Tag Archives: PowerShell

How to check for MS17-010 and other Hotfixes

13 May , 2017,
arien
,
No Comments

There has been a lot of commotion in the technews about the #WannaCrypt / #WannaCry / #Wcry ransomware.
For example NYT made a nice map showing the outbreak around the globe. More detailed information can be found at Troy Hunt’s blog post.

The Critical Update Bulletin can be found at: https://technet.microsoft.com/library/security/MS17-010
MSRC even made Customer Guidance page.

Ofcourse we need to keep our patches current. I just wanted to do a quick check on my systems where protected from the exploit yes or not? Just looking in the “View Installed updates” scanning for 4012212 can be an annoying Control panel task. The search on this page also isn’t much fun either because it will scan the entire system again and sometimes missing the result you’re looking for!

View Installed Updates

The problem for MS17-010: In the bulletin I could find KB-numbers for every OS needed. But what was missing are; the Rollups replacing the March Rollup(s) are not mentioned in the bulletin itself. If you have these, you’re good/patched aswell :-).


Microsoft does not show replacement information on the KB-page itself.

Using a SCCM Console we can find Supersedence information for example April rollup KB4015549 (first monthly successor).

The updates missing here might be caused by Supersedence Rules

And so the best place to look for this information would be the Microsoft Update Catalog

After searching, click on the update [title] to view details for KB4015549 and go to the ‘Package Details’ tab. Here we can find the needed replacement information (‘This update has been replaced by the following updates’). Click every replacing update until you end with ‘n/a’.

To wrap up and quickly check on a few systems I’ve made a script checking it for the most common operating systems.

It can also be changed and run remotely from a management system ofcourse.
So here is how you could do this after changing the original script just a little bit:

You need to have PS-AD-Tools (RSAT) installed for the last script.
Change the Distinguished Name (DN) in line 25.

Running a VBscript from batch (command line)

1 Nov , 2016,
arien
, ,
No Comments

Most of the time a specific scripting language is chosen to provide an automated solution for something.
In this case a customer was already using batch scripting. I was adding simple VBscripts to query the WMI Namespaces. Well how to use these different scripts in hybrid and pass values back to the original batch startup script?

The VBS being used in this example is checking WMI for the Write Filter State (used in the Windows Embedded OS).
Microsoft is using the commands available to check and manage the filter and splitting the huge output to find the current state of the writefilter here. In my opinion it is better to use the information available in WMI:

The cscript //nologo is the most important part of the command you use to start the .VBS!
When we compare the output without the nologo switch we see these differences:
cscript-nologo

Now to call the and get it’s result and put it in a variable

BTW, Very usefull when creating WMI code is the WMI Code Generator created by Rob van der Woude.

Simple PowerShell script to ping multiple Devices

4 Mar , 2016,
arien

No Comments

It’s always useful to quickly check you most important devices in your network! Especially to troubleshoot something.
A Script can help you to get things done faster. When search for common scripts like this I always find complicated and long scripts with built in extra’s. I like to keep my scripts simple for these situations.

First create a .txt file with a list of addresses or hostnames:
Devices

To accomplish this all I created the simple powershell script:

The Test-Connection cmdlet is used.

Let’s run the magic script and show what it looks like when it works.
MagicPingScript
Is it fast enough for you?

Trigger available Application Catalog deployments to appear in Software Center

21 Oct , 2015,
arien
, ,
No Comments

In my previous post I explained how to Create shortcuts to deploy available applications in ConfigMgr 2012.
User-available deployed apps are not shown in the SCCM 2012 Software Center right away! (Sidenote: I believe ‘The new SCCM’ vNext has a different approach already.)
Software center user available apps

Using ApplicationViewService.asmx on the Application Catalog we can do some extra’s: automated application requests!
This way the user does not have to go to the App-Catalog and request the app. Besides that, only not-installed apps will appear in the ‘Available Software’ tab in Software Center. Which is nice right?
Before we can use this we have to make changes to the Application Catalog web.config file.

The file can be found on the server running the appcatalog at
<drive>\:Program Files\SMS_CCM\CMApplicationCatalog\Web.config
save a copy if you want to be able to revert to original without thinking.

Read More…

Create shortcuts to deploy available applications ConfigMgr 2012 (using PoSH)

22 Sep , 2015,
arien
, , ,
No Comments

For a customer implementing Configuration Manager 2012 the use of the Application Catalog and Software Center can be a big change for the end-users. This when they have not used SCCM software and/or user-portal centric delivery before.
I was looking for possibilities to create a situation to start an application deployment with a more common interface like the start menu or the desktop.
Since the startmenu is back in modern OS-versions to deliver the apps for the user I decided to try and use it for this.
start menu available app example install

To automate it I have created a simple script that will create shortcuts you can use to start the deployment. On the background it uses Configuration Manager Client SDK WMI Classes
It’s not being used in production, so it is not completely functional with user rights but it was much easier to create than I expected. So use this at you own risk and make it better yourself :).

The code should explain itself because it’s not that difficult. You can play with the Get-WmiObject and the Where-Object options to test your exact results.

This creates (for example) a shortcut to install Mozilla Firefox with the target:
start menu available app shortcut firefox
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File C:\Deploy-CCM_App.ps1 -ApplicationName "Mozilla Firefox (nl)"

Read More…