Thursday, October 16, 2014

Removing features from Office 2013 during imaging

Problem: Office 2013 is built into our base image, but some of our lab computers need Outlook and Lync removed.

First, I should say, this is not possible. You cannot simply remove Office features during the imaging process. However, there is a workaround.

What you need:
  • Your custom Office installer that excludes Outlook and Lync (or whatever feature you're trying to exclude)
  • The SilentUninstallConfig.xml file
In our scenario, we have a few labs that need a different Office configuration, plus some additional apps that are not included in our standard image. I set up groups for these areas in the TS (see image below) with settings only to run if certain conditions are met (ComputerName Like XXX, for example).

Create your SilentUninstallConfig.xml file, or download it here

SilentUninstallConfig.xml:
Place it in the ProPlus.WW folder in your Office share (be sure to update the content on your DP!).

Add a Run Command Line step in your TS before your Office 2013 custom install:

setup.exe /uninstall ProPlus /config .\ProPlus.WW\SilentUninstallConfig.xml

Be sure to include the path to your Office share in Start In:.

You're all set! This step only takes a few minutes and your custom Office 2013 install will work as expected.

Posted by at No comments:
Labels: , , ,

Wednesday, October 8, 2014

PowerShell script to disable computers in Active Directory, update the description, and move to a disabled OU

We have always disabled stale AD accounts using a list of computers that hadn't logged onto the domain for a certain number of days (rather than just disabling them without the list). This allowed us to make sure we weren't disabling any known good computers.

We also moved the computer to a disabled computers OU and updated the computer description to indicate when it would be safe to delete the computer account.

We had been using a VB script to disable accounts, but it was unreliable. It never seemed to take care of every computer on the list, and I would have to manually disable these computer accounts that it missed.

This script also was fairly large and complex. Enter PowerShell! The script below was modified slightly from a script I found in the comments of this article. The script performs the following actions:
  • Reads in a list of computers (c:\Scripts\ADCleaner\computers.txt) to be disabled.
  • Updates the computer description to "ITSS - Delete on xx/xx/xxxx". The date it sets is 90 days from the current date.
  • Disables the account
  • Moves the account to the Disabled - PC & User folder in AD
  • Logs the action (c:\Scripts\ADCleaner\computers.log)
This should only require minimal modification to work in your environment. Download script below.

AD-Disable.ps1.txt

$Today = Get-Date
$Desc = "ITSS - Delete on: " + $Today.AddDays(90)

$Computers = Get-Content c:\Scripts\ADCleaner\computers.txt

ForEach ($Computer in $Computers)
{ $ADComputer = $null
$ADComputer = Get-ADComputer $Computer -Properties Description

If ($ADComputer)
{ Add-Content c:\Scripts\ADCleaner\computers.log -Value "$Today - Found $Computer, disabled and moved to Disabled - PC & User OU"
Set-ADComputer $ADComputer -Description $Desc -Enabled $false
Move-ADObject $ADcomputer -targetpath "ou=Disabled - PC & User,dc=csuchico,dc=edu"
}
Else
{ Add-Content c:\Scripts\ADCleaner\computers.log -Value "$Today - $Computer not in Active Directory"
}
}
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)