Jump to content


kevinnns

Established Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About kevinnns

  • Rank
    Newbie
  1. kevinnns

    Hi from NL

    Hi all, Just saying Hello from The Netherlands! I've been lurking a bit on the forum via my RSS reader and saw some topics where I could try to share some of my solutions on the posted problems. So, time to register for that account 😀. It's great to see the information exchange on the forum and I hope to be able and share some ideas and off-course, pick up some new ones! I've got experience from Infrastructure (Storage Systems, Hypervisors) to Application layers(Exchange, Skype, SCCM), on-premise (VMware) to cloud (Azure, AWS, GCP) and I've been messing with SCCM for quite some years now. Earlier this year my focus has shifted a lot more to SCCM/MEM and has given me quite more time to get a better understanding of the underlying system, but still lots to learn! Cheers!
  2. @fj40ratt Is that dependency MS Visual C++ Redist 2015 or higher by any chance? The older versions just install older/newer versions next to each other as far as I've seen till now, but the 2015 and later was giving me a bit of a pain. This is mostly because MS has now made a bundle of the whole 2015-2019 C++ Redist. If a newer versions is installed -> Big fat error code, install failed and all that. So I was in need of a different detection method because each version has a different (MSI) GUID in the Uninstall hive of the registry (or used with the MSI detection). In the end I came up with this Powershell dection and it has been working well until now for us: $software = 'Microsoft Visual C*2015*Redistributable (x86)*'; $minimalversion = 14.0.24212 $installed = $null $installed = (Get-ItemProperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) -ne $null $Result = "Not Installed" If($installed) { $AppVersion = $null $AppVersion = (Get-ItemProperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) If($AppVersion.DisplayVersion -ge $minimalversion) { $Result = "Installed" } } $Installed = $null $installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) -ne $null If($installed) { $AppVersion = $null $AppVersion = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -like $software }) If($AppVersion.DisplayVersion -ge $minimalversion) { $Result = "Installed" } } Write-Host $Result Change the (x86) to (x64) if you need the other one. I'm looking on both WOW6432Node and the "normal" Uninstall registry because it seems MS made a boo-boo with their current Redists 2015-2019, no matter of the architecture x86/x64, the registration always ends up in WOW6432Node, and I wanted to be sure that I got it covered if/when they wise up. Hope it helps you out a bit, or gives you an Idea of direction.
  3. You could use a Configuration Item + Baseline to build something that does this, pending on what you're looking for exactly. It's not Ideal, but possible. With the WFH I've hacked a Powershell script together to check if the SCCM Client cert on the system is about to expire. $Compliance = 'Compliant' $templateName = 'SCCM Client Certificate' $Check = Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object{ $_.Extensions | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName) }} | where { $_.notafter -le (get-date).AddDays(24)} If ($Check) {$Compliance = 'NonCompliant'} $Compliance I've got the Data type set as a string and Compliance Rule to Equal "Compliant". In above case we're checking on days validity left, you can change it as you like off course, and make sure to match the TemplateName to your actual Template name for the Cert from your certificate server. We've deployed this on our workstations and put all non-compliant marked clients in a collection twice a day and based on that give our end-users some "attention" to connect to the VPN and get their cert renewed. Preferably we wouldn't be in this situation and we would have all the machine AzureAD joined so that with the CMG Client cert authentication wasn't needed, but for now alas it still is (but not for long anymore). Hope it helps or at least gives you a start to build what you need 😉!
×
×
  • Create New...