Powershell script to push installation via intune - powershell

I am trying to create an intunewin file to update dell command update on all computers (via MS endpoint manager).
Dell CU will not install itself, if the older version of the app is present on the pc. Or rather it will install, but it won't run.
Solution - To create a powershell script, that first uninstalls the older versions of dell CU, and only then installs the newest one.
The code:
Remove-Item -Path "C:\Program Files\Dell\CommandUpdate" -Recurse -Force -EA SilentlyContinue -Verbose
Remove-Item -Path "C:\Program Files (x86)\Dell\CommandUpdate" -Recurse -Force -EA SilentlyContinue -Verbose
./Dell-Command-Update-Windows-Universal-Application_601KT_WIN_4.5.0_A00_01.EXE
This works just fine, when run like this on my computer. Actually I run the cmd script:
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File .\script.ps1
Where script.ps1 is the first script above.
So I have 3 files in the folder - the ps1 script, the cmd command, and the EXE file itself. From these 3 I create the intunewin file.
When pushed via intune, the app does not install itself. I can see 'downloading' notification, but never receive installation notification, neither successful nor failed one.
Can this be related to intune settings itself? The detection method and install command are most likely correct and were working before, when I was just using the exe file for intunewin creation.
I have to change this, because Dell CU won't install itself if the older version is there - as mentioned in the first sentence.
I assume this might be related to the powershell code. Maybe intune does not understand
./Dell-Command-Update-Windows-Universal-Application_601KT_WIN_4.5.0_A00_01.EXE
anymore, when it is given intunewin file instead?
If that's the case, how can I modify my script to 'make sense in intune'?
Thank you in advance for all the advices

Related

Can run simple Script with PowerShell, but task scheduler doesn't?

I created a simple PowerShell script to copy items from a remote location to my google drive, the script runs using the option run with PowerShell.
Get-ChildItem "\\myipaddress\Exports" -Recurse -Filter F7104016E30A0465* |
Copy-Item -Destination "G:\My Drive\storage" -Force
However I am trying to automate the script with task scheduler to run it daily and it is not copy the file into the destination folder. the task does not show an error.
in action tab I select start program and add argument: -ExecutionPolicy Bypass -File C:\test\script.ps1, there is not error on the log but it doesn't show incremental (1 file) in the google drive.

Powershell script for uninstall Software

I need help with powershell script I need create script for deployment for many workstations which I push to the machines via deployment tool. I need uninstall app AzInfoProtection.exe the problem is that the path for this SW is different for each computer. So I don´t know I need find path by the executable file and after this create the command to uninstall it.
app name: AzInfoProtection.exe
Path somewhere: C:\ProgramData\Package
Cache**\
I found this but I don´t know how can I get from the output the path
Get-ChildItem -Path "C:\ProgramData\Package Cache" -Filter AzInfoProtection.exe -Recurse -ErrorAction SilentlyContinue -Force
So I need script that will uninstall this SW on many computer and the command for uninstalltion should be:
"C:\ProgramData\Package Cache{ca644579-3d97-4c24-8bf0-a4ccd297b6a6}\AzInfoProtection.exe" /uninstall /quiet
this part is fro each computer different {ca644579-3d97-4c24-8bf0-a4ccd297b6a6} so I need script which find it.
I will be glad if you help me,
thanks

Restart environment and script during batch script

I've built a few FFmpeg powershell scripts for me and a few others to use and I'm attempting to make the setup and update process as easy as possible. The end goal is to be able to run 1 batch file that installs Chocolatey, FFmpeg, git, clones the github repo (for updates), and edits the Windows registry to add the actual FFmpeg powershell scripts / console programs to the Windows Explorer contextual menu. This way I just pass them the folder containing everything once and any time I change or add something to the project I can just tell them to run the batch file again, and presto everything is up to date.
However I'm struggling to find a way to install Chocolatey, then git with Chocolatey, and then run a git command with the execution of a single .bat file. From what I can tell after installing Chocolatey I need to restart the shell entirely before I can install git, and then I have to restart the shell again before I can use a git command. As of right now most of the actual processing is happening via Powershell scripts that are launched from the .bat file, and as each step is taken I update a txt file, attempt to restart the batch script, and read the txt file to pick up where I left off:
#echo off
echo Administrative permissions required. Detecting permissions...
echo.
net session >nul 2>&1
if %errorLevel% == 0 (
echo Success: Administrative permissions confirmed.
echo.
) else (
echo Failure: Current permissions inadequate.
PAUSE
exit
)
set relativePath=%~dp0
set relativePath=%relativePath:~0,-1%
PowerShell -NoProfile -ExecutionPolicy Bypass -File "%relativePath%\Setup\CheckRequiredPackages.ps1" -relativePath "%relativePath%"
set /p step=<"%relativePath%\Setup\Step.txt"
if %step% == 1 (
(echo 2) > "%relativePath%\Setup\Step.txt"
PowerShell -NoProfile -ExecutionPolicy Bypass -File "%relativePath%\Setup\GetChocolatey.ps1"
start "" "%relativePath%\RunMe.bat"
exit
)
if %step% == 2 (
(echo 3) > "%relativePath%\Setup\Step.txt"
PowerShell -NoProfile -ExecutionPolicy Bypass -File "%relativePath%\Setup\GetRequiredPackages.ps1"
start "" "%relativePath%\RunMe.bat"
exit
)
if %step% == 3 (
(echo 0) > "%relativePath%\Setup\Step.txt"
PowerShell -NoProfile -ExecutionPolicy Bypass -File "%relativePath%\Setup\Update.ps1" -relativePath "%relativePath%"
)
PAUSE
Exit
The problem is using the start command in the batch script doesn't seem to work, I'm guessing since that new process is spawned from the same process that handles the Chocolatey install it doesn't count as actually restarting the shell. Is there any way to actually restart the shell and somehow have the batch file start back up without user intervention?
I'm not sure why I didn't initially think of reloading the path environment variable but that's a whole lot more reasonable than restarting the script 4 times with an intermediary file.
Firstly I moved 99% of the heavy lifting from the .bat file to a Powershell script, as the only reason I'm using Batch is so the user can easily run the file by clicking it in Explorer. I couldn't get RefreshEnv to work, which is a feature of Chocolatey, but running this between each new package worked great:
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
So I have something like this now, and the Batch scrip just launches this Powershell Script:
Write-Host "Installing / updating required packages..."
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol =
[System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
choco install ffmpeg -y
choco install git -y
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
Write-Host "Deleting old files..."
Remove-Item -LiteralPath $relativePath -Force -Recurse
Start-Sleep 2
Write-Host "`nUpdating Files..."
git clone https://github.com/TheNimble1/FFmpegContextCommands.git $relativePath
Which installs Chocolatey, refreshes the path, installs FFmpeg & Git, refreshes the path, deletes the old files, and then clones the git to replace with new files.
Indeed, a start-launched process inherits the calling process' environment rather than reading possibly updated environment-variable definitions from the registry.
Chocolatey comes with batch file RefreshEnv.cmd (C:\ProgramData\chocolatey\bin\RefreshEnv.cmd, but C:\ProgramData\chocolatey\bin should be in the %PATH%) specifically to avoid having to start a new, independent session for environment updates to take effect.
Therefore, something like the following may work:
:: Assumes that Chocolatey was just installed to the default location.
call "%ProgramData%\chocolatey\bin\RefreshEnv.cmd"
:: If Chocolatey was *previously* installed and its installation directory
:: has already been added to %Path%, the following will do:
:: call RefreshEnv.cmd
call "%relativePath%\RunMe.bat"
Since Chocolatey is only being installed during your script's execution and its binaries folder is therefore not yet in %Path%, you'll have to call RefreshEnv.cmd by its full path, as shown above - which assumes the default install directory.
Your own answer now shows how to refresh the $env:Path (%Path%) environment variable using .NET methods directly _from PowerShell, which is a pragmatic solution.
Note, however, that RefreshEnv.cmd is more comprehensive in that it reloads all environment-variable definitions and therefore potentially newly added and modified ones.
Note that calling RefreshEnv.cmd from PowerShell does not work, because it then runs out of process (which means that it cannot update the calling process' environment).
However, Chocolatey offers an Update-SessionEnvironment PowerShell command (aliased to refreshenv), which you can make available immediately after a Chocolatey install as follows:
# Import the module that defines Update-SessionEnvironment aka refreshenv
Import-Module "$env:ProgramData\Chocolatey\helpers\chocolateyProfile.psm1"
# Refresh all environment variables.
Update-SessionEnvironment # or: refreshenv
See this answer for a more robust approach that doesn't rely on assuming that the default location was installed to.

Installing Windows Updates via PSWindowsUpdate

I am trying to remotely make a domain-computer install its windows updates. This sounds like it should be quite easy, but I've been working on this for over 7 hours now and can't get it to work. I know you can do this via a GPO, but that doesn't give me enough control over the interval. I want our servers to install them and reboot monthly - a GPO can only be used to install and reboot weekly. Since our production works 24/7 I absolutely don't want the servers to reboot outside of the few hours downtime per month I am allowed for maintenance!
I have found several tutorials like this that use the Module PSWindowsUpdate, but these tutorials use an older version of that Module. They use a Function called Invoke-WUInstall which doesn't exist in the newest version. I have tried downgrading the module, but the packagesource doesn't provide versions older than 2.0.0.0
Also the project page doesn't provide a documentation - no examples - neither does it have a discussion or bugtracker. There is a discussion on the page of the original author, but he stopped working on it 2 years ago when it was still the old version.
I tried using Invoke-Command instead of Invoke-WUInstall, but Windows doesn't seem to allow remote update installation like that. PSWindowsUpdate apparently circumvents this problem by running the command as a scheduled task on the target machine, so looking at the output of Get-Command -Module PSWindowsUpdate, I thought I might need to use Invoke-WUJob instead and wrote this code:
Import-Module -Name PSWindowsUpdate
Enable-PSRemoting -Force
ForEach ($hostname in $args) {
Write-Output "Processing $hostname"
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $hostname -Concatenate -Force
# Install PSWindowsUpdate on target machine
Invoke-Command -computername $hostname -ScriptBlock {
PackageManagement\Get-PackageProvider -Name NuGet -Force
inmo PSWindowsUpdate -Force
}
# Install the Updates
Invoke-WUJob -ComputerName $hostname -Script {
ipmo PSWindowsUpdate;
Install-WindowsUpdate -install -AcceptAll -IgnoreReboot
} -Confirm:$false -RunNow
}
I run this as a user who has administrative rights on the target machine and the output looks fine, but it didn't do anything.
Does anyone have experience with that module? how do you do this properly in versions >= 2?
Well, i already did something like this and also faced this same problem.
That was my solution:
Create a powershell file to execute your commands. Place all your commands to install the updates there.
Copy this file to the remote server.
You can do something like this:
copy myfile.ps1 \\myserver\c$\temp\myfile.ps1;
Run a remote script to create a registry inside the RunOnce, and the set value with a command to run your script:
Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce" -Name '!InstallUpdates' -Value "c:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -File c:\temp\myfile.ps1"
Run another command remotelly to restart your server.
The server will reboot and then will execute your script locally.

Powershell Get-ChildItem doesn't work properly on IIS directory

I was going to write up a simple alias 'iis' to invoke the IIS Manager, which is 'C:\Windows\System32\inetsrv\InetMgr.exe'
set-alias iis "OpenIIS.ps1"
and in the OpenIIS.ps1 I have
$item = "C:\Windows\system32\inetsrv\InetMgr.exe"
invoke-item -path $item
This doesn't work. The error I get is "The system cannot find the file specified"
In fact, just doing a Get-ChildItem on the inetsrv won't show the InetMgr.exe (no difference with -Force switch)
Get-ChildItem C:\Windows\system32\inetsrv\*.exe -force
Obviously I can see it in Explorer and I can launch it using cmd, but not with Powershell it seems. Also, Powershell is running as Administrator.
What is going on?
As a workaround I tried creating a link to the file and then invoking that link from Powershell. I now get a 'NotSpecified' Win32Exception.
I have originally used 64 bit Powershell, but get the same result on the x86 Powershell (both run as Administrator)
Are you at the elevated PowerShell prompt? Some system files may not show up unless you use -Force parameter with Get-ChildItem.
I think evidently the file InetMgr.exe is not there as when I do a get-childitem in the mentioned directory,it lists the "InetMgr.exe" there.
This may not be the problem with Get-ChildItem or the Alias you created but instead with ur IIS Server.