For example, if you have a Config Mgr Gateway on the internet, you might want to know what applications are not distributed there.This gives all applications assigned somewhere else, but not to 'Desired DP Group' SQL code:SELECT DISTINCTpk.NAME [Package Name],dgp.pkgid [Package ID]FROM vsms_dpgroupinfo dpgrINNER JOIN v_dpgrouppackages dgp ON dgp.groupid = dpgr.groupidLEFT JOIN v_package pk ON … Continue reading Find applications not assigned to a distribution group
Determine if a SCCM client setting is in place
Source: ChatGPTUnfortunately, SCCM doesn't store the "Enable user policy requests from internet clients" setting explicitly in the registry, but we can infer its status by examining related settings. Here's a PowerShell script that attempts to determine the status of "Enable user policy requests from internet clients" by examining related SCCM client settings in the registry. … Continue reading Determine if a SCCM client setting is in place
Get the path of a running process
Problem: using Powershell, it doesn't always provide the PATH in the results for get-process. There doesn't seem to be a consistent way to get that information. Solution: Define a new WinaAPI process called QueryProcessPathThis is nasty (lots of lines of code) but worksExample is at the bottom[Powershell Code]Add-Type -TypeDefinition @'using System;using System.Runtime.InteropServices;using System.ComponentModel;using System.Text;public static class WinApiProcess … Continue reading Get the path of a running process
KQL Kusto example: find EOL C++ Redistributable
DeviceProcessEvents | join kind=innerunique DeviceInfo on DeviceName | where FileName contains "vcredist" | where DeviceType contains "Workstation" | where ProcessVersionInfoProductVersion matches regex "^([6-9]|1[0-1])." // 6..11 for v2005..2012 | distinct Timestamp, DeviceName, ProcessVersionInfoProductName, ProcessVersionInfoProductVersion, InitiatingProcessFileName, InitiatingProcessVersionInfoProductName, InitiatingProcessParentFileName, AccountDomain, AccountName | project Timestamp, DeviceName = split(DeviceName,".").[0], ProcessVersionInfoProductName, ProcessVersionInfoProductVersion, InitiatingProcessFileName, InitiatingProcessVersionInfoProductName, InitiatingProcessParentFileName, Username = strcat(AccountDomain,"/",AccountName) //| extend DeviceName … Continue reading KQL Kusto example: find EOL C++ Redistributable
Find drive type for volume or interface
# ----------------------------------------------------------------------------- Function IsUSBDrive ($DriveLetter) { # ----------------------------------------------------------------------------- # Given a drive letter, return True if USB drive (gwmi win32_diskdrive | ?{$_.interfacetype -eq "USB"} | %{gwmi -Query "ASSOCIATORS OF {Win32_DiskDrive.DeviceID=`"$($_.DeviceID.replace('\','\\'))`"} WHERE AssocClass = Win32_DiskDriveToDiskPartition"} | %{gwmi -Query "ASSOCIATORS OF {Win32_DiskPartition.DeviceID=`"$($_.DeviceID)`"} WHERE AssocClass = Win32_LogicalDiskToPartition"} | %{$_.deviceid} ) -contains "$DriveLetter`:" } # ----------------------------------------------------------------------------- Function DriveInterfaceType ($DriveLetter) … Continue reading Find drive type for volume or interface
Use msgraph to create an InTune group and add members with Powershell
$NewGroup_displayName = "AAD-Intune-Windows-Roger-test"$GroupOwner = 'Roger@.com' ============================================================================== Initial connections ============================================================================== Write-host 'Connect to MSGraph'Connect-MSGraph -ForceNonInteractive -Quiet # get an auth token for MSGraph Write-host 'Connect to MGGraph'Connect-MgGraph -nowelcome Write-Host 'Get my user object ID' # M$MyObjectid = (get-mguser -all -filter "Mail eq '$GroupOwner'").id ============================================================================== Create or locate the group ============================================================================== Write-Host 'Look for group'$newGroup = get-mggroup … Continue reading Use msgraph to create an InTune group and add members with Powershell
Inventory registry key – Prohance
For use with NeverMatch technique to gather SCCM inventory # find the org code and return it ready for SQL and Excel $registryKey = "HKLM:\SOFTWARE\ProHance Mate Service" $subkeys = Get-ChildItem -Path $registryKey -ErrorAction SilentlyContinue foreach ($subkey in $subkeys) { $subkeyName = $subkey.PSChildName $organizationCode = (Get-ItemProperty -Path "$registryKey\$subkeyName" -Name "OrganizationCode" -ErrorAction SilentlyContinue).OrganizationCode "`"$(Hostname)`",`"$((get-date).tostring('MM/dd/yyyy HH:mm:ss'))`",`"$subkeyName`",`"$organizationCode`"" }
Inventory ODBC drivers in SCCM
Goal is to find ODBC drivers in every user profile.Need 2 configuration items(1) runs as current user, to get their config which is loaded / locked; thus not available to System.(2) runs as system to get all the unloaded profiles; Load them read them unload them.The config items both run the same code, which is … Continue reading Inventory ODBC drivers in SCCM
Extract icons from .EXE files
Extracts from all files in the folder, and saves to the chosen folder # Powershell code Function ExtractIcon { Param ( [Parameter(Mandatory=$true)] [string]$SourceDir, [string]$ExtractDir, [switch]$Recurse ) Add-Type -AssemblyName System.Drawing If (-Not (Test-Path $ExtractDir)) { New-Item -Path $ExtractDir -ItemType Directory -ErrorAction SilentlyContinue | Out-Null } ForEach ($exe in (Get-ChildItem -Path $SourceDir -Filter *.exe -ErrorAction SilentlyContinue -Recurse:$Recurse)) … Continue reading Extract icons from .EXE files
Find all the printers using the HP universal driver, and report back the driver version they are using
#Powershell code $List = [System.Collections.ArrayList]@() foreach ($ThisPrinter in (Get-Printer | ? {$_.Drivername -like "HP Universal printing PCL 6*"})) { $ThisDriver = Get-PrinterDriver -Name $Thisprinter.drivername $S = [PSCustomObject] @{ PrinterName = $null DriverName = $null DriverVersion = $null } $S.PrinterName = $ThisPrinter.Name $S.DriverName = $Thisdriver.Name $S.DriverVersion = [Version]( (3..0 | ForEach-Object { ($ThisDriver.DriverVersion -shr ($_ * … Continue reading Find all the printers using the HP universal driver, and report back the driver version they are using
Scripting, Etc. 