Nov 052014
 

EDIT 11/10/14: I found and corrected a bug in the detection script. There is a chance in certain configurations that the detection script might miss cards. I modified it so that wouldn’t happen.

The following detection and remediation scripts are designed to be placed into as compliance settings in a configuration item in CM12. They are heavily modified from an original powershell function published on the TechNet gallery. Where the original powershell script is a run-once affair, these two scripts will enable you to establish compliance on all desktops, laptops, and especially servers where it is generally not a good idea to power manage your NICs.

I recommend testing before deployment. Note that the remediation script will run and the detection script will show compliance, but where the original script could force a reboot, the remediation script here does no such thing. This is intentional as I believe it would be better in practice to let the compliant machines reboot through other means, such as during a patch cycle or when the end user shuts down for the evening.

The detection script (copy and paste, the lines will remain intact):

# NIC Power Management Detection Script for CM12 Compliance Settings

# Based off of the script found at https://gallery.technet.microsoft.com/scriptcenter/Disable-turn-off-this-f74e9e4a
# Modified by Robert Hollingshead
# November 10th, 2014
# Find more CM12 Compliance Setting scripts at occurative.com!

# This script detects power management status for all physical NICs.

#Original scripts comments:
#find only physical network,if value of properties of adaptersConfigManagerErrorCode is 0,  it means device is working properly. 
#even covers enabled or disconnected devices.
#if the value of properties of configManagerErrorCode is 22, it means the adapter was disabled. 

# This is to calculate compliance. If both of these are equal at the end then all NICs are compliant.
$SettingChecksum = 0
$NICCount = 0

$PhysicalAdapters = Get-WmiObject -Class Win32_NetworkAdapter|Where-Object{$_.PNPDeviceID -notlike "ROOT\*" `
	-and $_.Manufacturer -ne "Microsoft" -and $_.ConfigManagerErrorCode -eq 0 -and $_.ConfigManagerErrorCode -ne 22} 
	
Foreach($PhysicalAdapter in $PhysicalAdapters) {
	$PhysicalAdapterName = $PhysicalAdapter.Name
	
    #check the unique device id number of network adapter in the currently environment.
	$DeviceID = $PhysicalAdapter.DeviceID
	If([Int32]$DeviceID -lt 10) {
		$AdapterDeviceNumber = "000"+$DeviceID
		} Else {
		$AdapterDeviceNumber = "00"+$DeviceID
	}

	#check whether the registry path exists.
	$KeyPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\$AdapterDeviceNumber"
	
    If(Test-Path -Path $KeyPath) {
		$PnPCapabilitiesValue = (Get-ItemProperty -Path $KeyPath).PnPCapabilities
		If($PnPCapabilitiesValue -eq 0){
			#This adapter isn't compliant!
            $SettingChecksum++		
		}
		If($PnPCapabilitiesValue -eq $null) {
            #This adapter isn't compliant!
		    $SettingChecksum++				
		}
    }			
}


# Are we compliant?
If ($SettingChecksum -eq 0) {
    write-host TRUE
    } else {
    write-host FALSE
}

The remediation script (copy and paste, the lines will remain intact):

# NIC Power Management Remediation Script for CM12 Compliance Settings

# Based off of the script found at https://gallery.technet.microsoft.com/scriptcenter/Disable-turn-off-this-f74e9e4a
# Modified by Robert Hollingshead
# November 5h, 2014
# Find more CM12 Compliance Setting scripts at occurative.com!

# This script turns off power management for all physical NICs.

#Original scripts comments:
#find only physical network,if value of properties of adaptersConfigManagerErrorCode is 0,  it means device is working properly. 
#even covers enabled or disconnected devices.
#if the value of properties of configManagerErrorCode is 22, it means the adapter was disabled. 

$PhysicalAdapters = Get-WmiObject -Class Win32_NetworkAdapter|Where-Object{$_.PNPDeviceID -notlike "ROOT\*" `
-and $_.Manufacturer -ne "Microsoft" -and $_.ConfigManagerErrorCode -eq 0 -and $_.ConfigManagerErrorCode -ne 22} 
	
Foreach($PhysicalAdapter in $PhysicalAdapters) {
    
    $InterfaceChecksum++
	$PhysicalAdapterName = $PhysicalAdapter.Name
		
    # Check the NIC ID Number.
	
    $DeviceID = $PhysicalAdapter.DeviceID
	
	If([Int32]$DeviceID -lt 10) {
		$AdapterDeviceNumber = "000"+$DeviceID
	} Else {
		$AdapterDeviceNumber = "00"+$DeviceID
	}
		
	# See if the registry path exists.
	$KeyPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\$AdapterDeviceNumber"
		
    If(Test-Path -Path $KeyPath) {
		$PnPCapabilitiesValue = (Get-ItemProperty -Path $KeyPath).PnPCapabilities
		If($PnPCapabilitiesValue -eq 0){
			#setting the value of properties of PnPCapabilites to 24, it will disable save power option.
			Set-ItemProperty -Path $KeyPath -Name "PnPCapabilities" -Value 24 | Out-Null			
		}
		If($PnPCapabilitiesValue -eq $null) {
                #setting the value of properties of PnPCapabilites to 24, it will disable save power option.
				New-ItemProperty -Path $KeyPath -Name "PnPCapabilities" -Value 24 -PropertyType DWord | Out-Null				
		}
	}		
}

write-host TRUE

 

I am always open to improvements to these scripts. If you find something that could use improvement just let me know via the comments below!

%d bloggers like this: