Tuesday, April 19, 2016

PowerShell: Disable, Move, Delete AD Computer Objects

Problem

Stale computer objects being left behind in an Active Directory environment.

Solution

This PowerShell script will resolve the problem. It was written to search a specific OU and sub OU’s to find stale records. Stale records are defined in the script as a computer that has not changed its password in greater than 4 months and has also not logged into the domain in greater than 4 months. Both are configurable in the script. It will then disable the computer, move it to a specified OU, and tag the description with the date that it was disabled for future reference. I will go into detail on usage below.

Download Script

Download

CommandLine Options

This script must be called from the PowerShell shell. It has 4 switches to enable different portions of the script. By default, I have turned on –WhatIF on any actions that may cause issue in an environment. –Force turns off –WhatIF on those commands as shown below

-MoveAlreadyDisabled will MOVE already Disabled computers in a specified source OU ($DisableSourceOU) to a specified target OU ($DisableTargetOU).

-DisableAndMove will MOVE and DISABLE Enabled Computers in a specified source OU ($DisableSourceOU) to a specified target OU ($DisableTargetOU) based on criteria. (Read Notes area)

-DeleteDisabled will DELETE already Disabled computers based on criteria and OU. ($DisableTargetOU) (Read Notes area)

-Force Will Turn Off -WhatIF where -WhatIF is defined (-WhatIF:$True is on by Default)

As each section is turned on they will create output files in C:\Scripts

Parts of the Script to Modify

$DisableSourceOU – This is the OU you want the script to Scan and look for stale records

$DisableTargetOU – This is the OU you want the script to place the stale OU

Change the (-x) after AddMonths to your desired time from current date (-4 goes in the past 4 months if you want to go in the future remove the - sign .

1. $DisableComputers = get-adcomputer -properties * -filter {enabled -eq "True"} -SearchBase $DisableSourceOU -SearchScope Subtree | where {($_.lastLogonDate -lt (get-date).AddMonths(-4)) -and ($_.passwordlastset -lt (get-date).AddMonths(-4)) }

2. $DeleteComputers = get-adcomputer -properties * -filter {enabled -eq "False"} -searchbase $DisableTargetOU -SearchScope Subtree | where { $_.Modified -lt (get-date).AddMonths(-1) }

Friday, September 18, 2015

Windows 10: Fully Remove Universal Apps for All Users

Windows 10: Fully Remove Default Universal Apps

Purpose

To help others in fully removing the default universal apps for use of deployment in a corporate image.

Table of Contents

Purpose. 1

Scope. 1

Procedure. 1

Remove Universal Apps. 1

Deployment 1

Scope

Fully remove Universal Apps from system in order to have a clean image for deployment

Procedure

Remove Universal Apps

1. Copy the following script and save it as a .ps1 file (This script leaves the store intact for NEW user profiles.)

$modernApps = @(@("Microsoft.3DBuilder","microsoft.windowscommunicationsapps","Microsoft.BingFinance","Microsoft.BingNews","Microsoft.BingSports","Microsoft.BingWeather","Microsoft.BingTravel","Microsoft.BingHealthAndFitness","Microsoft.BingFoodAndDrink","Microsoft.People","Microsoft.WindowsPhone","Microsoft.MicrosoftSolitaireCollection","Microsoft.WindowsSoundRecorder","Microsoft.XboxApp","Microsoft.WindowsCamera","Microsoft.ZuneMusic","Microsoft.ZuneVideo","Microsoft.Office.OneNote","Microsoft.SkypeApp","Microsoft.MicrosoftOfficeHub"

foreach ($modernApp in $modernApps) {

Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -match $modernApp} | Remove-AppxProvisionedPackage -Online

}

Get-AppxPackage -AllUsers | Remove-AppxPackage

a. You can obviously remove some of the apps listed at the top of the script to leave them on the machine like Microsoft.BingWeather if you want to leave Weather intact

2. Run the following command from Powershell as an Administrator

a. powershell.exe -ExecutionPolicy Bypass -file ".\SomeFile.ps1"

i. “.\SomeFile.ps1” is the name of the file you save the script above as

3. If you need to get into the store after the script is run you may need to delete your profile and let it recreate. All of the default apps will still be removed but Store will return.

Deployment

1. You can deploy this by creating a script and run it during a task sequcne step within MDT or ConfigMgr or Caputre a new .WIM for deployment as part of your base image

Sources

http://pastebin.com/QuDajKAy

Windows 10: Customize and Deploy Start Menu

Windows 10: Customize Default Start Menu

Purpose

To help others in creating a default start menu layout that can then be deployed via imaging solution.

Table of Contents

Purpose. 1

Scope. 1

Procedure. 1

Create Start Menu Modifications. 1

Export Start Menu Layout 1

Apply Start Menu Layout 1

There are two options to apply the change. 1

Option 1 (Microsoft Articles) 1

Option 2. 2

Deployment 2

Scope

Customize Start Menu for deployment

Procedure

Create Start Menu Modifications

1. Update Grouping Lables, Pinning or UnPinning applications, and reorder any Pinned applications to create your custom start menu.

Export Start Menu Layout

1. Once your modifications are complete open powershell

2. From Powershell run

a. Export-StartLayout –path <path you have access to>\CustomLayout.xml

i. ***Ensure the path exists before you start or the export will fail

Apply Start Menu Layout

There are two options to apply the change

Option 1 (Microsoft Articles)

1. Launch Powershell as Administrator

a. Run “Import-StartLayout –layoutpath <path you saved the xml>\CustomLayout.xml –MountPath C:\”

b. All New Profiles created on the system will have the new Start Menu layout and users will still be able to customize it.

Option 2

1. Rename CustomLayout.xml to LayoutModification.xml and copy to C:\Users\Default\AppData\Local\Microsoft\Windows\Shell

a. All New Profiles created on the system will have the new Start Menu layout and users will still be able to customize it.

Deployment

1. You can deploy this by creating a script to copy the xml file or run the import-startlayout command during a task sequcne step within MDT or ConfigMgr or Caputre a new .WIM for deployment as part of your base image. You could probably also deploy the customization as a group policy preference.

Tuesday, June 23, 2015

PeopleSoft Journal Import MSXML fix

Problem

The Macro distributed by PeopleSoft for Journal Import fails to work on Windows Vista, 7, and 8/8.1. With Windows 7 and Vista the solution was simple. Copy the MSXML.dll file from the C:\Windows\System32 folder from a Windows XP machine and place it in the C:\Windows\System32 and/or C:\Windows\SysWOW folder on the Vista/7 machine. This may have also worked on Windows 8/8.1 x86 but it does not work on Windows 8/8.1 x64. For 8/8.1 there are a few modifications to the JRNLMCRO.xla file that are needed. (this was done for Windows 8/8.1 running Excel 2013)

Solution

You have to modify the JRNLMCRO.xla file to include the Microsoft XML v6.0 dll and also modify two lines within the macro code.

Prerequisites

1. Temporarily Trust Macros in Excel

2. Ensure the Developer Tab is enabled in Excel

a. File -> Options -> Customize Ribbon -> (Check) Developer Tab

Process

Open JRNLMCRO.xla

1. Click Developer Tab

a. Click Visual Basic

i. Highlight Jrnlmcro from the Tree view

ii. Click Tools Menu

1. Click References

a. Find and check Microsoft XML, v6.0 from the Available References list

b. Click OK

iii. Expand Modules from the Tree view

iv. Double Click mImportControl

1. Within the Code window for mImportControl search for MSXML2.DOMDocument

2. Replace the two instances of MSXML2.DOMDocument with MSXML2.DOMDocument60

v. Save the macro, exit Excel and try to run your Journal Import normally.

Monday, November 17, 2014

ConfigMgr: Install Fonts as an Application without Local Admin

Purpose

To document a process on how to utilize a software delivery system like ConfigMgr to install Fonts so users do not need local admin rights.

Table of Contents

Script Modification before ConfigMgr Setup. 1

ConfigMgr Application Setup. 2

Scope

To help other Admins limit user rights on machines deployed

Summary

Download DetectionMethod.zip and FontsInstall.zip from the Prerequisite area and follow the steps below. These scripts are written in PowerShell so PowerShell is a requirement. After the application is run you can check your results by looking at the log file that is created at c:\temp\fontinstall.log. The DetectionMethod.ps1 can be modified to have a different timespan which is how it determines if it can run again. It is currently set to 5 minutes.

Prerequisites

DetectionMethod.zip

FontsInstall.zip

PowerShell

Script Modification before ConfigMgr Setup

1. Create a new source folder for the scripts in the prerequisites section, download and extract the scripts

2. Edit FontsInstall.ps1

a. $FromPath needs to be updated in FontInstall.ps1 script to be the path your users will save the fonts to. The script will pick the fonts up in this location and install them into c:\windows\fonts. By default I have $FromPath set to c:\Fonts

Detection Method script needs to be updated to the directory you specify the log file to be written in the FontInstall.ps1 script

ConfigMgr Application Setup

1. Open ConfigMgr Console and navigate to \ à Software Library àOverview à Application Management àApplications

a. Right Click Applications and select Create Application

i. General

1. Manually specify the application information

2. Click Next

ii. General Information

1. Fill out as necessary

2. Click Next

iii. Application Catalog

1. Fill out as necessary

2. Click Next

iv. Deployment Types

1. Click Add

a. General

i. Type: Script Installer

ii. Manually specify the deployent type information

iii. Click Next

b. General Information

i. Fill out as necessary

ii. Click Next

c. Content

i. Content Location: <UNC PATH> of the FontsInstall.ps1 file

ii. Installation Program: Powershell.exe -executionpolicy bypass -file FontsInstall.ps1

iii. Click Next

d. Detection Method

i. Click Use a custom script to detect…

ii. Click Edit

1. Script Editor

a. Script Type: PowerShell

b. Click Open

i. Browse to where you saved DetectionMethod.ps1

ii. Click Open

c. Click OK

iii. Click Next

e. User Experience

i. Install for System

ii. Whether or not a user is logged in

iii. Click Next

f. Requirements

i. Click Next

g. Dependencies

i. Click Next

h. Summary

i. Click Next

i. Completion

i. Click Close

2. Click Next

v. Summary

1. Click Next

vi. Completion

1. Click Close

b. Distribute the Content

c. Deploy the Application