Migrate printers to new server

If you move printers from one server to another the users needs to reconnect all printers…

And… of course it’s easy to do with a small Powershell script. :)

Function Migrate-Printer {
    PARAM (
        [string] $ShareName,
        [string] $oldServer,
        [string] $newServer

    $currentPrinter = Get-WmiObject -Query "SELECT * FROM Win32_Printer WHERE Network=True AND ShareName = '$($ShareName)' AND SystemName = '\\\\$($oldServer)'"

    if ($currentPrinter -eq $null) {
        Write-Verbose "Cant find \\$($oldServer)\$($ShareName)"
    } else {
        Write-Verbose "Migrating printer $($ShareName) from $($oldServer) to $($newServer)"

        $net = New-Object -com WScript.Network

        Write-Verbose "Adding printer \\$($newServer)\$($ShareName)"

        Write-Verbose "Removing printer \\$($newServer)\$($ShareName)"

        if ($currentPrinter.Default -eq "True") {
            Write-Verbose "Setting default to \\$($newServer)\$($ShareName)"


Example usage

Migrate-Printer -ShareName "PRINTER001" -oldServer "OLDSERVER" -newServer "NEWSERVER"

Export / Import boot image drivers (needed before ADK upgrade)

If you want to deploy Windows 10 you probably need to upgrade your ADK… and when you have done your upgrade you can’t see any drivers on boot images in the ConfigMgr console.

So, to get your “old” drivers in to your new boot image, export them to a XML-file before the upgrade and then when the upgrade is done just import them.

The two functions you need

Function Export-BootImageDrivers {
[String] $ImageId,
[String] $ExportXml

$drivers = @{}
(Get-CMBootImage -Id $ImageId).ReferencedDrivers | ForEach-Object {
Write-Verbose "Found driver ID – $($_.Id)"

$drivers.Add($_.Id, $_.SourcePath)

$drivers | Export-Clixml -Path $ExportXml

Function Import-BootImageDrivers {
[String] $ImageId,
[String] $ExportXml

$BootImage = Get-CMBootImage -Id $ImageId
$drivers = Import-Clixml -Path $ExportXml
$drivers.GetEnumerator() | ForEach-Object {
Write-Verbose "Adding driver ID – $($_.Name)"
Set-CMDriver -Id $_.Name -AddBootImagePackage $BootImage -UpdateDistributionPointsforBootImagePackage $false -Force

First run the export

Export-BootImageDrivers -ImageId "ABC00123" -ExportXml "C:\Stuff\drivers.xml"

Then when the upgrade is done, import them

Import-BootImageDrivers -ImageId "ABC00345" -ExportXml "C:\Stuff\drivers.xml"

Copy drivers from one boot image to another

When you have a new ConfigMgr boot image ready but are missing some drivers from an old one… might be hard to find them in a larger structure.

… Powershell to the rescue! :)

Function Copy-BootImageDrivers {
    PARAM (
        $from, $to

    $boot = Get-CMBootImage -ID $to

    (Get-CMBootImage -Id $from).ReferencedDrivers | ForEach-Object {
        Write-Verbose "Copying $($_.Id) to $($to)"
        Set-CMDriver -Id $_.Id -AddBootImagePackage $boot -UpdateDistributionPointsforBootImagePackage $false


#Example use
Copy-BootImageDrivers -from "ABC00123" -to "ABC00456"

Exclude updates during OS Deployment

With A LOT of inspiration from a blogpost by The Deploymentguys I wrote a couple of scripts that do not require internet access during OSD.

First, I have a script that pulls the KB and extracts KB-numbers to an XML-file.
Second, there is a script you run during OSD that reads the XML-file(s) and create thre TS env variable(s).

The script to update the XML-file from the online KB.

    [string] $KB = "2894518"

$url = "http://support.microsoft.com/kb/$($KB)"
    Write-Host "Retrieving list from $($url)"
    $result = Invoke-WebRequest $url -ErrorAction Stop
    THROW "Error retrieving KBs from $($url)"

$ExcludeKBs = @()
$result.AllElements | Where Class -eq "plink" | ForEach-Object {
    $pos = $_.innertext.indexof('/kb/') + 3

    #If Valid KB Hyperlink
    if ($pos -gt 3) {
        #String Cleansing, final ExcludeKB = 1234567
        $ExcludeKB = $_.innertext.Substring($pos,$_.innertext.Length-$POS).Trim().Replace('/','').Replace(')','').Trim()

        Write-Host "Found KB to exclude: $($ExcludeKB)"
        $ExcludeKBs += $ExcludeKB

if ($ExcludeKBs.Length -ne 0) { 
    $xmlPath = (Join-Path (Split-Path $MyInvocation.MyCommand.Definition -Parent) "exclude-auto-KB$($KB).xml")
    Write-Host "Exporting list to $($xmlPath)"
    $ExcludeKBs | Export-Clixml -Path $xmlPath

    Write-Host "Exit with code 0"
    Exit 0
} else {
    Write-Host "Exit with error code 99 (Didnt find any KBs)"
    Exit 99

Then the script to run during deployment.

    [string] $xmlFiles = "exclude-*.xml"

    $tsEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction SilentlyContinue
    Write-Host "Cant create TS Environment"
    $tsEnv = $null

$ExcludeKBs = @()
Get-ChildItem -Path "$(Split-Path $MyInvocation.MyCommand.Definition -Parent)\*" -Include $xmlFiles | Foreach-Object {
    Write-Host "Importing KBs from $($_.FullName)"
    $ExcludeKBs += Import-Clixml -Path $_.FullName

$i = 1
$ExcludeKBs | Sort-Object -Unique | ForEach-Object {
    # Build variable number with zero-padding
    $tsi = "000$($i)"
    $tsi = $tsi.Substring(($tsi.ToString().Length - 3), 3)

    if ($tsEnv -ne $null) {
        Write-Host "Adding TS Variable:  WUMU_ExcludeKB$($tsi) = $($_)"
        $tsEnv.Value("WUMU_ExcludeKB$($tsi)") = $_
    } else {
        Write-Host "Cant add TS Variable:  WUMU_ExcludeKB$($tsi) = $($_)"

    $i ++

if ($tsEnv -eq $null) {
    Write-Host "Exit with error code 99 (Missing TS Environment)"
    Exit 99
} else {
    Write-Host "Exit with code 0"
    Exit 0

And, as a bonus you can specify multiple XML-files with updates you want to exclude… Name a file “exclude-blaha.xml” and let it have a content like this:

<Objs Version="" xmlns="http://schemas.microsoft.com/powershell/2004/04">

Then drop it in the same folder as the other XML and you should be good to go.

Written by Comments Off on Exclude updates during OS Deployment Posted in ConfigMgr

Find undefiened networks in netlogon.log

To find undefined networks in your AD you can parse the netlgon.log files on the domain controllers.
(This script will gather all errors you can of add some “If ($_.Error -like ‘NO_CLIENT_SITE*’) …” if you only want that kind of error.)

$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
Write-Host "Using domain $($domain.Name)"

# Copy files to %Temp%
($domain).DomainControllers | Foreach-Object {
    $netlogonSource = "\\$($_.Name)\Admin$\debug\netlogon.log"
    $netlogonTarget = (Join-Path (Get-Item Env:Temp).Value "netlogon-$($_.Name.Replace($domain.name, ''))log")

    Write-Host "Copy from $($netlogonSource) to $($netlogonTarget)"
    Copy-Item -Path $netlogonSource -Destination $netlogonTarget -Force

# Process local files to hashtable
$networks = @{}
Get-ChildItem -Path "$((Get-Item Env:Temp).Value)\netlogon*.log" | Sort-Object FullName | ForEach-Object {
    Write-Host "Processing $($_.FullName) " -NoNewline

    Import-Csv $_.FullName -Delimiter ' ' -Header Date, Time, Domain, Error, Name, IPAddress | ForEach-Object {
        if (! $networks.ContainsKey($_.IPAddress)) {
            # IP not in list, adding
            Write-Host "." -NoNewline -ForegroundColor Green
            $networks.Add($_.IPAddress, "$($_.Domain)$($_.Name) $($_.Error) $($_.Date) $($_.Time)")
        } else {
            # Allready there
            Write-Host "." -NoNewline -ForegroundColor Red
    Write-Host ""

# Export to new CSV
$outFile = "$((Get-Item Env:Temp).Value)\netlogonData.csv"
Write-Host "Export data to $($outFile)"
$networks.GetEnumerator() | Select-Object Name, Value | Export-Csv -Path $outFile -Force 

# Remove temporary netlogon-files
Get-ChildItem -Path "$((Get-Item Env:Temp).Value)\netlogon*.log" | Remove-Item -Force

Green dot – Unique IP found
Red dot – Duplicate (will not be added to list)

And in the end there will be a CSV-file in %Temp% that you can use.


Remove old logfiles

Want to clean out old logfiles from IIS (or other products)?

    [int] $daysBack = 7,
    [string] $logPath = "C:\Inetpub\Logs\LogFiles"

Get-ChildItem $logPath -Recurse -Include *.LOG | Where-Object {$_.CreationTime -lt (Get-Date).AddDays(0-$daysBack)} | ForEach-Object {
	Write-Host "Processing: " -ForegroundColor Yellow -NoNewline
	Write-Host $_.FullName -ForegroundColor White -NoNewline
	$span = New-TimeSpan $_.CreationTime $(get-date)
	Write-Host " $($span.Days) days old" -ForegroundColor Yellow -NoNewline

	TRY {
        Remove-Item $_.FullName -Force -ErrorAction Stop
        Write-Host " [Deleted]" -ForegroundColor Green

    CATCH {
        Write-Host " [Can't delete]" -ForegroundColor Red

Get Powershell ISE to run scripts with -Verbose flag

Missing an easy way to run your scripts from ISE with the -Verbose or -Debug flag?

Easy to add… Open up your Microsoft.PowerShellISE_profile.ps1 file and add the following lines:

$psISE.CurrentPowerShellTab.AddOnsMenu.Submenus.Add('Run with -Verbose', { Invoke-Expression -Command ". '$($psISE.CurrentFile.FullPath)' -Verbose" }, 'Ctrl+F5') | Out-Null
$psISE.CurrentPowerShellTab.AddOnsMenu.Submenus.Add('Run with -Debug',   { Invoke-Expression -Command ". '$($psISE.CurrentFile.FullPath)' -Debug" }, 'Ctrl+F6') | Out-Null

Now when you restart ISE you should see the options under the Add-Ons menu.

Create Site Roles Collections

Quick and easy way to create device collections based on site roles:

$wmiParams = @{
    "Namespace" = "root\SMS\site_ABC";
    "Query" = "SELECT RoleName FROM SMS_SystemResourceList"

Get-wmiobject @wmiParams  | Group-Object RoleName | ForEach-Object {
    Write-Verbose "Creating collection for role $($_.Name)"
    $newCollection = New-CMDeviceCollection -Name "ConfigMgr-Role $($_.Name)" -LimitingCollectionID "SMS00001" -RefreshType Periodic -RefreshSchedule (New-CMSchedule -RecurInterval Days -RecurCount 4 -Start (Get-Date))
    $query = "SELECT * FROM SMS_R_System WHERE SMS_R_System.SystemRoles = '$($_.Name)'"
    Add-CMDeviceCollectionQueryMembershipRule -CollectionId $newCollection.CollectionID -QueryExpression $query -RuleName "CMRole-$($_.Name)"

You will end up with collections like:
– ConfigMgr-Role SMS Distribution Point
– ConfigMgr-Role SMS Device Management Point
– ConfigMgr-Role … and so on …

Stand Alone Media and USB 3

I’m testing some Stand Alone USB Media for deployment of Windows 7 and 8…

Ran in to a few problems…

First off, it’s not to easy to find a USB-Stick with at least 32 Gb that is bootable.
We found that Kingston DataTraveler R3.0 (rubber like casing) works OK to boot from…

Second, keep the volume size under 32 GB.
Since it will be a FAT32 Volume you need to create a partition at 32 (or less) GB. (Remember that it needs to be active)

Third, when using a USB3 port on the computer you will probably run in to problems if you try to install USB3-drivers.
Workaround is to plug the stick in to a USB2 port.

Fourth, when only having USB3 ports you can run in to issues accessing the files.
A simple workaround is to get a simple USB-Hub that uses USB2… with that you will downgrade your USB3-stick to a USB2-stick and everything works just fine. :)

Fifht, when using custom scripts in MDT you might run in to issues if you use “Start in” and then point out something like “%deployroot%\MyScripts” as folder and a command line like “cscript script.vbs”
To solve this, use a command line like “cscript %DeployRoot%\MyScripts\script.vbs” and empty out the “Start in” folder.

Written by Comments Off on Stand Alone Media and USB 3 Posted in ConfigMgr

Get filename in ConfigMgr 2012 ContentLib

In ConfigMgr 2007 it was kind of convinient to be able to edit files directly on a DP, in ConfigMgr 2012 that isn’t to easy if you are using Content Library.

There are a few ways to find out where the files are actually stored, here is one way:

(Will give you the path to somefile.xml in package ABC01234)

	$siteCode = "ABC",
	$FileName = "somefile.xml",
	$PackageID = "ABC01234",
	$ContentLib = "D:\SCCMContentLib"
Import-Module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + '\ConfigurationManager.psd1')
Set-Location "$($siteCode):"

$package = Get-CMPackage -ID $PackageID
$hash = (Get-Content "$($ContentLib)\DataLib\$($package.PackageID).$($package.StoredPkgVersion)\$($FileName).INI" | Where-Object { $_ -like "Hash=*" }).Replace("Hash=", "")
$storePath =  Join-Path "$($ContentLib)\FileLib" "$($hash.Substring(0,4))\$($hash)"

$sourcePath = Join-Path $package.PkgSourcePath $FileName

Write-Host "Source: $($sourcePath)"
Write-Host "Store : $($storePath)"

Will result in something like this:

Source: \\server\share\path\to\package source\somefile.xml
Store : D:\SCCMContentLib\FileLib\A123\A1234567890ABCDEF1234567890ABCDEF

And with this you can edit the XML-file directly on the store instead of editing source, update DPs, wait for processing, wait some more…

… but, I’m not saying that I recommend anyone to edit files directly in the store. 😉

ConfigMgr Package Status Reports

Found a nice idea for a report on Eswar Koneti’s blog. That query combined with some info from a blogpost by Jörgen Nilsson will give you two reports to dig into status of packages.

Status of Distribution Points with Package Compliance

	CDR.PkgCount AS Targeted,
	CDR.NumberInstalled AS Installed,
	CDR.PkgCount-CDR.NumberInstalled AS NotInstalled,
	PSd.SiteCode AS ReportingSite,
	ROUND((100 * CDR.NumberInstalled/CDR.pkgcount), 2) AS Compliance

	v_ContentDistributionReport_DP CDR LEFT JOIN v_PackageStatusDistPointsSumm PSd

This report can be linked into the next one (using DPNalPath as a parameter)

Package Compliance on a single Distribution Point

Updated 2013-10-08 Join in tables instead of Select Case on State and PackageType

	v_ContentDistribution.State AS StateNo,
	DPStatusInfo.StateName AS State,
	v_ContentDistribution.PkgID AS PackageID,
	v_ContentDistribution.PackageType AS PackageTypeNo,
	SMSPackageTypes.Name AS PackageType,
	SUBSTRING(v_ContentDistribution.Path,CHARINDEX(']', v_ContentDistribution.Path)+1, LEN(v_ContentDistribution.Path) - CHARINDEX(']', v_ContentDistribution.Path)-1) AS PackagePath,

	v_ContentDistribution LEFT JOIN DPStatusInfo ON v_ContentDistribution.State = DPStatusInfo.State
	LEFT JOIN SMSPackageTypes ON v_ContentDistribution.PackageType = SMSPackageTypes.PackageTypeID

WHERE DistributionPoint = @DistributionPoint

This report need a parameter for DistributionPoint, to list all in a drop-down, use the query below on the parameter. (If you want to use the report without going thru a link)

	SiteCode + ' - ' + SUBSTRING(ServerNALPath,CHARINDEX(']\\', ServerNALPath)+3, LEN(ServerNALPath) - CHARINDEX(']\\', ServerNALPath)-3) AS DistributionPoint
FROM v_DistributionPoint

Update ConfigMgr packages with Hotfix-information

When you install a hotfix and/or a cumulative update in ConfigMgr you can select the option to let the installer create some packages.

But, those packages are missing some info… For instance Manufacturer and Version.

A quick and dirty SQL update will do the trick.

	Version = LEFT(Replace(Source, '\\server.domain.com\SMS_ABC\hotfix\', ''), 9),
	Manufacturer = 'Microsoft',
	Language = 'All'
WHERE Source LIKE '\\server.domain.com\SMS_ABC\Hotfix%'

This is of course not supported… but afaik it works. 😀

If you want to see what would be updated, run this first

	Version AS OrgVersion,
	LEFT(Replace(Source, '\\server.domain.com\SMS_ABC\hotfix\', ''), 9) AS NewVersion,
	Manufacturer AS OrgManufacturer,
	'Microsoft' AS NewManufacturer,
	Language AS OrgLanguage,
	'All' AS NewLanguage
FROM SMSPackages_G
WHERE Source LIKE '\\server.domain.com\SMS_ABC\hotfix\%'

(And yes, you need to replace servername and sitecode)

Get-ADSites and create Site Based Collections

Missing an easy way to get AD-Sites from Powershell?

They are listed under Sistes/Configuration with the objectClass = Site. So a simple LDAP-query does the trick.

Get-ADSites {
	Return Get-AdObject -LdapFilter "(ObjectClass=site)" -SearchBase "CN=Sites,CN=Configuration,$((Get-AdDomain).DistinguishedName)"

Then, with these sites it’s easy to create Device Collections in ConfigMgr based on what AD-Site the client reports.

Get-ADSites | ForEach-Object {
	$newCollection = New-CMDeviceCollection -Name "AD-Site $($_.Name)" -LimitingCollectionID "SMS00001" -RefreshType Periodic -RefreshSchedule (New-CMSchedule -RecurInterval Days -RecurCount 1 -Start (Get-Date))
	$query = "SELECT * FROM SMS_R_System WHERE SMS_R_System.ADSiteName = '$($_.Name)'"
	Add-CMDeviceCollectionQueryMembershipRule -CollectionId $newCollection.CollectionID -QueryExpression $query -RuleName "ADSite-$($_.Name)"

Reset local admin password

You probably want to have random passwords on all your local admin accounts… Wrote a function that generates a complex (and readable) password and another function that sets the local admin password.

Function Get-RandomPassword {
		$pwdMask = "####-####-####-####-####",
		$pwdCharacters = "abcdefghjkmnopqrstuvwxy23456789ABCDEFGHJKLMNPQRTUVWXYZ"

	$newPassword = ""
	(0 .. (($pwdMask.Length)-1) ) | ForEach-Object  {
		If ( $pwdMask.Chars($_) -eq "#" ) {
			$rndChar = Get-Random -Minimum 0 -Maximum $pwdCharacters.Length
	 		$newPassword += $pwdCharacters.Chars($rndChar)
		} else {
			$newPassword += $pwdMask.Chars($_)

	Return $newPassword

Function Set-LocalAdminPassword {
		[string] $computerName,
		[string] $newPassword

	$adminAccountName = (Get-WmiObject Win32_UserAccount -Filter "LocalAccount = True AND SID LIKE 'S-1-5-21-%-500'" -ComputerName $computerName | Select-Object -First 1 ).Name
	TRY {
		Write-Verbose "Reset password for $($computerName)\$($adminAccountName) to $($newPassword)"
		$adminAccount = [adsi]"WinNT://$($computerName)/$($adminAccountName),user"
		Return $true
		Return $false

This is how to reset password on a single computer

Set-LocalAdminPassword -computerName "SOMEPC" -newPassword (Get-RandomPassword)

And if you want to process a list of computers (that are online) from the AD

Import-Module ActiveDirectory
$newPwds = @{}
Get-ADComputer -LDAPFilter "(name=PC00*)" | ForEach-Object {
	$computerName = $_.Name
	If (Test-Connection -ComputerName $computerName -Count 1 -ErrorAction SilentlyContinue) {
		$randomPwd = Get-RandomPassword
		If (Set-LocalAdminPassword -computerName $computerName -newPassword $randomPwd ) {
			$newPwds.Add($computerName, $randomPwd)

$newPwds | Format-Table -AutoSize

Remove all direct memberships from collections

If you are using direct memberships to speed up ConfigMgr, you probably want to clean it up when your collection query is good to go…

The problem is to find all direct memberships since Get-CMUserCollectionDirectMembershipRule doesn’t allow wildcards. But there is a WMI-class with all members…

Function Remove-AllDirectMemberships {
		[string] $sccmSite = "ABC",
		[string] $collectionNameFilter = "SomePrefix*"

	Get-CMUserCollection -Name $collectionNameFilter | ForEach-Object {
		$Collection = $_
		Write-host "$($Collection.Name)"
		Get-WmiObject -Class $_.MemberClassName -Namespace "ROOT\SMS\Site_$($sccmSite)" | Foreach-Object {
			If ($_.IsDirect -eq $true ) {
				Write-host "- Removing $($_.ResourceID)"
				Remove-CMUserCollectionDirectMembershipRule -CollectionId $Collection.CollectionID -ResourceId $_.ResourceID -Force