CI guts for App Catalog check

Greetings everyone!

If you are following in my footsteps of exposing the App Catalog web services. Here are a few tibbits that could help you keep your services exposed.

Create a CI and use the following in the detection method.

$registryPath = "HKLM:\Software\Microsoft\SMS\PORTALWEB"
$registryName = "PortalPath"
$key = Get-ItemProperty -Path $registryPath -Name $registryName
$FilePath = $key.PortalPath+"\default.aspx"
$ConfigFile = $key.PortalPath+"\web.config"
$WebConfig1 = [System.IO.File]::ReadAllText($ConfigFile)
$WSDLVisble = $WebConfig1.Contains("<!--<remove name=""Documentation"" />-->") -or $WebConfig1.Contains("<!--<remove name=""Documentation""/>-->") -or (!($WebConfig1.Contains("<remove name=""Documentation"" />")))


Remediation (if you choose to be so brave).

$registryPath = "HKLM:\Software\Microsoft\SMS\PORTALWEB"
$registryName = "PortalPath"
$key = Get-ItemProperty -Path $registryPath -Name $registryName
$FilePath = $key.PortalPath+"\default.aspx"
$ConfigFile = $key.PortalPath+"\web.config"
$WebConfig1 = [System.IO.File]::ReadAllText($ConfigFile)
If (!($WebConfig1.Contains("<!--<remove name=""Documentation""/>-->")))
{
$WebConfig1 = $WebConfig1.Replace("<remove name=""Documentation"" />","<!--<remove name=""Documentation"" />-->")
[System.IO.File]::WriteAllText($ConfigFile, $WebConfig1)
}



As you can see there isn't much to it. If you are wondering why I am using the registry entry instead of hardcoding a path. That is because I wanted the script to be usable across any box with a catalog role without having to remember to update a script.

Comments

Post a Comment

Popular posts from this blog

Intune Hybrid - NDES Cert Issue

As many of you who might be running a SCCM/Intune hybrid scenario for MDM will have learned. There are a few to many certificates in use between NDES, Intune, Wifi Profiles, VPN profiles, and well anything else that may have a cert buried in it. We had an instance were the NDES wasn't handing out the certs for WiFi and VPN profiles. However it was handing out the base communication certificate so phones could sync correctly. This was one of those head scratchers on our park, but if you know where to look it makes sense. Problem is (at least in my opinion) there is a lack of useful documentation and the logging leaves a little to be desired. Therefore, I'm going to give a bit about our journey and hopefully help some of you folks out if you run into something similar. When we were notified of this issue, we started to look at the usual logs, you know CRP.log NDESPlugin.log those types of things. First thing you will notice is that the CRP.log will show the same message ove
Read more

Stuck @ "Waiting for user logon"

This may or may not be something that you would commonly see in your environment. We only see it occasionally but it used to be a pretty common problem. One of my teammates found a technet forum post that addressed this specifically. Pretty interesting read if you are fighting this issue on a particular client. https://social.technet.microsoft.com/Forums/en-US/1569e1e2-91bc-435d-8998-beb817d5b453/waiting-for-user-logon?forum=configmanagergeneral Here is the meat and potatoes of the forum discussion. $CITask = get-wmiobject -query "select * from CCM_CITask where TaskState != ' PendingSoftReboot' AND TaskState != 'PendingHardReboot' AND TaskState != 'InProgress'" -namespace root\ccm\CITasks if ($CITask -ne $NULL) { $CITask | remove-wmiobject -Whatif $CITask | remove-wmiobject } ELSE { "CCM_CITasks is empty. Nothing to do" }
Read more

Triggering a software update install via Powershell

Howdy Folks This post is a holiday slice of pie. Today we focus on triggering update(s) that are deployed to a machine. Now for the pie filling. Triggering an update scan on a client: ([wmiclass]'ROOT\ccm:SMS_Client').TriggerSchedule('{00000000-0000-0000-0000-000000000113}') Trigger install of all updates: ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates() Here is a nice addition if you only want to install specific update(s) you just have to modify the select statement: ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates([System.Management.ManagementObject[]] (get-wmiobject -query 'SELECT * FROM CCM_SoftwareUpdate' -namespace 'ROOT\ccm\ClientSDK')) If you would like to see if there are updates applying, if true they are running: $CCMUpdate = get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate" -namespace "ROOT\ccm\ClientSDK" if(@($CCMUpdate | where {
Read more