Kops Posted April 5, 2016 Report post Posted April 5, 2016 Hey everyone, I've written a Powershell script that works fine when ran manually, but not when deployed through SCCM. The script does the following.. - Checks if Outlook is running, then closes if it is - Installs Proofpoint spam-reporting plugin - Creates 2 registry keys for activation and enables confirmation before send - If Outlook was originally open, reopen Outlook If I run the script manually it works great. If pushed through SCCM, only the .MSI file gets installed, and the activation (registry entries) do not occur. I've also tried writing this in VBS. Is there something I'm missing regarding SCCM deploying registry edits, or is there a preferred method to do this? A copy of the script is included below... Set-ExecutionPolicy RemoteSigned $ProcessActive = Get-Process Outlook -erroraction SilentlyContinue if($ProcessActive -eq $null) { Start-Sleep -s 3 } else { Stop-Process -ProcessName Outlook } msiexec.exe /i "\\risccmp1\Sources\Proofpoint\ProofpointSpamReporting_1.2.4.0.msi" /quiet /norestart Start-Sleep -s 20 New-ItemProperty -path "HKCU:\Software\Proofpoint\Outlook\Settings" -Name "Reg Value1" -PropertyType String -Value "123456" -Force New-ItemProperty -path "HKCU:\Software\Proofpoint\Outlook\Settings" -Name "UIConfirmSpamReport" -PropertyType DWord -Value "1" -Force if($ProcessActive -eq $null) { Start-Sleep -s 3 } else { cd "C:\Program Files (x86)\Microsoft Office\Office15" .\Outlook.exe } Quote Share this post Link to post Share on other sites More sharing options...
Grudd Posted April 5, 2016 Report post Posted April 5, 2016 Hello You're using HKCU By default when ran through SCCM it is using a system account. Read more here: http://www.myitforum.com/forums/SCCM-not-deploying-HKCU-settings-from-msi-install-package-m225552.aspx Quote Share this post Link to post Share on other sites More sharing options...
ZeZe Posted April 6, 2016 Report post Posted April 6, 2016 Also that msi file in the network account... I think the account is also SYSTEM to access that share, meaning... it will failed unless you specify an user in that step of your task sequence. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted April 6, 2016 Report post Posted April 6, 2016 here's a way around it https://www.windows-noob.com/forums/topic/7772-how-can-i-change-a-hkcu-setting-within-windows-during-an-osd-deployment/ Quote Share this post Link to post Share on other sites More sharing options...
Kops Posted April 6, 2016 Report post Posted April 6, 2016 The 'Active Setup' caught my interest so I messed around with that a little bit last night. It was kind of a pain getting Powershell to concatenate everything properly with all the quotes and empty values I needed to enter, but in the end I got it working. See updated version of the script below...I posted it as 'code' but it didn't autodetect it as powershell so the comments and a few things are coloured incorrectly, but you get the idea. The only caveat is that this requires a logout/login in order to apply the reg keys to HKCU Set-ExecutionPolicy RemoteSigned #Checks if Outlook is running, then closes it $ProcessActive = Get-Process Outlook -erroraction SilentlyContinue if($ProcessActive -eq $null) { Start-Sleep -s 3 } else { Stop-Process -ProcessName Outlook } #Install Proofpoint Plugin msiexec.exe /i "\\risccmp1\Sources\Proofpoint\ProofpointSpamReporting_1.2.4.0.msi" /quiet /norestart Start-Sleep -s 20 #Create 3 new registry keys called ACTIVATE, CONFIRM, and URL in the Active Setup location #On next login, the contents of StubPath are executed and a flag is automatically set in the HKCU location so this only runs once per user #The contents of StubPath are the commands I need to run in order to create the HKCU values New-Item -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" -Name "StubPath" -PropertyType String -Value "REG ADD HKCU\Software\Proofpoint\Outlook\Settings\ /v ""Reg Value1"" /t REG_SZ /d 18db1cbcc1f90a1c70a2dfeb47492202" -Force New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" -Name "Version" -PropertyType String -Value "1" -Force New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" -Name "(default)" -PropertyType String -Value "Proofpoint Spam Reportig Plugin Activate" -Force New-Item -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" -Name "StubPath" -PropertyType String -Value "REG ADD HKCU\Software\Proofpoint\Outlook\Settings\ /v ""UIConfirmSpamReport"" /t REG_DWORD /d 1" -Force New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" -Name "Version" -PropertyType String -Value "1" -Force New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" -Name "(default)" -PropertyType String -Value "Proofpoint Spam Reportig Plugin Confirm" -Force New-Item -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" -Name "StubPath" -PropertyType String -Value 'REG ADD HKCU\Software\Proofpoint\Outlook\Settings\ /v "Reg Value" /t REG_SZ /d ""' -Force New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" -Name "Version" -PropertyType String -Value "1" -Force New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" -Name "(default)" -PropertyType String -Value "Proofpoint Spam Reportig Plugin URL" -Force #If Outlook was originally open when the script ran, re-open it if($ProcessActive -eq $null) { Start-Sleep -s 3 } else { cd "C:\Program Files (x86)\Microsoft Office\Office15" .\Outlook.exe } Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted April 6, 2016 Report post Posted April 6, 2016 Why are you trying to run the MSI from a server share and not as part of the package? This will cause you a lot of headaches and it complete defeats the purpose of CM12. Quote Share this post Link to post Share on other sites More sharing options...
Kops Posted April 6, 2016 Report post Posted April 6, 2016 Hey Garth, Always glad to have your thoughts - I've followed a few of your guides/instruction in the past and it has been quite helpful . Not quite sure what you mean 'as a part of the package' (this is deployed as an application btw). Are you suggesting that I install the .msi as its own 'deployment type' in the application, and then have a second deployment type for the scripted tasks? I only built it this way because this is the only way I could think to accomplish all my goals with this application. Self-taught SCCM admin over here! I'd be very interested in any best-practice or recommended methods! Quote Share this post Link to post Share on other sites More sharing options...
YPCC Posted April 6, 2016 Report post Posted April 6, 2016 Hi Kops Have you looked at the possibility of using a tool called Psappdeploy toolkit? Google it and take a look, its a brillaint script that will achieve what you want in a much more efficient way. It will: Detect if outlook is open, if open it prompts the user that they need to close it (you can set a timer). If outlook is not open it continues to install the msi. Furthermore, as you will be running it "while a user is logged in), it will create the reg keys you need it HKCU for the user who is logged on at the time. NOTE, you need to consider how you will apply reg keys to other users of that same machine. My approach would be: - Use psappdeploy kit to check if outlook is open and install the msi accordingly - create a separate "package" that apllies the reg keys to HKCU. With packagaes you can choose to "run for every user who logs on". This will ensure your reg keys get applied for all users lf a machine. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted April 7, 2016 Report post Posted April 7, 2016 So a Package would be easier but you can do it as a application too. You would need to set it up as a Script application. This trick is where you call the MSI from. By default if you don't give it a path it will try to execute it from the local directory, aka from the same directory as your powershell script. By doing it this way you remove the network issue, you have created within the script above. For example http://www.enhansoft.com/blog/using-sccm-2012-application-model-to-install-cmtrace-file-version http://www.enhansoft.com/blog/using-sccm-2012-application-model-to-install-psexec Quote Share this post Link to post Share on other sites More sharing options...
Kops Posted April 11, 2016 Report post Posted April 11, 2016 I'm definitely going to spend a few minutes reading through these, thanks for providing some examples! Looks like an entirely new method of deployment for me so, I'm excited to expand my options Quote Share this post Link to post Share on other sites More sharing options...