Jump to content


Kops

PS script for registry edit - works manually, not through SCCM

Recommended Posts

Hey everyone,

 

I've written a Powershell script that works fine when ran manually, but not when deployed through SCCM. The script does the following..

 

- Checks if Outlook is running, then closes if it is

- Installs Proofpoint spam-reporting plugin

- Creates 2 registry keys for activation and enables confirmation before send

- If Outlook was originally open, reopen Outlook

 

If I run the script manually it works great. If pushed through SCCM, only the .MSI file gets installed, and the activation (registry entries) do not occur. I've also tried writing this in VBS. Is there something I'm missing regarding SCCM deploying registry edits, or is there a preferred method to do this? A copy of the script is included below...

Set-ExecutionPolicy RemoteSigned

$ProcessActive = Get-Process Outlook -erroraction SilentlyContinue

if($ProcessActive -eq $null)
    {
        Start-Sleep -s 3
    }
    else
    {
        Stop-Process -ProcessName Outlook
    }

msiexec.exe /i "\\risccmp1\Sources\Proofpoint\ProofpointSpamReporting_1.2.4.0.msi" /quiet /norestart

Start-Sleep -s 20

New-ItemProperty -path "HKCU:\Software\Proofpoint\Outlook\Settings" -Name "Reg Value1" -PropertyType String -Value "123456" -Force
New-ItemProperty -path "HKCU:\Software\Proofpoint\Outlook\Settings" -Name "UIConfirmSpamReport" -PropertyType DWord -Value "1" -Force

if($ProcessActive -eq $null)
    {
        Start-Sleep -s 3
    }
    else
    {
        cd "C:\Program Files (x86)\Microsoft Office\Office15"
        .\Outlook.exe
    }

Share this post


Link to post
Share on other sites

The 'Active Setup' caught my interest so I messed around with that a little bit last night. It was kind of a pain getting Powershell to concatenate everything properly with all the quotes and empty values I needed to enter, but in the end I got it working. See updated version of the script below...I posted it as 'code' but it didn't autodetect it as powershell so the comments and a few things are coloured incorrectly, but you get the idea. The only caveat is that this requires a logout/login in order to apply the reg keys to HKCU

Set-ExecutionPolicy RemoteSigned

#Checks if Outlook is running, then closes it
$ProcessActive = Get-Process Outlook -erroraction SilentlyContinue

if($ProcessActive -eq $null)
    {
        Start-Sleep -s 3
    }
    else
    {
        Stop-Process -ProcessName Outlook
    }

#Install Proofpoint Plugin
msiexec.exe /i "\\risccmp1\Sources\Proofpoint\ProofpointSpamReporting_1.2.4.0.msi" /quiet /norestart

Start-Sleep -s 20

#Create 3 new registry keys called ACTIVATE, CONFIRM, and URL in the Active Setup location
#On next login, the contents of StubPath are executed and a flag is automatically set in the HKCU location so this only runs once per user
#The contents of StubPath are the commands I need to run in order to create the HKCU values

New-Item -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE"
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" -Name "StubPath" -PropertyType String -Value "REG ADD HKCU\Software\Proofpoint\Outlook\Settings\ /v ""Reg Value1"" /t REG_SZ /d 18db1cbcc1f90a1c70a2dfeb47492202" -Force
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" -Name "Version" -PropertyType String -Value "1" -Force
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-ACTIVATE" -Name "(default)" -PropertyType String -Value "Proofpoint Spam Reportig Plugin Activate" -Force

New-Item -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM"
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" -Name "StubPath" -PropertyType String -Value "REG ADD HKCU\Software\Proofpoint\Outlook\Settings\ /v ""UIConfirmSpamReport"" /t REG_DWORD /d 1" -Force
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" -Name "Version" -PropertyType String -Value "1" -Force
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-CONFIRM" -Name "(default)" -PropertyType String -Value "Proofpoint Spam Reportig Plugin Confirm" -Force

New-Item -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL"
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" -Name "StubPath" -PropertyType String -Value 'REG ADD HKCU\Software\Proofpoint\Outlook\Settings\ /v "Reg Value" /t REG_SZ /d ""' -Force
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" -Name "Version" -PropertyType String -Value "1" -Force
New-ItemProperty -path "HKLM:\Software\Microsoft\Active Setup\Installed Components\Proofpoint-SpamReporting-Plugin-URL" -Name "(default)" -PropertyType String -Value "Proofpoint Spam Reportig Plugin URL" -Force

#If Outlook was originally open when the script ran, re-open it
if($ProcessActive -eq $null)
    {
        Start-Sleep -s 3
    }
    else
    {
        cd "C:\Program Files (x86)\Microsoft Office\Office15"
        .\Outlook.exe
    }

Share this post


Link to post
Share on other sites

Hey Garth,

 

Always glad to have your thoughts - I've followed a few of your guides/instruction in the past and it has been quite helpful :).

 

Not quite sure what you mean 'as a part of the package' (this is deployed as an application btw). Are you suggesting that I install the .msi as its own 'deployment type' in the application, and then have a second deployment type for the scripted tasks?

 

I only built it this way because this is the only way I could think to accomplish all my goals with this application. Self-taught SCCM admin over here! I'd be very interested in any best-practice or recommended methods!

Share this post


Link to post
Share on other sites

Hi Kops

 

Have you looked at the possibility of using a tool called Psappdeploy toolkit? Google it and take a look, its a brillaint script that will achieve what you want in a much more efficient way.

 

It will:

 

Detect if outlook is open, if open it prompts the user that they need to close it (you can set a timer). If outlook is not open it continues to install the msi. Furthermore, as you will be running it "while a user is logged in), it will create the reg keys you need it HKCU for the user who is logged on at the time. NOTE, you need to consider how you will apply reg keys to other users of that same machine.

 

My approach would be:

 

- Use psappdeploy kit to check if outlook is open and install the msi accordingly

- create a separate "package" that apllies the reg keys to HKCU. With packagaes you can choose to "run for every user who logs on". This will ensure your reg keys get applied for all users lf a machine.

Share this post


Link to post
Share on other sites

So a Package would be easier but you can do it as a application too. You would need to set it up as a Script application.

 

This trick is where you call the MSI from. By default if you don't give it a path it will try to execute it from the local directory, aka from the same directory as your powershell script.

 

By doing it this way you remove the network issue, you have created within the script above. For example

http://www.enhansoft.com/blog/using-sccm-2012-application-model-to-install-cmtrace-file-version

http://www.enhansoft.com/blog/using-sccm-2012-application-model-to-install-psexec

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...