I recently converted my firm to Microsoft Endpoint. Part of the process is including endpoint in the golden image. I wrote this powershell script that will install endpoint and then remove the necessary registry keys so it will set itself back up when the reference image is laid down on a new machine. The script also allows you to visually see if the application is installed correctly by returning a success/failure by checking to see if MsMpEng.exe is running. You may wonder why I have an uninstall first. I do this in all of my installation scripts in the event something is wrong with the currently installed app and it needs to be reinstalled. You can easily comment out that line if you do not want that to occur.
I execute this script using psexec so that it is run under the local system context. I use the following:
psexec.exe \\%computername% -s -h cmd.exe /c "echo . | powershell.exe -executionpolicy bypass -file install_build.ps1"
You can download the script from here.
1: <#
2: .NOTES
3: ===========================================================================
4: Created with: SAPIEN Technologies, Inc., PowerShell Studio 2015 v4.2.98
5: Created on: 05 November 2015 10:37 AM
6: Created by: Mick Pletcher
7: Organization:
8: Filename: installEndPoint_build.ps1
9: ===========================================================================
10: .DESCRIPTION
11: Install endpoint during the generation of a golden image. This will
12: also remove all necessary registry keys required in preparation of
13: generating a golden image.
14: #>
15:
16: #Declare Global Memory
17: $Global:RelativePath = (split-path $SCRIPT:MyInvocation.MyCommand.Path -parent) + "\"
18:
19: Function Wait-ProcessEnd {
20: <#
21: .SYNOPSIS
22: Wait-Process
23: .DESCRIPTION
24: Waits for a Process to end before continuing.
25: #>
26:
27: Param ([String]$Process)
28: $Proc = Get-Process $Process -ErrorAction SilentlyContinue
29: If ($Proc -ne $null) {
30: Do {
31: Start-Sleep -Seconds 5
32: $Proc = Get-Process $Process -ErrorAction SilentlyContinue
33: } While ($Proc -ne $null)
34: }
35: }
36:
37: Function Install-EXE {
38: <#
39: .SYNOPSIS
40: Install-EXE
41: .DESCRIPTION
42: Installs an EXE file
43: #>
44:
45: Param ([String]$DisplayName,
46: [String]$Executable,
47: [String]$Switches)
48: Write-Host "Install"$DisplayName"....." -NoNewline
49: If ((Test-Path $Executable) -eq $true) {
50: Start-Process -FilePath $Executable -ArgumentList $Switches
51: Wait-ProcessEnd -Process "scepinstall"
52: } else {
53: $ErrCode = 1
54: }
55: $Process = Get-Process -ProcessName MsMpEng -ErrorAction SilentlyContinue
56: If ($Process.ProcessName -eq "MsMpEng") {
57: Write-Host "Success" -ForegroundColor Yellow
58: } else {
59: Write-Host "Failed" -ForegroundColor Red
60: }
61: }
62:
63: Function Uninstall-EXE {
64: <#
65: .SYNOPSIS
66: Uninstall-EXE
67: .DESCRIPTION
68: Uninstalls an EXE file
69: #>
70:
71: Param ([String]$DisplayName,
72: [String]$Executable,
73: [String]$Switches)
74: Write-Host "Uninstall"$DisplayName"....." -NoNewline
75: If ((Test-Path $Executable) -eq $true) {
76: Start-Process -FilePath $Executable -ArgumentList $Switches
77: Wait-ProcessEnd -Process "scepinstall"
78: }
79: $Process = Get-Process -ProcessName MsMpEng -ErrorAction SilentlyContinue
80: If ($Process -eq $null) {
81: Write-Host "Success" -ForegroundColor Yellow
82: } else {
83: Write-Host "Failed" -ForegroundColor Red
84: }
85: }
86:
87: Function Remove-RegistryValue {
88: <#
89: .SYNOPSIS
90: Remove-RegistryValue
91: .DESCRIPTION
92: Deletes a specific registry value
93: .EXAMPLE
94: Remove-RegistryValue "HKEY_LOCAL_MACHINE\SOFTWARE\Hummingbird"
95: #>
96:
97: Param ([String]$RegistryKey,
98: [String]$Value)
99: $tempdrive = New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
100: $RegistryKey1 = $RegistryKey.split("\")
101: switch ($RegistryKey1[0]) {
102: "HKEY_CLASSES_ROOT" { $RegistryKey1[0] = "HKCR" }
103: "HKEY_CURRENT_USER" { $RegistryKey1[0] = "HKCU" }
104: "HKEY_LOCAL_MACHINE" { $RegistryKey1[0] = "HKLM" }
105: "HKEY_USERS" { $RegistryKey1[0] = "HKU" }
106: "HKEY_CURRENT_CONFIG" { $RegistryKey1[0] = "HKCC" }
107: }
108: For ($i = 0; $i -lt $RegistryKey1.Count; $i++) {
109: $RegKey = $RegKey + $RegistryKey1[$i]
110: If ($i -eq 0) {
111: $RegKey = $RegKey + ":\"
112: } elseif ($i -ne $RegistryKey1.Count - 1) {
113: $RegKey = $RegKey + "\"
114: } else {
115: $RegKey = $RegKey
116: }
117: }
118: Write-Host "Delete"$RegKey"\"$Value"....." -NoNewline
119: $exists = Get-ItemProperty -Path $RegKey -Name $Value -ErrorAction SilentlyContinue
120: If (($exists -ne $null) -and ($exists.Length -ne 0)) {
121: Remove-ItemProperty -Path $RegKey -Name $Value -Force
122: }
123: $exists = Get-ItemProperty -Path $RegKey -Name $Value -ErrorAction SilentlyContinue
124: If ($exists -eq $null) {
125: Write-Host "Success" -ForegroundColor Yellow
126: } else {
127: Write-Host "Failed" -ForegroundColor Yellow
128: }
129: }
130:
131: cls
132: Uninstall-EXE -DisplayName "Microsoft Endpoint" -Executable $global:RelativePath"scepinstall.exe" -Switches "/u /s"
133: $Parameters = "/s /policy " + $global:RelativePath + "EndpointPolicies.xml"
134: Install-EXE -DisplayName "Microsoft Endpoint" -Executable $global:RelativePath"scepinstall.exe" -Switches $Parameters
135: Remove-RegistryValue -RegistryKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" -Value "InstallTime"
136: Remove-RegistryValue -RegistryKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan" -Value "LastScanRun"
137: Remove-RegistryValue -RegistryKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan" -Value "LastScanType"
138: Remove-RegistryValue -RegistryKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan" -Value "LastQuickScanID"
139: Remove-RegistryValue -RegistryKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan" -Value "LastFullScanID"
140: Remove-RegistryValue -RegistryKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT" -Value "GUID"
141:
0 comments:
Post a Comment