Monday, March 13, 2017

Create a desktop shortcut the VBScript way

Here is how to create a shortcut (on the Desktop or anywhere else) using VBScript.  This method allows creation from just one .VBS file and saves space by not having to worry about copying multiple shortcuts to the user's Desktop or elsewhere.  I used this VBScript extensively when I realized I wanted to create desktop shortcuts to commonly used applications but did not want to create multiple shortcut.lnk files to copy to the user's Desktop folder (or other folders) manually.

The contents of the CreateShortcut.vbs file:

 Set oWS = WScript.CreateObject("WScript.Shell")
sLinkFile = WScript.Arguments(0)
Set oLink = oWS.CreateShortcut(sLinkFile)
oLink.TargetPath = WScript.Arguments(1)
oLink.Save

 Usage:

 CreateShortcut.vbs <path to shortcut with .lnk extension> <path/filename of file/folder>

 For example - to create a shortcut to MS Excel on the user's desktop:

 CreateShortcut.vbs "C:\Users\JoeUser\Desktop\Microsoft Excel.lnk" "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE"

 The icon for the shortcut uses the default icon of the file/folder (e.g. it will use Excel's default icon in the above example).
Posted by at No comments:

Powershellist - My backup script


Not really SCCM related, but still useful.  :)

This Powershell script is what I wrote awhile back to backup the entire C: drive to a specified network share.  It prompts to perform a disk check (reboot required) before backing up to ensure there are no bad sectors.  It creates folders based on make, model, and hostname of the computer and outputs the general backup information (hostname, backup date, network location, make, model) to a CSV file on the network share.

Clear-Host
Write-Host "This performs a full system backup using Windows Backup.  Please verify you are logged in as an account that has write access to \\server\share before continuing."
$diskchfile = "C:\windows\temp\disk_check.tag"
if (-not (Test-Path $diskchfile)) { 
$diskch = read-host "Disk check has not been run yet.  Do you want to run a Disk Check now? [y/n] "
IF($diskch -eq "y") {
$text = 'y'
$text | Out-File 'C:\windows\temp\disk_check.tag'
Write-Host "NOTE: Please run this script again to continue backup after the Disk Check."
$text | chkdsk C: /r
Write-Host "Rebooting to run Disk check..."
shutdown /r /t 5
cmd /c pause | out-null
exit
} else {
write-host "Disk check aborted."
}
} else {
Write-Host "Disk check has been performed."
}
$machine = (Get-WmiObject -Class:Win32_ComputerSystem).Model
$make,$model = $machine -Split(" "),2

 write-host "Make: $make"
write-host "Model: $model"

 $backuppath = "\\server\share\$make\$model\$env:computername"
if ((Test-Path $backuppath)) { 
write-host "WARNING: This machine may have previously been backed up.  Please check the open Explorer window to verify VHD file exists."
Start-Process -filepath explorer.exe -argumentlist "\\server\share\$make\$model\$env:computername"
cmd /c pause | out-null
}

 $modelpath = "\\server\share\$make\$model"
if (-not (Test-Path $modelpath)) { 
New-Item -ItemType directory -Path "\\server\share\$make\$model"
}

 write-host "Running DontSleep to keep machine awake during backup operation..."
Start-Process -filepath DontSleep.exe

 New-Item -ItemType directory -Path "\\server\share\$make\$model\$env:computername"
$date = Get-Date
"$env:computername,$date,\\server\share\$make\$model\$env:computername" | Out-File -Append "\\server\share\Recent backups.csv"
wbadmin start backup "-backupTarget:\\server\share\$make\$model\$env:computername" -include:c: -vssFull
cmd /c pause | out-null
exit

Posted by at No comments:

Using certificates as applications in SCCM

This is more for my own benefit, although some may find this useful.

Here is how to import certificates using the Application model in SCCM.  This also includes some basic errorlevel handling.

First, create an Application as a Script Installer, then use the following batch script as the installation command (e.g. save as InstallCertificate.cmd).


@echo off
setlocal
if exist "\\server\share\%COMPUTERNAME%.pfx" (
echo Cert exists for this endpoint. >> C:\logs\cert_install.log
certutil.exe -f –p CertPassword1 –importpfx "%~dp0\%COMPUTERNAME%.pfx" NoExport >> C:\logs\cert_install.log | findstr "ERROR_INVALID_PASSWORD"
if '%ERRORLEVEL%'=='0' goto password2
exit /b
:password2
echo First password invalid - trying second password. >> C:\logs\cert_install.log
certutil -f –p CertPassword2 –importpfx "%~dp0\%COMPUTERNAME%.pfx" NoExport >> C:\logs\cert_install.log
)

(In this example, there were two passwords defined depending on who made the certificate in our environment, hence the errorlevel checking to verify passwords)

The detection method of the Application is then defined as a Powershell script:

Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -like "*$env:computername*"}

This will check to ensure the hostname of the computer exists in the Cert store (which is how this particular certificate is installed).  Another variant would be this install script (InstallCertificate.cmd example):

@echo off
if exist "\\server\share\CertName.cer" (
echo Certificate found >> C:\logs\cert_install.log
certutil -addstore root "%~dp0\CertName.cer" >> C:\logs\cert_install.log
)

The detection method for this example would be this Powershell script:

Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Subject -like "*CertName*"}

The "CertName" in this example would be the exact name of the certificate listed in the store.

I have yet to make an uninstall script for this Application since in our environment it wasn't necessarily needed (and I didn't want users to have the power to remove the cert in the first place).  However, the script would most likely need a minor change in InstallCertificate.cmd from "-addstore" to "-delstore" in the second example.
Posted by at No comments:
Subscribe to: Posts (Atom)