SCCM PowerShell Task Sequence GUI

07 March, 2017

Playing around with our Task Sequences in SCCM I came to the realization that we have numerous post install tasks for optional software when an Imaged PC is for a particular department or entity. This is due to different departments having different software requirements. I started toying around with the idea of a software selection GUI as part of the Task Sequence that will allow customization of post install software in the aim to make all deployments ‘one touch’.

After some research and work I came up with a basic GUI with a few customization's:


However, this is still limited and does not cover all of our use cases, so we are still left with some post install tasks. After some more work I came up with the following ‘final’ GUI:


From this GUI we are able to choose all the combinations of required software for all departments and entities. No more post install tasks for any PC’s.

I had to do a few things to get this working as desired. But at the core of it, each of the tick boxes sets an MDT Task Sequence Variable. The variable weather ticked or not determines if the software installation step should proceed.

MDT Task Sequence Variables
The task sequence itself has some additional steps to create the variables. Each variable requires a separate step for the variable creation. I found the variables needed to be created in the task sequence before the PowerShell script that sets the variables values can be run.


All of the variable are set to False when created in the task sequence. The PowerShell script will later set the ones that are ticked to True.



Conditional Application Installations
We have the requirement that some applications are installed on every PC that we image, these applications are installed regardless of the options chosen. For the conditional application installations, I have created a separate step for each one.


Each of these steps simply installs a single application.


Under options I have set the condition that the Task Sequence Step only run if the corresponding variable is set to True.



The PowerShell Script
Creating GUI’s in PowerShell is tedious and annoying but there is plenty of information on how to do that so I will be glossing over the GUI creation part. The important part of the script is retrieving the value from the check box and injecting it into the Task Sequence variable. A minimal example how this works would be:

    #Get Variable from Form
    $installPDF = $pdfCheck.Checked #where $pdfCheck is the checkbox

    #set variable in the task sequence
    $TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment 
    $TSEnv.Value("installPDFAnnotator") = "$($installPDF)"

The script needs to be made into an SCCM Package so that we can run the script from the Task Sequence. The source contents for the package should include the script to be run, ServiceUI.exe and any assets required by the script. In my case the company logo.


The package is nothing special, you only need to set the source files for it. And distribute it the required Distribution Points.


Incorporating the script into the task sequence requires adding a step ‘General > Run Command Line’. The command line step should look similar to the following:


The two main things to note here is the command line is pointing to the PowerShell script that is part of the package and that the package is selected. You just need to make sure that you declare all the MDT Task Sequence variables before running the PowerShell step “Prompt For Image Configuration”


And that should be it!

Adding Azure Remote App Users with PowerShell

16 February, 2017

Adding azure remote app users with PowerShell is a relatively simple task and many times quicker than waiting for the clunky web based UI. The first thing to do is install the ‘Microsoft Azure PowerShell module’.

Once you have this module installed you need to add an Azure account. You only ever need to do this once. It’s as simple as running the following cmdlet and signing in.


Once you have signed in you will need to select the subscription that you want to add the user to. You can get a list of all you subscriptions using:


select a subscription use the following:

Select-AzureSubscription <Subscription Name>

Once you have selected your subscription you can begin to add users. This is as simple as running:

add-AzureRemoteAppUser -CollectionName <Collection Name> -Type orgid -Userupn <User UPN/Email>

This will then add the user to the selected collection under the selected subscription and allow them to start using remote apps.

SCCM 2012 R2 and PowerShell

14 February, 2017

To use PowerShell with SCCM you will all you need to do is import the module. If you don’t have the module installed you can get it from here: Note that you will also need to have Configuration Manager Console installed on your computer.

Once you have the module installed, import the module using the following command:

import-module "C:\Program Files (x86)\Microsoft Configuration \Manager\AdminConsole\bin\ConfigurationManager.psd1" 

Once you have imported the module you will need to connect to your site using the following:


Where ‘x’ is your site code. In my case this is:

CD PR1: 

Once connected to your site you can query information about your site using:


There are a whole bunch of cmdlets for SCCM that will allow you to do many tasks directly from the PowerShell console. I have a few SCCM scripts on my GitHub at:

As I create more scripts utilising SCCM I will be adding them to my Git. So far I have used PowerShell to query User and Device memberships from collections and export the results out to CSV’s for reporting.

Log Off an Azure Remote App User via PowerShell

15 November, 2016

I wrote this script because Azure Remote App is shit and always causes problems for users. One of the bigger problems is when a user’s application within Azure Remote App freezes, the user can’t simple restart the remote app as the server keeps the session and frozen/crashed application alive.

The solution to this is to log the user off the server. This module is designed to be a super simple way to log off a user just by using their email address that is associated with the Azure Remote App account.

function global:end-azureSession{
        [parameter(HelpMessage='your username/email for azure')]
        [parameter(HelpMessage='your password for azure')]

    #define our set variables for the penrith enviroment
    $azureSubscription = 'PCC-AAE'

    #create credentials
    #$secPass = ConvertTo-SecureString $password -AsPlainText -Force
        #$AzureCred = New-Object System.Management.Automation.PSCredential ($username, $secPass)
        $cred = Get-Credential
        #$AzureCred = New-Object System.Management.Automation.PSCredential
    #this will throw exception even if success.... so yep... this is my work-around...
    try{Add-AzureAccount -Credential $cred}catch{write-host "Connected to Azure" -ForegroundColor green}

    #Select subscription
    Select-AzureSubscription $azureSubscription

    #disconnect user
    write-host "Disconnecting user, this may take a while....." -ForegroundColor green
        invoke-AzureRemoteAppSessionLogoff -CollectionName rappaaeprod -UserUpn $userEmail -confirm:$false >$null 2>&1
        write-host "diconnected..." -ForegroundColor green
        $errorMessage = $_.Exception.Message
        if($errorMessage -eq "InternalError: The server encountered an internal error. Please retry the request."){
            write-host "User has been disconnected" -ForegroundColor green
            write-host "ERROR: User connection to Azure not found" -ForegroundColor red


Example 1: this will prompt you for credentials then end the users session


Example 2: You can save and pass credentials to the module

$cred = get-credential
end-azureSession $cred



365 AD Group Licensing

27 May, 2016

small script I wrote to set users 365 licenses based on Active Directory group membership, only tested in a hybrid environment.

function grantGroupLicense($group, $license){
    $members = Get-ADGroupMember $group -Recursive
    foreach($member in $members){
        $adUser = get-aduser $member.samaccountname | select userprincipalname
        $msolUser = Get-MsolUser -UserPrincipalName $adUser.userPrincipalName
        grantLicense $msolUser $license

    function checkLicense($user, $license){
        foreach($lic in $user.licenses){
            if($lic.AccountSku.SkuPartNumber -eq $license){return $true}
        return $false

    function grantLicense($msolUser, $license){
        if(-not(checkLicense $msolUser $license)){
                set-msolUserLicense -userprincipalname $msolUser.userPrincipalName -AddLicenses $license -ErrorAction Stop
                write-host $msolUser.userPrincipalName Has been given $license -ForegroundColor green
                write-host $msolUser.userPrincipalName could not be given $license -ForegroundColor red
            write-host $msolUser.userPrincipalName already has $license -ForegroundColor green

grantGroupLicense <AD-Group-Name> <License SkuPartNumber>

grantGroupLicense FG-MSVisio_Users VISIOCLIENT
grantGroupLicense FG-MSProject_Users PROJECTCLIENT



PowerShell Mindflash Administration

04 April, 2016

Having a position where part of my job is to administrate users within Mindflash I am frequently completing the following tasks on Mindflash:
• Creating Users
• Enrolling users in courses
• Resetting user passwords

Often these tasks need to be completed for either an individual user or a batch of users at any given time. While Mindflash provides some bulk administration options through their web portal I found it a little limiting and a little clunky to use.

So naturally been a fan on the command line and primarily a Linux user I thought it would be great to be able to administer Mindflash users from a command line, In this case PowerShell. I have created Get-MindflashUser, A PowerShell cmdlet that hooks into the Mindflash API allowing for administration of users.

Get-MindflashUser allows you to complete all of the following tasks without ever leaving the PowerShell window.
• Get a list of all Mindflash users
• Get a list of all Mindflash courses
• Get a list of all users in a specific course
• Get a specific users details
• Get a specific users details including course enrolment details
• Get course progress for a given user and course
• Invite users to a course
• Reset user password
• Create new users

In addition to all of this, you would obviously be able to use Get-MindflashUser within you own scripts to automate repetitive tasks or generate reports.

Some Examples of Use
Resetting a users password

get-MindflashUser -email -resetPassword true -newPassword P@ssword21 –Key <yourAPIKeyHere>

Creating a new user

get-MindflashUser -email -first michael -last cho -newUser true -newPassword P@ssword21 –Key <yourAPIKeyHere>

There are more examples of user provided in the header of the script. If you find this script useful in any way please let me know by email at Additionally if you find any issues or bugs in the script please shout out so I can resolve them.


Download Get-MindflashUser.ps1


Creative Commons License
Get-MindflashUser by Nathan Kewley is licensed under a Creative Commons Attribution 4.0 International License


Home ← Older posts