Powershell

This post was updated on September 18th, 2020. This post is one of 3 posts in my series on managing BIOS settings using PowerShell. I’ve also written about Dell and Lenovo. In this post I’ll be talking about using PowerShell to manage HP BIOS settings. The script can be downloaded from my GitHub: https://github.com/ConfigJon/Firmware-Management/tree/master/HP HP, WMI, and PowerShell HP provides a WMI interface that can be used for querying and modifying BIOS settings on their hardware models. This means that we can use PowerShell to directly view and edit BIOS settings without the need for a vendor specific program. This script uses 3 of the HP provided WMI classes. ...

This post was updated on September 18th, 2020. In my last blog post, (Lenovo BIOS Password Management), I talked about managing Lenovo BIOS passwords with PowerShell. I liked how that process worked, so I decided to create a similar process to handle HP BIOS passwords. Once again, the goal was to have a script that could automatically set, change, or clear BIOS passwords while providing logging and optional user prompts. In this post, I’ll cover the basics of how the script works and some limitations of the script. ...

This post was updated on October 18th, 2020. This post discusses how to manage Lenovo BIOS passwords using WMI. My goal was to have a script that could change or clear existing passwords and could display a prompt to the screen when manual intervention was required. In this post, I’ll cover the basics of how the script works. I’ll also talk about some limitations of the script and some areas it could be improved in the future ...

The out of the box Windows 10 experience has improved over the years, but I still find most clients I work with want to make various tweaks and modifications to the default settings. In the past I would add these customizations to a Configuration Manager task sequence as individual steps. But I’m lazy, and I didn’t want to have to continually add each individual step over and over. Plus I like to keep task sequences shorter when I can. The solution was to create a PowerShell script that allows the admin to select which of the common Windows customizations to run in their environment. ...

I was working with a client that had a requirement where each computer that was deployed needed to be paired with a physical document that had information about the computer. The solution I used to automate this process was to use a PowerShell script to take information from a running task sequence, then write and print a Word document. Here is a high level outline of the process. Information about the computer and deployment is collected by a PowerShell script during the task sequence The same PowerShell script then copies that information to a network share as a CSV file A separate computer or server has a Windows Scheduled Task set to run a second PowerShell script on a schedule The second PowerShell script takes any CSV files in the network location as input. It uses the data from the CSV files to build a Word document and then sends that document to a printer. This is the script that runs during the task sequence to collect information and write it to a CSV file on a network share. This example script is collecting the Serial Number, Asset Tag, and Computer Model. ...

As I spend time working in many different Configuration Manager environments, I find myself regularly needing to create Antimalware Policies. Most of the settings in the antimalware policies can be configured quickly, however the setting that always takes me the most time is the Exclusion Settings. There needs to be different policies with different exclusion settings for different types of devices. Each of these separate policies have 3 different areas for adding file paths, file types, and processes. And for some reason, unknown to me, the dialog window for adding exclusions has a 260 character limit. This means that even if all the exclusion settings are in a list, you can’t just copy the whole list in at once. All this adds up to make this process time consuming and inconsistent. ...

I was recently deploying an application that required Windows Firewall rules to be created for an executable that ran from each user’s AppData folder. The way I accomplished this was to use a combination of PowerShell scripts and the Windows Task Scheduler. I created two PowerShell scripts for this solution. Create_Scheduled_Task.ps1 and Create_Firewall_Rules.ps1. The Create_Scheduled_Task.ps1 script copies the Create_Firewall_Rules.ps1 script to a subfolder in C:\Users\Public and creates a scheduled task to run that script each time a user logs onto the computer. You will need to set the $appName, $scriptName, and $folderPath variables. ...

I encountered a scenario where I needed to add or remove domain users from the local administrators group on an individual computer basis. The Run Script feature in Configuration Manager worked great for this. I used an Add script and a Remove script. Both scripts have a $Member parameter that takes the name of a domain user or group and adds it to or removes it from the local administrator group on selected computers. ...