Automating a Smart Windows 11 Upgrade Using PsExec, PowerShell, and SCCM-Ready Logic

 

Upgrading enterprise devices to Windows 11 at scale requires careful orchestration. Devices must meet hardware requirements, have enough disk space, maintain user productivity, and ensure minimal disruption. This Smart Windows 11 Upgrade solution delivers a fully automated, resilient, and user-aware upgrade workflow using PsExec, batch scripting, and PowerShell automation.

This implementation is designed for enterprise environments, ensuring reliability, fallback mechanisms, logging, and compliance checks before initiating the in-place upgrade (IPU).

---

• 🚀 Solution Overview

This solution consists of three major components:

1. PsExec Launcher (Remote Execution Layer)
2. Batch Script (Content Distribution & Trigger Layer)
3. PowerShell Scripts (Logic, Validation & Upgrade Execution)

Together, they create a robust and self-healing upgrade workflow.

---

• 🔹 1. Remote Execution Using PsExec

The process begins with:

PowerShell

psexec @file.txt -s -h -d -c -f DC_SmartUpgrade.bat

``

Show more lines

• Key Features:

• @file.txt → Targets multiple systems
• -s → Runs as SYSTEM (highest privilege)
• -h → Elevated execution
• -d → Non-blocking execution
• -c -f → Copies and overwrites the batch script

• Purpose:

This enables mass deployment of the upgrade trigger across endpoints without requiring manual intervention.

---

• 🔹 2. Batch Script – Smart Content Staging

The batch script acts as a resilient launcher and content distributor.

• Key Capabilities:
• ✅ Multi-Server Fallback

BAT

for %%S in ("%SERVER_SHARE1%" "%SERVER_SHARE2%" "%SERVER_SHARE3%")

Show more lines

Automating Language Pack Installation with PowerShell and SCCM

 

Managing language packs across enterprise devices is often a complex and user-dependent process. This PowerShell-based solution simplifies the entire lifecycle of language pack deployment, from user selection to installation and status tracking, making it scalable and enterprise-ready.

This implementation consists of three coordinated components:

• Dummy Package Script (initialization and registry setup)
• User Prompt Script (region/language selection and user interaction)
• Installation Script (DISM-based language pack deployment)

Together, these scripts provide a complete, automated workflow for multilingual environments.

---

• Overview of the Solution

The solution is designed to:

• Allow users to select region and preferred language
• Store selections using SCCM task sequence variables and registry
• Install language packs dynamically using DISM
• Provide user feedback (success/failure popups)
• Maintain centralized logging for auditing and troubleshooting

---

• 1. Dummy Package Script (Initialization Layer)

The dummy script prepares the environment by ensuring the required registry structure exists.

• Key Functionality:

• Creates registry path:
• HKLM:\SOFTWARE\LPs
• Initializes logging at:
• C:\ProgramData\\LogFiles
• Logs whether the registry path was newly created or already exists

• Purpose:

This acts as a foundation step to track installation state and user selections consistently across the deployment lifecycle.

---

• 2. User Prompt Script (Interactive Layer)

This script provides a Windows Forms-based UI for users to select their region and corresponding language.

• Key Features:
• Region-to-Language Mapping

• Regions (Asia, Europe, America) dynamically populate language options
• Ensures users only select valid combinations

• Language Code Mapping

Automating dot3svc Service Configuration Using PowerShell

 

Managing Windows services across enterprise devices is a common administrative task, especially when enforcing network security policies. This PowerShell script provides a simple yet effective solution to control the startup behavior of the Wired AutoConfig service (dot3svc) by modifying its registry configuration.

---

1. Overview of the Script

The script is designed to:

• Enable or disable the dot3svc (Wired AutoConfig) service
• Modify the service startup type via registry
• Log all actions in a structured format
• Support both installation (enable) and uninstallation (disable) scenarios

This makes it suitable for deployment through tools like SCCM, Intune, or automation pipelines.

---

2. What is dot3svc?

The Wired AutoConfig (dot3svc) service is responsible for IEEE 802.1X authentication on wired Ethernet networks. It is commonly used in enterprise environments where:

• Network access is controlled via authentication policies
• Devices must comply with security standards before connecting
• Certificate-based or credential-based authentication is enforced

Enabling or disabling this service directly impacts network access behavior and compliance.

---

3. Logging Mechanism

The script includes a reusable logging function:

PowerShell

function Write-Log

``

Show more lines

4. Key Features:

• Logs are stored in:
• C:\ProgramData\GlobalClient\LogFiles
• Daily log file creation using date format
• Captures:
• Timestamp
• Log level (INFO, WARNING, ERROR)
• Message details

This ensures traceability and simplifies troubleshooting.

---

5. Registry Configuration

Automating Dell BIOS Password Management with PowerShell and CCTK

 Automating Dell BIOS Password Management with PowerShell and CCTK

Managing BIOS passwords across enterprise devices is a critical security requirement. Ensuring that BIOS credentials are updated consistently helps protect systems from unauthorized configuration changes and strengthens overall endpoint security.

This PowerShell script provides a structured and automated approach to updating Dell BIOS setup passwords using Dell Command Configure Toolkit (CCTK), while maintaining robust logging and state tracking.

---

• Overview of the Script

The script is designed to:

• Retrieve old and new BIOS passwords from SCCM Task Sequence variables
• Execute the CCTK command to update the BIOS password
• Capture output and exit codes
• Log all activity to a centralized file
• Persist execution results in the Windows Registry
• Prevent repeated execution once successful

• Task Sequence Integration

 

Smart BIOS Upgrade

Automating Dell BIOS Upgrades with PowerShell in an Enterprise Environment

Managing BIOS updates across enterprise devices is often a complex and high-risk task. Firmware updates require careful coordination, user awareness, and strict safeguards such as power checks and version validation. This PowerShell solution addresses those challenges by delivering a fully automated, user-aware BIOS upgrade workflow integrated with Microsoft Configuration Manager (SCCM) task sequences.

This script combines automation, user interaction, validation logic, and a graphical interface to create a reliable and controlled BIOS upgrade process.

---

Overview of the Solution

The script is designed to handle the entire BIOS upgrade lifecycle, from initial detection to final verification. It performs the following key functions:

• Detects system model and current BIOS version
• Compares it against a predefined expected version (via JSON file)
• Determines whether an upgrade is required
• Prompts the user with retry options
• Enforces AC power requirements for laptops
• Executes the BIOS update silently
• Displays a real-time progress UI
• Logs all actions for auditing
• Verifies success after reboot

This approach ensures both operational efficiency and user safety.

---

Dynamic BIOS File Handling

The script automatically identifies the BIOS executable located in the same directory. This avoids hardcoding file names and allows the same script package to support multiple models.

By dynamically picking the executable, administrators can easily maintain the solution by simply updating the BIOS files in the folder.

---

Logging and Traceability

A structured logging mechanism writes all activity to:

C:\ProgramData\GlobalClient\LogFiles

Each device generates a uniquely named log file based on its model. This makes troubleshooting straightforward and ensures full traceability for every upgrade attempt.

---

User-Friendly Progress Interface

A key highlight of this solution is its custom WPF-based graphical interface. Instead of leaving users unsure about what’s happening, the script displays:

• A progress bar with percentage completion
• Status messages indicating current steps
• A scrolling output log
• Corporate branding through logo integration

The UI also includes basic window controls like minimize functionality and drag movement, offering a polished and professional experience.

---

Integration with SCCM Task Sequences

TS Export

function Export-TSToExcel

{

    param (

        [Parameter(ParameterSetName="FromXml", Mandatory)]

        [ValidateNotNullOrEmpty()]

        [xml] $Xml,

        [Parameter(ParameterSetName="FromXmlPath", Mandatory)]

        [ValidateNotNullOrEmpty()]

        [System.IO.FileInfo] $XmlPath,

        [Parameter(ParameterSetName="FromTaskSequence", Mandatory, ValueFromPipeline)]

        [ValidateNotNullOrEmpty()]

        [object] $TaskSequence,

        [Parameter(ParameterSetName="FromTaskSequence")]

        [Parameter(ParameterSetName="FromXml")]

        [Parameter(ParameterSetName="FromXmlPath")]

        [System.IO.FileInfo] $ExportPath,

        [Parameter(ParameterSetName="FromXml")]

        [Parameter(ParameterSetName="FromXmlPath")]

        [string] $TSName = "Task Sequence",

        [Parameter(ParameterSetName="FromTaskSequence")]

        [Parameter(ParameterSetName="FromXml")]

        [Parameter(ParameterSetName="FromXmlPath")]

        [switch] $Show,

        [Parameter(ParameterSetName="FromTaskSequence")]

        [Parameter(ParameterSetName="FromXml")]

        [Parameter(ParameterSetName="FromXmlPath")]

        [switch] $Macro,

        [Parameter(ParameterSetName="FromTaskSequence")]

        [Parameter(ParameterSetName="FromXml")]

        [Parameter(ParameterSetName="FromXmlPath")]

        [switch] $Outline,

        

        [Parameter(ParameterSetName="FromTaskSequence")]

        [Parameter(ParameterSetName="FromXml")]

        [Parameter(ParameterSetName="FromXmlPath")]

        [switch] $HideProgress

    )

    try

Time Zone Automatically Selection-Disable SCRIPT

param (

    [ValidateSet("Install", "UnInstall")]

    [string]$Action = "unInstall"

)

$ScriptPath = Split-Path -Parent $MyInvocation.MyCommand.Definition

$LogPath = "C:\ProgramData\LogFiles"

$LogFile = Join-Path $LogPath "TZSetAutomatically.log"

if (-not (Test-Path $LogPath)) { New-Item -Path $LogPath -ItemType Directory -Force }

function Write-Log {

    param([string]$Message)

    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"

    "$timestamp - $Message" | Out-File -Append -FilePath $LogFile -Encoding ascii

}

Write-Log "===== Time Zone Automatically Selection-Disable SCRIPT STARTED ====="

PowerShell Script to Generate Active Directory Computer OS Report Across Multiple Domains

Managing multiple Active Directory domains often requires consolidated reporting.

This PowerShell script connects to multiple AD domains, collects computer account details, and exports the data into a CSV report with a timestamped filename.

What This Script Does

Connects to multiple Active Directory domains

Retrieves:

Computer Name

Operating System

Operating System Version

Computer account creation date

Adds the domain name to each record

Sorts the results alphabetically

Exports the data to a CSV file for reporting or audits

PowerShell Script

SCCM daily cleanup SQL DAC Change Tracking data

Hello Friends,

This PowerShell script I have written checks SQL Server's Dedicated Admin Connection (DAC) usage and diagnose Change Tracking (CT) health on a given SQL instance. It's designed to log the results in an HTML report format.:

PowerShell function SQLDACChangeTracking in more detail so you have a full understanding of what it does, section by section.

🔍 Section-by-Section Breakdown

🔹 1. Function and Header Setup

Function SQLDACChangeTracking {

    $Server = $strSQLDACChangeTracking

    $Server = $Server.toupper()

Initializes the function.

Takes the server name from a variable $strSQLDACChangeTracking and converts it to uppercase.

🔹 2. Report Header HTML Setup

$rptheader = @"

<table width='100%'><tbody>

<tr bgcolor=#01A982> <td align='center'> $Server SQL DAC ChangeTracking Report</td>

</table>

...

"@

Add-Content "$Report" $rptheader

Sets up the top portion of an HTML report.

Adds a title and column headers like Name and Status.

$Report is assumed to be a path to an output HTML file.

🔹 3. First SQL Query – Check DAC Session

$sqlquery1 = @"

USE databasename;

SELECT ...

FROM sys.endpoints ep

JOIN sys.dm_exec_sessions es ON ep.endpoint_id = es.endpoint_id

WHERE ep.name = 'Dedicated Admin Connection'

"@

This SQL checks whether any session is using the Dedicated Admin Connection (DAC).

DAC is used for emergency administrative access to SQL Server.

$sqlresults = Invoke-Sqlcmd ...

Executes the above query.

If any DAC session is active, it will return details like:

host_name (machine using DAC)

session_id

login_time

status

🔹 4. If DAC Query Returns Results

If $sqlresults is not null, it extracts fields and formats them into a green-colored HTML table indicating an active DAC session. However, there’s a mismatch here:

<td width='90%' align='left' >DAC session is not available</td>

This line implies DAC isn't in use, but it's inside the block that runs when DAC is in use. That could be misleading and might need correcting.

🔹 5. If DAC Query Fails (Fallback to DAC Mode)

If the first query fails (returns $null), it falls back to running a stored procedure:

USE databasename; EXEC spDiagChangeTracking

Runs under DAC connection using:

-DedicatedAdministratorConnection

Captures exceptions using:

-ErrorAction SilentlyContinue -ErrorVariable abc

If the execution succeeds, it reads values from $sqlresults.Tables[1], such as:

CT_Days_Old: how old the last tracked change is.

Auto_Cleanup_Time_(Local) and Cleanup_Time_(Local): cleanup timestamps.

Retention_Period and Retention_Unit: CT retention configuration.

🔹 6. Data Evaluation and HTML Reporting

Based on thresholds (like CT_Days_Old > 5), the script highlights rows using color coding:

Red: bad or needs attention

Green: healthy

Orange: warning or needs monitoring

Each piece of data is wrapped in an HTML table and written to the report using Add-Content.

🔹 7. Error Logging

If any exception occurs during DAC mode query:

$abc[0].Exception

Add-Content $logfile -Value "$abc : Checking SQL Server Services Details"

Logs the error details.

Displays an error in the HTML report using Error Exception.

✅ Use Cases for This Script

Health monitoring of SQL Server's Change Tracking (CT) feature.

Auditing unexpected use of the DAC connection.

Preventive maintenance by alerting on data retention age, cleanup times.

Daily automated reporting on CT status via HTML output.

Updating the country or region settings in windows 10

Hello Friends,

 

We observed sometimes, we are facing issues while updating the country or region settings in windows 10. Thus, it is important to keep the correct settings. If you can’t change country or region, it might be for one of these reasons:

You changed the country or region within the last three months.

Your account is suspended. For example, the credit card on a subscription has expired, or your subscription has a balance due.

You’re legally a minor in your current country or region and won’t be a minor in the new region, or vice-versa.

 

For more details about country or region settings in Windows 10, refer to the below link.

 

START/ STOP services and rename any folder

Hey Guys, What's up? 

 

Today we are going to automate and deploy the below tasks.

Stop Services

Perform Operations (rename folder)

Start Services

 

How?

Update Task Sequence, DP info in registry

Hello Friends,

Is there a way I can know which task sequence is used to deploy a particular machine?

Yes, we can update the registry key with the Task Sequence info like, which Task Sequence is used to deploy the OS on a particular machine?

from Which DP the contents are downloaded? Is the machine built with Boot media or it is PXE boot?

Is this a machine desktop or laptop? what is the machine type, machine model?

Also, we can get when the machine is imaged(date and time when the Task Sequence is deployed).

First, we have to gather all the information which we want to update in the registry.

let's take the example of DP's name...

How do we know from which DP the contents are getting downloaded? from where I can get this information? is it a simple variable which I can use to update the registry? No.

While running the Task Sequence all the variable data is stored in a .dat file and we can fetch that using "New-Object -ComObject 'Microsoft.SMS.TSEnvironment"

Update WoLWAN settings on Wireless Adaptor

Hello Guys,

As an SCCM administrator, we are receiving the requirement to deploy applications, patches, application updates post OSD.

Sometimes we have to modify the OS-related settings like if a particular file is present on the machine, then run remediation script OR if a particular setting is present on the machine, then change it with new settings.

In this scenario, we are going to change the Wireless Adaptor settings related to Power Management.

Yes, I am talking about Wake on LAN settings WoL. Microsoft has released Information about power management settings on a network adapter. Click HERE to read the Microsoft kb article. This article is important to learn more about the PnPCapabilities values and how to use its combinations. In this article, MS provided information on how to use the registry key if we are using this for broad deployment purposes.

Ok, here we are focusing on the Wireless adaptor and will create a PowerShell script using the above-mentioned settings in the script.

We are using the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\DeviceNumber registry settings to update the wireless settings.

OSD Driver installation via PowerShell

Today we are going to install the model-specific driver packages using PowerShell script. The advantage of using this method of driver installation during the Operating System deployment is to reduce the overall Task Sequence deployment time, This method is more suitable if you have multiple hardware devices with multiple vendors (Dell, HP, Lenovo, Microsoft, etc...) 

In order to achieve this method follow the below steps. 

1. Create the folder structure as below.

        a. Vendor\Hardware model\

2. Download the specific hardware model driver package from the vendor website and extract the cab files.

3. Archive/Zip all the extracted drivers into one single folder called "Drivers.zip".

4. Copy DISM folder from ADK installed machine and place into the "Vendor\Hardware model\"

path of DISM-(C:\Program Files (x86)\Windows Kits\<version>\Assessment and Deployment Kit\Deployment Tools\10\DISM)

SCCM SQL query to get the full OS version with build number

 Today, again we are going to create one SQL query..... 

Today we are going to pull the Operating System version with the build number. from SCCM SQL database.

For a single machine, you can run the command "Winver" from the run and you will get the below information

SCCM SQL query to get machines with user id, name, email, last logon

Hello Friends, Good evening and how are you?

Today someone asked me to create one SQL query to get the machine details like hostname, IP Address, RAM, total HDD size, Free Space, Manufacturer, Model, Last Heartbeat, Users name, email ID, Last logged on user name.

Also, We will fetch the domain details and CCM client active status.

Distribute multiple packages on multiple distribution points

Hello Guys, Hope you are doing well. Today we are going to automate the package distribution.

This script will help you to distribute multiple packages on multiple distribution points.

let's download the PowerShell code mentioned below and run it from any SMS Provider server.

Error during connection to SMS_DP$(67)

Today we were facing some issues with our Distribution Point server. Wintel has confirmed the issue with the Operating System and has wiped and loaded the C Drive and D Drive was remain the same.

Now, the actual problem has started while updating contents on the DP. We are getting below errors in random.

"There is no existing connection. win32 error = 67"
"Error during connection to SMS_DP$(67)"
"Attempting to connect failed"

Resolution:

SCCM image migration to new server

 Hello Guys, hope you doing well and are using the automation scripts, and are happy with the way of automation.

Today we are going to discuss some troubleshooting parts.

If you are going to migrate your existing SCCM infra to the new hardware, from the Build site you need to migrate your Driver packages, Boot Images, Task Sequences, all TS dependant packages, and off-course Operating Systems to the new SCCM server.  

obviously, you have to create a migration job to do so. The migration job wizard will help you to migrate the objects from one SCCM server to another. While migrating the WIM files from existing SCCM infra you might be getting the below error.

OSD log file locations

While deploying the TS on the targeted machine we are experiencing Task Sequence failure on various steps. like before format the Hard Disk, after format the Hard Disk or post-Win-PE stage.

Below are the scenarios from where you can gather the required log file for further troubleshooting.

OSD log file locations:

Phase -Windows PE (Before the hard disk are formatted)

Location - "x:\windows\temp\smstslog\smsts.log"

Phase -Windows PE (After the hard disk are formatted)

Location - "x:\smstslog\smsts.log" and copied to "c:\_SMSTaskSequence\Logs\Smstslog\smsts.log"

Phase -Windows Operating System (Before the SCCM client is installed)

Location - "c:\_SMSTaskSequence\Logs\Smstslog\smsts.log"