Compliance Remediation Script parameter

Hello,
I am working on some remediation scripting in SCCM 2012 and am running into what I believe to be a bug. According to the SCCM window below, SCCM should be sending the 'Non-Compliant' Value to the script (which should be the value that you echo out from
the discovery script).
But, from my testing it appears that SCCM is passing the value that states the rule is compliant that is specified in the compliance rule. If this is the intended functionality then the wording in the above screenshot is very misleading. I
need to pass the non compliant value to the remediation script for it to work. I really would rather not have to rely on using other methods to pass the value such as a text file on the computer.
can someone from Microsoft verify whether the intended behavior is to pass the complaint or non compliant value??
We are running SCCM 2012 SP1 CU4.
Thanks
Tom

Well, I'm not Microsoft, I'm just another admin and I wanted to test your scenario. I've never thought about passing parameters--probably because I was used to doing remediation in cm07 w/DCM all right within the 1 script.
Anyway, I can confirm that what you see is what I see happening. I made a quick test Compliance Setting. Detection script:
on error resume next
wscript.echo "hello"
where it was compliant only if the value returned was the phrase "AnythingElse" (so should of course always fail)
and the Remediation script:
on error resume next
Set sho = Wscript.CreateObject("Wscript.Shell")
sho.RegWrite "HKLM\SOFTWARE\CCMComplianceSetting\ArgumentZero", wscript.Arguments(0),"REG_SZ"
sho.RegWrite "HKLM\SOFTWARE\CCMComplianceSetting\ArgumentOne", wscript.Arguments(1),"REG_SZ"
wscript.echo "TriedSomething"
wscript.quit
and after running, those regkeys, I got one regkey created, with a value of "AnythingElse". (Not Hello). I put in arguments 0 and 1; just to see if maybe it was argument0 for the 'what should it be', and perhaps argument1 would be "what really
was the result".
For me, personally, what I do (because that's just how I've always done it). Is the remediation script is 90% the same as the detection script--because I'll get the failed parameter again. So you can use it in the remediation. Yeah, sure,
you are detecting it twice; but I guess I never thought about it. Whether or not that phrasing was overlooked and it should have read "passes in the desired compliant value", or if it was meant to pass in the non-compliant value, I couldn't say.
Standardize. Simplify. Automate.

Similar Messages

Remediation Script does not work for Compliance Settings Configuration Item / Baseline

Hello Everyone,
I've created a script to check NetBios over TCP/IP state on the NICs and if it is Enabled (Non-compliant) it should run the remediation script to Disable it (Compliant). The script identifies correctly if it is compliant or not but it's not compliant the
remediation script doesn't kick in.
Discovery script:
$adapter=(gwmi win32_networkadapterconfiguration | where {$_.ipenabled -eq "1"})
Foreach ($nic in $adapter) {
write-host NetBIOS Options is now -> $nic.TcpIPNetBiosOptions
Remediation Script:
$adapter=(gwmi win32_networkadapterconfiguration | where {$_.ipenabled -eq "1"})
Foreach ($nic in $adapter) {
$adapter.settcpipnetbios(1)
Any clue why this is happening and how can it be fixed?
Thank you all in advance.

Hi,
Please add an a line to create an event in the Application log of the computer to check if remediation had been performed.
SCCM 2012 Compliance – Auto Remediation
Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft
does not guarantee the accuracy of this third-party contact information.Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Report Script parameter

hi all,
I am using a report script to generate a text file with budget data. This works fine in AAS console but I am automating this process by usning an ESSCMD and batch script.
tha batch script will call the ESSCMD script which in turn executes the follwoing command
RUNREPT 2 "RepScripName" "c:\Otputfile.txt"
Now here I am hard coding the Output file name and location.But my requirement is that when I run the script it should prompt for file name and location.
Any Idea on this
Thanks

Hi,
Just to expand on the MAXL option, you can create a batch script which will accept input parameters such as :-
set /p RepName=Enter Report Name
set /p OutputName=Enter output Directory
Then you can pass the stored variables into the Maxl script as :-
essmsh maxlscript.mxl %RepName% %OutputName%
In your maxl script you can access the passed in variables e.g
export database 'appname'.'dbname' using server report_file $1 to data_file $2;
The number after the $ relates to what position the variable was passed into the script.
Hope this helps.
John

Report Script : Parameter for file name?

hi all,
I am using a report script to generate a text file with budget data. This works fine in AAS console but I am automating this process by usning an ESSCMD and batch script.
tha batch script will call the ESSCMD script which in turn executes the follwoing command
RUNREPT 2 "RepScripName" "c:\Otputfile.txt"
Now here I am hard coding the Output file name and location.But my requirement is that when I run the script it should prompt for file name and location.
Any Idea on this
Thanks

Another solution I have tried is simply writing a small VB app that has a dialog that allows you to type in a file name or even navigate a file system directory. If I understand you correctly, you just want to be able to output the file anywhere you want. This works well and you can add more features to, just depends on if it is worth the effort. Other wise you can just write MXL and supply your script with position variables. You just need to type it in and hope you type typed it in correctly. Good luck, there are several ways to accomplish this.

Sticky bit changes the value of the script parameter 0

Hi,
I have a simple shell script:
#!/bin/sh
echo $0It simply returns its own name.
But when I set a sticky bit on this script, it returns
/dev/fd/3
Is it like it is supposed to be? What is the rationale behind such behavior?
I use Solaris 8.
Thanks,
Yevgeny

I have a simple shell script:
#!/bin/sh
echo $0It simply returns its own name.
But when I set a sticky bit on this script, it
returns
/dev/fd/3s/sticky/setuid/
or
s/sticky/setgid/
Is it like it is supposed to be?Yes
What is the rationale behind such behavior?If fixes a race condition for setuid / setgid "#!" interpreter scripts.
Without it, someone could replace the script file during the small
window between the kernel's exec of the interpreter /bin/sh and
the time the /bin/sh shell opens the script.
The fix is to pass a reference to the already open script file using
the /dev/fd/N pseudo filesystem.

Shell Script parameter $0 displays all concatanates all defalut parameter values

I have a issue.The $0 is displaying all the default parm values. Pls suggest workaround:
echo ‘Printing parameters….’
echo ‘0:’$0
echo ‘1:’$1
echo ‘2:’$2
echo ‘3:’$3
echo ‘4:’$4
echo ‘5:’$5
echo ‘FCPLOGIN:’$FCP_LOGIN
echo ‘Finished printing parameters.’
echo ‘FCP_USERID:’$FCP_USERID
Printing parameters….
0:/u01/app/oracle/DEV/apps/apps_st/appl/xxabc/12.0.0/bin/xxabc
1:xxabc FCP_REQID=684095 FCP_LOGIN=”APPS/APPS” FCP_USERID=1234 FCP_USERNAME=”ABC” FCP_PRINTER=”noprint” FCP_SAVE_OUT=Y FCP_NUM_COPIES=0
2:
3:
4:
5:
FCPLOGIN:APPS/SONICDEV1
Finished printing parameters.
FCP_USERID:

How do you call it ?
What character(s) do you use to suppress the " in the parameters specified ?
If you call it like this (simplified) :
program "one two three"
it will do:
$0=program
$1=one two three

SCCM 2012 R2 MDT 2013 Install Features after OS Install

I have a question in regards to installing Features on Windows Servers Post OS Install/OSD.
I have MDT 2013 integrated with SCCM 2012 R2. I have created a MDT TS doing the following:
Microsoft Deployment Custom Task Sequence (All other ones were for OSD)
I removed all the steps in the TS except for the "Use Toolkit Package"
Added Several MDT Sequence for Install Roles and Features, Selected SNMP for Server 2008, 2008 R2, 2008 R2 Core, 2012, 2012 R2.
Removed the boot image since it is not needed.
Deployed to my Test Collection.
I see the TS Running on the test servers but when I check Server Manager the SNMP is still not installed even though software center shows installed on the TS.
Am I missing something here? Any help would greatly be appreciated. Thanks!!

Disregard my previous post. I was tinkering with the Compliance Settings and corrected my ignorance.
Here were my steps:
Create Configuration Item
General: Put the name, Set Type to Window, filter set to "Server"
Supported Platforms: All servers 2008 and newer
Settings: Name,
Discovery Script -PowerShell
$FeatureName = "SNMP-Service"
If (Get-WindowsFeature | Where {$_.State -eq "Enabled" -and $_.FeatureName -eq $FeatureName})
$Compliance = "Compliant"
Else {
$Compliance = "NonCompliant"
Return $Compliance
Remediation Script - PowerShell
$FeatureName = "SNMP-Service"
Import-Module ServerManager
Install-WindowsFeature -Name $FeatureName -IncludeAllSubFeature
Compliance Rule: Name, Rule Type = Value, Must Comply Equals Compliant, Checked Run remediation script when not compliant, set Reports to Information
Created Config Baseline, Assigned Config Item for SNMP Service and then deployed to my Servers.

Compliance Settings Adobe flash Player disable Automatic Updates Powershell Scripts fail

Hello,
I have setup compliance to check and remediate if Adobe flash Player automatic updates is enabled by using PowerShell scripts.
If I run the scripts below manually on my pc they work fine, but if I run in sccm 2012 compliance I get:
Setting Discovery Error
0x87d00327
Script is not signed
CCM
I tried contacting the person that created the scripts, but didn't get a response.
Discovery Script
Set-ExecutionPolicy Unrestricted -force
<#
This script will check if automatic updates is disabled and return a Compliant/Non-Compliant string.
Created:     04.08.2014
Version:     1.0
Author:      Odd-Magne Kristoffersen
Homepage:    https://sccmguru.wordpress.com/
References:
- Configure auto-update notification Flash Player
http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html
- Adobe Flash Player Administration Guide for Flash Player 14
http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_14_0_admin_guide.pdf
- Adobe Flash Player Administration Guide for Microsoft Windows 8
http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_13_0_admin_guide.pdf
#>
$OSArchitecture = Get-WmiObject -Class Win32_OperatingSystem | Select-Object OSArchitecture
If($OSArchitecture.OSArchitecture -ne "32-bit")
    $CFGExists = Test-Path -Path "$Env:WinDir\SysWow64\Macromed\Flash\mms.cfg"
         if($CFGExists -eq $True)
         {$UpdateCheck = Select-String "$Env:WinDir\SysWow64\Macromed\Flash\mms.cfg" -pattern "AutoUpdateDisable=1" | Select-Object Line}
            if($UpdateCheck.Line -eq 'AutoUpdateDisable=1') {Write-Host 'Compliant'}
            else {Write-Host 'Non-Compliant'}
else
    $CFGExists = Test-Path -Path "$Env:WinDir\System32\Macromed\Flash\mms.cfg"
         if($CFGExists -eq $True)
         {$UpdateCheck = Select-String "$Env:WinDir\System32\Macromed\Flash\mms.cfg" -pattern "AutoUpdateDisable=1" | Select-Object Line}
            if($UpdateCheck.Line -eq 'AutoUpdateDisable=1') {Write-Host 'Compliant'}
            else {Write-Host 'Non-Compliant'}
Remediation Script
Set-ExecutionPolicy Unrestricted -force
<#
This script will check if automatic updates is disabled and return a Compliant/Non-Compliant string.
Created:     04.08.2014
Version:     1.0
Author:      Odd-Magne Kristoffersen
Homepage:    https://sccmguru.wordpress.com/
References:
- Configure auto-update notification Flash Player
http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html
- Adobe Flash Player Administration Guide for Flash Player 14
http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_14_0_admin_guide.pdf
- Adobe Flash Player Administration Guide for Microsoft Windows 8
http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_13_0_admin_guide.pdf
#>
$OSArchitecture = Get-WmiObject -Class Win32_OperatingSystem | Select-Object OSArchitecture
If($OSArchitecture.OSArchitecture -ne "32-bit")
    $CFGExists = Test-Path -Path "$Env:WinDir\SysWow64\Macromed\Flash\mms.cfg"
         if($CFGExists -eq $True)
         {$UpdateCheck = Select-String "$Env:WinDir\SysWow64\Macromed\Flash\mms.cfg" -pattern "AutoUpdateDisable=1" | Select-Object Line}
            if($UpdateCheck.Line -eq 'AutoUpdateDisable=1') {Write-Host 'Compliant'}
            else {Write-Host 'Non-Compliant'}
else
    $CFGExists = Test-Path -Path "$Env:WinDir\System32\Macromed\Flash\mms.cfg"
         if($CFGExists -eq $True)
         {$UpdateCheck = Select-String "$Env:WinDir\System32\Macromed\Flash\mms.cfg" -pattern "AutoUpdateDisable=1" | Select-Object Line}
            if($UpdateCheck.Line -eq 'AutoUpdateDisable=1') {Write-Host 'Compliant'}
            else {Write-Host 'Non-Compliant'}
Thanks,
Mark

Hi Jeff,
You were correct, Default client settings was set to All signed and once I set to bypass, PowerShell Scripts executed. But now I am getting:    If I run them both from PowerShell, they work fine. Thanks again for your help, Mark
Error Type
Error Code
Error Description
Error Source
Enforcement Error
0x87d00329
Application requirement evaluation or detection failed
CCM

Passing parameter value from one script to another in job chain steps

Hi all,
We have a scenario where in we have a job chain with two steps
1-Step 1 contains a script which fetches value from database to the script parameter(in/out) - PAR_DB_VALUE
2-Step 2 contains another script which uses the value of the parameter PAR_DB_VALUE and has to assign to another parameter in the script 2 called PAR_FETCHED_VALUE(in)
How to pass the value of PAR_DB_VALUE to PAR_FETCHED_VALUE which are parameters in two different steps
Please help
Thanks and Regards
Raj

Hi,
You can achieve this as follows (CPS version 6 & 7):
- Edit the chain
- Go to the second step, to the parameters of the script call in that step
- Go to the parameter (PAR_FETCHED_VALUE) that you want to be filled by the parameter of the first step
- choose "Chain value" in the detail screen for the parameter, and select the desired out parameter from the drop down
Note that both parameters need to be of the same type for this to work.
Regards,
Anton.

How could I create a Compliance Settings that enforces NetBIOS over TCP/IP?

Hello Everyone,
I need to be able to enforce NetBIOS over TCP/IP on some collections. I've created a batch script with one line that disable NetBIOS over TCP/IP but I also need to make sure this is enforced. How could I do the enforcement using Compliance Settings?
This is the line I use to disable it;
"wmic nicconfig where (TcpipNetbiosOptions!=Null and TcpipNetbiosOptions!=2) call SetTcpipNetbios 2"
Thank you everyone in advance for any help

I could probably help you with a CI for discovery and remediation, but I need (or you need to define) an additional parameter.
If I were to run this as a powershell discovery script:
$adapter=(gwmi win32_networkadapterconfiguration | where {$_.ipenabled -eq "1"})
Foreach ($nic in $adapter) {
write-host $nic.TcpIPNetBiosOptions
what's echo'd out (in my testing) is a 0, a 1 , or a 2.
0 means "default--use what your dhcp is offering"
1 = enabled
2 = disabled.
So... from your standpoint... is a 0 or 1, (either one) acceptable? or is only a value of 1, a hard-coded at the client (not whatever the default is from dhcp) the only acceptable value?
fyi, the remediation script, if 1 is the only acceptable answer, would probably be this:
$adapter=(gwmi win32_networkadapterconfiguration | where {$_.ipenabled -eq "1"})
Foreach ($nic in $adapter) {
$adapter.settcpipnetbios(1)
Standardize. Simplify. Automate.

How to set Business Hours with script?

I have a single SCCM 2012 SP1 CU4 server running on Windows Server 2012.
My business has multiple locations and some of them have different hours of operation. I am wanting to change the "Business Hours" for some of these sites and looking for the best way to do it.
I found this guide that uses PowerShell, but I get a "Script is not signed" error:
http://powersheller.wordpress.com/2012/11/20/sccm-2012-setting-software-center-business-hours-with-a-compliance-configuration-item/
I saw Torsten's example using a VBscript, but I get an "Incorrect function" error:
http://www.mssccmfaq.de/2012/03/26/software-center-business-hours-auslesen-setzen/
Both of those web pages look like they were done a couple years ago so I hope everything still applies.
Any help would be great!
Thanks

For the Powershell one... make sure you have two things. In the ConfigItem, for the Compliance test, you did check the box about "run the specified remediate script ..." right?
for the Baseline, when you assigned it, you did check the box about remediate when you deployed it to the collection?
If either or both of those are missing, what you are doing is monitor only... so the remediation script won't ever actually run, so it's monitoring only. So it would make sense that you are getting non-compliants back. You aren't ever asking
it to really run the remediation piece.
EDIT: Just referencing this here... just in case:
http://blogs.technet.com/b/server-cloud/archive/2012/03/28/business-hours-vs-maintenance-windows-with-system-center-2012-configuration-manager.aspx Sometimes people misunderstand what a business hours definition means vs. what a Maintenance Window
(Service Window) means in Configmgr 2012. If you aren't 100% positive what the difference is, read through that blog just to get it straight.
Standardize. Simplify. Automate.

Using SCCM Compliance Settings to Change Desktop Wallpaper

Hi,
I need to use the SCCM compliance settings to change the existing wallpaper to a new one.
If yes, do we have to copy the new image locally on the machines, can this be done using compliance ?
If not, how could we use the network location to do this?
I know the registry key to change this already.

I can give you some pointers, but you have to create the script yourself.
Basically your discovery script has to verify if the registry key exists, if it's set correctly and if the wallpaper is available locally. If either one of them is not true your it has to return a non compliant message. After that you do the same for your
remediation script, but then instead of returning a non compliant message you fix the settings that are not correct.
For some examples see the following links:
http://www.petervanderwoude.nl/post/category/configmgr-2012/compliance-settings/
http://www.petervanderwoude.nl/post/category/configmgr-2012/configuration-item/
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude

Need Help on powershell Script to send mails in different languages

Hello, Just wanted to use the script below to remind users of password expiry date (I got it from internet New-Passwordreminder.ps1). We have companies in many countries, so the email should be in the language of that country. So since our users are in different
OU's according to countries, I thought some one could help me edit this script and say if the user is in AB ou then email in english will be sent, if in BC ou then the email will be in Russian....So in the script I will have all the languages I need
to have written.
<#
.SYNOPSIS
  Notifies users that their password is about to expire.
.DESCRIPTION
    Let's users know their password will soon expire. Details the steps needed to change their password, and advises on what the password policy requires. Accounts for both standard Default Domain Policy based password policy and the fine grain
password policy available in 2008 domains.
.NOTES
    Version           : v2.6 - See changelog at
http://www.ehloworld.com/596
    Wish list      : Better detection of Exchange server
              : Set $DaysToWarn automatically based on Default Domain GPO setting
              : Description for scheduled task
              : Verify it's running on R2, as apparently only R2 has the AD commands?
              : Determine password policy settings for FGPP users
              : better logging
    Rights Required   : local admin on server it's running on
    Sched Task Req'd  : Yes - install mode will automatically create scheduled task
    Lync Version    : N/A
    Exchange Version  : 2007 or later
    Author           : M. Ali (original AD query), Pat Richard, Exchange MVP
    Email/Blog/Twitter :
[email protected] http://www.ehloworld.com @patrichard
    Dedicated Post   :
http://www.ehloworld.com/318
    Disclaimer       : You running this script means you won't blame me if this breaks your stuff.
    Info Stolen from   : (original)
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
              : (date)
http://technet.microsoft.com/en-us/library/ff730960.aspx
            : (calculating time)
http://blogs.msdn.com/b/powershell/archive/2007/02/24/time-till-we-land.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/23fc5ffb-7cff-4c09-bf3e-2f94e2061f29/
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
            : (password decryption)
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/f90bed75-475e-4f5f-94eb-60197efda6c6/
            : (determine per user fine grained password settings)
http://technet.microsoft.com/en-us/library/ee617255.aspx
.LINK
    http://www.ehloworld.com/318
.INPUTS
  None. You cannot pipe objects to this script
.PARAMETER Demo
  Runs the script in demo mode. No emails are sent to the user(s), and onscreen output includes those who are expiring soon.
.PARAMETER Preview
  Sends a sample email to the user specified. Usefull for testing how the reminder email looks.
.PARAMETER PreviewUser
  User name of user to send the preview email message to.
.PARAMETER Install
  Create the scheduled task to run the script daily. It does NOT create the required Exchange receive connector.
.EXAMPLE
  .\New-PasswordReminder.ps1
  Description
  Searches Active Directory for users who have passwords expiring soon, and emails them a reminder with instructions on how to change their password.
.EXAMPLE
  .\New-PasswordReminder.ps1 -demo
  Description
  Searches Active Directory for users who have passwords expiring soon, and lists those users on the screen, along with days till expiration and policy setting
.EXAMPLE
  .\New-PasswordReminder.ps1 -Preview -PreviewUser [username]
  Description
  Sends the HTML formatted email of the user specified via -PreviewUser. This is used to see what the HTML email will look like to the users.
.EXAMPLE
  .\New-PasswordReminder.ps1 -install
  Description
  Creates the scheduled task for the script to run everyday at 6am. It will prompt for the password for the currently logged on user. It does NOT create the required Exchange receive connector.
#>
#Requires -Version 2.0
[cmdletBinding(SupportsShouldProcess = $true)]
param(
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[switch]$Demo,
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[switch]$Preview,
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[switch]$Install,
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[string]$PreviewUser
Write-Verbose "Setting variables"
[string]$Company = "Contoso Ltd"
[string]$OwaUrl = "https://mail.contoso.com"
[string]$PSEmailServer = "10.9.0.11"
[string]$EmailFrom = "Help Desk <[email protected]>"
[string]$HelpDeskPhone = "(586) 555-1010"
[string]$HelpDeskURL = "https://intranet.contoso.com/"
[string]$TranscriptFilename = $MyInvocation.MyCommand.Name + " " + $env:ComputerName + " {0:yyyy-MM-dd hh-mmtt}.log" -f (Get-Date)
[int]$global:UsersNotified = 0
[int]$DaysToWarn = 14
[string]$ImagePath = "http://www.contoso.com/images/new-passwordreminder.ps1"
[string]$ScriptName = $MyInvocation.MyCommand.Name
[string]$ScriptPathAndName = $MyInvocation.MyCommand.Definition
[string]$ou
[string]$DateFormat = "d"
if ($PreviewUser){
$Preview = $true
Write-Verbose "Defining functions"
function Set-ModuleStatus {
[cmdletBinding(SupportsShouldProcess = $true)]
param (
  [parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "No module name specified!")]
  [string]$name
if(!(Get-Module -name "$name")) {
  if(Get-Module -ListAvailable | ? {$_.name -eq "$name"}) {
   Import-Module -Name "$name"
   # module was imported
   return $true
  } else {
   # module was not available (Windows feature isn't installed)
   return $false
}else {
  # module was already imported
  return $true
} # end function Set-ModuleStatus
function Remove-ScriptVariables {
[cmdletBinding(SupportsShouldProcess = $true)]
param($path)
$result = Get-Content $path |
ForEach { if ( $_ -match '(\$.*?)\s*=') {
   $matches[1] | ? { $_ -notlike '*.*' -and $_ -notmatch 'result' -and $_ -notmatch 'env:'}
ForEach ($v in ($result | Sort-Object | Get-Unique)){
  Remove-Variable ($v.replace("$","")) -ErrorAction SilentlyContinue
} # end function Get-ScriptVariables
function Install {
[cmdletBinding(SupportsShouldProcess = $true)]
param()
http://technet.microsoft.com/en-us/library/cc725744(WS.10).aspx
$error.clear()
Write-Host "Creating scheduled task `"$ScriptName`"..."
$TaskPassword = Read-Host "Please enter the password for $env:UserDomain\$env:UserName" -AsSecureString
$TaskPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($TaskPassword))
# need to fix the issue with spaces in the path
schtasks /create /tn $ScriptName /tr "$env:windir\system32\windowspowershell\v1.0\powershell.exe -psconsolefile '$env:ExchangeInstallPath\Bin\exshell.psc1' -command $ScriptPathAndName" /sc Daily /st 06:00 /ru $env:UserDomain\$env:UserName /rp
$TaskPassword | Out-Null
if (!($error)){
  Write-Host "done!" -ForegroundColor green
}else{
  Write-Host "failed!" -ForegroundColor red
exit
} # end function Install
function Get-ADUserPasswordExpirationDate {
[cmdletBinding(SupportsShouldProcess = $true)]
Param (
  [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, HelpMessage = "Identity of the Account")]
  [Object]$accountIdentity
PROCESS {
  Write-Verbose "Getting the user info for $accountIdentity"
  $accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet, name, mail
  # Make sure the password is not expired, and the account is not set to never expire
    Write-Verbose "verifying that the password is not expired, and the user is not set to PasswordNeverExpires"
    if (((!($accountObj.PasswordExpired)) -and (!($accountObj.PasswordNeverExpires))) -or ($PreviewUser)) {
    Write-Verbose "Verifying if the date the password was last set is available"
    $passwordSetDate = $accountObj.PasswordLastSet
      if ($passwordSetDate -ne $null) {
      $maxPasswordAgeTimeSpan = $null
        # see if we're at Windows2008 domain functional level, which supports granular password policies
        Write-Verbose "Determining domain functional level"
        if ($global:dfl -ge 4) { # 2008 Domain functional level
          $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
          if ($accountFGPP -ne $null) {
          $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
     } else {
      $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    } else { # 2003 or ealier Domain Functional Level
     $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    if ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -ne 0) {
     $DaysTillExpire = [math]::round(((New-TimeSpan -Start (Get-Date) -End ($passwordSetDate + $maxPasswordAgeTimeSpan)).TotalDays),0)
     if ($preview){$DaysTillExpire = 1}
     if ($DaysTillExpire -le $DaysToWarn){
      Write-Verbose "User should receive email"
      $PolicyDays = [math]::round((($maxPasswordAgeTimeSpan).TotalDays),0)
      if ($demo) {Write-Host ("{0,-25}{1,-8}{2,-12}" -f $accountObj.Name, $DaysTillExpire, $PolicyDays)}
            # start assembling email to user here
      $EmailName = $accountObj.Name
      $DateofExpiration = (Get-Date).AddDays($DaysTillExpire)
      $DateofExpiration = (Get-Date($DateofExpiration) -f $DateFormat)
Write-Verbose "Assembling email message"
[string]$emailbody = @"
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<table id="email" border="0" cellspacing="0" cellpadding="0" width="655" align="center">
  <tr>
   <td align="left" valign="top"><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="46" height="28" align="absMiddle">
if ($HelpDeskURL){
$emailbody += @"
   <font style="font-size: 10px; color: #000000; line-height: 16px; font-family: Verdana, Arial, Helvetica, sans-serif">If this e-mail does not appear properly, please <a href="$HelpDeskURL" style="font-weight:
bold; font-size: 10px; color: #cc0000; font-family: verdana, arial, helvetica, sans-serif; text-decoration: underline">click here</a>.</font>
$emailbody += @"
   </td>
  </tr>
  <tr>
if ($HelpDeskURL){
$emailbody += @"
   <td height="121" align="left" valign="bottom"><a href="$HelpDeskURL"><img src="$ImagePath/header.gif" border="0" alt="Description: $ImagePath/header.gif"
width="655" height="121"></a></td>
}else{
$emailbody += @"
   <td height="121" align="left" valign="bottom"><img src="$ImagePath/header.gif" border="0" alt="Description: $ImagePath/header.gif" width="655" height="121"></td>
$emailbody += @"
  </tr>
  <tr>
   <td>
    <table id="body" border="0" cellspacing="0" cellpadding="0">
     <tr>
      <td width="1" align="left" valign="top" bgcolor="#a8a9ad"><img src="$ImagePath/spacer50.gif" alt="Description: $ImagePath/spacer50.gif" width="1"
height="50"></td>
      <td><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="46" height="106"></td>
      <td id="text" width="572" align="left" valign="top" style="font-size: 12px; color: #000000; line-height: 17px; font-family: Verdana, Arial, Helvetica, sans-serif">
if ($DaysTillExpire -le 1){
$emailbody += @"
  <div align='center'>
   <table border='0' cellspacing='0' cellpadding='0' style='width:510px; background-color: white; border: 0px;'>
    <tr>
     <td align='right'><img width='36' height='28' src='$ImagePath/image001b.gif' alt='Description: $ImagePath/image001b.gif'></td>
     <td style="font-family: verdana; background: #E12C10; text-align: center; padding: 0px; font-size: 9.0pt; color: white">ALERT: You must change your password today or you will be locked out!</td>
     <td align='left'><img border='0' width='14' height='28' src='$ImagePath/image005b.gif' alt='Description: $ImagePath/image005b.gif'></td>
    </tr>
   </table>
  </div>
$emailbody += @"
   <p style="font-weight: bold">Hello, $EmailName,</p>
   <p>It's change time again! Your $company password expires in <span style="background-color: red; color: white; font-weight: bold;"> $DaysTillExpire </span> day(s), on $DateofExpiration.</p>
   <p>Please use one of the methods below to update your password:</p>
   <ol>
    <li>$company office computers and Terminal Server users: You may update your password on your computer by pressing Ctrl-Alt-Delete and selecting 'Change Password' from the available options. If you use a $company laptop in addition
to a desktop PC, be sure and read #3 below.</li>
    <li>Remote Outlook Client, Mac, and/or Outlook Web App users: If you only access our email system, please use the following method to easily change your password:</li>
    <ul>
     <li>Log into <a href="$owaurl">Outlook Web App</a> using Internet Explorer (PC) or Safari or Firefox (Mac).</li>
     <li>Click on the Options button in the upper right corner of the page.</li>
     <li>Select the "Change Password" link to change your password.</li>
     <li>Enter your current password, then your new password twice, and click Save</li>
     <li><span style="font-weight: bold">NOTE:</span> You will now need to use your new password when logging into Outlook Web App, Outlook 2010, SharePoint, Windows Mobile (ActiveSync) devices, etc. Blackberry
Enterprise Users (BES) will not need to update their password. Blackberry Internet Service (BIS) users will be required to use their new password on their device.</li>
    </ul>
    <li>$company issued laptops: If you have been issued a $company laptop, you must be in a corporate office and directly connected to the company network to change your password. If you also use a desktop PC in the office, you must
remember to always update your domain password on the laptop first. Your desktop will automatically use the new password.</li>
    <ul>
     <li>Log in on laptop</li>
     <li>Press Ctrl-Alt-Delete and select 'Change Password' from the available options.</li>
     <li>Make sure your workstation (if you have one) has been logged off any previous sessions so as to not cause conflict with your new password.</li>
    </ul>
   </ol>
   <p>Think you've got a complex password? Run it through the <a href="The">http://www.passwordmeter.com/">The Password Meter</a></p>
   <p>Think your password couldn't easily be hacked? See how long it would take: <a href="How">http://howsecureismypassword.net/">How Secure Is My Password</a></p>
   <p>Remember, if you do not change your password before it expires on $DateofExpiration, you will be locked out of all $company Computer Systems until an Administrator unlocks your account.</p>
   <p>If you are traveling or will not be able to bring your laptop into the office before your password expires, please call the number below for additional instructions.</p>
   <p>You will continue to receive these emails daily until the password is changed or expires.</p>
   <p>Thank you,<br />
   The $company Help Desk<br />
   $HelpDeskPhone</p>
if ($accountFGPP -eq $null){
$emailbody += @"
   <table style="background-color: #dedede; border: 1px solid black">
    <tr>
     <td style="font-size: 12px; color: #000000; line-height: 17px; font-family: Verdana, Arial, Helvetica, sans-serif"><b>$company Password Policy</b>
      <ul>
       <li>Your password must have a minimum of a $MinPasswordLength characters.</li>
       <li>You may not use a previous password.</li>
       <li>Your password must not contain parts of your first, last, or logon name.</li>
       <li>Your password must be changed every $PolicyDays days.</li>
if ($PasswordComplexity){
Write-Verbose "Password complexity"
$emailbody += @"
       <li>Your password requires a minimum of two of the following three categories:</li>
       <ul>
        <li>1 upper case character (A-Z)</li>
        <li>1 lower case character (a-z)</li>
        <li>1 numeric character (0-9)</li>
       </ul>
$emailbody += @"
       <li>You may not reuse any of your last $PasswordHistory passwords</li>
      </ul>
     </td>
    </tr>
   </table>
$emailbody += @"
       </td>
       <td width="49" align="left" valign="top"><img src="$ImagePath/spacer50.gif" alt="" width="49" height="50"></td>
       <td width="1" align="left" valign="top" bgcolor="#a8a9ad"><img src="$ImagePath/spacer50.gif" alt="Description: $ImagePath/spacer50.gif" width="1"
height="50"></td>
      </tr>
     </table>
     <table id="footer" border="0" cellspacing="0" cellpadding="0" width="655">
      <tr>
       <td><img src="$ImagePath/footer.gif" alt="Description: $ImagePath/footer.gif" width="655" height="81"></td>
      </tr>
     </table>
     <table border="0" cellspacing="0" cellpadding="0" width="655" align="center">
      <tr>
       <td align="left" valign="top"><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="36" height="1"></td>
       <td align="middle" valign="top"><font face="Verdana" size="1" color="#000000"><p>This email was sent by an automated process.
if ($HelpDeskURL){
$emailbody += @"
       If you would like to comment on it, please visit <a href="$HelpDeskURL"><font color="#ff0000"><u>click here</u></font></a>
$emailbody += @"
        </p><p style="color: #009900;"><font face="Webdings" size="4">P</font> Please consider the environment before printing this email.</p></font>
       </td>
       <td align="left" valign="top"><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="36" height="1"></td>
      </tr>
     </table>
    </td>
   </tr>
  </table>
</body>
</html>
      if (!($demo)){
       $emailto = $accountObj.mail
       if ($emailto){
        Write-Verbose "Sending demo message to $emailto"
        Send-MailMessage -To $emailto -Subject "Your password expires in $DaysTillExpire day(s)" -Body $emailbody -From $EmailFrom -Priority High -BodyAsHtml
        $global:UsersNotified++
       }else{
        Write-Verbose "Can not email this user. Email address is blank"
} # end function Get-ADUserPasswordExpirationDate
if ($install){
Write-Verbose "Install mode"
Install
Write-Verbose "Checking for ActiveDirectory module"
if ((Set-ModuleStatus ActiveDirectory) -eq $false){
$error.clear()
Write-Host "Installing the Active Directory module..." -ForegroundColor yellow
Set-ModuleStatus ServerManager
Add-WindowsFeature RSAT-AD-PowerShell
if ($error){
  Write-Host "Active Directory module could not be installed. Exiting..." -ForegroundColor red;
  if ($transcript){Stop-Transcript}
  exit
Write-Verbose "Getting Domain functional level"
$global:dfl = (Get-AdDomain).DomainMode
# Get-ADUser -filter * -properties PasswordLastSet,EmailAddress,GivenName -SearchBase "OU=Users,DC=domain,DC=test" |foreach {
if (!($PreviewUser)){
if ($ou){
  Write-Verbose "Filtering users to $ou"
  $users = Get-AdUser -filter * -SearchScope subtree -SearchBase $ou -ResultSetSize $null
}else{
  $users = Get-AdUser -filter * -ResultSetSize $null
}else{
Write-Verbose "Preview mode"
$users = Get-AdUser $PreviewUser
if ($demo){
Write-Verbose "Demo mode"
# $WhatIfPreference = $true
Write-Host "`n"
Write-Host ("{0,-25}{1,-8}{2,-12}" -f "User", "Expires", "Policy") -ForegroundColor cyan
Write-Host ("{0,-25}{1,-8}{2,-12}" -f "========================", "=======", "===========") -ForegroundColor cyan
Write-Verbose "Setting event log configuration"
$evt = new-object System.Diagnostics.EventLog("Application")
$evt.Source = $ScriptName
$infoevent = [System.Diagnostics.EventLogEntryType]::Information
$EventLogText = "Beginning processing"
$evt.WriteEntry($EventLogText,$infoevent,70)
Write-Verbose "Getting password policy configuration"
$DefaultDomainPasswordPolicy = Get-ADDefaultDomainPasswordPolicy
[int]$MinPasswordLength = $DefaultDomainPasswordPolicy.MinPasswordLength
# this needs to look for FGPP, and then default to this if it doesn't exist
[bool]$PasswordComplexity = $DefaultDomainPasswordPolicy.ComplexityEnabled
[int]$PasswordHistory = $DefaultDomainPasswordPolicy.PasswordHistoryCount
ForEach ($user in $users){
Get-ADUserPasswordExpirationDate $user.samaccountname
Write-Verbose "Writing summary event log entry"
$EventLogText = "Finished processing $global:UsersNotified account(s). `n`nFor more information about this script, run Get-Help .\$ScriptName. See the blog post at
http://www.ehloworld.com/318."
$evt.WriteEntry($EventLogText,$infoevent,70)
# $WhatIfPreference = $false
# Remove-ScriptVariables -path $MyInvocation.MyCommand.Name
Remove-ScriptVariables -path $ScriptPathAndName

Hi petro_jemes,
Just a little claritification, you need to add the value to the variable "[string]$ou", and also change the language in the variable "$emailbody" in the function "Get-ADUserPasswordExpirationDate".
I hope this helps.

Writing Unicode characters to scripting parameters on Windows

I am trying to read/write a file path that supports Unicode characters to/from scripting parameters (PIDescriptorParameters) with an Export plug-in. This works fine on OS X by using AliasHandle together with the "typeAlias" resource type in the "aete" section of the plugin resource file.
On Windows I am having trouble to make Photoshop correctly display paths with Unicode characters. I have tried:
- Writing null-terminated char* (Windows-1252) in a "typePath" parameter -- this works but obviously does not support Unicode.
- Writing null-terminated wchar* (UTF-16) in a "typePath" parameter -- this causes the saved path in the Action palette to be truncated to the first character, caused by null bytes in UTF-16. It appears PS does not understand UTF-16 in this case?
- Creating an alias record with sPSAlias->WinNewAliasFromWidePath and storing in a "typePath" or "typeAlias" parameter -- this causes the Action palette to show "txtu&", which does not make sense to me at all.
The question is: what is the correct scripting parameter resource type (typePath, typeAlias, ... ?) for file paths on Windows, and how do I write to it in such way that Photoshop will correctly display Unicode characters in the Actions palette?

Hi
Skip the first (4 or 6 characters) and you'll get the Unicode value.
regards
Bartek

Calling a sql in shell script

Dear All,
I want to call an sql script within a unix shell script. I want to pass a parameter into the shell script which should be used as a parameter in teh sql script.
e.g
$ ./shell1.sh 5000129
here 5000129 is a prameter
inside shell script i am calling one sql script
e.g.
@script1.sql;
inside the sql script I have an update statement
UPDATE abc set xx = 22 where id = 500129;
as you can see the 5000129 passed as shell script parameter, is being passed as parameter in the sql script.
Please can you advise how can I achieve this?
Many Thanks,

Hi
You could try something like this.
tmpSQLFile=$EXTLOG_DIR/tmpSQLFile_$$.sql
tmpSpoolFile=$EXTLOG_DIR/tmpSpoolFile_$$.sql
export ORACLE_PWD=`cat /home/oracle/secure/runtime_user.dat`
echo "spool $_tmpSpoolFile" > $_tmpSQLFile
echo "SET ECHO OFF NEWP 0 SPA 0 PAGES 0 FEED OFF HEAD OFF TRIMS ON LINESIZE 10000 TIMING OFF" >> $_tmpSQLFile
echo "begin" >> $_tmpSQLFile
echo "DW_MGT_SCHEMA.PKG_RUNTIME_HANDLER.SP_UPD_RUNTIME_EXT_CTL_LOG_TDT(p_transfer_date => '$today', p_schedule_id => $schedule_id);" >> $_tmpSQLFile
echo "end;" >> $_tmpSQLFile
echo "/" >> $_tmpSQLFile
echo "exit" >> $_tmpSQLFile
sqlplus ${ORACLE_USER}@${ORACLE_SID} @$_tmpSQLFile << EOT
`echo $ORACLE_PWD`
EOTCheers
Gary

Compliance Remediation Script parameter

Similar Messages

Maybe you are looking for