Workstations
Desktop, Laptop. That's about it.
- Microsoft Windows
- Add Printer in Powershell
- Create User in Powershell
- Setup the OneDrive Sync Client
- Install Microsoft Office
- Download Files from a Web URL
- Get Last Bootup Time
- Get the Tenant ID of an Azure/Entra Joined PC
- Reset IE to Defaults
- Change Drive Letter in Powershell
- Lock Windows Workstation
- Create a Scheduled Task
- Check For Running Process
- Mac OS
Microsoft Windows
Add Printer in Powershell
List Printers
Get-Printer
Remove Printer
Remove-Printer -Name "HP Deskjet 1510 series"
Add Printer
Add-Printer -Name "HP Deskjet 1510 series" -DriverName "HP Deskjet 1510 series" -PortName "USB003"
Add a printer port by TCP/IP Address
Add-PrinterPort -Name "TCPPort:10.1.10.83" -PrinterHostAddress "10.1.10.83"
Show Printer Ports
Get-PrinterPort
Show Printer Drivers
Get-PrinterDriver
Add a printer, specifying the name, driver and port
Add-Printer -Name "HP Envy 6000" -DriverName "HP ENVY 6000 series PCL-3" -PortName "TCPPort:10.1.10.83"
Show Print Jobs for a specific printer
Get-PrintJob -PrinterName "HP Envy 6000"
Delete a print job
Remove-PrintJob -PrinterName "HP Envy 6000" -Id 2
Send a test print job; this one sends a line of text
"Hello, Paper and Ink" | Out-Printer -Name "HP Envy 6000"
Create User in Powershell
Powershell
The first command uses the Read-Host cmdlet to prompt you for a password. The command stores the password as a secure string in the $Password variable.
The second command creates a local user account and sets the new account's password to the secure string stored in $Password. The command specifies a user name, full name, and description for the user account.
$Password = Read-Host -AsSecureString
$params = @{
Name = '<username>'
Password = $Password
FullName = 'Full Name'
Description = 'Description of this user.'
}
New-LocalUser @paramsTo elevate the user to local administrator, use the Add-LocalGroupMember cmdlet using the following formats for the account. To add multiple, separate with commas.
Add-LocalGroupMember -Group "Administrators" -Member "<username>"In the command above, replace <username> with the appropriate format below.
- Local Account:
"<username>"
- Microsoft Account:
"MicrosoftAccount\<username@example.com>"
- Microsoft 365 Azure/Entra Account:
"AzureAD\<username@example.com>"
- Active Directory Domain Account:
"DOMAIN\<username>"
CMD
To create a user in the command prompt:
net user <username> <password> /fullname:"<Full Name>"Add the user to the local administrators group:
net localgroup administrators <username> /addSetup the OneDrive Sync Client
To setup OneDrive, first open the OneDrive app.
If you're using a PC, click start and then type OneDrive. Open the OneDrive app.
If you're using a Mac, go to the launchpad and type OneDrive. Open the OneDrive app.
Sign-in to your Microsoft account.
After signing in, the installer will tell you where your OneDrive files are located.
PC Only-You can choose to enroll in Intune MDM. This requires a license. In most cases, you will click No, sign in to this app only
You can choose to redirect your desktop and documents folders to OneDrive so they get backed up.
Your OneDrive folder is ready.
OneDrive is ready.
You can find your files in the file manager (Finder on Mac and File Explorer on PC) on the left side navigation.
Backup Common Folders
The common folders are the Desktop, Documents and Pictures folders. In the event something happens to your device, you can recover the data from those folders if they are syncing to OneDrive. If OneDrive is setup, but the common folders are not redirected to OneDrive, you can turn on that feature in the settings.
Click the OneDrive icon in the system tray by the clock. Then click the gear to activate the menu. Select Settings from the menu.
In the settings panel, click the Backup tab and click Manage Backup.
Choose which folders to backup and then click Start Backup.
Your folders are being backed up.
Install Microsoft Office
Create a deployment package.
If the files are publicly available, you can download from a web URL.
Download the setup files according to the deployment config.
./setup-file.exe /download config-file.xmlInstall the applications according to the deployment config.
./setup-file.exe /configure config-file.xmlReboot.
Done.
Download Files from a Web URL
Download a file from the internet to your harddrive using Powershell.
Invoke-WebRequest -Uri https://<path-to-internet-file> -OutFile <path-to-local-file>Get Last Bootup Time
Get the last bootup time in Windows Powershell.
Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
Get the Tenant ID of an Azure/Entra Joined PC
To get the Tenant ID of the Azure Joined PC, or confirm it is joined to Azure;
- Open Windows PowerShell.
- Enter
dsregcmd /status. - Verify that AzureAdJoined is set to YES.
OUTPUT
PS C:\WINDOWS\system32> dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : NO
Virtual Desktop : NOT SET
Device Name : DESKTOP-GHJM2J3
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : 0x00x00x-000x-00xx-xx0x-0000xx0x0000
Thumbprint : 55665AE5CC656BE505655EFF05665A5DD5566BEA
DeviceCertificateValidity : [ 2022-12-11 17:07:16.000 UTC -- 2032-12-11 17:37:16.000 UTC ]
KeyContainerId : 0x00x00x-000x-00xx-xx0x-0000xx0x0000
KeyProvider : Microsoft Platform Crypto Provider
TpmProtected : YES
DeviceAuthStatus : SUCCESS
+----------------------------------------------------------------------+
| Tenant Details |
+----------------------------------------------------------------------+
TenantName : COMPANY, INC.
TenantId : 0x00x00x-000x-00xx-xx0x-0000xx0x0000
AuthCodeUrl : https://login.microsoftonline.com/0x00x00x-000x-00xx-xx0x-0000xx0x0000/oauth2/authorize
AccessTokenUrl : https://login.microsoftonline.com/0x00x00x-000x-00xx-xx0x-0000xx0x0000/oauth2/token
MdmUrl : https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc
MdmTouUrl : https://portal.manage.microsoft.com/TermsofUse.aspx
MdmComplianceUrl : https://portal.manage.microsoft.com/?portalAction=Compliance
SettingsUrl : eyJVcmlzIjpbImh0dHBzOi8va2FpbGFuaS5vbmUubWljcm9zb2Z0LmNvbS8iLCJodHRwczovL2thaWxhbmkxLm9uZS5taWNyb3NvZnQuY29tLyJdfQ==
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : ERROR (0x80070520)
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority :
EnterprisePrt : NO
EnterprisePrtAuthority :
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : WORKGROUP\COMPUTER$
KeySignTest : PASSED
DisplayNameUpdated : Managed by MDM
OsVersionUpdated : Managed by MDM
HostNameUpdated : YES
Last HostName Update : SUCCESS
Client Time : 2023-01-31 05:42:05.000 UTC
Request ID : 0x00x00x-000x-00xx-xx0x-0000xx0x0000
Server Time : 01-31-2023 5:42:05Z
HTTP Status : 200
Server Message : The attribute 'hostnames' value(s) were successfully updated
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
PS C:\WINDOWS\system32>Source: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-join-verify
Reset IE to Defaults
Symptoms:
OneDrive stuck at Signing in.
OneDrive sign-in gives Proxy Authentication Error [2606]
![OneDrive Proxy Authentication Error [2606]](https://info.orangebench.com/uploads/images/gallery/2024-11/screenshot-2024-11-12-at-09-29-34.png)
Outlook continually asks for password.
Solution:
RunDll32.exe InetCpl.cpl,ResetIEtoDefaultsChange Drive Letter in Powershell
Sources
https://devblogs.microsoft.com/powershell-community/changing-drive-letters-and-labels-via-powershell/
https://chindara.medium.com/windows-10-powershell-to-assign-drive-letters-2dcb840191bb
List all the disks.
Get-Disk
List all partitions for a specific disk.
Get-Partition -DiskNumber 1
Change the drive letter for a partition.
Get-Partition -DiskNumber 1 -PartitionNumber 2 | Set-Partition -NewDriveLetter Z
Lock Windows Workstation
In command prompt, run:
Rundll32.exe user32.dll,LockWorkStation
Create a Scheduled Task
To create a scheduled task in Windows Powershell that executes a Powershell Script.
$action = New-ScheduledTaskAction -Execute "cd C:\path\to\script\location; ./script.ps1"
$trigger = New-ScheduledTaskTrigger -At "8:15 pm" -Daily
$principal = New-ScheduledTaskPrincipal -UserId "Administrator" -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -RestartCount 3 -RestartInterval "00:10"
$task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger -Settings $settings
Register-ScheduledTask "Taask Name" -InputObject $taskStart-ScheduledTask -TaskName "Task Name"Get-ScheduledTaskInfo -TaskName "Task Name"Check For Running Process
Check for a running process. If the process is not running, start it.
$Check = (Get-Service -Name <ServiceName> -ErrorAction SilentlyContinue -ErrorVariable ProcessError)
Invoke-Command -ScriptBlock{
if($Check -eq $null)
{
Write-host "<ServiceName> is not running" -ForegroundColor Red
Start-Service -Name <ServiceName>
Write-host "<ServiceName> was started" -ForegroundColor Yellow
}
else
{
Write-host "<ServiceName> is running" -ForegroundColor Yellow
}
}Mac OS
Install Rosetta on Mac OS
Rosetta is required for compatibility with some applications.
To install Rosetta on a Mac, open the terminal and run the following command.
softwareupdate --install-rosetta --agree-to-license
Create User in Terminal
Set the username and password
dscl . -passwd /Users/<username> <password>Set the user's default shell
dscl . -create /Users/<username> UserShell /bin/bashSet the user's display name
dscl . -create /Users/<username> RealName "Real Name"Set the user's primary group
dscl . -create /Users/<username> PrimaryGroupID 1000Set the user's home directory
dscl . -create /Users/<username> NFSHomeDirectory /Users/<username>Promote user to local admin
dscl . -append /Groups/admin GroupMembership <username>Set the user's ID
dscl . -create /Users/<username> UniqueID 510Create .pkg to deploy files and apps
Create a directory named Contents and another named Scripts.
Put the app contents in the Contents directory.
Put the script in the Scripts directory and name it postinstall, with no extension and give it executable rights.
Run this command to create the package. Change the identifier, install-location, version, and package-name.pkg to what is appropriate for the package.
pkgbuild --root Content --scripts Scripts --identifier com.orgname.appname --install-location /path/to/directory --version 1.0 package-name.pkgForcefully Remove MDM from Mac
Reboot into Recovery Mode
Open Terminal and run csrutil disable then reboot. This disables System Integrity Protection.
After reboot, move the configuration profiles directory: mv /var/db/ConfigurationProfiles /var/db/ConfigurationProfiles.old
Or destroy it: rm -rf /var/db/ConfigurationProfiles
Then recreate it mkdir /var/db/ConfigurationProfiles
Reboot back into Recovery Mode and re-enable System Integrity Protection.
Open Terminal and run csrutil enable then reboot.
Reboot into normal operation and enroll the Mac into the MDM as normal.
macOS Login Window - show username and password box
Press the following keys simultaneously.
CONTROL+OPTION+COMMAND+SHIFT+DOWN ARROW+ENTER