Cody Mathis CodyMathis123

## get-var-orch.sql
--Originally Written by: Narayana Vyas Kondreddi
--Modified By: Jon Mattivi
--Purpose: Search all tables and columns in the Orchestrator database to find variable instances

DECLARE @VarName nvarchar(100), @VarID nvarchar(100)
SET @VarName = 'MyVariableName'

SET @VarID = (Select VARIABLES.UniqueID
From VARIABLES
INNER JOIN OBJECTS ON OBJECTS.UniqueID = VARIABLES.UniqueID

## SystemInfo-JSON.ps1
$props = @('Name', 'Model', 'Manufacturer', 'Username', 'SystemSKUNumber', 'TotalPhysicalMemory')
$calculatedProps = @{ Name = 'RAM (GB)'; Expression = { [int]($_.TotalPhysicalMemory / 1GB) } }, @{ Name = 'Processor Name'; Expression = { (Get-CimInstance -Query 'SELECT Name FROM Win32_Processor').Name.Trim() } }
$fullPropsToSelect = foreach ($propToSelect in $($props, $calculatedProps)) {
    $propToSelect
}
Get-CimInstance -Query "SELECT $($props -Join ',') FROM Win32_ComputerSystem" | Select-Object -Property $fullPropsToSelect -ExcludeProperty TotalPhysicalMemory | ConvertTo-Json

## Package_NotOn_AllDP_Group.sql
DECLARE @allDPgroupID uniqueidentifier  = (SELECT TOP 1 GroupID FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)
DECLARE @allDPgroupMemberCount int  = (SELECT TOP 1 MemberCount FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)

SELECT DISTINCT dpgp.PkgID
	, p.packagetype
	, bycount.TargeteddDPCount
	FROM v_DPGroupPackages dpgp
JOIN v_package p ON p.packageid = dpgp.PkgID
JOIN (
	SELECT cdss.pkgid

## New-CCMScheduleStartTime.ps1
Function New-CCMScheduleStartTime {
    [CmdletBinding()]
    <#
        .SYNOPSIS
            Recreate a CMSchedule object with a new start time
        .DESCRIPTION
            Natively, the CMSchedule objects do not allow you to write to the StartTime property. This makes it
            difficult to adjust the start time of an existing maintenance window. This function can be used to
            'recreate' a CMSchedule based on the input schedule, with a new start time.
        .PARAMETER CMSchedule

## PSADT-WaaS-InteractiveStart-CachedSnippet.ps1
<#
    This snippet is for use in a PSADT script. It assumes you have added parameters, or hardcoded the following
        * $DeploymentID - The deployment ID of the task sequence you want to check the cache for, and which will be invoked
        * $CheckAC - A boolean (or switch) that determines if you want to force the user to plug in prior to upgrading. This step is only check if
            the pre-caching has passed
#>

#region Validate that all content is pre-cached so we do not bother the user until the TS is ready to start
$TS = Get-WmiObject -Namespace ROOT\ccm\Policy\Machine\ActualConfig -Class CCM_SoftwareDistribution -Filter "ADV_AdvertisementID='$DeploymentID'" -Property PKG_PackageID, PKG_Name
if ($null -ne $TS) {

## Set-ContentNoSSL.ps1
#region detection
$SitePath = 'WSUS Administration/Content'

$getWebConfigurationPropertySplat = @{
    Filter   = '/system.webServer/security/Access'
    Name     = 'sslFlags'
    PSPath   = 'MACHINE/WEBROOT/APPHOST'
    Location = $SitePath
}
try {

## Set-ApiRemoting30SSL.ps1
#region detection
$SitePath = 'WSUS Administration/ApiRemoting30'

$getWebConfigurationPropertySplat = @{
    Filter   = '/system.webServer/security/Access'
    Name     = 'sslFlags'
    PSPath   = 'MACHINE/WEBROOT/APPHOST'
    Location = $SitePath
}
Get-WebConfigurationProperty @getWebConfigurationPropertySplat

## Set-WSUSContentDirAnonAuth.ps1
$Remediate = $false
Import-Module WebAdministration
$UseAppPoolIdentity = (Get-WebConfigurationProperty -Filter 'system.WebServer/security/authentication/AnonymousAuthentication' -Name username -Location 'WSUS Administration/Content') -eq ''
switch ($UseAppPoolIdentity) {
    $true {
        $true
    }
    $false {
        switch ($Remediate) {
            $true {

## Set-WSUSContentDir.ps1
$Remediate = $false

$PathShouldBeROOT = Get-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup" -Name ContentDir | Select-Object -ExpandProperty ContentDir
$PathShouldBe = Join-Path -Path $PathShouldBeROOT -ChildPath 'WSUSContent'

[Void][Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration")
$serverManager = New-Object Microsoft.Web.Administration.ServerManager
$site = $serverManager.Sites | Where-Object { $_.Name -eq "WSUS Administration" }
$rootApp = $site.Applications | Where-Object { $_.Path -eq "/" }
$rootVdir = $rootApp.VirtualDirectories | Where-Object { $_.Path -eq "/Content" }

## Set-LEDBATWSUS.ps1
#region detection/remediation
#region define variables
$Remediate = $false
#endregion define variables

try {
    $WSUS_Server = Get-WsusServer -ErrorAction Stop
    switch ($WSUS_Server -is [Microsoft.UpdateServices.Internal.BaseApi.UpdateServer]) {
        $true {
            $WSUS_Port = $WSUS_Server | Select-Object -ExpandProperty PortNumber
	--Originally Written by: Narayana Vyas Kondreddi
	--Modified By: Jon Mattivi
	--Purpose: Search all tables and columns in the Orchestrator database to find variable instances

	DECLARE @VarName nvarchar(100), @VarID nvarchar(100)
	SET @VarName = 'MyVariableName'

	SET @VarID = (Select VARIABLES.UniqueID
	From VARIABLES
	INNER JOIN OBJECTS ON OBJECTS.UniqueID = VARIABLES.UniqueID
	$props = @('Name', 'Model', 'Manufacturer', 'Username', 'SystemSKUNumber', 'TotalPhysicalMemory')
	$calculatedProps = @{ Name = 'RAM (GB)'; Expression = { [int]($_.TotalPhysicalMemory / 1GB) } }, @{ Name = 'Processor Name'; Expression = { (Get-CimInstance -Query 'SELECT Name FROM Win32_Processor').Name.Trim() } }
	$fullPropsToSelect = foreach ($propToSelect in $($props, $calculatedProps)) {
	$propToSelect
	}
	Get-CimInstance -Query "SELECT $($props -Join ',') FROM Win32_ComputerSystem" \| Select-Object -Property $fullPropsToSelect -ExcludeProperty TotalPhysicalMemory \| ConvertTo-Json
	DECLARE @allDPgroupID uniqueidentifier = (SELECT TOP 1 GroupID FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)
	DECLARE @allDPgroupMemberCount int = (SELECT TOP 1 MemberCount FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)

	SELECT DISTINCT dpgp.PkgID
	, p.packagetype
	, bycount.TargeteddDPCount
	FROM v_DPGroupPackages dpgp
	JOIN v_package p ON p.packageid = dpgp.PkgID
	JOIN (
	SELECT cdss.pkgid
	Function New-CCMScheduleStartTime {
	[CmdletBinding()]
	<#
	.SYNOPSIS
	Recreate a CMSchedule object with a new start time
	.DESCRIPTION
	Natively, the CMSchedule objects do not allow you to write to the StartTime property. This makes it
	difficult to adjust the start time of an existing maintenance window. This function can be used to
	'recreate' a CMSchedule based on the input schedule, with a new start time.
	.PARAMETER CMSchedule
	<#
	This snippet is for use in a PSADT script. It assumes you have added parameters, or hardcoded the following
	* $DeploymentID - The deployment ID of the task sequence you want to check the cache for, and which will be invoked
	* $CheckAC - A boolean (or switch) that determines if you want to force the user to plug in prior to upgrading. This step is only check if
	the pre-caching has passed
	#>

	#region Validate that all content is pre-cached so we do not bother the user until the TS is ready to start
	$TS = Get-WmiObject -Namespace ROOT\ccm\Policy\Machine\ActualConfig -Class CCM_SoftwareDistribution -Filter "ADV_AdvertisementID='$DeploymentID'" -Property PKG_PackageID, PKG_Name
	if ($null -ne $TS) {
	#region detection
	$SitePath = 'WSUS Administration/Content'

	$getWebConfigurationPropertySplat = @{
	Filter = '/system.webServer/security/Access'
	Name = 'sslFlags'
	PSPath = 'MACHINE/WEBROOT/APPHOST'
	Location = $SitePath
	}
	try {
	#region detection
	$SitePath = 'WSUS Administration/ApiRemoting30'

	$getWebConfigurationPropertySplat = @{
	Filter = '/system.webServer/security/Access'
	Name = 'sslFlags'
	PSPath = 'MACHINE/WEBROOT/APPHOST'
	Location = $SitePath
	}
	Get-WebConfigurationProperty @getWebConfigurationPropertySplat
	$Remediate = $false
	Import-Module WebAdministration
	$UseAppPoolIdentity = (Get-WebConfigurationProperty -Filter 'system.WebServer/security/authentication/AnonymousAuthentication' -Name username -Location 'WSUS Administration/Content') -eq ''
	switch ($UseAppPoolIdentity) {
	$true {
	$true
	}
	$false {
	switch ($Remediate) {
	$true {
	$Remediate = $false

	$PathShouldBeROOT = Get-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup" -Name ContentDir \| Select-Object -ExpandProperty ContentDir
	$PathShouldBe = Join-Path -Path $PathShouldBeROOT -ChildPath 'WSUSContent'

	[Void][Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration")
	$serverManager = New-Object Microsoft.Web.Administration.ServerManager
	$site = $serverManager.Sites \| Where-Object { $_.Name -eq "WSUS Administration" }
	$rootApp = $site.Applications \| Where-Object { $_.Path -eq "/" }
	$rootVdir = $rootApp.VirtualDirectories \| Where-Object { $_.Path -eq "/Content" }
	#region detection/remediation
	#region define variables
	$Remediate = $false
	#endregion define variables

	try {
	$WSUS_Server = Get-WsusServer -ErrorAction Stop
	switch ($WSUS_Server -is [Microsoft.UpdateServices.Internal.BaseApi.UpdateServer]) {
	$true {
	$WSUS_Port = $WSUS_Server \| Select-Object -ExpandProperty PortNumber