Powershell - Change computer object description to username

Two years ago, with help from ExpertsExchange, I had created a VisualBasic script to collect the currently logged on users username, and set the computers description to that username in AD.

To us it's purpose was to help associate the computers to the actual user, since computers change hands, get re purposed and you don't always remember to change the description.

So here's the old script:

On Error Resume Next

strComputer = "."

Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2").ExecQuery("Select Description FROM Win32_OperatingSystem")

For Each object In objRegistry

strDescription = object.Description 

Next 

Set objSysInfo = CreateObject("ADSystemInfo")

Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

objComputer.Description = strDescription

objComputer.SetInfo

And the new Powershell version:

Import-Module ActiveDirectory

$computer = $env:computername

$username = $env:USERNAME

set-adcomputer $computer -description $username

Shocking, no?  Another reason I :heart: Powershell.


UPDATE:

Well this script has failed me.  Well not the script mind you but I ran into an issue in it's utilization here that will not work.  Our images of Win7Ent do not contain the RSAT tools for obvious reasons.. but that means that my attempt to call this via a GPO logon script failed because running this script locally on a machine that does not have the module means import-module ActiveDirectory fails.

The fix for our scenario was to fall back to the visual basic script above.  It's still called from a GPO though, after giving Authenticated Users write permission to computer-Description.

Powershell - Script generates CSV with computer names and bitlocker recovery key and TPM-OwnerInformation

So here at work we're in the process of Bitlocking 'important' users laptops and to help keep track and poll AD I went looking for a powershell script to accomplish this.  I found a script here: https://gallery.technet.microsoft.com/ScriptCenter/4231a8a1-cc60-4e07-a098-2844353186ad/

Props to Jan Egil Ring, his relevant blog post is http://blog.powershell.no/2010/10/24/export-bitlocker-information-using-windows-powershell/ for creating the first iteration using  Quests Powershell addons back in 2010.

I don;t use the QAD tools anymore so I went to work on configuring the script to run natively.


So this script generates a CSV with all computer objects with Windows 7 or 8, pulls the msTPM-OwnerInformation and msFVE-RecoveryInformation and marks the columns for the recovery key and TPM owner as either True or False.

Anyway here's the meat:

# 
# 
# NAME: Get-BitlockerEnabledComputer.ps1 
# 


# EDITTED BY: Benjamin Hart
# EMAIL: Invalid.path@gmail.com
# 
# COMMENT: Script to retrieve BitLocker-information for all computer objects with Windows 7 or Windows Vista in the current domain. 
# 
#          The information will be exported to a CSV-file containing the following information: 
#          -Computername 
#          -OperatingSystem 
#          -HasBitlockerRecoveryKey 
#          -HasTPM-OwnerInformation 
#           
#          Required version: Windows PowerShell 1.0 or 2.0 
#          Requried privileges: Read-permission on msFVE-RecoveryInformation objects and Read-permissions on msTPM-OwnerInformation on computer-objects (e.g. Domain Admins) 
#     
#  
# 




import-module activedirectory 

#Custom variables
$CsvFilePath = "path_to_csv" 

set-location AD:
$bitlockerenabled = Get-ADObject -LDAPFilter '(objectclass=msFVE-recoveryInformation)' -Properties cn,distinguishedname | ForEach `
{
    ((($_ | Select -ExpandProperty DistinguishedName) -split ",?CN=")[2] -split ",")[0]
}

$computers = Get-ADComputer -filter * -Properties cn,OperatingSystem,msTPM-OwnerInformation | Where-Object {$_.operatingsystem -like "Windows 7*" -or $_.operatingsystem -like 
"Windows 8*"} | Sort-Object msTPM-OwnerInformation

#Create array to hold computer information 
$export = @() 

read-host "Created array"

foreach ($computer in $computers) 
  { 
    #Create custom object for each computer 
    $computerobj = New-Object -TypeName psobject 
    
     
    #Add name and operatingsystem to custom object 
    $computerobj | Add-Member -MemberType NoteProperty -Name DistinguishedName -Value $computer.Name 
    $computerobj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $computer.operatingsystem 
     
    #Set HasBitlockerRecoveryKey to true or false, based on matching against the computer-collection with BitLocker recovery information 
    if ($computer.cn -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')')) { 
    $computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true 
    } 
    else 
    { 
    $computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false 
    } 
    
     
    #Set HasTPM-OwnerInformation to true or false, based on the msTPM-OwnerInformation on the computer object 
     if ($computer."msTPM-OwnerInformation") { 
    $computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $true 
    } 
    else 
    { 
    $computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $false 
    } 
   #  $computerobj | add-member -membertype noteproperty -name recoveryguid -value $object.recoveryguid
   #$computerobj | add-member -membertype noteproperty -name When-Created -value $computer.whencreated
#Add the computer object to the array with computer information 
$export += $computerobj 

  } 

#Export the array with computerinformation to the user-specified path 
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation | sort hastpm-ownerinformation -descending
read-host "Exported csv"