Month: November 2016

Miniscans in LDMS 9.6 and later are now run and sent via ldiscn32.exe.

This allows it to follow the same codepath as delta scans returning the expected results as well as allowing the “Use Connection Address” Inventory functionality.

The following the commandline to run a miniscan using the inventory scanner.
“C:\Program Files (x86)\LANDesk\LDClient\LDISCN32.EXE” /mini

Miniscan still retains the ability to include custom data within the scan. Please use the following format:
“C:\Program Files (x86)\LANDesk\LDClient\LDISCN32.EXE” /mini /send”=Custom Data – Logged On = Yes”

 

Notes

So, what I’m thinking here…is that you could use this method to send Bitlocker info, User info, or other inventory data back to your LD DB.

Example,

“C:\Program Files (x86)\LANDesk\LDClient\LDISCN32.EXE” /mini /send”=Custom Data – Bitlocker – Password = 11111111-22222222-33333333-44444444-55555555-66666666″

Inventory Scanner Switches

 

function TextToSpeech {
param([Parameter(Mandatory=$true)]$Text, [switch]$Fast, [switch]$Slow)
$VoiceObject = New-Object -ComObject SAPI.SpVoice
if ($Slow) { $VoiceObject.Rate = -8 }
if ($Fast) { $VoiceObject.Rate = +3 }
$VoiceObject.Speak($text) | Out-Null}
TextToSpeech -Text "Hello! My name is Eddie Jackson."
TextToSpeech -Text "Hello! My name is Eddie Jackson." -Slow
TextToSpeech -Text "Hello! My name is Eddie Jackson." -Fast

This is the PowerShell code to activate Windows.

$computer = gc env:computername
$key = "aaaaa-bbbbb-ccccc-ddddd-eeeee"
$service = get-wmiObject -query "select * from SoftwareLicensingService" -computername $computer
$service.InstallProductKey($key)
$service.RefreshLicenseStatus()

 

Notes

https://gallery.technet.microsoft.com/scriptcenter/OS-Activation-by-MAK-using-e8a8ad2c

Command line method
slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
slmgr.vbs /ato

List available editions for upgrade
DISM /online /Get-TargetEditions

To upgrade from evaluation to standard
DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

I created this to write dynamic information to the Computer Description field in Active Directory. I have included the remote and local methods.

Once this runs, the computer object description field is updated with something like this:

SOME WORDS HERE * 11/14/2016 6:24 PM * HP EliteBook 840 G2

Screenshot

Code

Import-Module ActiveDirectory

# REMOTE COMPUTER
# $ComputerName = 'RemoteComputerName'

# OR
# LOCAL COMPUTER
$ComputerName = (Get-WmiObject -Class Win32_ComputerSystem -Property Name).Name

$a = Get-Date
$b = $a.ToShortDateString()
$c = $a.ToShortTimeString()
$d = Get-WmiObject -computername $ComputerName Win32_Computersystem | Select -Expand model

if ($d -eq $null) {$d = '0000'}
#$e = $d -replace '\D+(\d+)\D+','$1'
$Description = "SOME WORDS HERE * $b $c * $d"

Set-ADComputer $ComputerName -description $Description

 

 

Notes

Something interesting you can do, is tie the Return Bitlocker Info script and this PowerShell script together. That increases functionality by allowing you to query info, for machines that are missing the Bitlocker passwords in AD, you can perform the import automatically, and the final piece, you can update the computer object description field with dynamic information.

I only had to add two small parts to bind the two scripts.

#1 – Add the following towards the bottom, but in the loop of the Return Bitlocker Info
PowerShell.Exe -File C:\_AD_Scripts\SetDescription.ps1 %PC%

 

#2 – At the top of the PowerShell script, allow a parameter to be accepted. Note in #1, you’ll be passing %PC%, which is the computer name. The following accepts the %PC% and then assigns it to $ComputerName

param ([string]$w)
$ComputerName = $W

 

This is how you would return all computers, from a specific OU using PowerShell.

Get-ADComputer -SearchBase 'ou=YourOU,dc=YourDomain,dc=com' -Filter '*' | Select -Exp Name > Computers.txt

 

Notes

dsquery computer “OU=YourOU,DC=YourDomain,DC=com” -limit 20000 > Computers.txt

I created this script to query a list of computers. For me, I just needed the raw BitLocker data from the client machines dumped to a text file.

cls

@Echo off
Title BitLocker Report
color 0a
Setlocal EnableDelayedExpansion

REM INTERNAL VARIABLES
REM —————————————————————————-

REM ENTER NAME OF COMPUTER TEXT FILE
Set PCList=C:\scripts\_AD_Scripts\_ENGINE\computers.txt

REM CREATES DATE AND TIME TIMESTAMP
rem sets a static timestamp
for /F “tokens=2-4 delims=/- ” %%p in (‘date/T’) do set mdate=%%r%%p%%q
for /F “tokens=1-2 delims=:- ” %%p in (‘time/T’) do set mtime=%%p%%q
Set ReportN=%mdate%_%mtime%_%report%.txt
REM PROGRAM ROUTINE
:CYCLE
for /f “tokens=* delims= ” %%a in (%PCList%) do (

REM sets dynamic timestamp 
FOR /F “TOKENS=*” %%B IN (‘DATE/T’) DO SET NowD=%%B
FOR /F “TOKENS=*” %%A IN (‘TIME/T’) DO SET NowT=%%A

cls
echo Contacting %%a workstation name…
ping %%a | find “Reply” > nul
if errorlevel 1 (echo !NowD! !NowT!, %%a, OFFLINE >> “%ReportN%”
) else ( 
echo !NowD! !NowT!, %%a, ONLINE >> “%ReportN%”
cls
echo Found %%a…
rem ———————————-
echo Reporting BitLocker Data %%a
ping -n 2 127.0.0.1>nul
echo.
manage-bde -cn %%a -protectors -get c:>>C:\scripts\_AD_Scripts\_ENGINE\RawData.txt
rem ———————————-

echo.
)
)

endlocal
exit /b 0

I created this script to query Bitlocker info directly from the computer. I was going down a spreadsheet, so I added the loop to make things faster (I’m using this to audit machines). Note, I did add querying for computer name and IP address. If seems like manage-bde was being temperamental, and only sometimes accepting the name.

Screenshot

Code

@echo off
color 0b
Setlocal EnableDelayedExpansion
Title Return Bitlocker Info

:LOOP
cls
rem enter the name of the computer you want to query
Echo Enter Computer Name:
Set /p PC=

cls
Echo Checking for %PC%…
Echo.
rem check to see if the pc is online
ping %PC% | find “Reply” > nul
if errorlevel 1 (Echo %PC% was not found
ping -n 6 127.0.0.1>nul
) else (Echo Found %PC%
Echo.
Echo.
Echo.
Echo Trying by computer name first…
Echo.
rem return protectors to screen
manage-bde -cn %PC% -protectors -get c:

rem find ip address
for /f “tokens=1,2,3 delims= ” %%a in (‘ping %PC%’) do (
set IP1=%%a
set IP2=%%b
set IP3=%%c
echo !IP3! | find “[” && set IP=!IP3!
set PCIP=!IP:~1,-1!
)
Echo.
Echo.
Echo.
Echo Trying by IP address next…
Echo.
rem return protectors with ip address
manage-bde -cn !PCIP! -protectors -get c:
pause
)

goto :LOOP

 

Update 11/14/2016

I went ahead and added the Active Directory import. So, not only will the script return the Bitlocker info to screen, it will also attempt to import the remote computer’s Bitlocker info into AD. The additional parts are in bold.

@echo off
color 0b
Setlocal EnableDelayedExpansion
Title Return Bitlocker Info

:LOOP
cls
rem enter the name of the computer you want to query
Echo Enter Computer Name:
Set /p PC=
cls
Echo Checking for %PC%…
Echo.
rem check to see if the pc is online
ping %PC% | find “Reply” > nul
if errorlevel 1 (Echo %PC% was not found
ping -n 6 127.0.0.1>nul
) else (Echo Found %PC%
Echo.
Echo.
Echo.
Echo Trying by computer name first…
Echo.
rem return protectors to screen
manage-bde -cn %PC% -protectors -get c:

rem find ip address
for /f “tokens=1,2,3 delims= ” %%a in (‘ping %PC%’) do (
set IP1=%%a
set IP2=%%b
set IP3=%%c
echo !IP3! | find “[” && set IP=!IP3!
set PCIP=!IP:~1,-1!
)
Echo.
Echo.
Echo.
Echo Trying by IP address next…
Echo.
rem return protectors with ip address
manage-bde -cn !PCIP! -protectors -get c:
echo.
echo.
Echo Attempting Active Directory Import
for /f “skip=4 tokens=2 delims=:” %%g in (‘”manage-bde -cn !PCIP! -protectors -get c:”‘) do set MyVar=%%g
ping.exe -n 6 127.0.0.1>nul
REM IMPORT BITLOCKER INFO INTO AD
echo.
echo Returned ID is !MyVar!
echo.
\\%computername%\C$\Windows\system32\manage-bde.exe -cn !PCIP! -protectors -adbackup c: -id!MyVar!
pause
)

goto :LOOP

 

Notes

see this PowerShell script to write to computer description field in AD

Using Visual Studio 2015, I selected File–New–Project–Visual C#–Console Application, and began testing text file creation, writing and reading, loading items from the text file into an array, and returning specific elements from the array.

using System;
using System.IO;
class Test
{
public static void Main()
{
string path = @"c:\CSharpLabs\computers.txt";

// See if file exists, if not exists, create file
if (!File.Exists(path))

{
// Create a file to write to.
string[] createText = { "computer1", "computer2", "computer3" };
File.WriteAllLines(path, createText);
}

// Append to last line
string appendText = "computer99" + Environment.NewLine;
File.AppendAllText(path, appendText);

// Read each line
string[] readText = File.ReadAllLines(path);
foreach (string s in readText)

{
//output to screen
Console.WriteLine(s);
}

//select a couple of array items to output
Console.WriteLine("Array 1 is: {0}", readText[0]);
Console.WriteLine("Array 2 is: {0}", readText[1]);
Console.ReadLine();
}
}

Recently, Tableau has made a slight change to how its Reader app is installed.

When packaging, it used to be
tableau_setup.msi /qn

Now it is
tableau_setup.msi /qn ACCEPTEULA=”1″

VBScript will look something like this
InstallTableau = “msiexec.exe /i tableau_setup.msi /qn ACCEPTEULA=””1″” “
wshShell.Run InstallTableau,0,true

 

I found that bit of information in the MSI using Orca

Notes

Remove older versions
msiexec.exe /X{601C7D83-2B27-424A-82A4-A7F2768508F4} /QN
msiexec.exe /X{CAFF89F1-3C19-4F86-84A9-9410BC014EB4} /QN
msiexec.exe /X{3D054388-8F96-4BDD-BC9D-9889FC7C2892} /QN
msiexec.exe /X{7a03ede8-74de-4c02-94bf-333c5b49c474} /QN