From e73ca42253e09157ef931933042a98a7ffa7253d Mon Sep 17 00:00:00 2001
From: Michael Niehaus <niehaus@live.com>
Date: Mon, 5 Feb 2024 10:53:05 -0800
Subject: [PATCH] Add DO download, MSI product name logic

1.  Added logic to display the Delivery Optimization download start and end events.
2.  Added logic to display the MSI product names (when available).
3.  Changed the "Sidecar" name in the timeline to be "Intune Management Extension".
---
 .../Get-AutopilotDiagnosticsCommunity.ps1     | 63 ++++++++++++++++---
 1 file changed, 55 insertions(+), 8 deletions(-)
 mode change 100644 => 100755 Community Version/Get-AutopilotDiagnosticsCommunity.ps1

diff --git a/Community Version/Get-AutopilotDiagnosticsCommunity.ps1 b/Community Version/Get-AutopilotDiagnosticsCommunity.ps1
old mode 100644
new mode 100755
index 4ef81c2..bc524f9
--- a/Community Version/Get-AutopilotDiagnosticsCommunity.ps1	
+++ b/Community Version/Get-AutopilotDiagnosticsCommunity.ps1	
@@ -1,7 +1,7 @@
 
 <#PSScriptInfo
 
-.VERSION 5.9
+.VERSION 5.10
 .GUID b45605b6-65aa-45ec-a23c-f5291f9fb519
 .AUTHOR AndrewTaylor, Michael Niehaus & Steven van Beek
 .COMPANYNAME
@@ -15,6 +15,7 @@
 .EXTERNALSCRIPTDEPENDENCIES
 .RELEASENOTES
 .RELEASENOTES
+Version 5.10: Additional logic for DO downloads, MSI product names
 Version 5.9: Code Signed
 Version 5.7: Fixed LastLoggedState for Win32Apps and Added support for new Graph Module
 Version 5.6: Fixed parameter handling
@@ -289,8 +290,14 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
         # See if there is already an entry for this policy and status
         $found = $script:observedTimeline | ? { $_.Detail -eq $detail -and $_.Status -eq $status }
         if (-not $found) {
+            # Apply a fudge so that the downloading of the next app appears one second after the previous completion
+            if ($status -like "Downloading*") {
+                $adjustedDate = $date.AddSeconds(1)
+            } else {
+                $adjustedDate = $date
+            }
             $script:observedTimeline += New-Object PSObject -Property @{
-                "Date"   = $date
+                "Date"   = $adjustedDate
                 "Detail" = $detail
                 "Status" = $status
                 "Color"  = $color
@@ -340,6 +347,12 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
                     elseif ($Online) {
                         $found = $apps | ? { $_.ProductCode -contains $msiKey }
                         $msiKey = "$($found.DisplayName) ($($msiKey))"
+                    } elseif ($currentUser -eq "S-0-0-00-0000000000-0000000000-000000000-000") {
+                        # Try to read the name from the uninstall registry key
+                        if (Test-Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\$msiKey") {
+                            $displayName = (Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\$msiKey").DisplayName
+                            $msiKey = "$displayName ($($msiKey))"
+                        }
                     }
                     if ($status -eq 70) {
                         if ($display) { Write-Host " MSI $msiKey : $status ($($officeStatus[$status.ToString()]))" -ForegroundColor Green }
@@ -447,6 +460,9 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
 
         Begin {
             if ($display) { Write-Host "Sidecar apps:" }
+            if ($null -eq $script:DOEvents -and (-not $script:useFile)) {
+                $script:DOEvents = Get-DeliveryOptimizationLog | Where-Object { $_.Function -match "(DownloadStart)|(DownloadCompleted)" -and $_.Message -like "*.intunewin*" }
+            }
         }
 
         Process {
@@ -492,6 +508,12 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
                     if ($status -ne "1") {
                         RecordStatus -detail "Win32 $win32Key" -status $espStatus[$status.ToString()] -color "Yellow" -date $currentKey.PSChildName
                     }
+                    if ($status -eq "2") {
+                        # Try to find the DO events.
+                        $script:DOEvents | Where-Object { $_.Message -ilike "*$appGuid*" } | ForEach-Object {
+                            RecordStatus -detail "Win32 $win32Key" -status "DO $($_.Function.Substring(32))" -color "Yellow" -date $_.TimeCreated.ToLocalTime()
+                        }
+                    }
                 }
             }
         }
@@ -576,6 +598,31 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
 
     }
 
+    Function TrimMSI() {
+	param (
+		[object] $event,
+		[string] $sidecarProductCode
+	)
+
+    # Fix up the name
+	if ($event.Properties[0].Value -eq $sidecarProductCode) {
+		return "Intune Management Extension"
+	} elseif ($event.Properties[0].Value.StartsWith("{{")) {
+		$r = $event.Properties[0].Value.Substring(1, $event.Properties[0].Value.Length - 2)
+	} else {
+		$r = $event.Properties[0].Value
+	}
+
+	# See if we can find the real name
+    if (Test-Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\$r") {
+		$displayName = (Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\$r").DisplayName
+        return "$displayName ($($r))"
+    } else {
+    	return $r
+    }
+
+    }
+
     Function ProcessEvents() {
 
         Process {
@@ -592,10 +639,10 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
 
             # Process device management events
             if ($script:useFile) {
-                $events = Get-WinEvent -Path "$($env:TEMP)\ESPStatus.tmp\microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx" -Oldest | ? { ($_.Message -match $productCode -and $_.Id -in 1905, 1906, 1920, 1922) -or $_.Id -in (72, 100, 107, 109, 110, 111) }
+                $events = Get-WinEvent -Path "$($env:TEMP)\ESPStatus.tmp\microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx" -Oldest | ? { ($_.Id -in 1905, 1906, 1920, 1922) -or $_.Id -in (72, 100, 107, 109, 110, 111) }
             }
             else {
-                $events = Get-WinEvent -LogName Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin -Oldest | ? { ($_.Message -match $productCode -and $_.Id -in 1905, 1906, 1920, 1922) -or $_.Id -in (72, 100, 107, 109, 110, 111) }
+                $events = Get-WinEvent -LogName Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin -Oldest | ? { ($_.Id -in 1905, 1906, 1920, 1922) -or $_.Id -in (72, 100, 107, 109, 110, 111) }
             }
             $events | % {
                 $message = $_.Message
@@ -616,10 +663,10 @@ Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
                     107 { $detail = "Offline Domain Join"; $message = "Successfully applied ODJ blob" }
                     100 { $detail = "Offline Domain Join"; $message = "Could not establish connectivity"; $color = "Red" }
                     72 { $detail = "MDM Enrollment" }
-                    1905 { $message = "Download started" }
-                    1906 { $message = "Download finished" }
-                    1920 { $message = "Installation started" }
-                    1922 { $message = "Installation finished" }
+                    1905 { $detail = (TrimMSI $event $productCode); $message = "Download started" }
+                    1906 { $detail = (TrimMSI $event $productCode); $message = "Download finished" }
+                    1920 { $detail = (TrimMSI $event $productCode); $message = "Installation started" }
+                    1922 { $detail = (TrimMSI $event $productCode); $message = "Installation finished" }
                     { $_ -in (1922, 72) } { $color = "Green" }
                 }
                 RecordStatus -detail $detail -date $_.TimeCreated -status $message -color $color