can query. In order to do this, you will need to add the file hashes to the $CustomFileHashes variable.
Ever since KB5006670 was released, I have been receiving reports from our local support team that users are unable to install printers from our print servers. The specific error they were getting was “Windows cannot connect to the printer.” Operation failed with error 0x000006e4.
Thanks to a user on Reddit (NinjaAmbush), I was able to find the following fix which was to uncheck “Render print jobs on client computers” click apply and then recheck the setting. Since this had to be done for each printer on the server, I decided to find out if I could automate the steps with Powershell. Fortunately it was pretty straight forward and I was able to accomplish this with two native Powershell CMDLETS (Get-Printer and Set-Printer).
Here is the automated solution that needs to run on your print servers:
As many of you know Windows 11 was released yesterday. Right now I’m I’m currently testing the official release and running Procmon to figure out some of the new registry keys that were introduced with Windows 11. Here are the registry keys and values that will automatically hide the Widgets and Teams chat button from the taskbar in Windows 11:
The following script is a proof of concept to demonstrate that you can create Outlook holidays automatically with Powershell. The POC script will automatically create a “Test Holiday” on the date that you ran the script. I also added an IF statement to check if the holiday already exists. That way users wouldn’t see the holiday added multiple times. The script can easily be setup to run in a ForEach loop to add multiple holidays in one script. You would just need to update the $Date and $Subject variables for each holiday.
Update (10/6/2021) – I just tested the official Windows 11 release today and it appears you cannot bring back the Windows 10 start menu anymore. However the following registry key still works to move the start menu to the left side of the screen.
As many of you know, Windows 11 will be introducing a new start menu layout. If you want to keep things consistent for your users you can add the following registry keys to your GPO when your company decides to roll out Windows 11.
I have noticed in my testing that the %LOGONSERVER% environmental variable can sometimes be unreliable. After searching some time on Google, I found that using the nltest /dsgetdc: command was the most reliable method of returning the logon server. This unfortunately provides some complications since the results of the command also gives additional information that is not needed if you just need the current logon server. This is why I created the following Get-LogonServer function so you could easily return the logon server and use it in a Powershell script.