Automating Sysmon installation and configuration with PowerShell

February 18, 2025 by Martin Bengtsson

Introduction

In today’s fast-paced digital world, quick response to security incidents is crucial. Sysmon (System Monitor) from Microsoft’s Sysinternals suite is an essential tool for detailed system monitoring and security analysis. However, traditional installation can be time-consuming, especially in urgent situations.

This blog post introduces a PowerShell script that automates the download, extraction, and installation of Sysmon, along with applying a pre-configured setup. This rapid deployment ensures your systems are monitored and protected within minutes, enhancing your incident response capabilities and maintaining a strong security posture.

I was troubleshooting a missing Microsoft 365 add-in in Outlook and this was the solution

February 12, 2025December 7, 2024 by Martin Bengtsson

Introduction

In this brief post, I will share the solution to a recurring issue within our environment where a Microsoft 365 add-in (also known as an integrated app) deployed from the Microsoft 365 admin center was frequently missing in Outlook.

The custom integrated app in question is deployed by uploading an add-in manifest to the Microsoft 365 admin center. From there, it is assigned to either the entire organization or a selected group of users.

In this instance, the add-in manifest was updated with a new version. However, the changes were not properly reflected in Outlook for our users.

It appears that Outlook does not effectively clear cached content from the add-in. Therefore, it is recommended to manually clear this cache if any issues arise.

Customize your Windows 11 (23H2 and onwards) taskbar during OSD with ConfigMgr using just PowerShell

October 2, 2024October 1, 2024 by Martin Bengtsson

Approximately two years ago, I authored a blog post detailing how to customize the taskbar in Windows 11. You can find that post here: Customize your Windows 11 taskbar during OSD with ConfigMgr using just PowerShell – imab.dk

Since then, there have been some changes from Microsoft, and the method I previously described is no longer supported. For more information on these changes, please refer to: Configure the applications pinned to the taskbar | Microsoft Learn

In summary, the cmdlet Import-StartLayout is no longer supported and does not accept the .xml file, resulting in the following error: Import-StartLayout : The file C:\WINDOWS\Taskbar.xml is not a valid layout file

To address this, I have modified the solution I used back then, and the new approach is outlined in this blog post.

Elevate plz? Become Domain Admin in a split second via Configuration Manager

December 20, 2023December 17, 2023 by Martin Bengtsson

Introduction

Really short post, just to illustrate the possible privileges of being a Configuration Manager admin and having the ConfigMgr client installed on a Domain Controller.

While this might be stating the obvious for some people, I think it deserves a mention regardless.

This dictates a proper tiering model, especially around your Domain Controllers, making sure that Configmgr Admins does not have access to Domain Controllers and vice versa, but also to treat your ConfigMgr environment as tier0.

Uninstall any application in a jiffy using PowerShell and Configuration Manager

December 20, 2023December 17, 2023 by Martin Bengtsson

Introduction

I was recently tasked with the complete removal of Google Chrome from an environment. Google Chrome in question was installed via the default installer from Google, but also via a few custom repackaged installers, so I had multiple product IDs to consider.

Instead of manually looking for each product ID and use that with separate uninstallations, I figured to create some PowerShell code to do that for me automatically and on the fly.

This can be used to uninstall any application registered with the Windows installer, installed either as a .MSI or a select .EXE compiler.

Configure and use Lenovo BIOS supervisor password during OSD using PowerShell and Configuration Manager

June 30, 2022June 29, 2022 by Martin Bengtsson

Introduction

Following up on my previous post, continuing on the Lenovo BIOS password topic. This time I’m illustrating, how you initially can set the supervisor password during the deployment of the operating system.

Find my previous post here: Inventory Lenovo BIOS password states using PowerShell and Proactive Remediations – imab.dk

Last time I mentioned, how this cannot be done remotely for security reasons. However, there are an option to allow this during OSD (Operating System Deployment), called System Deployment Boot Mode. If taking advantage of this, you’re allowed to set the supervisor password programmatically in WinPE.

I’m using PowerShell to do so, and this post will walk you through the necessities.

Customize your Windows 11 taskbar during OSD with ConfigMgr using just PowerShell

June 9, 2022June 8, 2022 by Martin Bengtsson

Introduction

A short and sweet blog post to re-kickstart my blogging activities, after a long period focusing on cybersecurity and the increased cybersecurity threat towards organizations. For same reasons, my Windows 11 project has temporarily been on pause.

However, now I’m back working on Windows 11, showing how you can customize the taskbar during OSD (Operating System Deployment) with Configuration Manager using just PowerShell (and no source files).

And yes, we are still leveraging Configuration Manager for regular OSD. This still makes the most sense for our type of business. 🙂

Monitor your Windows 11 Feature Updates with Custom Action Scripts and notifications sent to Microsoft Teams

June 9, 2022February 1, 2022 by Martin Bengtsson

Introduction

I’m kind of continuing on last weeks topic, where I wrote about leveraging SetupConfig.ini and SetupComplete.cmd to carry out custom tasks during a Windows 11 Feature Update.

Remove built-in Teams app and Chat Icon in Windows 11 during a Feature Update via SetupConfig.ini and SetupComplete.cmd

Today I want to demonstrate, how you can leverage the same custom action scripts, to send notifications to a Microsoft Teams channel upon success or failure, when upgrading to Windows 11 using a Feature Update.

I’m still preparing Windows 11 for broad deployment and I will post my exact process once it’s ready. For now I’m just giving you tiny tidbits along the way. 🙂

Remove built-in Teams app and Chat Icon in Windows 11 during a Feature Update via SetupConfig.ini and SetupComplete.cmd

June 9, 2022January 29, 2022 by Martin Bengtsson

Introduction

This topic in particular, has been very popular since the release of Windows 11 back in October last year.

At this point, there’s at least a dozen posts out there, on how to remove either the built-in Teams app or the Chat Icon from the task bar on devices running Windows 11 already.

I’m in the middle of preparing Windows 11 for broad deployment myself, and this is how I make sure the built-in Teams app and Chat Icon is removed before the user logs on to Windows 11 for the first time. In this scenario, after completing the Feature Update coming from Windows 10.

I updated Configuration Manager in production to version 2111 last night

January 22, 2022January 21, 2022 by Martin Bengtsson

Introduction

Granted, I don’t manage a humongous Configuration Manager environment. I barely manage a thousand devices. Nevertheless, ConfigMgr is ideally and supposed to be kept up to date, at least within a supported range of version. I’m obviously always keen on keeping it up there on the latest and greatest.

This environment is originally stemming from a SCCM 2012 installation and has made it all the way into 2022 🙂

ConfigMgr 2111 released back primo December 2021 and is now generally available as an in-console update.

It’s been a while since last time I walked through the steps I usually take. This time however, I’m doing so AFTER completing the upgrade. I usually write the post, as I move on with the upgrade itself. This time it’s more like a ‘notes from the field’-approach.