Windows patching has been quite the mess this month, which makes for a bit of a crazy week. However, I still found the time to sort through my scripts, as promised in my previous post. I have published some of the less complex Powershell examples, and there are still many more where these came from. You can find what is currently available on github.
General
- Scripts that I use on a day to day basis for endpoint administration
Some of these are for specific use cases, for instance the Check-ADPropagation scripts were born out of a need to let AD replication completely finish before making changes. Otherwise it could impact updating collections in SCCM, or having users log on/off to apply permissions changes. The environment I previously worked in was spread all across the US and sometimes AD replication would take upwards of 20 minutes. These scripts constantly monitor each domain controller and let you know once the changes have fully propagated.
Ever get tired of just randomly trying to reconnect to a computer that you rebooted? Me too, thus the Restart-Monitor script came to be. Simply start the monitor and it will let you know when it’s available to connect again.
Running out of disk space on multiple machines across your fleet? There’s a script for that!
SCCM
- Scripts that I use for ConfigMgr administration
Most of these scripts are very general purpose as well. Everything from checking to see which of your collections have incremental updates enabled to repairing content mismatches on distribution points.
My company has a lot of remote sites, with some REALLY slow links. As a consequence, content replication is heavily throttled during business hours, and still rather slow when it isn’t. This leads to some interesting replication issues. Strides are being made towards LEDBat, Delivery Optimization, and Peer caching. For the time being though, these scripts are the answer.
Where did that collection go… Get-ObjectLocation will sniff it out like a bloodhound!
Plans for the Future
I have a set of tasks related to OS deployment maintenance that I perform every month. Most have already been automated with scripts, but I’m in the process of combining all of it into a single module.
Tasks
I use the fantastic OSDBuilder module to do offline servicing on my WIMs. The following is what I hope to include in the module:
- Download and update Adobe Flash Player ActiveX, NPAPI, and PPAPI packages to latest version.
- Update Adobe Reader DC to latest version.
- Pull all of those updates + serviced WIMs into my test task sequences.
- Also update in place upgrade task sequences with latest WIMs.
- Run all test task sequences on virtual machines.
- If no problems found on virtual, run all test task sequences on actual hardware.
- Release to production on the final Friday of every month if all tests were successful.
Process
Currently I maintain WIMs for Windows 7 x86 & x64, Windows 10 1703, and Windows 10 1809. Thankfully, Windows 7 will be a thing of the past at the end of this year. We are also mid migration of windows 10 versions, so consequently, 1703 will be gone soon as well.
There are 3 sets of task sequences:
- Development
- Test
- Production
Development is used only by me to test features/changes/etc. Test is used by other members of my team as a base for various processes: software packaging, kiosks, etc. Production is exactly what you would think, wide spread use across the enterprise.
This means there are 10 total task sequences.
- Development x64
- Development x86
- Test x64
- Test x86
- Test IPU Win10 1703
- Test IPU Win10 1809
- Production x64
- Production x86
- Production IPU Win10 1703
- Production IPU Win10 1809
It sounds like a lot, but they’re really all copies of each other, they just get updated at different times throughout the month. I use UI++ as a front end, this allows me to combine Windows 7 and 10 into a single TS.
Goals
- Generate updated WIMs with OSDBuilder
- Import those WIMs into SCCM
- Download latest versions of Flash Player/Adobe Reader, create packages for those in SCCM
- Update all test task sequences with respective updates
- Spin up test VMs in vCenter
- Import test VMs into SCCM and set needed variables for each
- PXE boot the VMs and let them run through OSD automagically
- Log in to each and verify no issues
From that point it’s just repeating the changes on Production. I’m already doing all of this now, but it’s with individual scripts and it’s very specific to my particular environment. My goal is to make something that could benefit any ConfigMgr Administrator. If that sounds interesting to you, look out for future updates.
Leave a Reply