Archive for the ‘Scripts’ Category

Connect to Exchange Online through Windows PowerShell with administrator credentials (when it prompts for username and password, your username is your email address for office 365/EXO admins). You can make a PS script to connect to exchange online rather than running them individually).


Notes: PS needs to be able to run scripts, if you get an error trying to run a command, try running this command first to enable execution of commands from PS:


Set-ExecutionPolicy RemoteSigned

Then try connecting using below


$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Get a users mailbox’s current permissions

Once a connection has been established run the following PowerShell command to check users mailbox permission settings:

Get-MailboxPermission -Identity

(You will see the something similar to below in your PS window showing access rights for users)






Adding access to a another users mailbox

 To add access to another users mailbox you would type the below command, the first email address in the command is the user that you’re granting access to the second users mailbox. So the first user will have access to and when the outlook client is opened next, user 1 would see user 2’s full mail box inside user 1’s outlook client.


Add-MailboxPermission -Identity -User -AccessRights FullAccess 





Once added run the get command again to and check for the username of the user you just granted access to in the list to ensure command completed ok. Once confirmed exit the PS session if you’re finished using EXO by running the following command to close your PS session, otherwise you may use up all your PS sessions and have to wait for them to time out.


Remove-PSSession $Session


Removing Mailbox access from a user

Occasionaly there may be a request to remove a users access to another mailbox, so for removing we do something similar to what we did above with remove at the start of the command


1)      Remove-MailboxPermission -Identity -User -AccessRights FullAccess







Repair SCCM client remotely

Posted: October 2, 2014 in SCCM, Scripts



This is a basic vbscript called by windows cscript to repair config manager clients. CM Clients can become broken for a number of reasons in enterprise environments. The  script has been tested on 2007 and should work on 2012 too. This script can be easily modified to retrieve hosts from a text file e.g computers.txt if you’re targeting a number of broken clients.


E.g  cscript scriptname.vbs computername


'Repair SCCM Client

Option Explicit
On Error Resume Next

Dim sComputer, sSCCMClient

If WScript.Arguments.Count = 0 Then
sComputer = InputBox("Enter computer name to repair")
sComputer = WScript.Arguments(0)
End If

Set sSCCMClient = GetObject("winmgmts://" & sComputer & "/Root/Ccm:SMS_Client")

If Err <> 0 Then
MsgBox "Error:" & "(" & Err.Number & ")" & vbCrLf & Err.Description
MsgBox ("Repair started for " & UCase(sComputer))
End If



SCCM Command line actions

WMIC is a great tool used to manage wmi from the command line, its been around a while and has been part of windows OS’s since XP. Its handy for a heap of things to manage workstations and retrieve data from systems and the bios.

Combine the power of psexec @ computers.txt list at target endpoints that have disabled or corrupted software distribution agents, and you will be on your way to fixing broken agents and deploying required software.


Disable Software-Distribution:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName=”Disable SWDist”,Enabled=”false”,LockSettings=”TRUE”,PolicySource=”local”,PolicyVersion=”1.0″ ,SiteSettingsKey

Re-Activate Software-Distribution:

WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig WHERE ComponentName=”Disable SWDist” delete /NOINTERACTIVE


Trigger Hardware Inventory:

WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000001}” /NOINTERACTIVE

Trigger Software Inventory

WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000002}” /NOINTERACTIVE

Trigger DataDiscoverRecord (DDR) update:
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000003}” /NOINTERACTIVE

Force a FULL HW Inventory on next HW-Inv Schedule:

WMIC /namespace:\\root\ccm\invagt path inventoryActionStatus where InventoryActionID=”{00000000-0000-0000-0000-000000000001}” DELETE /NOINTERACTIVE

Repair SMS/SCCM Agent on a remote client:
WMIC /node:%MACHINE% /namespace:\\root\ccm path sms_client CALL RepairClient

Repair a list (all clients listed in clients.txt) of remote SMS/SCCM Agents

WMIC /node:@clients.txt /namespace:\\root\ccm path sms_client CALL RepairClient

PSTools – PSExec switches and usage

Posted: February 3, 2014 in Apps, Scripts
Tags: ,




Usage: psexec [\\computer[,computer2[,…] | @file]][-u user [-p psswd][-n s][-l]

[-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>]

[-a n,n,…] cmd [arguments]





Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: “-a 2,4”


Copy the specified program to the remote system for execution. If you omit this option the application must be in the system path on the remote system.


Don’t wait for process to terminate (non-interactive).


Does not load the specified account’s profile.


Copy the specified program even if the file already exists on the remote system.


Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.


If the target system is Vista or higher, has the process run with the account’s elevated token, if available.


Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group).

On Windows Vista the process runs with Low Integrity.


Specifies timeout in seconds connecting to remote computers.


Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.

Note that the password is transmitted in clear text to the remote system.


Run the remote process in the System account.


Specifies optional user name for login to remote computer.

Specify a valid user name in the Domain\User syntax if the remote process requires access to network resources or to run in a different account.


Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.


Set the working directory of the process (relative to remote computer).


Display the UI on the Winlogon secure desktop (local system only).


Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.


Direct PsExec to run the application on the remote computer or computers specified. If you omit the computer name PsExec runs the application on the local system, and if you specify a wildcard (\\*), PsExec runs the command on all computers in the current domain.


PsExec will execute the command on each of the computers listed in the file.


Name of application to execute.

You can enclose applications that have spaces in their name with quotation marks e.g. psexec \\weslaptop “c:\long name app.exe”.


Arguments to pass (note that file paths must be absolute paths on the target system).