Cody Mathis CodyMathis123

## Undecline-AllDeclineWSUSUpdates.ps1
$wsus = Get-WsusServer
$scope = [Microsoft.UpdateServices.Administration.UpdateScope]::new()
$scope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Declined
$updates = $wsus.GetUpdates($scope)
$AllComputersTargetGroup = $wsus.GetComputerTargetGroup([Microsoft.UpdateServices.Administration.ComputerTargetGroupId]::AllComputers)
foreach($computerGroup in $AllComputersTargetGroup.GetChildTargetGroups()){
    foreach($update in $updates){
        $update.Approve([Microsoft.UpdateServices.Administration.UpdateApprovalAction]::NotApproved, $computerGroup)
    }
}

## set-islocallypublishedwid.ps1

<#
    .SYNOPSIS
        Searches the local WSUS for all PMPC updates and marks them as IsLocallyPublished = 0 in the SUSDB
    .DESCRIPTION
        This script is used to force all PMPC updates to show in the WSUS console. This is useful when you are in a WSUS
        standalone scenarion and will not be managing updates through ConfigMgr or some other method.
        By default, third party updates do not show in WSUS. This is a workound. Use at your own risk as it is a database edit.
    .EXAMPLE
        C:\PS>  Set-PMPCUpdatesToShowInWSUS.ps1

## get-var-orch.sql
--Originally Written by: Narayana Vyas Kondreddi
--Modified By: Jon Mattivi
--Purpose: Search all tables and columns in the Orchestrator database to find variable instances

DECLARE @VarName nvarchar(100), @VarID nvarchar(100)
SET @VarName = 'MyVariableName'

SET @VarID = (Select VARIABLES.UniqueID
From VARIABLES
INNER JOIN OBJECTS ON OBJECTS.UniqueID = VARIABLES.UniqueID

## SystemInfo-JSON.ps1
$props = @('Name', 'Model', 'Manufacturer', 'Username', 'SystemSKUNumber', 'TotalPhysicalMemory')
$calculatedProps = @{ Name = 'RAM (GB)'; Expression = { [int]($_.TotalPhysicalMemory / 1GB) } }, @{ Name = 'Processor Name'; Expression = { (Get-CimInstance -Query 'SELECT Name FROM Win32_Processor').Name.Trim() } }
$fullPropsToSelect = foreach ($propToSelect in $($props, $calculatedProps)) {
    $propToSelect
}
Get-CimInstance -Query "SELECT $($props -Join ',') FROM Win32_ComputerSystem" | Select-Object -Property $fullPropsToSelect -ExcludeProperty TotalPhysicalMemory | ConvertTo-Json

## Package_NotOn_AllDP_Group.sql
DECLARE @allDPgroupID uniqueidentifier  = (SELECT TOP 1 GroupID FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)
DECLARE @allDPgroupMemberCount int  = (SELECT TOP 1 MemberCount FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)

SELECT DISTINCT dpgp.PkgID
	, p.packagetype
	, bycount.TargeteddDPCount
	FROM v_DPGroupPackages dpgp
JOIN v_package p ON p.packageid = dpgp.PkgID
JOIN (
	SELECT cdss.pkgid

## New-CCMScheduleStartTime.ps1
Function New-CCMScheduleStartTime {
    [CmdletBinding()]
    <#
        .SYNOPSIS
            Recreate a CMSchedule object with a new start time
        .DESCRIPTION
            Natively, the CMSchedule objects do not allow you to write to the StartTime property. This makes it
            difficult to adjust the start time of an existing maintenance window. This function can be used to
            'recreate' a CMSchedule based on the input schedule, with a new start time.
        .PARAMETER CMSchedule

## PSADT-WaaS-InteractiveStart-CachedSnippet.ps1
<#
    This snippet is for use in a PSADT script. It assumes you have added parameters, or hardcoded the following
        * $DeploymentID - The deployment ID of the task sequence you want to check the cache for, and which will be invoked
        * $CheckAC - A boolean (or switch) that determines if you want to force the user to plug in prior to upgrading. This step is only check if
            the pre-caching has passed
#>

#region Validate that all content is pre-cached so we do not bother the user until the TS is ready to start
$TS = Get-WmiObject -Namespace ROOT\ccm\Policy\Machine\ActualConfig -Class CCM_SoftwareDistribution -Filter "ADV_AdvertisementID='$DeploymentID'" -Property PKG_PackageID, PKG_Name
if ($null -ne $TS) {

## Set-ContentNoSSL.ps1
#region detection
$SitePath = 'WSUS Administration/Content'

$getWebConfigurationPropertySplat = @{
    Filter   = '/system.webServer/security/Access'
    Name     = 'sslFlags'
    PSPath   = 'MACHINE/WEBROOT/APPHOST'
    Location = $SitePath
}
try {

## Set-ApiRemoting30SSL.ps1
#region detection
$SitePath = 'WSUS Administration/ApiRemoting30'

$getWebConfigurationPropertySplat = @{
    Filter   = '/system.webServer/security/Access'
    Name     = 'sslFlags'
    PSPath   = 'MACHINE/WEBROOT/APPHOST'
    Location = $SitePath
}
Get-WebConfigurationProperty @getWebConfigurationPropertySplat

## Set-WSUSContentDirAnonAuth.ps1
$Remediate = $false
Import-Module WebAdministration
$UseAppPoolIdentity = (Get-WebConfigurationProperty -Filter 'system.WebServer/security/authentication/AnonymousAuthentication' -Name username -Location 'WSUS Administration/Content') -eq ''
switch ($UseAppPoolIdentity) {
    $true {
        $true
    }
    $false {
        switch ($Remediate) {
            $true {
	$wsus = Get-WsusServer
	$scope = [Microsoft.UpdateServices.Administration.UpdateScope]::new()
	$scope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Declined
	$updates = $wsus.GetUpdates($scope)
	$AllComputersTargetGroup = $wsus.GetComputerTargetGroup([Microsoft.UpdateServices.Administration.ComputerTargetGroupId]::AllComputers)
	foreach($computerGroup in $AllComputersTargetGroup.GetChildTargetGroups()){
	foreach($update in $updates){
	$update.Approve([Microsoft.UpdateServices.Administration.UpdateApprovalAction]::NotApproved, $computerGroup)
	}
	}

	<#
	.SYNOPSIS
	Searches the local WSUS for all PMPC updates and marks them as IsLocallyPublished = 0 in the SUSDB
	.DESCRIPTION
	This script is used to force all PMPC updates to show in the WSUS console. This is useful when you are in a WSUS
	standalone scenarion and will not be managing updates through ConfigMgr or some other method.
	By default, third party updates do not show in WSUS. This is a workound. Use at your own risk as it is a database edit.
	.EXAMPLE
	C:\PS> Set-PMPCUpdatesToShowInWSUS.ps1
	--Originally Written by: Narayana Vyas Kondreddi
	--Modified By: Jon Mattivi
	--Purpose: Search all tables and columns in the Orchestrator database to find variable instances

	DECLARE @VarName nvarchar(100), @VarID nvarchar(100)
	SET @VarName = 'MyVariableName'

	SET @VarID = (Select VARIABLES.UniqueID
	From VARIABLES
	INNER JOIN OBJECTS ON OBJECTS.UniqueID = VARIABLES.UniqueID
	$props = @('Name', 'Model', 'Manufacturer', 'Username', 'SystemSKUNumber', 'TotalPhysicalMemory')
	$calculatedProps = @{ Name = 'RAM (GB)'; Expression = { [int]($_.TotalPhysicalMemory / 1GB) } }, @{ Name = 'Processor Name'; Expression = { (Get-CimInstance -Query 'SELECT Name FROM Win32_Processor').Name.Trim() } }
	$fullPropsToSelect = foreach ($propToSelect in $($props, $calculatedProps)) {
	$propToSelect
	}
	Get-CimInstance -Query "SELECT $($props -Join ',') FROM Win32_ComputerSystem" \| Select-Object -Property $fullPropsToSelect -ExcludeProperty TotalPhysicalMemory \| ConvertTo-Json
	DECLARE @allDPgroupID uniqueidentifier = (SELECT TOP 1 GroupID FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)
	DECLARE @allDPgroupMemberCount int = (SELECT TOP 1 MemberCount FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)

	SELECT DISTINCT dpgp.PkgID
	, p.packagetype
	, bycount.TargeteddDPCount
	FROM v_DPGroupPackages dpgp
	JOIN v_package p ON p.packageid = dpgp.PkgID
	JOIN (
	SELECT cdss.pkgid
	Function New-CCMScheduleStartTime {
	[CmdletBinding()]
	<#
	.SYNOPSIS
	Recreate a CMSchedule object with a new start time
	.DESCRIPTION
	Natively, the CMSchedule objects do not allow you to write to the StartTime property. This makes it
	difficult to adjust the start time of an existing maintenance window. This function can be used to
	'recreate' a CMSchedule based on the input schedule, with a new start time.
	.PARAMETER CMSchedule
	<#
	This snippet is for use in a PSADT script. It assumes you have added parameters, or hardcoded the following
	* $DeploymentID - The deployment ID of the task sequence you want to check the cache for, and which will be invoked
	* $CheckAC - A boolean (or switch) that determines if you want to force the user to plug in prior to upgrading. This step is only check if
	the pre-caching has passed
	#>

	#region Validate that all content is pre-cached so we do not bother the user until the TS is ready to start
	$TS = Get-WmiObject -Namespace ROOT\ccm\Policy\Machine\ActualConfig -Class CCM_SoftwareDistribution -Filter "ADV_AdvertisementID='$DeploymentID'" -Property PKG_PackageID, PKG_Name
	if ($null -ne $TS) {
	#region detection
	$SitePath = 'WSUS Administration/Content'

	$getWebConfigurationPropertySplat = @{
	Filter = '/system.webServer/security/Access'
	Name = 'sslFlags'
	PSPath = 'MACHINE/WEBROOT/APPHOST'
	Location = $SitePath
	}
	try {
	#region detection
	$SitePath = 'WSUS Administration/ApiRemoting30'

	$getWebConfigurationPropertySplat = @{
	Filter = '/system.webServer/security/Access'
	Name = 'sslFlags'
	PSPath = 'MACHINE/WEBROOT/APPHOST'
	Location = $SitePath
	}
	Get-WebConfigurationProperty @getWebConfigurationPropertySplat
	$Remediate = $false
	Import-Module WebAdministration
	$UseAppPoolIdentity = (Get-WebConfigurationProperty -Filter 'system.WebServer/security/authentication/AnonymousAuthentication' -Name username -Location 'WSUS Administration/Content') -eq ''
	switch ($UseAppPoolIdentity) {
	$true {
	$true
	}
	$false {
	switch ($Remediate) {
	$true {