Installing and Bootstraping an SCCM task sequence during AutoPilot

log-it -message "Starting SCCM Install Script" -component "AP" -path "C:\Temp\" -logname "Company_AP.log"

$ScriptDir = Split-Path $script:MyInvocation.MyCommand.Path

cd $ScriptDir

log-it -message "Working dir is now $ScriptDir" -component "AP" -path "C:\Temp\" -logname "Company_AP.log"

New-Item -Path C:\ -Name "Temp" -ItemType Directory -ErrorAction SilentlyContinue

New-Item -Path C:\Temp -Name "SCCM" -ItemType Directory -ErrorAction SilentlyContinue

log-it -message "PS Policy is now $Policy" -component "AP" -path "C:\Temp\" -logname "Company_AP.log"

Function log-it {

param( $message, $component, $path, $thread = 0, $file = 0 )

 

[string]$time = Get-Date -format "HH:mm:ss.fff+300"

[string]$date = Get-Date -Format "MM-dd-yyyy"

 

$a = "<![LOG["

$b = "]LOG]!>"

$carrot = "<"

$closecarrot = ">"

$c = "time=""$time"" date=""$date"" component=""$component"" context="""" type=""1"" thread=""$thread"" file=""$file"""

$logentry =  $a+$message+$b+$carrot+$c+$closecarrot

#Add-Content -Path c:\temp\SCCM-Install.log -Value $logentry

 

Add-Content -Path $path -Value $logmessage

 

}

log-it -message "Working directory is now $scriptdir" -component "AP-SCCM-Install" -path "C:\Temp\" -logname "Company_AP.log"

$dir = dir

log-it -message $dir -component "AP-SCCM-Install" -path "C:\Temp\" -logname "Company_AP.log"

Copy-Item .\ccmsetup.exe c:\temp\SCCM 

Copy-Item .\CMTrace.exe c:\temp

$script=@'

$ScriptDir = Split-Path $script:MyInvocation.MyCommand.Path

cd $ScriptDir

#If SCCM is installed AND the AutoPilot TS ran

if( (get-service ccmexec -ErrorAction SilentlyContinue) -and (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").tsname -ne $null)

{

    Disable-ScheduledTask AutoPilotCMClientInstall

}

#TS hasn't ran or didn't finish

else

{

    #Checks if the user is logged in and in an active session

    function Query-User

    {

        $users = (((quser) -ireplace '\s{2,}',',' | ConvertFrom-Csv).username).replace(">","")

        if($users -eq "defaultuser0")

        {

            return $false

        }

        else

        {

            return $true

        }

    }

       

    

    #Checks to make sure machine is connected to VPN

    function Check-VPN

    {

        if ((Test-Connection $localServer -Count 1 -Quiet) -eq $false)

        {

            return $false

        }

        else

        {

            return $true

        }

    }

    $isOnline = Check-VPN

    $isUserLoggedIn = Query-User

    While(($isOnline -eq $false) -or ($isUserLoggedIn -eq $false))

    {

        $isOnline = Check-VPN

        $isUserLoggedIn = Query-User

    

        sleep -Seconds 5

    }

    

    #If TSManager.exe is not running then the TS is not actively running. Okay to install SCCM

    if((ps TSManager -ErrorAction SilentlyContinue) -eq $null)

    {

        Start-Process c:\temp\SCCM\ccmsetup.exe -argumentlist  "/noCRLCheck /mp:CompanyCMG.CLOUDAPP.NET CCMHOSTNAME=CompanyCMG.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037958338 SMSSiteCode=XXX PROVISIONTS=C0220AC4 /forceinstall" 

    }

    sleep -Seconds 600

    #If SCCM is installed AND the AutoPilot TS ran

    if( (get-service ccmexec -ErrorAction SilentlyContinue) -and (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").tsname -ne $null)

    {

        Disable-ScheduledTask AutoPilotCMClientInstall

    }

}

'@

log-it -message "Creating C:\Temp\SCCM\AutoPilotCMClientInstall.ps1 script." -component "AP-SCCM-Install" -path "C:\Temp\" -logname "Company_AP.log"

Add-Content C:\Temp\SCCM\AutoPilotCMClientInstall.ps1 -Value $script

#Checks if SCCM is already installed. If it is, it will not create the scheduled task.

$isInstalled = gwmi win32_product | ? {$_.Name -eq "Configuration Manager Client"}

if($isInstalled -eq $null)

{

    log-it -message "Creating Scheduled Task." -component "AP-SCCM-Install" -path "C:\Temp\" -logname "Company_AP.log"

    

    $A = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-Ex Bypass -file C:\Temp\SCCM\AutoPilotCMClientInstall.ps1"

    #$T = New-ScheduledTaskTrigger -AtLogOn

    $T = @(

    $(New-ScheduledTaskTrigger -AtLogOn),

    $(New-ScheduledTaskTrigger -Once -At (get-date) -RepetitionInterval (New-TimeSpan -Minutes 1) )

    )

    $P =  New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest

    $S = New-ScheduledTaskSettingsSet –AllowStartIfOnBatteries –DontStopIfGoingOnBatteries -DontStopOnIdleEnd

    $D = New-ScheduledTask -Action $A -Principal $P -Trigger $T -Settings $S

    Register-ScheduledTask AutoPilotCMClientInstall -InputObject $D

}

#Enables UAC visibility through MSRA / Quick Assist

Set-ItemProperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name PromptOnSecureDesktop -Value 0 -ErrorAction SilentlyContinue

#Detects if script was successful

$task = (Get-ScheduledTask AutoPilotCMClientInstall -ErrorAction SilentlyContinue).state

if ( ($task -eq "Ready") -or ($task -eq "Running") -or (test-path C:\Windows\CCM\CcmExec.exe) )

{

    log-it -message "SCCM is either detected or the installation TS is enabled and will install it." -component "AP" -path "C:\Temp\" -logname "Company_AP.log"

}

else

{

    log-it -message "Didn't detect task!" -component "AP" -path "C:\Temp\" -logname "Company_AP.log"

}