Some Notes on the Machines

This works:

Write-Host "Beginning..."

# Manual / forced Automate agent removal
# from https://docs.connectwise.com/ConnectWise_Automate/ConnectWise_Automate_Documentation/070/020/010

TASKKILL /F /IM LTSVC.exe 2> $null
TASKKILL /F /IM LTSvcMon.exe 2> $null
TASKKILL /F /IM LTTray.exe 2> $null

CMD /C 'SC DELETE LTSERVICE 2>NUL' | Out-Null
CMD /C 'SC DELETE LTSVCMON 2>NUL' | Out-Null

CD HKLM:\SOFTWARE
Remove-Item LABTECH -Force -Recurse 2> $null
CD HKLM:\SOFTWARE\WOW6432NODE
Remove-Item LABTECH -Force -Recurse 2> $null

Remove-Item C:\WINDOWS\LTSVC -Force -Recurse 2> $null

Write-Host "Done!"

The following updates Roboform v9. Whenever v10 comes out, this will need to be changed to fit. winget does not appear able to do this job, at least when Roboform is installed via exe.

cd $env:TEMP
taskkill /f /im robotaskbaricon.exe
curl.exe -O https://www.roboform.com/dist/RoboForm-v9-Setup.exe
.\roboform-v9-setup.exe /silent /unatt /close

This command line will upgrade many things, run it in administrative shell:

winget upgrade --all --include-unknown

Don’t try this with Autodesk products installed, and there are probably other situations to watch for too.

It’s built into most OEM installs of Windows 10 and 11, and can often be installed. On server builds it’s touch and go.

To see if you have it, try winget list from CMD or Powershell.

One good way to test it, is to install Microsoft .NET framework (SDK) 6, thus, from administrative Powershell:

winget install --id Microsoft.DotNet.Runtime.6 --silent --accept-source-agreements

I learned just now that if you add other seemingly valuable options to the one above, e.g., --scope machine, at least while running as SYSTEM, it will fail citing package not found. So you’ll want to test carefully.

Here’s one proven just now for 7zip (there’s a “search” option in winget to get the ID):

winget install --exact --id 7zip.7zip --accept-package-agreements --silent --scope machine

Here’s one for Google Chrome, needs a bit of extra:

winget.exe install --exact --id Google.Chrome --silent --accept-package-agreements --accept-source-agreements --scope machine

And here’s a way to upgrade everything Winget can upgrade. There are some systems to not use this on, e.g., anything with some Autodesk products:

winget upgrade --all --include-unknown

If you do want to use it from the SYSTEM account, in scripting, it gets interesting. You’ll want to first run the below, and then winget will run as expected.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Function to find the path to winget.exe
function Find-WinGet-Path {
    # Get the WinGet path (for use when running in SYSTEM context).
    $WinGetPathToResolve = Join-Path -Path $ENV:ProgramFiles -ChildPath 'WindowsApps\Microsoft.DesktopAppInstaller_*_*__8wekyb3d8bbwe'
    $ResolveWinGetPath = Resolve-Path -Path $WinGetPathToResolve | Sort-Object {
        [version]($_.Path -replace '^[^\d]+_((\d+\.)*\d+)_.*', '$1')
    }
    if ($ResolveWinGetPath) {
        # If we have multiple versions - use the latest.
        $WinGetPath = $ResolveWinGetPath[-1].Path
    }

    # Get the User-Context WinGet exe location.
    $WinGetExePath = Get-Command -Name winget.exe -CommandType Application -ErrorAction SilentlyContinue

    # Select the correct WinGet exe
    if (Test-Path -Path (Join-Path $WinGetPath 'winget.exe')) {
        # Running in SYSTEM-Context.
        $WinGet = Join-Path $WinGetPath 'winget.exe'
    } elseif ($WinGetExePath) {
        # Get User-Context if SYSTEM-Context not found.
        $WinGet = $WinGetExePath.Path
    } else {
        Write-Output 'WinGet not Found!'
        Stop-Transcript
        exit 1
    }

    # Return WinGet path
    return ($WinGet -replace '\winget.exe','')
}

Function Add-PathVariable {
    param (
        [string]$addPath
    )
    if (Test-Path $addPath){
        $regexAddPath = [regex]::Escape($addPath)
        $arrPath = $env:Path -split ';' | Where-Object {$_ -notMatch 
"^$regexAddPath\\?"}
        $env:Path = ($arrPath + $addPath) -join ';'
    } else {
        Throw "'$addPath' is not a valid path."
    }
}

Add-PathVariable (Find-Winget-Path)

Installing has been even more interesting. I’ve tried a lot of things. The below worked very well recently on Server 2019 as well as Server 2022. Sometimes it fails once and has to be re-run. It is a script which installs prerequisites, and installs another script called winget-install. After the installations, it will run winget-install. Once successful, winget runs.

#begin script

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force > $null

Function PrepareModule {
	param( [string]$ModuleName )

	"Preparing Powershell environment: Getting online " + $ModuleName + " info..."
	$OnlineModuleInfo = Find-Module $ModuleName -Repository PSGallery
	"Preparing Powershell environment: Getting local " + $ModuleName + " info (if exists)..."
	$LocalModuleInfo = Get-InstalledModule $ModuleName -ErrorAction SilentlyContinue > $null

	If ($OnlineModuleInfo.Version -ne $LocalModuleInfo.Version) {
		"Preparing Powershell environment: Removing old " + $ModuleName + " (if exists)..."
		Uninstall-Module -Name $ModuleName -ErrorAction SilentlyContinue > $null
		"Preparing Powershell environment: Installing new " + $ModuleName + "..."
		Install-Module -Name $ModuleName -Repository PSGallery
		"Preparing Powershell environment: Importing new " + $ModuleName + "..."
		Import-Module -Name $ModuleName
		}
}

"Setting up to use Powershell Gallery..."
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module PowerShellGet -Force
Set-PSRepository -InstallationPolicy Trusted -Name PSGallery

PrepareModule("NuGet")	

Install-Script -Name winget-install 
winget-install

#End script

There has been a complete replacement:

www.apc.com/us/en/product-range/61932-powerchute-business-edition/#overview

There has been a complete replacement:

www.apc.com/us/en/product-range/61932-powerchute-business-edition/#overview

Here’s page current as of now:

www.apc.com/us/en/product-range/61932-powerchute-business-edition/#overview

The Powershell below, calls all of the tools listed for it here.

#begin script

if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
    "Running elevated; good."
    ""
    } else {
    "Not running as elevated.  Starting elevated shell."
    Start-Process powershell -WorkingDirectory $PWD.Path -Verb runAs -ArgumentList "-noprofile -noexit -file $PSCommandPath"
    return "Done. This one will now exit."
    ""
    }

Set-ExecutionPolicy Bypass -Scope Process -Force

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12;

$dfolder = "C:\OptimizeTemp"

$ps_script_list = @(
    'mma-appx-etc.ps1',
    'RunDevNodeClean.ps1',
    'wt_removeGhosts.ps1',
    'TweakDrives.ps1',
	'TweakSMB.ps1',
    'OWTAS.ps1',
    'OVSS.ps1',
    'CATE.ps1',
	'TweakHardware.ps1'
    'TweakMemTCP.ps1'
    )

mkdir $dfolder

"Downloading..."

ForEach ($ps_script in $ps_script_list) {
	$download_url = "https://github.com/jebofponderworthy/windows-tools/raw/master/tools/$ps_script"

	""
	"--- Downloading $ps_script... ---"
	Invoke-WebRequest -Uri $download_url -Outfile "$dfolder\$ps_script"
	}

""
"Running..."

ForEach ($ps_script in $ps_script_list) {
	$run_script = "$dfolder\$ps_script"
	& $run_script

	Remove-Item "$dfolder\$ps_script"
	}	

Remove-Item $dfolder -Recurse -Force

#end of script

Run this in administrative Powershell:

wmic product where "name like '%ITSPlatform%'" call uninstall /nointeractive
wmic product where "name like '%ITSPlatformManager%'" call uninstall /nointeractive
wmic product where "name like '%ScreenConnect Client%'" call uninstall /nointeractive

Stop-Service -Name "SAAZappr"
Stop-Service -Name "SAAZDPMACTL"
Stop-Service -Name "SAAZRemoteSupport"
Stop-Service -Name "SAAZScheduler"
Stop-Service -Name "SAAZServerPlus"
Stop-Service -Name "SAAZWatchDog"
If (Test-Path "C:\Program Files (x86)\SAAZOD"){
   Remove-Item "C:\Program Files (x86)\SAAZOD" -Force -Recurse
} else {}
If (Test-Path "C:\Program Files (x86)\SAAZODBKP"){
   Remove-Item "C:\Program Files (x86)\SAAZODBKP" -Force -Recurse
} else {}
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Virtual Machine\Guest" -Name "ITSPlatformID" -Force
Remove-Item "HKLM:\SOFTWARE\WOW6432Node\SAAZOD" -Force
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SAAZappr" -Force
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SAAZDPMACTL" -Force
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SAAZRemoteSupport" -Force
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SAAZScheduler" -Force
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SAAZServerPlus" -Force
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SAAZWatchDog" -Force

HP Support Assistant is the oft-default tool, not suitable for automation. It does work, but often misses items, and sometimes just generally coughs. There is also the HP Image Assistant:

ftp.ext.hp.com/pub/caps-softpaq/cmit/HPIA.html

Its primary purpose is maintaining reference images, but it has a great command-line mode for full automatic downloads and updates. Download the installer, complete it, close the GUI tool, open Powershell or CMD, CD to the folder it created in command-line (it’s C:\SWSETUP\something), and run:

.\HPImageAssistant /Operation:Analyze /Category:All,Accessories /selection:All /action:Install /silent /reportFolder:c:\HPIA\Report /softpaqdownloadfolder:c:\HPIA\download

Then monitor its behavior in TASKMGR, and see the downloads piling up in C:\HPIA\download. If it needs a reboot, it will do it automatically. Even if it doesn’t, reboot is recommended, just to keep everything as smooth as possible.