Posts Tagged ‘PowerShell’

I’ve implemented this solution based on information provided in the following blogs – credit to these people for posting this information.

So I’ve moved on from my old process of corporate WIM image creation. I used to build up an image from a source ISO for a respective operating system using Hyper V, make my customisations, apply patches, then use MDT to do a sysprep and capture. I know, I know, there are probably numerous reasons why you shouldn’t do this. Well no more after watching Johan’s session from System Center Universe this year here 

The new process involves the more contemporary approach of doing a completely automated build and capture in one process with MDT performing any additional changes using scripts and additional steps. The session that Johan presented is in my view the best by far that I have seen.

One thing that wasn’t covered was how to remove the built in Windows 8.1 Modern Applications. In my case (like many others) we are deploying Windows 8.1 and do not wish to have all of these applications available.

Here is a solution you can implement which will remove these apps as part of your MDT or Configuration Manager Task Sequence. My example will be in MDT 2013.

Firstly create a new powershell script from the this blog, you can amend the script as required so that it only removes the applications that you want. Alternatively I have copied the script syntax into a word document here removemodernappsnew – please make sure that you edit this script in Powershell ISE to confirm that there are no syntax errors.

Copy the script to your MDT server sources folder.

Create a new MDT application and give it an appropriate name such as Remove Windows 8.1 Modern Applications


Use the following powershell wrapper command – credit to Johan who posted the install wrapper argument here

powershell.exe -Command “set-ExecutionPolicy Unrestricted -Force; cpi ‘%DEPLOYROOT%\Applications\Remove Windows 8.1 Modern Applications\RemoveWindows8Apps.ps1’ -destination c:\; c:\RemoveWindows8Apps.ps1; ri c:\*.ps1 -Force; set-ExecutionPolicy Restricted -Force”

Note you will need to adjust the path to your powershell script depending on how you setup the application in MDT.


Now just add an install application step in your existing MDT / Configuration Manager Task Sequence, its that easy.


If you implement a Suspend action in your MDT Task Sequence you can check that the apps have been removed.






Last year I attended a Server 2012 course with a few of my work colleagues and there was a tiny section on creating Active Directory accounts with PowerShell. This was demonstrated using the Active Directory PowerShell Module and the New-ADUser command with a csv. The basic premise was that you had a csv file with all the account details which the script read, creating the AD accounts.

This is great for a scenario where you have to create a lot of AD account all at once, but what about the on-going process of creatingnew AD accounts as users start with an organisation?

We had quite an arduous manual process to follow so I’ve expanded on that demo in the training lab to produce a script that suits our requirements and automates everything. The script does the following:

  1. Checks for the presence of the Active Directory module and imports it if required.
  2. Sets the Organisation Unit for the AD account to be created in.
  3.  Sets the variables that are needed to create the account such as username, first name, last name, password etc. There is a built in check to make sure that the username isn’t already in use. The script also sets     variables for a few attributes that we are using for exchange mailbox and billing purposes.
  4. Creates the AD account.
  5. Adds specified AD groups to the account.
  6. Prompts if additional services are required like an Exchange mailbox or Lync account.
  7. Creates the users home directory and then sets permissions. We have fairly specific home directory paths and share names so you will most likely need to play with this and alter to your requirements.

The part of the script that actually creates the account is quite small

New-ADUser -Name $dplname -SamAccountName $samname -DisplayName $dplname `
-givenname $givname -surname $surname -userprincipalname $upname -emailaddress $email `
-Path $targetou -Enabled $true -ChangePasswordAtLogon $true -Department $department `
-OtherAttributes @{‘departmentNumber’=”$departmentnumber”} -HomeDrive “M” -HomeDirectory $homedir `
-Description $description -Office $office -ScriptPath $loginscript -AccountPassword $password `

I have used some snippets of code from Source Forge and few other sites, credit to those that posted these sections, in particular, the PowerShell script to set share permissions on a folder.

The script has been saved as a word document to allow it to be uploaded. Just copy the text into a text file and rename it to a the ps1 file format.

USE THIS SCRIPT AT YOUR OWN RISK, this script should be altered as needed and fully tested in your lab environment before any use in a production environment.