######################################################## ## ## This script enables an OSD Message which is showed ## bevore the first user logs in ## ## Author: Thomas Kurth/Netree ## Date: 27.03.2014 ## ## History ## 001: Basis version ## 002: Update Erkennung anpassen/ Loging to Status Messages ## 003: RemoveScript direkt erstellen, Berechtigungen für Benutzer richtig setzen ## 004: Abfrage Bitlocker Status angepasst ## 005: Virus Scan Abfrage korrigiert ## 006: Generic Virus Scan Abfrage, Display Executed Scripts ## 007: Extended Virus Scan Abfrage ######################################################## $LogFilePath = "C:\Windows\Logs\SCCM\OSDEnableOSDMessage_" + (get-date -uformat %Y%m%d%H%M) + ".log" function WriteLog($Text){ Out-file -FilePath $LogFilePath -force -append -InputObject ((Get-Date –f o) + " " + $Text) Write-Host $Text } # Type = Binary, DWord, ExpandString, MultiString, String, QWord function SetRegValue ([string]$Path, [string]$Name, [string]$Value, [string]$Type) { try { $ErrorActionPreference = 'Stop' # convert all errors to terminating errors Start-Transaction if (Test-Path $Path -erroraction silentlycontinue) { } else { New-Item -Path $Path -Force WriteLog "Registry key $Path created" } $null = New-ItemProperty -Path $Path -Name $Name -PropertyType $Type -Value $Value -Force WriteLog "Registry Value $Path, $Name, $Type, $Value set" Complete-Transaction } catch { Undo-Transaction WriteLog "ERROR Registry value not set $Path, $Name, $Value, $Type" } } function CreateFolder ([string]$Path) { # Check if the folder Exists if (Test-Path $Path) { WriteLog "Folder: $Path Already Exists" } else { WriteLog "Creating $Path" New-Item -Path $Path -type directory | Out-Null } } CreateFolder "C:\Windows\Logs\SCCM" WriteLog "Start OSD Enable OSD Message" # Header ############################## WriteLog "Building Header" $header = "$env:computername S U C C E S S F U L L Y installed Windows" # Building Message ############################## WriteLog "Building Message" $Message = "" # General OS Information $os = Get-WmiObject -Class Win32_ComputerSystem $Message += "Domain: $($os.Domain)`n" # List Applications $Message += "`n" $Message += "Applications`n" $apps = Get-WmiObject -Class Win32_Product foreach($app in $apps){ $Message += " $($app.Vendor) $($app.Name) $($app.Version)`n" } # Write Header and Message to Log ############################## WriteLog "Header to display:" WriteLog $header WriteLog "Message to display:" WriteLog $Message # Set ############################## WriteLog "Set registry Keys for Legal Notice" SetRegValue "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\" "LegalNoticeCaption" $header "String" SetRegValue "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\" "LegalNoticeText" $Message "String" WriteLog "Register disable OSD Message Script" Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -InputObject '$null = New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\" -Name LegalNoticeCaption -PropertyType String -Value "" -Force' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject '$null = New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\" -Name LegalNoticeText -PropertyType String -Value "" -Force' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject '$null = Remove-Item -Path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemoveOSDMessage.lnk" -Force' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject '$sid = new-object System.Security.Principal.SecurityIdentifier("S-1-5-32-545")' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject '$acl = Get-Acl "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject '$rule = New-Object System.Security.AccessControl.RegistryAccessRule($sid,"FullControl", "Allow")' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject '$acl.RemoveAccessRuleAll($rule)' Out-file -FilePath C:\Windows\RemoveLegalNotice.ps1 -force -append -InputObject 'Set-Acl "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\" $acl' # Add Script to Autostart Entry and set Permissions $wshshell = New-Object -ComObject WScript.Shell $lnk = $wshshell.CreateShortcut("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemoveOSDMessage.lnk") $lnk.Arguments = "-executionpolicy bypass -file C:\Windows\RemoveLegalNotice.ps1" $lnk.TargetPath = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $lnk.Save() $sid = new-object System.Security.Principal.SecurityIdentifier("S-1-5-32-545") $acl = Get-Acl "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemoveOSDMessage.lnk" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($sid,"FullControl", "Allow") $acl.AddAccessRule($rule) Set-Acl "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemoveOSDMessage.lnk" $acl SetRegValue "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce\" "RemoveLegalNoticeCaption" 'REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeCaption" /d "" /f' "String" SetRegValue "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce\" "RemoveLegalNoticeText" 'REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeText" /d "" /f' "String" WriteLog "Set User Permissions to Winlogon Key" $sid = new-object System.Security.Principal.SecurityIdentifier("S-1-5-32-545") $acl = Get-Acl "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" $rule = New-Object System.Security.AccessControl.RegistryAccessRule($sid,"FullControl", "Allow") $acl.AddAccessRule($rule) Set-Acl "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" $acl WriteLog "Ending OSD Enable OSD Message"