Skip to content

Instantly share code, notes, and snippets.

@McAndersDK

McAndersDK/NetBlock.ps1

Created February 15, 2016 10:41
Show Gist options
  • Save McAndersDK/b9d8697fdb0a1bab40a7 to your computer and use it in GitHub Desktop.
Save McAndersDK/b9d8697fdb0a1bab40a7 to your computer and use it in GitHub Desktop.
Download ZIP
.net Framework Update Blocking
Raw
NetBlock.ps1
function Get-NETBlock {
<#
.SYNOPSIS
Get-NETBlock checks if the computer is blocked from receiving the .net framework update via windows update.
.DESCRIPTION
Get-NETBlock uses remote registry to query the value discribed in https://support.microsoft.com/en-us/kb/3133990
.PARAMETER ComputerName
The Computer name to query. Default: Localhost.
.EXAMPLE
Get-NETBlock -ComputerName SERVER-R2 -Version "BlockNetFramework461"
Gets the .net 4.6.1 block status from SERVER-R2.
.EXAMPLE
Get-NETBlock -ComputerName (Get-Content C:\Temp\Computerlist.txt) -Version "BlockNetFramework461"
Gets the .net 4.6.1 block status from a list of computers in c:\Temp\Computerlist.txt.
.NOTES
Created By: Noam Lesnik
Created: 15/2/2016
Modified By: Anders Andersson
Modified: 15/2/2016
Version 1.1
#>
[CmdletBinding()]
Param
(
# Param1 help description
[Parameter(Mandatory=$false,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[Alias('Name')]
[String[]]$ComputerName = "$env:COMPUTERNAME",
[validateset("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462")]
[string[]]$Version = ("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462")
)
Begin
{
$keyname = 'SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\WU'
$localnames = "127.0.0.1","$env:COMPUTERNAME","localhost","$env:COMPUTERNAME.$env:USERDNSDOMAIN"
}
Process
{
foreach ($Computer in $ComputerName)
{
try
{
if($localnames -contains $Computer ) {
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey("LocalMachine",[Microsoft.Win32.RegistryView]::Default)
}
else {
# Connect to the remote registry
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
}
#Create output object
$propHash = [ordered]@{
ComputerName = $Computer
}
foreach($VersionBlock in $Version) {
$propHash.add($VersionBlock,$false)
$key = $reg.OpenSubkey($keyname)
#Check if the key exists
if ($key -ne $null)
{
#Get the value
$value = $key.GetValue($VersionBlock)
#Check the value and type
if ($value -eq '1')
{
$valueType = $key.GetValueKind($VersionBlock)
if ($valueType -eq 'DWord')
{
$propHash.$VersionBlock = $true
}
}
}
}
$output = New-Object -TypeName PSOBject -Property $propHash
#write the object to the pipeline
Write-Output -InputObject $output
}
catch
{
Write-Warning "$Computer`: $_"
}
}
}
End
{
}
}
function Set-NETBlock {
<#
.SYNOPSIS
Set-NETBlock blockes or unblocks the computer from receiving .net framework updates via windows update.
.DESCRIPTION
Set-NETBlock uses local/remote registry to create or delete the value described in https://support.microsoft.com/en-us/kb/3133990
.PARAMETER ComputerName
The Computer name to query. Default: Localhost.
.PARAMETER RemoveBlock
Parameter used to remove an exsisting block on updates.
.EXAMPLE
Set-NETBlock -ComputerName SERVER-R2
Block SERVER-R2 from receiving .net framework updates.
.EXAMPLE
Set-NETBlock -ComputerName SERVER-R2 -Version "BlockNetFramework46"
Block SERVER-R2 from receiving .net framework update version 4.6.
.EXAMPLE
Set-NETBlock -ComputerName SERVER-R2 -RemoveBlock
Unblock SERVER-R2 from receiving .net framework updates.
.EXAMPLE
Set-NETBlock -ComputerName (Get-Content C:\Temp\Computerlist.txt)
Blocks a list of computers in c:\Temp\Computerlist.txt from receiving .net framework updates.
.NOTES
Created By: Noam Lesnik
Created: 15/2/2016
Modified By: Anders Andersson
Modified: 15/2/2016
Version 1.1
#>
[CmdletBinding()]
Param
(
# Param1 help description
[Parameter(Mandatory=$false,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[String[]]$ComputerName = $env:COMPUTERNAME,
[Switch]$RemoveBlock,
[validateset("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462")]
[string[]]$Version = ("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462")
)
Begin
{
$keyname = 'SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\WU'
$localnames = "127.0.0.1","$env:COMPUTERNAME","localhost","$env:COMPUTERNAME.$env:USERDNSDOMAIN"
}
Process
{
foreach ($Computer in $ComputerName)
{
try
{
foreach($VersionBlock in $version) {
# Get if the computer is currently blocked
$BlockState = (Get-NETBlock -ComputerName $Computer).$VersionBlock
if($localnames -contains $Computer ) {
# Connect to the local registry
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey("LocalMachine",[Microsoft.Win32.RegistryView]::Default)
}
else {
# Connect to the remote registry
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
}
#Check the switch value
if ($RemoveBlock.IsPresent)
{
if ($BlockState -eq $true)
{
$key = $reg.OpenSubkey($keyname,$true)
#remove the block value
$key.DeleteValue($VersionBlock)
}
else
{
Write-Warning -Message "$computer was already NOT blocked"
}
}
else
{
if ($BlockState -eq $false)
{
$key = $reg.OpenSubkey($keyname,$true)
#check if the key exsists
if ($key -eq $null)
{
$reg.CreateSubKey($keyname) | Out-Null
$key = $reg.OpenSubkey($keyname,$true)
}
#add the block value
$key.SetValue($VersionBlock,1,'Dword')
}
else
{
Write-Warning -Message "$computer was already blocked"
}
}
}
# call Get-NETBlock again to write the updated object to the pipeline
Get-NETBlock -ComputerName $Computer -Version $Version
}
catch
{
Write-Warning "$Computer`: $_"
}
}
}
End
{
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment