Enabling BitLocker automatically without MBAM

Enabling BitLocker can be done a number of ways with and without interaction. When deploying Windows with SCCM you can enable BitLocker in a task sequence, or if you have Microsoft BitLocker Administration and Monitoring (MBAM), you can require BitLocker be enabled post deployment. I wanted a way to automatically enable BitLocker with Group Policy, without requiring user interaction and without requiring MBAM and figured a PowerShell script was the easiest way to do it.

Continue reading “Enabling BitLocker automatically without MBAM”

A more flexible SCCM App Detection with PowerShell

SCCM provides a few options to detect the presence of an application.  The default clauses are via MSI Product Code, Registry Key, or File.  You can also combine these in your detection.  Alternatively you can use a script to detect the presence (PowerShell, VBScript, or JavaScript).  Here’s what I’ve been using in PowerShell to detect most applications (assuming it writes a registry key to the standard “Uninstall” key:

Continue reading “A more flexible SCCM App Detection with PowerShell”

Disable SMB1 with PowerShell and SCCM

There are many reasons to disable and stop using SMB1 in Windows.  It’s insecure and isn’t efficient either.  I’m not the first to mention that it should be disabled and likely won’t be the last.

With that in mind, Microsoft has a page on how to disable it (linked below), but I’ll go through a simple way to use SCCM and PowerShell to ensure it’s disabled across your fleet.

Continue reading “Disable SMB1 with PowerShell and SCCM”