Hey Everyone, thanks in advance for any assistance
I am trying to set up a Configuration Baseline that checks to see if a WMI namespace exists(Specifically IETelemetry). The compliant/non-compliant portion works perfectly. However, if the system is not compliant I would like a remediation script to run (If you've dealt with IE 11 Telemetry you can probably guess that I am trying to run IETelemetrySetUp-Win7.ps1).
The remediation powershell script runs. However, it does not complete successfully. I believe it may be a result of not running as administrator but can't find a way around this that will work for me.
In the DcmWmiProvider.log I see the following warning. If I manually run the ps1 script not as admin I receive the same error. If I right click and select run as admin to launch powershell the script runs normally.
In-line script returned error output: Get-WmiObject : Invalid namespace "root/cimv2/IETelemetry"
At C:\WINDOWS\CCM\SystemTemp\c0d97d9c-26d2-491b-8721-f4604c5d237b.ps1:85
char:25
+ $security = Get-WmiObject -Namespace root/cimv2/IETelemetry
-Class _ ...
+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-WmiObject], Management
Exception
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.C
ommands.GetWmiObjectCommand
Any help would be appreciated. Here is the code for IETelemetrySetUp-Win7.ps1
param(
[switch]$MofUpdate,
[switch]$IEFeatureOff,
[ValidateSet('Computer','Intranet','TrustedSites','Internet','RestrictedSites')]
[string[]]$ZoneAllowList,
[string[]]$SiteAllowList
)
Function CalculateZoneMask($zones)
{
$zoneMask = 0
ForEach($zone in $zones)
{
$zoneId = 0
Switch($zone)
{
'Computer' { $zoneId = 0 }
'Intranet' { $zoneId = 1 }
'TrustedSites' { $zoneId = 2 }
'Internet' { $zoneId = 3 }
'RestrictedSites' { $zoneId = 4 }
}
$zoneMask = $zoneMask -bor ([math]::pow(2,$zoneId))
}
$zoneMask
}
<#
IE Site Discovery Enable/Disable script.
.USAGE
Powershell needs to be run elevated.
To run this script by by-passing execution policy please use:
powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1
NOTE: This script will FORCE A LOGOFF when ENABLING the feature. After logoff, IE
will be ready to collect browsing information.
Arguments:
NO ARGUMENTS: Enables feature for all users on the machine. Forces a logoff at
the end.
-IEFeatureOff: Disables feature for all users on the machine. Does not clean up
already recorded information.
-MofUpdate: To force mof file re-compilation. Will also re-enable feature in
case it is disabled and force logoff.
-ZoneAllowList: Comma-separated list of zones for which this feature is enabled.
Allowed values: Computer, Intranet, TrustedSites, Internet,
RestrictedSites.
-SiteAllowList: Comma-separated list of domains for which this feature is
enabled.
For additional information on the feature:
http://technet.microsoft.com/en-us/library/dn833204.aspx
.NOTES
IE looks for a registry setting in the HKCU hive for recording browsing information.
This script updates the registry entry for all SIDs in the HKEY_USERS hive in order
to enable IE Site Discovery across all users on the machine.
#>
Try
{
$SystemInfo = Get-WMIObject -namespace root/cimv2/IETelemetry -query "Select * from IESystemInfo where systemKey = 'SystemKey'" -ea Stop
}
Catch [system.exception]
{
}
Finally
{
Try
{
if($MofUpdate -or !$SystemInfo)
{
$path = Split-Path $MyInvocation.MyCommand.Path
$empty = mofcomp.exe $path\IETelemetry.mof
$SDDL = "A;;CCLCSWRPWP;;;AU"
$security = Get-WmiObject -Namespace root/cimv2/IETelemetry -Class __SystemSecurity
$converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper
$binarySD = @($null)
$result = $security.PsBase.InvokeMethod("GetSD",$binarySD)
$outsddl = $converter.BinarySDToSDDL($binarySD[0])
$newSDDL = $outsddl.SDDL += "(" + $SDDL + ")"
$WMIbinarySD = $converter.SDDLToBinarySD($newSDDL)
$WMIconvertedPermissions = ,$WMIbinarySD.BinarySD
$result = $security.PsBase.InvokeMethod("SetSD",$WMIconvertedPermissions)
$versionstring = [System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:\Windows\System32\mshtml.dll").FileVersion
$split = $versionstring.split(".")
$a = Get-WMIObject -namespace root/cimv2/IETelemetry -query "Select * from IESystemInfo where systemKey = 'SystemKey'"
$a.IEVer = $split[0]
$empty = $a.Put()
echo "IETelemetry.mof Compiled"
}
<#
The below code updates the HKCU hive and can be used in cases where the main\local user of a
machine has admin rights AND if the script is run by the user and not by a system account
via SCCM.
#>
if(!$IEFeatureOff)
{
if (!(Test-Path 'HKU:\'))
{
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
}
Push-Location
Get-ChildItem -Path HKU:\*\Software\Microsoft\Internet?Explorer -ErrorAction SilentlyContinue | ForEach-Object {
$empty = New-Item -Path "$($_.PsPath)\WMITelemetry" -force
Set-Location "$($_.PsPath)\WMITelemetry"
Set-ItemProperty -Path . -Name Active -Value 1
if($ZoneAllowList.Length -gt 0)
{
Set-ItemProperty -Path . -Name ZoneAllowList -Value (CalculateZoneMask $ZoneAllowList) -Type DWord
}
if($SiteAllowList.Length -gt 0)
{
Set-ItemProperty -Path . -Name SiteAllowList -Value $SiteAllowList -Type MultiString
}
}
Pop-Location
echo "Forcing logoff. IE will start recording to WMI after re-login"
shutdown /l
}
else
{
<#
Remove entry from current user's HKCU hive
#>
if ((Test-Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'))
{
Set-Location 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'
Set-ItemProperty -Path . -Name Active -Value 0
}
if (!(Test-Path 'HKU:\'))
{
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
}
<#
Remove entry from all users in the HKEY_USERS hive
#>
Push-Location
Get-ChildItem -Path 'HKU:\*\Software\Microsoft\Internet?Explorer\WMITelemetry' -ErrorAction SilentlyContinue | ForEach-Object {
Set-Location "$($_.PsPath)"
Set-ItemProperty -Path . -Name Active -Value 0
}
Pop-Location
echo "IE will no longer record to WMI after logoff and re-login"
}
}
Catch
{
write-host "Caught an exception:" -ForegroundColor Red
write-host "Exception Type: $($_.Exception.GetType().FullName)" -ForegroundColor Red
write-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red
}
}
Other recent topics
