Category: Tech Tips

Posted on

GPO: Enable the Policy to Disable the Setting

Got to love Group Policy sometimes.  We wanted to disable the setting “Access data sources across domains” under Internet Explorer>Security>Local intranet>Custom Level.  So of course we set the GPO “Access data sources across domains” to disabled and …it doesn’t work!  Users can still toggle the setting and we are still getting pop-ups in Internet Explorer.  The solution?  Enable the policy so you can disable it.  Yup!  Set it to enabled, then click the dropdown box and pick disabled.

Is this some voodoo Vulcan logic being used here?

– Soli Deo Gloria

Posted on

Enable Dell TPM Chip with Powershell

Here’s some Powershell code I used to enable the Dell TPM chip with Dell Command.  The Get-Laptop function was provided by https://blogs.technet.microsoft.com/heyscriptingguy/2010/05/15/hey-scripting-guy-weekend-scripter-how-can-i-use-wmi-to-detect-laptops/

The –% option (that’s dash-dash%) basically just says “Powershell, just pass these arguments along and don’t try to interpret them”.  This functionality requires Powershell v3 or later.

Probably would have been better to use Start-Process and check if the exitcode is not zero.  Note to use Dell Command to turn on the TPM chip you need to set a BIOS password and for 64-bit systems you need to use the 64-bit version of CCTK.

Function Get-Laptop
{
Param(
[string]$computer = "localhost"
)
$isLaptop = $false
if(Get-WmiObject -Class win32_systemenclosure -ComputerName $computer |
Where-Object { $_.chassistypes -eq 9 -or $_.chassistypes -eq 10 `
-or $_.chassistypes -eq 14})
{ $isLaptop = $true }
if(Get-WmiObject -Class win32_battery -ComputerName $computer)
{ $isLaptop = $true }
$isLaptop
} # end function Get-Laptop

If(get-Laptop) {

.\cctk.exe –% –setuppwd=secretpassword
.\cctk.exe –% –tpm=on –valsetuppwd=secretpassword
.\cctk.exe –% –tpmactivation=activate –valsetuppwd=secretpassword
.\cctk.exe –% –tpm
.\cctk.exe –% –tpmactivation
.\MbamClientSetup.exe –% /q /acceptEula=Yes
}

else { # do nothing }

}

-Soli Deo Gloria

Posted on

Removing Office 2013 Quietly

We bought a company that had all kinds of versions of Office 2013 installed…that is it could be Office 2013 Standard, Professional, x64 or x86 versions of these two.  Our corporate standard is Office 2010 Professional Plus x86 for various reasons I won’t bore you with.  Using the program ManagePC, I found this uninstall string remotely:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL"

Upon running this, I was getting a GUI dialog box asking “do you really want to uninstall?”.  Grr!  The only way to do this is with an XML file.  Example:

<Configuration Product="Standard">

<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />

</Configuration>

So the new command line becomes:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigStd.xml

However, there could be 4 variations…how to handle this?  Well, I cheated.  We try all four.  3 will fail, 1 will succeed.  So we set the exit code to 0 so SCCM doesn’t see a failure:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigStd.xml

"C:\program files (x86)\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigStd.xml

"C:\program filescommon filesmicrosoft sharedoffice15office setup controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigProplus.xml

"C:\program files(x86)\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigProPlus.xml

echo %errorlevel%
exit 0

Yes this is a dirty, sloppy, rotten hack!  If the Office 2013 uninstall fails, SCCM won’t know about it and will report success.   I had to go back and setup each Outlook profile again anyways, so this wasn’t a really big deal to me.

– Soli Deo Gloria