SCCM OSD Automation and Troubleshooting

Showing posts with label SCCM Automation. Show all posts

Automating a Smart Windows 11 Upgrade Using PsExec, PowerShell, and SCCM-Ready Logic

Upgrading enterprise devices to Windows 11 at scale requires careful orchestration. Devices must meet hardware requirements, have enough disk space, maintain user productivity, and ensure minimal disruption. This Smart Windows 11 Upgrade solution delivers a fully automated, resilient, and user-aware upgrade workflow using PsExec, batch scripting, and PowerShell automation.

This implementation is designed for enterprise environments, ensuring reliability, fallback mechanisms, logging, and compliance checks before initiating the in-place upgrade (IPU).

🚀 Solution Overview

This solution consists of three major components:

PsExec Launcher (Remote Execution Layer)
Batch Script (Content Distribution & Trigger Layer)
PowerShell Scripts (Logic, Validation & Upgrade Execution)

Together, they create a robust and self-healing upgrade workflow.

🔹 1. Remote Execution Using PsExec

The process begins with:

PowerShell

psexec @file.txt -s -h -d -c -f DC_SmartUpgrade.bat

Show more lines

Key Features:

@file.txt → Targets multiple systems
-s → Runs as SYSTEM (highest privilege)
-h → Elevated execution
-d → Non-blocking execution
-c -f → Copies and overwrites the batch script

Purpose:

This enables mass deployment of the upgrade trigger across endpoints without requiring manual intervention.

🔹 2. Batch Script – Smart Content Staging

The batch script acts as a resilient launcher and content distributor.

Key Capabilities:
✅ Multi-Server Fallback

BAT

for %%S in ("%SERVER_SHARE1%" "%SERVER_SHARE2%" "%SERVER_SHARE3%")

Show more lines

Automating Language Pack Installation with PowerShell and SCCM

Managing language packs across enterprise devices is often a complex and user-dependent process. This PowerShell-based solution simplifies the entire lifecycle of language pack deployment, from user selection to installation and status tracking, making it scalable and enterprise-ready.

This implementation consists of three coordinated components:

Dummy Package Script (initialization and registry setup)
User Prompt Script (region/language selection and user interaction)
Installation Script (DISM-based language pack deployment)

Together, these scripts provide a complete, automated workflow for multilingual environments.

Overview of the Solution

The solution is designed to:

Allow users to select region and preferred language
Store selections using SCCM task sequence variables and registry
Install language packs dynamically using DISM
Provide user feedback (success/failure popups)
Maintain centralized logging for auditing and troubleshooting

1. Dummy Package Script (Initialization Layer)

The dummy script prepares the environment by ensuring the required registry structure exists.

Key Functionality:

Creates registry path:
HKLM:\SOFTWARE\LPs
Initializes logging at:
C:\ProgramData\\LogFiles
Logs whether the registry path was newly created or already exists

Purpose:

This acts as a foundation step to track installation state and user selections consistently across the deployment lifecycle.

2. User Prompt Script (Interactive Layer)

This script provides a Windows Forms-based UI for users to select their region and corresponding language.

Key Features:
Region-to-Language Mapping

Regions (Asia, Europe, America) dynamically populate language options
Ensures users only select valid combinations

Language Code Mapping

Automating dot3svc Service Configuration Using PowerShell

Managing Windows services across enterprise devices is a common administrative task, especially when enforcing network security policies. This PowerShell script provides a simple yet effective solution to control the startup behavior of the Wired AutoConfig service (dot3svc) by modifying its registry configuration.

Overview of the Script

The script is designed to:

Enable or disable the dot3svc (Wired AutoConfig) service
Modify the service startup type via registry
Log all actions in a structured format
Support both installation (enable) and uninstallation (disable) scenarios

This makes it suitable for deployment through tools like SCCM, Intune, or automation pipelines.

What is dot3svc?

The Wired AutoConfig (dot3svc) service is responsible for IEEE 802.1X authentication on wired Ethernet networks. It is commonly used in enterprise environments where:

Network access is controlled via authentication policies
Devices must comply with security standards before connecting
Certificate-based or credential-based authentication is enforced

Enabling or disabling this service directly impacts network access behavior and compliance.

Logging Mechanism

The script includes a reusable logging function:

PowerShell

function Write-Log

Show more lines

Key Features:

Logs are stored in:
C:\ProgramData\GlobalClient\LogFiles
Daily log file creation using date format
Captures:

Timestamp
Log level (INFO, WARNING, ERROR)
Message details

This ensures traceability and simplifies troubleshooting.

Registry Configuration

Smart BIOS Upgrade

Automating Dell BIOS Upgrades with PowerShell in an Enterprise Environment

Managing BIOS updates across enterprise devices is often a complex and high-risk task. Firmware updates require careful coordination, user awareness, and strict safeguards such as power checks and version validation. This PowerShell solution addresses those challenges by delivering a fully automated, user-aware BIOS upgrade workflow integrated with Microsoft Configuration Manager (SCCM) task sequences.

This script combines automation, user interaction, validation logic, and a graphical interface to create a reliable and controlled BIOS upgrade process.

Overview of the Solution

The script is designed to handle the entire BIOS upgrade lifecycle, from initial detection to final verification. It performs the following key functions:

Detects system model and current BIOS version
Compares it against a predefined expected version (via JSON file)
Determines whether an upgrade is required
Prompts the user with retry options
Enforces AC power requirements for laptops
Executes the BIOS update silently
Displays a real-time progress UI
Logs all actions for auditing
Verifies success after reboot

This approach ensures both operational efficiency and user safety.

Dynamic BIOS File Handling

The script automatically identifies the BIOS executable located in the same directory. This avoids hardcoding file names and allows the same script package to support multiple models.

By dynamically picking the executable, administrators can easily maintain the solution by simply updating the BIOS files in the folder.

Logging and Traceability

A structured logging mechanism writes all activity to:

C:\ProgramData\GlobalClient\LogFiles

Each device generates a uniquely named log file based on its model. This makes troubleshooting straightforward and ensures full traceability for every upgrade attempt.

User-Friendly Progress Interface

A key highlight of this solution is its custom WPF-based graphical interface. Instead of leaving users unsure about what’s happening, the script displays:

A progress bar with percentage completion
Status messages indicating current steps
A scrolling output log
Corporate branding through logo integration

The UI also includes basic window controls like minimize functionality and drag movement, offering a polished and professional experience.

Integration with SCCM Task Sequences

TS Export

function Export-TSToExcel

{

param (

[Parameter(ParameterSetName="FromXml", Mandatory)]

[ValidateNotNullOrEmpty()]

[xml] $Xml,

[Parameter(ParameterSetName="FromXmlPath", Mandatory)]

[ValidateNotNullOrEmpty()]

[System.IO.FileInfo] $XmlPath,

[Parameter(ParameterSetName="FromTaskSequence", Mandatory, ValueFromPipeline)]

[ValidateNotNullOrEmpty()]

[object] $TaskSequence,

[Parameter(ParameterSetName="FromTaskSequence")]

[Parameter(ParameterSetName="FromXml")]