Created
February 15, 2016 10:41
-
-
Save McAndersDK/b9d8697fdb0a1bab40a7 to your computer and use it in GitHub Desktop.
.net Framework Update Blocking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-NETBlock { | |
<# | |
.SYNOPSIS | |
Get-NETBlock checks if the computer is blocked from receiving the .net framework update via windows update. | |
.DESCRIPTION | |
Get-NETBlock uses remote registry to query the value discribed in https://support.microsoft.com/en-us/kb/3133990 | |
.PARAMETER ComputerName | |
The Computer name to query. Default: Localhost. | |
.EXAMPLE | |
Get-NETBlock -ComputerName SERVER-R2 -Version "BlockNetFramework461" | |
Gets the .net 4.6.1 block status from SERVER-R2. | |
.EXAMPLE | |
Get-NETBlock -ComputerName (Get-Content C:\Temp\Computerlist.txt) -Version "BlockNetFramework461" | |
Gets the .net 4.6.1 block status from a list of computers in c:\Temp\Computerlist.txt. | |
.NOTES | |
Created By: Noam Lesnik | |
Created: 15/2/2016 | |
Modified By: Anders Andersson | |
Modified: 15/2/2016 | |
Version 1.1 | |
#> | |
[CmdletBinding()] | |
Param | |
( | |
# Param1 help description | |
[Parameter(Mandatory=$false, | |
ValueFromPipeline = $true, | |
ValueFromPipelineByPropertyName=$true, | |
Position=0)] | |
[Alias('Name')] | |
[String[]]$ComputerName = "$env:COMPUTERNAME", | |
[validateset("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462")] | |
[string[]]$Version = ("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462") | |
) | |
Begin | |
{ | |
$keyname = 'SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\WU' | |
$localnames = "127.0.0.1","$env:COMPUTERNAME","localhost","$env:COMPUTERNAME.$env:USERDNSDOMAIN" | |
} | |
Process | |
{ | |
foreach ($Computer in $ComputerName) | |
{ | |
try | |
{ | |
if($localnames -contains $Computer ) { | |
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey("LocalMachine",[Microsoft.Win32.RegistryView]::Default) | |
} | |
else { | |
# Connect to the remote registry | |
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer) | |
} | |
#Create output object | |
$propHash = [ordered]@{ | |
ComputerName = $Computer | |
} | |
foreach($VersionBlock in $Version) { | |
$propHash.add($VersionBlock,$false) | |
$key = $reg.OpenSubkey($keyname) | |
#Check if the key exists | |
if ($key -ne $null) | |
{ | |
#Get the value | |
$value = $key.GetValue($VersionBlock) | |
#Check the value and type | |
if ($value -eq '1') | |
{ | |
$valueType = $key.GetValueKind($VersionBlock) | |
if ($valueType -eq 'DWord') | |
{ | |
$propHash.$VersionBlock = $true | |
} | |
} | |
} | |
} | |
$output = New-Object -TypeName PSOBject -Property $propHash | |
#write the object to the pipeline | |
Write-Output -InputObject $output | |
} | |
catch | |
{ | |
Write-Warning "$Computer`: $_" | |
} | |
} | |
} | |
End | |
{ | |
} | |
} | |
function Set-NETBlock { | |
<# | |
.SYNOPSIS | |
Set-NETBlock blockes or unblocks the computer from receiving .net framework updates via windows update. | |
.DESCRIPTION | |
Set-NETBlock uses local/remote registry to create or delete the value described in https://support.microsoft.com/en-us/kb/3133990 | |
.PARAMETER ComputerName | |
The Computer name to query. Default: Localhost. | |
.PARAMETER RemoveBlock | |
Parameter used to remove an exsisting block on updates. | |
.EXAMPLE | |
Set-NETBlock -ComputerName SERVER-R2 | |
Block SERVER-R2 from receiving .net framework updates. | |
.EXAMPLE | |
Set-NETBlock -ComputerName SERVER-R2 -Version "BlockNetFramework46" | |
Block SERVER-R2 from receiving .net framework update version 4.6. | |
.EXAMPLE | |
Set-NETBlock -ComputerName SERVER-R2 -RemoveBlock | |
Unblock SERVER-R2 from receiving .net framework updates. | |
.EXAMPLE | |
Set-NETBlock -ComputerName (Get-Content C:\Temp\Computerlist.txt) | |
Blocks a list of computers in c:\Temp\Computerlist.txt from receiving .net framework updates. | |
.NOTES | |
Created By: Noam Lesnik | |
Created: 15/2/2016 | |
Modified By: Anders Andersson | |
Modified: 15/2/2016 | |
Version 1.1 | |
#> | |
[CmdletBinding()] | |
Param | |
( | |
# Param1 help description | |
[Parameter(Mandatory=$false, | |
ValueFromPipeline = $true, | |
ValueFromPipelineByPropertyName=$true, | |
Position=0)] | |
[String[]]$ComputerName = $env:COMPUTERNAME, | |
[Switch]$RemoveBlock, | |
[validateset("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462")] | |
[string[]]$Version = ("BlockNetFramework46","BlockNetFramework461","BlockNetFramework462") | |
) | |
Begin | |
{ | |
$keyname = 'SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\WU' | |
$localnames = "127.0.0.1","$env:COMPUTERNAME","localhost","$env:COMPUTERNAME.$env:USERDNSDOMAIN" | |
} | |
Process | |
{ | |
foreach ($Computer in $ComputerName) | |
{ | |
try | |
{ | |
foreach($VersionBlock in $version) { | |
# Get if the computer is currently blocked | |
$BlockState = (Get-NETBlock -ComputerName $Computer).$VersionBlock | |
if($localnames -contains $Computer ) { | |
# Connect to the local registry | |
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey("LocalMachine",[Microsoft.Win32.RegistryView]::Default) | |
} | |
else { | |
# Connect to the remote registry | |
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer) | |
} | |
#Check the switch value | |
if ($RemoveBlock.IsPresent) | |
{ | |
if ($BlockState -eq $true) | |
{ | |
$key = $reg.OpenSubkey($keyname,$true) | |
#remove the block value | |
$key.DeleteValue($VersionBlock) | |
} | |
else | |
{ | |
Write-Warning -Message "$computer was already NOT blocked" | |
} | |
} | |
else | |
{ | |
if ($BlockState -eq $false) | |
{ | |
$key = $reg.OpenSubkey($keyname,$true) | |
#check if the key exsists | |
if ($key -eq $null) | |
{ | |
$reg.CreateSubKey($keyname) | Out-Null | |
$key = $reg.OpenSubkey($keyname,$true) | |
} | |
#add the block value | |
$key.SetValue($VersionBlock,1,'Dword') | |
} | |
else | |
{ | |
Write-Warning -Message "$computer was already blocked" | |
} | |
} | |
} | |
# call Get-NETBlock again to write the updated object to the pipeline | |
Get-NETBlock -ComputerName $Computer -Version $Version | |
} | |
catch | |
{ | |
Write-Warning "$Computer`: $_" | |
} | |
} | |
} | |
End | |
{ | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment