Created
March 24, 2018 00:03
-
-
Save rgsteele/36bb4ae6f1de3678491a1280ae49e2c0 to your computer and use it in GitHub Desktop.
PSADT Script for upgrading Lenovo ThinkCentre M910q TPM firmware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script performs the installation or uninstallation of an application(s). | |
| .DESCRIPTION | |
| The script is provided as a template to perform an install or uninstall of an application(s). | |
| The script either performs an "Install" deployment type or an "Uninstall" deployment type. | |
| The install deployment type is broken down into 3 main sections/phases: Pre-Install, Install, and Post-Install. | |
| The script dot-sources the AppDeployToolkitMain.ps1 script which contains the logic and functions required to install or uninstall an application. | |
| .PARAMETER DeploymentType | |
| The type of deployment to perform. Default is: Install. | |
| .PARAMETER DeployMode | |
| Specifies whether the installation should be run in Interactive, Silent, or NonInteractive mode. Default is: Interactive. Options: Interactive = Shows dialogs, Silent = No dialogs, NonInteractive = Very silent, i.e. no blocking apps. NonInteractive mode is automatically set if it is detected that the process is not user interactive. | |
| .PARAMETER AllowRebootPassThru | |
| Allows the 3010 return code (requires restart) to be passed back to the parent process (e.g. SCCM) if detected from an installation. If 3010 is passed back to SCCM, a reboot prompt will be triggered. | |
| .PARAMETER TerminalServerMode | |
| Changes to "user install mode" and back to "user execute mode" for installing/uninstalling applications for Remote Destkop Session Hosts/Citrix servers. | |
| .PARAMETER DisableLogging | |
| Disables logging to file for the script. Default is: $false. | |
| .EXAMPLE | |
| powershell.exe -Command "& { & '.\Deploy-Application.ps1' -DeployMode 'Silent'; Exit $LastExitCode }" | |
| .EXAMPLE | |
| powershell.exe -Command "& { & '.\Deploy-Application.ps1' -AllowRebootPassThru; Exit $LastExitCode }" | |
| .EXAMPLE | |
| powershell.exe -Command "& { & '.\Deploy-Application.ps1' -DeploymentType 'Uninstall'; Exit $LastExitCode }" | |
| .EXAMPLE | |
| Deploy-Application.exe -DeploymentType "Install" -DeployMode "Silent" | |
| .NOTES | |
| Toolkit Exit Code Ranges: | |
| 60000 - 68999: Reserved for built-in exit codes in Deploy-Application.ps1, Deploy-Application.exe, and AppDeployToolkitMain.ps1 | |
| 69000 - 69999: Recommended for user customized exit codes in Deploy-Application.ps1 | |
| 70000 - 79999: Recommended for user customized exit codes in AppDeployToolkitExtensions.ps1 | |
| .LINK | |
| http://psappdeploytoolkit.com | |
| #> | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory=$false)] | |
| [ValidateSet('Install','Uninstall')] | |
| [string]$DeploymentType = 'Install', | |
| [Parameter(Mandatory=$false)] | |
| [ValidateSet('Interactive','Silent','NonInteractive')] | |
| [string]$DeployMode = 'Interactive', | |
| [Parameter(Mandatory=$false)] | |
| [switch]$AllowRebootPassThru = $false, | |
| [Parameter(Mandatory=$false)] | |
| [switch]$TerminalServerMode = $false, | |
| [Parameter(Mandatory=$false)] | |
| [switch]$DisableLogging = $false, | |
| [switch]$ClearTPM = $false, # Script is called again by scheduled task after reboot with the -ClearTPM switch | |
| [switch]$ReEnableBitLocker = $false # Script is called again by scheduled task after reboot with the -ReEnableBitLocker switch | |
| ) | |
| Try { | |
| ## Set the script execution policy for this process | |
| Try { Set-ExecutionPolicy -ExecutionPolicy 'ByPass' -Scope 'Process' -Force -ErrorAction 'Stop' } Catch {} | |
| ##*=============================================== | |
| ##* VARIABLE DECLARATION | |
| ##*=============================================== | |
| ## Variables: Application | |
| [string]$appVendor = 'Lenovo' | |
| [string]$appName = 'ThinkCentre TPM Firmware' | |
| [string]$appVersion = '2018-03-12 - V2' | |
| [string]$appArch = '' | |
| [string]$appLang = 'EN' | |
| [string]$appRevision = '01' | |
| [string]$appScriptVersion = '1.0.0' | |
| [string]$appScriptDate = '2018-03-22' | |
| [string]$appScriptAuthor = 'Ryan Steele' | |
| [string]$BIOSPassword = 'xxxxxxxx' # UPDATE THIS WITH YOUR BIOS PASSWORD | |
| ##*=============================================== | |
| ## Variables: Install Titles (Only set here to override defaults set by the toolkit) | |
| [string]$installName = '' | |
| [string]$installTitle = '' | |
| ##* Do not modify section below | |
| #region DoNotModify | |
| ## Variables: Exit Code | |
| [int32]$mainExitCode = 0 | |
| ## Variables: Script | |
| [string]$deployAppScriptFriendlyName = 'Deploy Application' | |
| [version]$deployAppScriptVersion = [version]'3.6.8' | |
| [string]$deployAppScriptDate = '02/06/2016' | |
| [hashtable]$deployAppScriptParameters = $psBoundParameters | |
| ## Variables: Environment | |
| If (Test-Path -LiteralPath 'variable:HostInvocation') { $InvocationInfo = $HostInvocation } Else { $InvocationInfo = $MyInvocation } | |
| [string]$scriptDirectory = Split-Path -Path $InvocationInfo.MyCommand.Definition -Parent | |
| ## Dot source the required App Deploy Toolkit Functions | |
| Try { | |
| [string]$moduleAppDeployToolkitMain = "$scriptDirectory\AppDeployToolkit\AppDeployToolkitMain.ps1" | |
| If (-not (Test-Path -LiteralPath $moduleAppDeployToolkitMain -PathType 'Leaf')) { Throw "Module does not exist at the specified location [$moduleAppDeployToolkitMain]." } | |
| If ($DisableLogging) { . $moduleAppDeployToolkitMain -DisableLogging } Else { . $moduleAppDeployToolkitMain } | |
| } | |
| Catch { | |
| If ($mainExitCode -eq 0){ [int32]$mainExitCode = 60008 } | |
| Write-Error -Message "Module [$moduleAppDeployToolkitMain] failed to load: `n$($_.Exception.Message)`n `n$($_.InvocationInfo.PositionMessage)" -ErrorAction 'Continue' | |
| ## Exit the script, returning the exit code to SCCM | |
| If (Test-Path -LiteralPath 'variable:HostInvocation') { $script:ExitCode = $mainExitCode; Exit } Else { Exit $mainExitCode } | |
| } | |
| #endregion | |
| ##* Do not modify section above | |
| ##*=============================================== | |
| ##* END VARIABLE DECLARATION | |
| ##*=============================================== | |
| If ($deploymentType -ine 'Uninstall') { | |
| ##*=============================================== | |
| ##* PRE-INSTALLATION | |
| ##*=============================================== | |
| [string]$installPhase = 'Pre-Installation' | |
| ## Stage 2 - Clear TPM | |
| If($ClearTPM) { | |
| Execute-Process -Path "SCHTASKS" -Parameters "/Delete /TN `"$InstallTitle - Clear TPM`" /F" | |
| Write-Log -Message "Clearing the TPM" -Source $deployAppScriptFriendlyName | |
| (Get-WmiObject -Namespace "root\cimv2\security\microsofttpm" -Class "win32_tpm").SetPhysicalPresenceRequest(14) | |
| Execute-Process -Path "SCHTASKS" -Parameters "/Create /SC ONSTART /RU System /TR `"'$scriptParentPath\Deploy-Application.exe' -ReEnableBitLocker`" /TN `"$InstallTitle - Re-Enable BitLocker`" /F" | |
| Write-Log -Message "Restarting the computer" -Source $deployAppScriptFriendlyName | |
| Restart-Computer | |
| Exit-Script -ExitCode 0 | |
| } | |
| ## Stage 3 - Re-Enable BitLocker | |
| If($ReEnableBitLocker) { | |
| Execute-Process -Path "SCHTASKS" -Parameters "/Delete /TN `"$InstallTitle - Re-Enable BitLocker`" /F" | |
| Write-Log -Message "Pausing for 30 seconds" -Source $deployAppScriptFriendlyName | |
| Start-Sleep -Seconds 30 | |
| Execute-Process -Path "$envSystem32Directory\manage-bde.exe" -Parameters "-protectors -enable $envSystemDrive" | |
| Exit-Script -ExitCode 0 | |
| } | |
| ## Abort with error code 1618 (fast retry) if machine is on battery | |
| If(-not (Test-Battery)) { Exit-Script 1618 } | |
| ## Show Welcome Message, allow up to 3 deferrals, and persist the prompt | |
| Show-InstallationWelcome -AllowDefer -DeferTimes 3 -PersistPrompt -CustomText -ForceCountdown 600 | |
| ## Show Progress Message (with the default message) | |
| Show-InstallationProgress | |
| ##*=============================================== | |
| ##* INSTALLATION | |
| ##*=============================================== | |
| [string]$installPhase = 'Installation' | |
| ## Detect whether BitLocker is enabled | |
| $BitLockerWMIObject = Get-WmiObject -namespace root\CIMv2\Security\MicrosoftVolumeEncryption -class Win32_EncryptableVolume | where-object {$_.DriveLetter -eq $envSystemDrive} | |
| If ($BitLockerWMIObject.ProtectionStatus -eq 1) { | |
| # Suspend BitLocker | |
| Execute-Process -Path "$envSystem32Directory\manage-bde.exe" -Parameters "-protectors -disable $envSystemDrive -RC 0" | |
| } | |
| # Schedule a task to clear the TPM after a reboot | |
| Execute-Process -Path "SCHTASKS" -Parameters "/Create /SC ONSTART /RU System /TR `"'$scriptParentPath\Deploy-Application.exe' -ClearTPM`" /TN `"$InstallTitle - Clear TPM`" /F" | |
| # Apply TPM firmware | |
| $TpmVersion = (Get-WmiObject -namespace root\cimv2\security\microsofttpm -class win32_tpm).SpecVersion | |
| If($TpmVersion -like "1.2*") { | |
| Write-Log -Message "Executing flash.cmd /1 ***** /s" -Source $deployAppScriptFriendlyName | |
| Execute-Process -Path "cmd.exe" -Parameters "/c flash.cmd /1 $BIOSPassword /s" -WorkingDirectory $dirFiles -IgnoreExitCodes "1,1073807364" -SecureParameters | |
| } | |
| ElseIf($TpmVersion -like "2.0*") { | |
| Write-Log -Message "Executing flash.cmd /2 ***** /s" -Source $deployAppScriptFriendlyName | |
| Execute-Process -Path "cmd.exe" -Parameters "/c flash.cmd /2 $BIOSPassword /s" -WorkingDirectory $dirFiles -IgnoreExitCodes "1,1073807364" -SecureParameters | |
| } | |
| Else { | |
| Write-Log -Message "ERROR: Unexpected TPM version. Firmware not applied." -Source $deployAppScriptFriendlyName | |
| Restart-Computer | |
| } | |
| ##*=============================================== | |
| ##* POST-INSTALLATION | |
| ##*=============================================== | |
| [string]$installPhase = 'Post-Installation' | |
| ## <Perform Post-Installation tasks here> | |
| } | |
| ElseIf ($deploymentType -ieq 'Uninstall') | |
| { | |
| ##*=============================================== | |
| ##* PRE-UNINSTALLATION | |
| ##*=============================================== | |
| [string]$installPhase = 'Pre-Uninstallation' | |
| ## Show Welcome Message, close Internet Explorer with a 60 second countdown before automatically closing | |
| Show-InstallationWelcome -CloseApps 'iexplore' -CloseAppsCountdown 60 | |
| ## Show Progress Message (with the default message) | |
| Show-InstallationProgress | |
| ## <Perform Pre-Uninstallation tasks here> | |
| ##*=============================================== | |
| ##* UNINSTALLATION | |
| ##*=============================================== | |
| [string]$installPhase = 'Uninstallation' | |
| ## Handle Zero-Config MSI Uninstallations | |
| If ($useDefaultMsi) { | |
| [hashtable]$ExecuteDefaultMSISplat = @{ Action = 'Uninstall'; Path = $defaultMsiFile }; If ($defaultMstFile) { $ExecuteDefaultMSISplat.Add('Transform', $defaultMstFile) } | |
| Execute-MSI @ExecuteDefaultMSISplat | |
| } | |
| # <Perform Uninstallation tasks here> | |
| ##*=============================================== | |
| ##* POST-UNINSTALLATION | |
| ##*=============================================== | |
| [string]$installPhase = 'Post-Uninstallation' | |
| ## <Perform Post-Uninstallation tasks here> | |
| } | |
| ##*=============================================== | |
| ##* END SCRIPT BODY | |
| ##*=============================================== | |
| ## Call the Exit-Script function to perform final cleanup operations | |
| Exit-Script -ExitCode $mainExitCode | |
| } | |
| Catch { | |
| [int32]$mainExitCode = 60001 | |
| [string]$mainErrorMessage = "$(Resolve-Error)" | |
| Write-Log -Message $mainErrorMessage -Severity 3 -Source $deployAppScriptFriendlyName | |
| Show-DialogBox -Text $mainErrorMessage -Icon 'Stop' | |
| Exit-Script -ExitCode $mainExitCode | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment