Enable Dell TPM Chip with Powershell

Here’s some Powershell code I used to enable the Dell TPM chip with Dell Command.  The Get-Laptop function was provided by https://blogs.technet.microsoft.com/heyscriptingguy/2010/05/15/hey-scripting-guy-weekend-scripter-how-can-i-use-wmi-to-detect-laptops/

The –% option (that’s dash-dash%) basically just says “Powershell, just pass these arguments along and don’t try to interpret them”.  This functionality requires Powershell v3 or later.

Probably would have been better to use Start-Process and check if the exitcode is not zero.  Note to use Dell Command to turn on the TPM chip you need to set a BIOS password and for 64-bit systems you need to use the 64-bit version of CCTK.

Function Get-Laptop
{
Param(
[string]$computer = "localhost"
)
$isLaptop = $false
if(Get-WmiObject -Class win32_systemenclosure -ComputerName $computer |
Where-Object { $_.chassistypes -eq 9 -or $_.chassistypes -eq 10 `
-or $_.chassistypes -eq 14})
{ $isLaptop = $true }
if(Get-WmiObject -Class win32_battery -ComputerName $computer)
{ $isLaptop = $true }
$isLaptop
} # end function Get-Laptop

If(get-Laptop) {

.\cctk.exe –% –setuppwd=secretpassword
.\cctk.exe –% –tpm=on –valsetuppwd=secretpassword
.\cctk.exe –% –tpmactivation=activate –valsetuppwd=secretpassword
.\cctk.exe –% –tpm
.\cctk.exe –% –tpmactivation
.\MbamClientSetup.exe –% /q /acceptEula=Yes
}

else { # do nothing }

}

-Soli Deo Gloria

Deploy Infor XA Client with PowerShell

Here was a fun installer to get working silently.  This one uses something called InstallAnywhere.  It is a java based installer and if you Google InstallAnywhere silent, you will happen upon several command line options.  The correct set for this version of the installer (2009 version) can be found here.

Here’s the command to install it silently:

xaclient_Hgenas400_P36001.exe -i silent

We can also record settings into a file and play those back.  To record:

xaclient_Hgenas400_P36001.exe -r C:\temp\powerlink.properties

Finally, we end up with this to install silently:

xaclient_Hgenas400_P36001.exe -i silent -f powerlink.properties

The installer launches the program at the end: I didn’t see any settings to turn that off.

The PowerShell code starts off pretty boring:

$p = start-process .\xaclient_Hgenas400_P36001.exe -ArgumentList '-i silent -f powerlink.properties' -Wait -Passthru
icacls *.lnk /grant:r everyone:RX
copy-item *.lnk -Destination C:\users\public\desktop

We kick off the installer, tell PowerShell to wait for the process to end and return an object (-Passthru), grant Everyone read and execute rights to the icon and then copy that icon to the the system shared desktop.

If you execute this code, however, the PowerShell script never progresses. This is because the installer runs the full program as a child process from the installer and until the program is closed, it waits for the installer’s termination forever.

The program is Java based and executes two processes: Infor XA Power-Link and javaw.  We can create a loop waiting for these two processes, then kill them:

Do {

$status = Get-Process -Name "Infor XA Power-link" -ErrorAction SilentlyContinue

If (!($status)) {
Write-Host 'Waiting for process to start' ;
Start-Sleep -Seconds 2
}

Else { Write-Host 'Process has started' ;
$started = $true
Stop-Process -name "Infor XA Power-Link"
Stop-Process -name javaw
}

}
Until ( $started )

I picked 2 seconds to keep checking the process list and not hammer the CPU.  So obviously for this to work, we need to remove the -Wait and -Passthru options from Start-Process, but then how do we check if the program installed OK?  We can check if the program executable exists and then return the proper exit code:

if (Test-Path('C:\infor\ERP XA Client\Infor XA Power-Link.exe')) {
$LASTEXITCODE = 0
exit 0
} #end if

else {
$LASTEXITCODE = 1
exit 1
} #end else

Anything other than exit code 0 is usually a failure (MSIs usually return exit code 3010 to indicate a reboot).

Using the exit command with a specific number seems to pass the exit code properly back to SCCM.  Based on my Google-fu: it’s then best to wrap your PowerShell script in a batch file and then fire that from SCCM to get the exit code of any non-native command ran from within a PowerShell script:

powershell -executionpolicy bypass -file .\install_powerlink.ps1
echo %errorlevel%
exit /b %errorlevel%

  • Soli Deo Gloria

Removing Office 2013 Quietly

We bought a company that had all kinds of versions of Office 2013 installed…that is it could be Office 2013 Standard, Professional, x64 or x86 versions of these two.  Our corporate standard is Office 2010 Professional Plus x86 for various reasons I won’t bore you with.  Using the program ManagePC, I found this uninstall string remotely:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL"

Upon running this, I was getting a GUI dialog box asking “do you really want to uninstall?”.  Grr!  The only way to do this is with an XML file.  Example:

<Configuration Product="Standard">

<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />

</Configuration>

So the new command line becomes:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigStd.xml

However, there could be 4 variations…how to handle this?  Well, I cheated.  We try all four.  3 will fail, 1 will succeed.  So we set the exit code to 0 so SCCM doesn’t see a failure:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigStd.xml

"C:\program files (x86)\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigStd.xml

"C:\program filescommon filesmicrosoft sharedoffice15office setup controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigProplus.xml

"C:\program files(x86)\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL /config \<path_to_file>SilentUninstallConfigProPlus.xml

echo %errorlevel%
exit 0

Yes this is a dirty, sloppy, rotten hack!  If the Office 2013 uninstall fails, SCCM won’t know about it and will report success.   I had to go back and setup each Outlook profile again anyways, so this wasn’t a really big deal to me.

– Soli Deo Gloria