Archive for May, 2017

May 2 2017

SCCM SQL Query to Find Machines Impacted by AMT Firmware Exploit (INTEL-SA-00075)

The following SQL should help identify the state of impacted systems. Please review thoroughly before relying on this information, while I believe the results should be accurate, you should do your own due diligence. Please let me know if you find any errors or have any suggestions to return better data.

More information on INTEL-SA-00075 here.

Read More >>

May 2 2017

Get List of User Profile Folders (PoSH)

The following snippet of PowerShell will collect the list of profiles active on a system from the registry and populate an array.

I remove any profile folder that does not exist, as well as any that are within the Windows folder (e.g. NetworkService, LocalSystem), but you can modify as you see fit if that doesn’t meet your needs. I use this when I need to add files, remove files, or make changes to files within a users profile.

You could just loop over C:\USERS\ subfolders and be fine 9,999/10,000 times, but this covers those circumstances where profiles have been stored elsewhere, where C: is not the drive with the profiles, or when you need to make sure you’re not modifying folders that aren’t true profiles.
Read More >>