Loading

Posts by MB

Updated: Microsoft 365 Apps

This is a refresh of my old post Microsoft 365 Apps (Office 365) hantering i MECM (SCCM), or maybe I should write “a refresh of the script”.

In this post, I ensure that the Office Deployment Tool (ODT) is the latest version to support new version/function of Microsoft 365 Apps setup.
I use a modified Powershell script created by Marco Hofmann & Trond Eric Haavarstein to suit my idea.
Original script: https://www.meinekleinefarm.net/download-and-install-latest-office-365-deployment-tool-odt

What this version of the script does:

Download the latest version of the Office Deployment Tool (ODT).
Checks if it’s a newer version of the Office 365 Deployment Tool (ODT), and if it’s a newer version, extracts it to a subfolder with the version number as the folder name. If it is not a newer version, skips this step
Then copies the new setup.exe to both the folder for the source files and the application package in ConfigMgr
And for last it runs the setup.exe (with download xml-file) to download allt the Microsoft 365 Apps


<#
.SYNOPSIS
    Download latest Office Deployment Tool (ODT) and Office setup files
.DESCRIPTION
    Download latest Office Deployment Tool (ODT), extract setup.exe and download Office setup-files.
.EXAMPLE
    PS:> \\DFSSHARE.ORGANISATION.ORG\...\download.ps1
    Downloads latest officedeploymenttool.exe
    Creates a sub-directory for each new version
    Copies the setup.exe from the sub-directory to source-directory (incl. cmsetup-directory) and download Office setup-files
.NOTES
    Author: Magnus Bäcke
    URL: https://backes.nu
    Original Author: Marco Hofmann and Trond Eric Haavarstein Original Author URL: https://www.meinekleinefarm.net and https://xenappblog.com/ 
    This is the original script: https://www.meinekleinefarm.net/download-and-install-latest-office-365-deployment-tool-odt
.LINK
    https://www.microsoft.com/en-us/download/details.aspx?id=49117
#>
 
$StartDTM = (Get-Date)
$LogDTM = (Get-Date -format "yyyy-MM-dd_HH-mm-ss")
$ODTDownload = "\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\ODTDownload\"              # <-- You need to change the path
$LogPS = "\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\Logs\$LogDTM.log"                # <-- You need to change the path
$SourcePath = "\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\"                           # <-- You need to change the path
$SetupPath = "\\DFSSHARE.ORGANISATION.ORG\CMSourceFiles$\Applications\Microsoft 365\Files\" # <-- You need to change the path
$Downloadxml = 'download.xml'                                                               # <-- You need to change this to the name of your Office download XML-file here, or name your XML-file download.xml
<# No need for any changes below here#>
$DownloadURL = (Invoke-WebRequest -Uri "https://www.microsoft.com/en-us/download/confirmation.aspx?id=49117").Links | Where-Object href -like '*exe' | select -First 1 | select -expand href
$SaveDir = "$ODTDownload\officedeploymenttool.exe"
$ProgressPreference = 'SilentlyContinue'

Set-Location $ODTDownload


Write-Verbose "Setting Arguments" -Verbose
Start-Transcript $LogPS

Write-Verbose "Download latest version of Office Deployment Tool (ODT)." -Verbose

Invoke-WebRequest -Uri $DownloadURL -OutFile $SaveDir

Write-Verbose "Read version number from downloaded file" -Verbose
$Version = (Get-Command .\officedeploymenttool.exe).FileVersionInfo.FileVersion

Write-Verbose "If downloaded ODT file is newer, create new sub-directory." -Verbose
if( -Not (Test-Path -Path $Version ) ) {
    New-Item -ItemType directory -Path $Version
    Write-Verbose "Extract setup.exe from ODT" -Verbose
    .\officedeploymenttool.exe /quiet /extract:.\$Version
    start-sleep -s 5
    Write-Verbose "New folder created $Version" -Verbose
    Set-Location $Version
    Copy-item ".\setup.exe" -Destination $SourcePath -Force
    Write-Verbose "setup-exe copied from $Version to $SourcePath " -Verbose
    Copy-item ".\setup.exe" -Destination $SetupPath -Force
    Write-Verbose "setup-exe copied from $Version to $SetupPath (CM O365 setup Source files)" -Verbose
}
else {
    Write-Verbose "Version identical. Skipping folder creation." -Verbose
}

Set-Location $SourcePath
Write-Verbose "Downloading Office setup-files according to the XML-file." -Verbose
Start-Process ".\setup.exe" -ArgumentList "/download $Downloadxml" -Wait -PassThru 

start-sleep -s 15

Write-Verbose "Stop logging" -Verbose
$EndDTM = (Get-Date)
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose
Stop-Transcript

Idéa: Use Task Scheduler to run this late on the second tuesday (or early on the second wednesday) in the month to always have the latest Apps downloaded.

Download and install the latest version of 5 base applications

An acquaintance saw my MECM lab environment the other day and saw how I was automatically downloading the latest versions of some applications (which were then automatically distributed and installed on the client computers), and thought it looked “cool”.
My acquaintance does not run MECM, or similar systems. But wanted me to show how he could automatically download and install latest version of some base applications.
So, I took my scripts and tweaked them for my acquaintance. Which then I thought I’d post them here (because it’s been ages since I posted anything).

Here you go, 5 applications that download and install automatically.

7-Zip

# 7-Zip
$7ZipDir = "C:\tmp\Latest\Apps\"
$dlurl = 'https://7-zip.org/' + (Invoke-WebRequest -Uri 'https://7-zip.org/download.html' | Select-Object -ExpandProperty Links | Where-Object {($_.innerHTML -eq 'Download') -and ($_.href -like "a/*") -and ($_.href -like "*x64.msi")} | Select-Object -First 1 | Select-Object -ExpandProperty href)
# above code borrowed from: https://perplexity.nl/windows-powershell/installing-or-updating-7-zip-using-powershell/
$installerPath = Join-Path $7ZipDir (Split-Path $dlurl -Leaf)
Invoke-WebRequest $dlurl -OutFile $7ZipDir\7z-x64.msi
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"$7ZipDir\7z-x64.msi`" /qn ALLUSERS=2 REBOOT=REALLYSUPPRESS" -Wait -PassThru

# Google Chrome

# Google Chrome
$ChromeDir = "C:\tmp\Latest\Apps\GoogleChromeStandaloneEnterprise64.msi"
Invoke-WebRequest -Uri "http://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise64.msi" -OutFile $ChromeDir
Start-Process msiexec.exe -Wait -ArgumentList '/I $ChromeDir /qn ALLUSERS=2 REBOOT=REALLYSUPPRESS'
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"C:\tmp\Latest\Apps\GoogleChromeStandaloneEnterprise64.msi`" /qn ALLUSERS=2 REBOOT=REALLYSUPPRESS" -Wait -PassThru

Microsoft PowerShell 7

# Microsoft PowerShell 7
$metadata = Invoke-RestMethod https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/metadata.json
$release = $metadata.ReleaseTag -replace '^v';"https://github.com/PowerShell/PowerShell/releases/download/v${release}/PowerShell-${release}-win-x64.msi"
#above code borrowed from: Ruckzuck.tools
$PowerShellDir = "C:\tmp\Latest\Apps\PowerShell-7-win-x64.msi"
Invoke-WebRequest -Uri "https://github.com/PowerShell/PowerShell/releases/download/v${release}/PowerShell-${release}-win-x64.msi" -OutFile $PowerShellDir
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"C:\tmp\Latest\Apps\PowerShell-7-win-x64.msi`" /qn ALLUSERS=2 REBOOT=REALLYSUPPRESS" -Wait -PassThru

Mozilla Firefox

# Mozilla Firefox
$FirefoxDir = "C:\tmp\Latest\Apps\FirefoxSetup.msi"
Invoke-WebRequest -Uri "https://download.mozilla.org/?product=firefox-msi-latest-ssl&os=win64&lang=en-US" -OutFile $FirefoxDir
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"C:\tmp\Latest\Apps\FirefoxSetup.msi`" /qn" -Wait -PassThru

Notepad++

# Notepad++
$NotepadDir = 'C:\tmp\Latest\Apps\'
$href = ((Invoke-WebRequest -Uri 'https://notepad-plus-plus.org/downloads/').Links | Where-Object { $_.innerText -match 'current version' }).href
$downloadUrl = ((Invoke-WebRequest "https://notepad-plus-plus.org/$href").Links | Where-Object { $_.innerHTML -match 'installer' -and $_.href -match 'x64.exe' }).href
Invoke-RestMethod $downloadUrl -OutFile "$NotepadDir\npp.installer.x64.exe"
Start-Process -FilePath "$NotepadDir\npp.installer.x64.exe" -ArgumentList "/S" -PassThru

 

Psst, are you using Microsoft 365? Don’t miss out my old blog post, Microsoft 365 Apps (Office 365) hantering i MECM (SCCM)

 

#7-Zip, #GoogleChrome, #MicrosoftPowerShell7, #MozillaFirefox, #Notepad++, #Microsoft365Apps

Microsoft 365 Apps (Office 365) hantering i MECM (SCCM)

New updated post: Updated: Microsoft 365 Apps

 

Kör även denna bloggning på svenska (English by Google).

I min tidigare bloggpost, Office 365 ProPlus (Microsoft 365 Apps) hantering i SCCM (MECM) skrev jag om mitt sätt att säkerställa att samtliga Applikationspaket för Office 365 ProPlus, Visio Pro for Office 365, och Project Online Desktop Client alltid är av senast verifierad (godkänd för installation) version.

I denna bloggning så tar jag steget lite längre. Här ser jag även till att Office Deployment Tool (ODT) är i senaste version för att stödja installationen av den nya versionen av Office.
Jag har modifierat ett Powershell-script som Marco Hofmann & Trond Eric Haavarstein har skapat, så att det passar min idé.
Original scriptet: https://www.meinekleinefarm.net/download-and-install-latest-office-365-deployment-tool-odt

Det min version av scriptet gör:

  • Laddar ner senaste versionen av Office 365 Deployment Tool (ODT)
  • Kontrollerar om det är en nyare version av Office 365 Deployment Tool (ODT), och om det är en nyare version så Installeras den till en undermapp med versionsnummer som mappnamn. Är det inte en nyare version så hoppas steget över
  • Kopierar sedan den nya setup.exe till både mappen för källfilerna samt applikationspaketet i CM
  • Och till sist körs setup.exe /download download.xml för att ladda ner alla källfilerna

För att automatiserat detta kan man lägga in det i en schemalagd aktivitet.

 

Uppdatering 20211114: Ändrar $StartDTL = (Get-Date) till $StartDTL = (Get-Date -format “yyyyMMdd”) vilket ger en bättre sökväg till logfilen, efter tips av @sundstrom_lars.

<#
.SYNOPSIS
    Download and install latest Office 365 Deployment Tool (ODT)
.DESCRIPTION
    Download and install latest Office 365 Deployment Tool (ODT)
.EXAMPLE
    PS:> \\DFSSHARE.ORGANISATION.ORG\...\download.ps1
    Downloads latest officedeploymenttool.exe
    Creates a sub-directory for each new version
    Copies the setup.exe from the sub-directory to source-directory and cmsetup-directory
.NOTES
    Author: Magnus Bäcke
    URL: https://backes.nu
    Original Author: Marco Hofmann &amp; Trond Eric Haavarstein
    Original Author URL: https://www.meinekleinefarm.net &amp; https://xenappblog.com/
.LINK # This is the original script
    
Download and install latest Office 365 via Office Deployment Tool (ODT)
.LINK https://www.microsoft.com/en-us/download/details.aspx?id=49117 .LINK https://www.microsoft.com/en-us/download/confirmation.aspx?id=49117 #> $StartDTL = (Get-Date -format "yyyyMMdd") $ODTDownload = "\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\ODTDownload\" $Vendor = "Microsoft" $Product = "Office 365 x64" $PackageName = "setup" $InstallerType = "exe" $LogPS = "\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\Logs\$StartDTM $Product $Version ODTDownload.log" $SourcePath = "\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\" $SetupPath = "\\DFSSHARE.ORGANISATION.ORG\CMSourceFiles$\Applikations\Microsoft Office 365\Files\" $Downloadxml = 'download.xml' $URL = $(Get-ODTUri) $ProgressPreference = 'SilentlyContinue' Set-Location $ODTDownload function Get-ODTUri { <# .SYNOPSIS Get Download URL of latest Office 365 Deployment Tool (ODT). .NOTES Author: Bronson Magnan Twitter: @cit_bronson Modified by: Marco Hofmann Twitter: @xenadmin .LINK https://www.meinekleinefarm.net/ #> [CmdletBinding()] [OutputType([string])] param () $url = "https://www.microsoft.com/en-us/download/confirmation.aspx?id=49117" try { $response = Invoke-WebRequest -UseBasicParsing -Uri $url -ErrorAction SilentlyContinue } catch { Throw "Failed to connect to ODT: $url with error $_." Break } finally { $ODTUri = $response.links | Where-Object {$_.outerHTML -like "*click here to download manually*"} Write-Output $ODTUri.href } } Write-Verbose "Setting Arguments" -Verbose Start-Transcript $LogPS Write-Verbose "Download latest version of Office 365 Deployment Tool (ODT)." -Verbose Invoke-WebRequest -UseBasicParsing -Uri $url -OutFile .\officedeploymenttool.exe Write-Verbose "Read version number from downloaded file" -Verbose $Version = (Get-Command .\officedeploymenttool.exe).FileVersionInfo.FileVersion Write-Verbose "If downloaded ODT file is newer, create new sub-directory." -Verbose if( -Not (Test-Path -Path $Version ) ) { New-Item -ItemType directory -Path $Version Write-Verbose "Extract setup.exe from ODT" -Verbose .\officedeploymenttool.exe /quiet /extract:.\$Version start-sleep -s 5 Write-Verbose "New folder created $Version" -Verbose Set-Location $Version Copy-item ".\setup.exe" -Destination $SourcePath -Force Write-Verbose "setup-exe copied from $Version to $SourcePath " -Verbose Copy-item ".\setup.exe" -Destination $SetupPath -Force Write-Verbose "setup-exe copied from $Version to $SetupPath (CM O365 setup Source files)" -Verbose } else { Write-Verbose "Version identical. Skipping folder creation." -Verbose } Set-Location $SourcePath Write-Verbose "Downloading Office setup-files according to the XML-file." -Verbose Start-Process ".\setup.exe" -ArgumentList "/download $Downloadxml" -Wait -PassThru start-sleep -s 15 Set-Location $ODTDownload Write-Verbose "Stop logging" -Verbose $EndDTM = (Get-Date) Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose Stop-Transcript

 

Office 365 ProPlus (Microsoft 365 Apps) hantering i SCCM (MECM)

Ledsen, men denna bloggning blir på svenska (in English, by Google).

Jag har upplevt att en del företag har svårt att få till en bra hantering av Office 365 ProPlus, Visio och Project när det gäller installation och uppdateringar via SCCM/MECM (System Center Configuration Manager, eller som det numera heter Microsoft Endpoint Configuration Manager).
För att säkerställa att samtliga Applikationspaket för Office 365 ProPlus, Visio Pro for Office 365, och Project Online Desktop Client alltid är av senast verifierad (godkänd för installation) version är detta lösning som jag förespråkar.

Bakgrund
I SCCM/MECM skapas det statiska installationspaket (Application packages) för så väl Office 365 ProPlus som Visio och Project. Där Office 365 ProPlus oftast installeras under OS-installationen (via Task Sequence). När Office 365 ProPlus är installerat på klienterna blir de uppdaterade (patchade) via sedvanlig uppdaterings-rutin till nyare ”build” och ibland till ny version.
De statiska installationspaketen (Application packages) ligger fortfarande kvar på samma version och build som när de skapades.

Problemet
Användare A har sin dator installerad med Office 365 ProPlus sedan en tid, och fått både säkerhetsuppdateringar och ny version av Office 365 ProPlus. Nu behöver användare A även ha Visio installerat. Men eftersom den packade Visio-versionen i SCCM/MECM är äldre än den Office 365 ProPlus som användare A har installerat så kommer installationen att misslyckas.

Lösningen
På ett DFS-share som är åtkomligt från alla nät där klienter sitter (inkl. stagning-nät & VPN) skapar man en mapp för Office 365 filer (tex. Office365SetupFiles så att sökvägen ser ut ungefär så här: \dfs-share.organisationen.net\Office365SetupFiles$), i den skapar man två mappar, x86 och x64.
I mappen Office365SetupFiles lägger man sedan Office Deployment Tool (setup.exe) tillsammans med två XML-filer som man får skapa (en för x86 och en för x64) och som talar om vad som skall laddas ner (för exempel på XML-filer se längre ner i dokumentet).
I XML-filerna för nedladdning anger man alla produkter, språk och rättstavningsverktyg som kan tänkas behövas inom organisationen.
När mapparna och XML-filerna är skapade och på plats tillsammans med setup.exe (från Office Deployment Tool) kör man kommandot: setup.exe /download download_x86.xml för att ladda ner alla filerna för 32-bitars version, och sedan setup.exe /download download_x64.xml för 64-bitars version.

I rutinen för uppdateringar varje månad kör man setup.exe /download download_x32.xml (och setup.exe /download download_x64.xml) för att få de uppdaterade installationsfilerna (man tar sedan bort föregående version från nedladdningen). På detta sätt är alltid installationsfilerna uppdaterade, och givetvis kan man automatisera detta.
För installation skapar man sina statiska installationspaket (Application packages), enbart med filen setup.exe (från Office Deployment Tool) och den konfigurations-fil (XML-fil) som talar om vad som skall installeras. I XML-filen hänvisar man till DSF-sharet där nedladdningen finns, och installeras därifrån (exempel på XML-filer se längre ner i inlägget). Jag rekommenderar att använda PSADT (PowerShell App Deployment Toolkit) för att paketera installationen.

Sammanfattning
Nu i denna lösning när användare A med sin dator installerad med Office 365 ProPlus sedan en tid, med både ny version och säkerhetsuppdateringar nu behöver Visio så kommer installationen fungera, då installationsfilerna är i samma version som användare A redan har sitt Office 365 ProPlus på.

Office Deployment Tool (setup.exe) behöver uppdateras när man går upp i version för att stödja nya funktioner, på samma sätt som man kan behöva se över XML-filerna för att de nya funktionerna/produkter ska komma med, eller förhindras (använd Office Office Customization Tool).
Office Deployment Tool, https://go.microsoft.com/fwlink/p/?LinkID=626065
Office Customization Tool, https://config.office.com/deploymentsettings (skapa/importera/exportera konfigurationsfiler)

Exempel på konfigurationsfiler
Exempel på download_x64.xml

<Configuration ID="11666593-c103-4fad-bc07-0951fdee1223">
  <Add OfficeClientEdition="64" Channel="Broad" SourcePath="\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\x64">
    <Product ID="O365ProPlusRetail">
      <Language ID="sv-se" />
      <Language ID="da-dk" />
      <Language ID="nl-nl" />
      <Language ID="en-us" />
      <Language ID="fi-fi" />
      <Language ID="fr-fr" />
      <Language ID="de-de" />
      <Language ID="nn-no" />
    </Product>
    <Product ID="VisioProRetail">
      <Language ID="sv-se" />
      <Language ID="da-dk" />
      <Language ID="nl-nl" />
      <Language ID="en-us" />
      <Language ID="fi-fi" />
      <Language ID="fr-fr" />
      <Language ID="de-de" />
      <Language ID="nn-no" />
    </Product>
    <Product ID="ProjectProRetail">
      <Language ID="sv-se" />
      <Language ID="da-dk" />
      <Language ID="nl-nl" />
      <Language ID="en-us" />
      <Language ID="fi-fi" />
      <Language ID="fr-fr" />
      <Language ID="de-de" />
      <Language ID="nn-no" />
    </Product>
    <Product ID="LanguagePack">
      <Language ID="sv-se" />
      <Language ID="da-dk" />
      <Language ID="nl-nl" />
      <Language ID="en-us" />
      <Language ID="fi-fi" />
      <Language ID="fr-fr" />
      <Language ID="de-de" />
      <Language ID="nn-no" />
    </Product>
    <Product ID="ProofingTools">
      <Language ID="da-dk" />
      <Language ID="nl-nl" />
      <Language ID="en-us" />
      <Language ID="fi-fi" />
      <Language ID="fr-fr" />
      <Language ID="de-de" />
      <Language ID="nn-no" />
      <Language ID="sv-se" />
    </Product>
  </Add>
  <Display Level="None" AcceptEULA="TRUE" />
</Configuration>

Exempel på configuration_x64.xml för Office 365 ProPlus

<Configuration ID="5140f541-3226-4067-84d0-c3e53ac6d29f">
  <Add OfficeClientEdition="64" Channel="Broad" SourcePath="\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\x64" OfficeMgmtCOM="TRUE" AllowCdnFallback="FALSE">
    <Product ID="O365ProPlusRetail">
      <Language ID=" en-us " />
      <ExcludeApp ID="Bing" />
      <ExcludeApp ID="Groove" />
      <ExcludeApp ID="OneNote" />
    </Product>
    <Product ID="LanguagePack">
      <Language ID="sv-se" />
      <ExcludeApp ID="Bing" />
      <ExcludeApp ID="Groove" />
      <ExcludeApp ID="OneNote" />
   </Product>
    <Product ID="ProofingTools">
      <Language ID="fr-fr" />
      <Language ID="de-de" />
     </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="0" />
  <Property Name="PinIconsToTaskbar" Value="FALSE" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="1" />
  <Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
  <Updates Enabled="TRUE" />
  <AppSettings>
    <User Key="software\microsoft\office\16.0\excel\options" Name="defaultformat" Value="51" Type="REG_DWORD" App="excel16" Id="L_SaveExcelfilesas" />
    <User Key="software\microsoft\office\16.0\powerpoint\options" Name="defaultformat" Value="27" Type="REG_DWORD" App="ppt16" Id="L_SavePowerPointfilesas" />
    <User Key="software\microsoft\office\16.0\word\options" Name="defaultformat" Value="" Type="REG_SZ" App="word16" Id="L_SaveWordfilesas" />
  </AppSettings>
  <Display Level="None" AcceptEULA="TRUE" />
  <Logging Level="Standard" Path="%windir%\Logs\Software\" />
</Configuration>

Exempel på configuration_x64.xml för Visio Pro for Office 365

<Configuration ID="986241dd-06ab-49ed-a5e0-5fb25297a666">
  <Add OfficeClientEdition="64" Channel="Broad" SourcePath="\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\x64" OfficeMgmtCOM="TRUE" AllowCdnFallback="FALSE">
    <Product ID="VisioProRetail">
      <Language ID="en-us" />
      <ExcludeApp ID="Bing" />
      <ExcludeApp ID="Groove" />
    </Product>
    <Product ID="LanguagePack">
      <Language ID="sv-se" />
      <ExcludeApp ID="Bing" />
      <ExcludeApp ID="Groove" />
    </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="0" />
  <Property Name="PinIconsToTaskbar" Value="TRUE" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="1" />
  <Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
  <Display Level="Full" AcceptEULA="TRUE" />
  <Logging Level="Standard" Path="%windir%\Logs\Software\" />
</Configuration>

Exempel på configuration_x64.xml för Project Online Desktop Client

<Configuration ID="2755de1d-24bf-4299-b3a0-70ce31c8941b">
  <Add OfficeClientEdition="64" Channel="Broad" SourcePath="\\DFSSHARE.ORGANISATION.ORG\Office365SetupFiles$\x64" OfficeMgmtCOM="TRUE" AllowCdnFallback="FALSE">
    <Product ID="ProjectProRetail">
      <Language ID="en-us" />
      <ExcludeApp ID="Bing" />
      <ExcludeApp ID="Groove" />
	</Product>
    <Product ID="LanguagePack">
      <Language ID="sv-se" />
      <ExcludeApp ID="Bing" />
      <ExcludeApp ID="Groove" />
    </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="0" />
  <Property Name="PinIconsToTaskbar" Value="TRUE" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="1" />
  <Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
  <Display Level="None" AcceptEULA="TRUE" />
  <Logging Level="Standard" Path="%windir%\Logs\Software\" />
</Configuration>

Diskpart to the rescue

In my work, I recently heard that more often new devices (desktop’s/laptop’s) fails in the beginning of the OSD (OS deploy) because of something is wrong with the partitions on the hard drive. The Boot-image can’t download policys or files to the disk, so it fails. Often the IT-person needs to boot the device and re-partition the disk, and after that start the OSD again, and it will work. I have not done some examination on why it fails. The OEM’s OS works on the device/disk. But I have a workaround, or it’s not mine workaround. I did find it on the Internet for a few years ago, so I don’t remember whos to credit (I’m sorry).

But this is the workaround I have.

Begin by creating a txt-file with the content of commands for diskpart we will be using later (this is for UEFI-disks).
sel disk 0 clean convert gpt cre par efi size=200 assign letter=s format quick fs=FAT32 cre par msr size=128 cre par pri assign letter=c format quick fs=NTFS exit
Save the file (I have named my file uefi_disk.txt ), and put it on your SCCM Package-share. Then you will need to create a Package in your SCCM-console, where you will point out the source files (where you saved your new .txt-file). You don’t need to create a program, just select “Do not create a program” and click next, and just go on and finish the wizard. Here is two ways to use this. The first one, if you boot your PC’s from a boot-media (CD/USB), you can create a new boot-media and put in a prestart command to run diskpart. So go one and create a new Task Sequence Media if you choose this way. Mark Boot media, and Next Continue the wizard, entering your “SCCM-info” till you come to Customize the task sequence media. Here you will need to tick the Enable prestart command checkbox, and also enter Command line: cmd.exe /c diskpart /s uefi_disk.txt <– or the name you gave your .txt-file You must also select the Diskpart package you created earlier, and point out your Distribution point. After that, finish the wizard, and you are now ready to boot using your new boot-media.
The other one is to put this in your boot-image (if you PXE-boot your devices, choose this). Using this way the prestart command will always run (when using TS using this boot-image), and you don’t need to create a new boot-image with this prestart command. Go to your Boot-image in the SCCM-console, and right-click it and choose Properties. Go to the Customization tab, and tick the Enable prestart command checkbox, and also enter Command line: cmd.exe /c diskpart /s uefi_disk.txt <– or the name you gave your .txt-file Klick Ok, to save and re-distribute your boot-image, and after that your done.
When you are here, click Next And diskpart will run After diskpart is finished, you can choose your TS, and continue your installation

Clear Clipboard when locking Windows

First, let me just say that I’m no security expert, but safety is something that I find interesting.

Today I saw the posts by Hasain Alshakarti on Facebook, Hasain had posted a link to Accessing the clipboard from the lockscreen into Windows 10 # 2.
Interestingly, Microsoft should have already blocked that security risk.

But you can prevent this yourself, so that Clipboard  is emptied when you lock Windows. No thirdparty software is needed.

Start Task Scheduler
Click on Create Task... under Actions, Task Scheduler Library in the right task pane (or right-click on Task Scheduler Library folder)
On General tab ->
Name: Clear Clipboard 
On Triggers tab ->
Click on New.. button
Under Beging the task, choose: On workstation lock, and click Ok button
Under Actions tab ->
Click on New.. button
Under Program/script, write: cmd.exe
Under Add arguments (optional): write: /c "echo off | clip" and click Ok butoon
Click on Ok button again, and you are done.

Cant turn on RSAT (0x80073701) in Windows 10

rsat-2For about 10 days ago, I tryed to install RSAT (Remote Server Administration Tools) on my work computer.
I downloaded the latest version, WindowsTH-RSAT_WS2016-x64.msu and run the installation. But when I went to turn RSAT on, I got the error message:

The referenced assembly Could not be found.
Error code 0x80073701
Tell me how to solve this problem

Unfortunately, Microsoft’s solution was not the right one for me.

But today (10 days later, and a variety of attempts to activate the RSAT) so I got to it.

I took the downloaded file, WindowsTH-RSAT_WS2016-x64.msu and packed it up (using 7-zip) to C:\RSAT
I started PowerShell as Administrator and went to the path: C:\RSAT and wrote:
DISM /Online /Add-Package /PackagePath:C:\rsat\WindowsTH-KB2693643-x64.cab

After DISM (Deployment Image Servicing and Management tool) run through, I also execute .\ Rsatcustominstaller.exe in the PowerShell window.

A restart later, and RSAT is in action.

 

Windows Defender Scheduled Scans Drains Laptop Battery

I recently received a question whether it is possible to set Windows Defender to stop a scheduled scan on a laptop that was on AC power when the scheduled scan started, but later switchs to run on battery (we dont want to drain the battery).
I have Googled like crazy for days, but my googlefu has not been sufficient. I have looked through group policy’s again and again, but no, I can not find the solution.
I have also not seen any such setting in ConfigMgr 1602 that we use at work.

But just now, it hit me. Why not look in the Task Scheduler?
Said and done, and 10 seconds later, the question was resolved.

 Open the Task Scheduler.
 Expand Task Scheduler Library (by clicking on the arrow in front of Task Scheduler Library).
 Expand Microsoft.
 Expand Windows.
 Go down to, and click on Windows Defender.
 Right click on Windows Defender Scheduled Scan, and select Properties.
 Go to the Conditions tab.
 Check the box infront of Stop if the computer switches to battery power.
 Click Ok, and thats it.

wd_ts

 

Ta bort, eller blockera Appar i Windows 10?

Under tiden jag har labbat med Windows 10 för att kunna skapa en sådan perfekt installations-avbild som möjligt så upptäckte jag att ta bort appar, så som Windows Store, OneDrive, etc inte genererar det bästa resultatet. För hux flux så kan företagets policy ändras och tillåta den borttagna appen. Nej, modifiera Windows så lite som möjligt är det bästa.
Så blockera då?
Ja, det är rätt väg. För det man blockerar kan man oblockera ta bort blockeringen för.

Av Jörgen Nilsson, ccmexec.com kan man lära sig mycket (har en otrolig mängd bokmärken i Chrome från hans blogg).Till exempel hans bloggpost “Blocking built-in apps in Windows 10 using Applocker“. Fungerar jättebra, om man använder Applocker. För den som vill helt radera appar från Windows 10 rekommenderar jag denna bloggpost; Removing built-in Apps from Windows 10 using Powershell.
På företaget jag jobbar på har vi inte använt oss utav Applocker tidigare, och när jag ny följde Jörgens utmärkta tips så blev resultatet först lyckat. Men sedan så hände något, “random” program startade inte, den var blockerad att köras. Jag dubbelkollade, trippelkollade, fyrlingkollade och jämförde inställningar. Det fanns bara en lösning för oss, att ta bort inställningarna jag gjorde i Applocker.
Visst, jag kunde ha fortsätt att “felsöka”. Men tiden att lägga på det och det vi vill blockera gick inte ihop.

Så om man inte vill radera Windows Store eller OneDrive, och man inte kan/vill använda Applocker så går det ju alldeles utmärkt att blockera dessa via GPO i alla fall.

Så här löste jag det (vi vill blockera Windows Store och OneDrive):

  • Först så skapade jag en helt ny GPO, satt ett WMI-filter* på den för att säkerställa att den endast slår mot Windows 10 maskiner.
  • Sedan öppnade jag upp “Windows 10 Policy v1.0 och klickade mig fram till:
    Computer Configuration > Policies > Administrative Templates > Windows Components
  • Väl där, valde jag OneDrive och under där högerklickade jag på Prevent the usage of OneDrive for file storage och valde Edit.
  • Markera Enabled och klicka på Ok- knappen
  • Sedan gick jag nedåt i trädet under Computer Configuration > Policies > Administrative Templates > Windows Components till jag kom till Store
  • Kort och gott, under Store markerade jag Turn off the Store application och valde Edit
  • Markera Enabled och klicka på Ok- knappen

Så var det fixat. Windows Store och OneDrive är blockerade. När företaget ändrar sig, så tar det bara någon minut att oblockera ta bort blockeringen för dessa.

Och när man väl börjar kika på vilka inställningar man kan göra via GPO, så behöver man inte lägga jätte mycket tid på att skapa en egen installations-avbildning.

 

*WMI-filter för Windows 10:
Namespace: root\CIMv2
Query: select * from Win32_OperatingSystem where Version like ”10.0%” and ProductType=”1″

Uppdatera Configmgr Content, där det behövs

Återigen, Rikard Rönnkvist spar mig massor av tid med sina PowerShell-script, tack!

PARAM (
    $sccmServer = "configmgr.snowland.se",
    $sccmSiteCode = "ABC",
    $failStates = "2, 3, 5, 6", # Retrying and Failed (Both Install and Removal)
    $packageTypes = "0, 3, 4, 8, 257, 258" # Not checking 5 (SUP) due to automatic deployments
)
 
Write-Host "Searching for failed content distributions"
ForEach ($FailedDist in (Get-WmiObject -ComputerName $sccmServer -Namespace "ROOT\SMS\Site_$($sccmSiteCode)" -Query "SELECT * FROM SMS_PackageStatusDistPointsSummarizer WHERE State IN ($($failStates)) AND PackageType IN ($($packageTypes))" | Sort-Object PackageID)) {
     
    # Figure out servername from NalPath
    $failedServer = $FailedDist.ServerNALPath.Substring($FailedDist.ServerNALPath.LastIndexOf("]")+3).Trim("\")
 
    # Get the distribution points that content wouldn't distribute to
    ForEach ($FailedDPDist in (Get-WmiObject -ComputerName $sccmServer -Namespace "ROOT\SMS\Site_$($sccmSiteCode)" -Query "SELECT * FROM SMS_DistributionPoint WHERE SiteCode='$($FailedDist.SiteCode)' AND PackageID='$($FailedDist.PackageID)' AND ServerNALPath LIKE '%$($failedServer)%'") ) {
        # Refresh content on the selected DP
        Write-Host "Refreshing $($FailedDPDist.PackageID), type $($FailedDist.PackageType) in state $($FailedDist.State) on $($failedServer)"
        $FailedDPDist.RefreshNow = $true
        $FailedDPDist.Put() | Out-Null
    }
}
 
Write-Host "Done!"

Tack till Rikard Rönnkvist, källa: SnowLand