Enable Dell TPM Chip with Powershell

Here’s some Powershell code I used to enable the Dell TPM chip with Dell Command.  The Get-Laptop function was provided by https://blogs.technet.microsoft.com/heyscriptingguy/2010/05/15/hey-scripting-guy-weekend-scripter-how-can-i-use-wmi-to-detect-laptops/

The –% option (that’s dash-dash%) basically just says “Powershell, just pass these arguments along and don’t try to interpret them”.  This functionality requires Powershell v3 or later.

Probably would have been better to use Start-Process and check if the exitcode is not zero.  Note to use Dell Command to turn on the TPM chip you need to set a BIOS password and for 64-bit systems you need to use the 64-bit version of CCTK.

Function Get-Laptop
[string]$computer = "localhost"
$isLaptop = $false
if(Get-WmiObject -Class win32_systemenclosure -ComputerName $computer |
Where-Object { $_.chassistypes -eq 9 -or $_.chassistypes -eq 10 `
-or $_.chassistypes -eq 14})
{ $isLaptop = $true }
if(Get-WmiObject -Class win32_battery -ComputerName $computer)
{ $isLaptop = $true }
} # end function Get-Laptop

If(get-Laptop) {

.\cctk.exe –% –setuppwd=secretpassword
.\cctk.exe –% –tpm=on –valsetuppwd=secretpassword
.\cctk.exe –% –tpmactivation=activate –valsetuppwd=secretpassword
.\cctk.exe –% –tpm
.\cctk.exe –% –tpmactivation
.\MbamClientSetup.exe –% /q /acceptEula=Yes

else { # do nothing }


-Soli Deo Gloria

Deploy Infor XA Client with PowerShell

Here was a fun installer to get working silently.  This one uses something called InstallAnywhere.  It is a java based installer and if you Google InstallAnywhere silent, you will happen upon several command line options.  The correct set for this version of the installer (2009 version) can be found here.

Here’s the command to install it silently:

xaclient_Hgenas400_P36001.exe -i silent

We can also record settings into a file and play those back.  To record:

xaclient_Hgenas400_P36001.exe -r C:\temp\powerlink.properties

Finally, we end up with this to install silently:

xaclient_Hgenas400_P36001.exe -i silent -f powerlink.properties

The installer launches the program at the end: I didn’t see any settings to turn that off.

The PowerShell code starts off pretty boring:

$p = start-process .\xaclient_Hgenas400_P36001.exe -ArgumentList '-i silent -f powerlink.properties' -Wait -Passthru
icacls *.lnk /grant:r everyone:RX
copy-item *.lnk -Destination C:\users\public\desktop

We kick off the installer, tell PowerShell to wait for the process to end and return an object (-Passthru), grant Everyone read and execute rights to the icon and then copy that icon to the the system shared desktop.

If you execute this code, however, the PowerShell script never progresses. This is because the installer runs the full program as a child process from the installer and until the program is closed, it waits for the installer’s termination forever.

The program is Java based and executes two processes: Infor XA Power-Link and javaw.  We can create a loop waiting for these two processes, then kill them:

Do {

$status = Get-Process -Name "Infor XA Power-link" -ErrorAction SilentlyContinue

If (!($status)) {
Write-Host 'Waiting for process to start' ;
Start-Sleep -Seconds 2

Else { Write-Host 'Process has started' ;
$started = $true
Stop-Process -name "Infor XA Power-Link"
Stop-Process -name javaw

Until ( $started )

I picked 2 seconds to keep checking the process list and not hammer the CPU.  So obviously for this to work, we need to remove the -Wait and -Passthru options from Start-Process, but then how do we check if the program installed OK?  We can check if the program executable exists and then return the proper exit code:

if (Test-Path('C:\infor\ERP XA Client\Infor XA Power-Link.exe')) {
exit 0
} #end if

else {
exit 1
} #end else

Anything other than exit code 0 is usually a failure (MSIs usually return exit code 3010 to indicate a reboot).

Using the exit command with a specific number seems to pass the exit code properly back to SCCM.  Based on my Google-fu: it’s then best to wrap your PowerShell script in a batch file and then fire that from SCCM to get the exit code of any non-native command ran from within a PowerShell script:

powershell -executionpolicy bypass -file .\install_powerlink.ps1
echo %errorlevel%
exit /b %errorlevel%

  • Soli Deo Gloria

Get a Windows 10 Activation Ticket

The clock is ticking before the Windows 10 free upgrade ends on July 29th.  If you are still on Windows 7/8.1 and don’t want to upgrade by July 29th, there’s still hope!

See the following thread to save your Windows 10 activation ticket/token:


  • Soli Deo Gloria

Copying Files to Multiple Locations At the Same Time

Need to copy a set of files or folders to a bunch of different locations?  Try MultiRobo.  This is a GUI and multi-threaded version of robocopy.  You can even save profiles so if you have copy the same set of files periodically to the same locations, you just open the profile and click Run and away it goes!

Great for copying updated WIMs with MDT.

-Soli Deo Gloria

Powershell: Delete an Icon from All User Profiles

Started to learn Powershell recently and already found something really neat.  I’m working on deploying Smartdraw 2016 silently and it loves to put an icon on the desktop of the user that it installing the program, not in C:\users\public\desktop where it belongs.  Now, with SCCM, this use to be very tricky, because when running installs they run under the SYSTEM account and not as the logged in user and the native DEL /S command within the native CLI will do it, however, there’s no way to specify just one folder to delete from: it will search all folders under all of the user profiles.

Based on a tip from https://www.sapien.com/blog/2014/10/16/delete-desktop-icons-a-windows-powershell-tip/, we can do this instead:

Remove-Item "C:\users\*\Desktop\smartdraw ci.lnk"

which basically just searches the desktop folder of each user profile instead of all folders in each profile and deletes the now defunct Smartdraw CI icon from each desktop folder.

And now instead of looking for the uninstall productcode string to feed to MSIEXEC /x to remove Smartdraw CI: the PowerShell App Deployment Toolkit includes this nifty cmdlet do all of the heavy leaving all in one line:

Remove-MSIApplications -Name 'Smartdraw'

  • Soli Deo Gloria

Missing Drivers

Missing drivers are the bane of every tech, but I have two solutions for you and they are both free!  The first one is called Driver Solution Pack. The second one is Snappy Driver Installer.  The cool thing with SDI is that you can set a filter to “drivers not installed”, then you can extract those to a folder and import those into your deployment solution such as MDT for each make/model you have.

Don’t forget about SIV or the System Information Viewer…great program to find information on devices that are missing drivers.

  • Soli Deo Gloria

New Web Host and Blog Format

You might have noticed a change in the blog formatting recently.  That’s because I went to update one of my older postings and was getting a 403 error message.  Eleven2 was my old web host which bought out Sharkspace and to be quite honest: they were a pain in the rear end. Periodically, they were blacklisting my IP address for logging in too many times forcing me to contact their tech support to unblock me.  I moved everything over to Hawkhost.

Looking at my web site: I realized that I needed to take down much of what was there since it’s mostly stuff I wrote and used in the Windows XP era.  In it’s place is a simple place holder and this blog is now the main feature of my web site.

-Soli Deo Gloria

PDQDeploy: Installing Software Remotely and Silently

While Microsoft SCCM is nice for deploying software, sometimes you just need a quick and dirty solution for installing simple apps, such as installing Google Chrome, remotely and silently.   PDQDeploy comes to the rescue for this.  There are free and pro versions of the software.  The free version doesn’t include multi-step conditionals or retry-until-online operations, but is otherwise fully functional.

It’s so mind numblingly simple too…make a new package, point it to the MSI file, it figures out the command parameters to use itself and then you click save.  That’s it.  You can then target specific computers directly or use a TXT file of computer names.

For programs that are not MSI based: Google’s search engine comes to the rescue for us. Internet Explorer 11 upgrade?  Sure, here you go: IE11-Windows6.1-x64-en-us.exe /quiet /norestart /update-no.  You can even get around the multi-step conditional limitation by creating your own VBScript or Powershell script.

  • Soli Deo Gloria