At the company where I work we don’t have full domain rights. There is no SCCM Server. There is an other software deploy program that we only have rights to send it to computers, not to create packages. So I create my own scripts to update computers.
This script I wanted to created in Powershell because it is the new windows script language. And is only used for Windows 10
I created a separate AD group that I can select the computers one by one to update. If you do all at once and there are problems you have a lot of work.
This script is added in users policy and computer policy because the user has no admin rights and needs to give aprove to do the update.
#########################################
##### Created by Daag van der Meer #####
##### http://blog.van-daag.nl #####
#########################################
#Check if script is active for policy (remove the #(hashtag) To test script running
#Set-Content -path "\\<LOGSRV>\Logs$\Bios\Run$($env:computername)_$($env:username)_$(get-date -f "yyyy-MM-dd_HH-mm-ss")Policy.txt" -Value "Policy is working"
#Set-Content -path "C:\Logs\Run_$($env:computername)_$($env:username)_$(get-date -f "yyyy-MM-dd_HH-mm-ss")Policy.txt" -Value "Policy is working"
#Get Computer's DN
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher.Filter = "(&(objectCategory=Computer)(SamAccountname=$($env:COMPUTERNAME)`$))"
$objSearcher.SearchScope = "Subtree"
$obj = $objSearcher.FindOne()
$Computer = $obj.Properties["distinguishedname"]
#Now get the members of the group
$Group = "<Enter here AD group>"
$objSearcher.Filter = "(&(objectCategory=group)(SamAccountname=$Group))"
$objSearcher.SearchScope = "Subtree"
$obj = $objSearcher.FindOne()
[String[]]$Members = $obj.Properties["member"]
If ($Members -contains $Computer)
{
# Check Model 7470
$computerSystem = Get-CimInstance CIM_ComputerSystem
$Model = $computerSystem.Model
If ($Model -eq "Latitude E7470") {}
Else {exit}
#Bios version Check
$computerBIOS = Get-CimInstance CIM_BIOSElement
$Biosversie = $computerBIOS.SMBIOSBIOSVersion
if ($Biosversie -eq "1.5.3") {}
Elseif ($Biosversie -eq "1.10.4") {}
Else{exit}
# Start setup
$strFileName="C:\Logs\BiosupdateYes.txt"
If (Test-Path $strFileName){
Remove-Item c:\Logs\BiosupdateYes.txt
Set-Content -path "\\<LOGSRV>\Logs$\Bios\$($env:computername)_$($env:username)_$(get-date -f "yyyy-MM-dd_HH-mm-ss")SetupStarted.txt" -Value "User awnser is Yes"
c:\Logs\Latitude_E7x70_1.11.3.exe /s /r /l="\\<LOGSRV>\Logs$\Bios\$($env:computername)Biosupdate1.11.3.txt" /p=<PASSWORD>
}
Else {}
#Popup
$a = new-object -comobject wscript.shell
$intAnswer = $a.popup("There is a Bios Update! PowerCable needs to be connected. Computer needs to reboot. And you needs to enter 2 times the harddiskpassword. Then the install is ready. Estimated time: 15 Min. (This popup will show twice when click on no) Can we do it now?", `
0,"Bios Update",4)
If ($intAnswer -eq 6) {}
else {exit}
Set-Content -path "C:\Logs\BiosupdateYes.txt" -Value "Installation started"
Copy-Item \\<Network Location>\Dell\Bios\Latitude_E7x70_1.11.3.exe c:\Logs
Restart-Computer
# In your GPO enable the following setting: "Run logon scripts visible" to ensure that the logon script is visible. You can find it under User Configuration\Administrative Templates\System\Scripts
}
Else {exit}
The user Policy
This popup will show.
