andrewamason/Intune
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Intune Initial Scripts Backup

Browse Source
This commit is contained in:
Andrew Amason
2025-04-21 14:21:38 -04:00
commit 71764cd10f
241 changed files with 28218 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
intune/Desktop Scripts/Force_Win11_Upgrade.ps1 Normal file
View File

@@ -0,0 +1,5 @@
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate
Import-Module pswindowsupdate
Get-WindowsUpdate -MicrosoftUpdate -Title "Windows 11, version 23H2" -AcceptAll -AutoReboot -Verbose -ForceDownload -ForceInstall

4
intune/Intune Platform Scripts/CheckForUpdates.ps1 Normal file
View File

@@ -0,0 +1,4 @@
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate
Get-WindowsUpdate -KBArticleID KB5027397 -Download

292
intune/Intune Scripts/Correct-PrimaryUser.ps1 Normal file
View File

@@ -0,0 +1,292 @@
#Get All Windows 10 Intune Managed Devices for the Tenant
function Get-AuthToken {
<#
.SYNOPSIS
This function is used to authenticate with the Graph API REST interface
.DESCRIPTION
The function authenticate with the Graph API Interface with the tenant name
.EXAMPLE
Get-AuthToken
Authenticates you with the Graph API interface
.NOTES
NAME: Get-AuthToken
#>
[cmdletbinding()]
param
(
[Parameter(Mandatory=$true)]
$User
)
$userUpn = New-Object "System.Net.Mail.MailAddress" -ArgumentList $User
$tenant = $userUpn.Host
Write-Host "Checking for AzureAD module..."
$AadModule = Get-Module -Name "AzureAD" -ListAvailable
if ($AadModule -eq $null) {
Write-Host "AzureAD PowerShell module not found, looking for AzureADPreview"
$AadModule = Get-Module -Name "AzureADPreview" -ListAvailable
}
if ($AadModule -eq $null) {
write-host
write-host "AzureAD Powershell module not installed..." -f Red
write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow
write-host "Script can't continue..." -f Red
write-host
exit
}
# Getting path to ActiveDirectory Assemblies
# If the module count is greater than 1 find the latest version
if($AadModule.count -gt 1){
$Latest_Version = ($AadModule | select version | Sort-Object)[-1]
$aadModule = $AadModule | ? { $_.version -eq $Latest_Version.version }
# Checking if there are multiple versions of the same module found
if($AadModule.count -gt 1){
$aadModule = $AadModule | select -Unique
}
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
}
else {
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
}
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceAppIdURI = "https://graph.microsoft.com"
$authority = "https://login.microsoftonline.com/$Tenant"
try {
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
# https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx
# Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession
$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"
$userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId")
$authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$clientId,$redirectUri,$platformParameters,$userId).Result
# If the accesstoken is valid then create the authentication header
if($authResult.AccessToken){
# Creating header for Authorization token
$authHeader = @{
'Content-Type'='application/json'
'Authorization'="Bearer " + $authResult.AccessToken
'ExpiresOn'=$authResult.ExpiresOn
}
return $authHeader
}
else {
Write-Host
Write-Host "Authorization Access Token is null, please re-run authentication..." -ForegroundColor Red
Write-Host
break
}
}
catch {
write-host $_.Exception.Message -f Red
write-host $_.Exception.ItemName -f Red
write-host
break
}
}
function Get-Win10IntuneManagedDevice {
<#
.SYNOPSIS
This gets information on Intune managed device
.DESCRIPTION
This gets information on Intune managed device
.EXAMPLE
Get-Win10IntuneManagedDevice
.NOTES
NAME: Get-Win10IntuneManagedDevice
#>
[cmdletbinding()]
param
(
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$deviceName
)
$graphApiVersion = "beta"
try {
if($deviceName){
$Resource = "deviceManagement/managedDevices?`$filter=deviceName eq '$deviceName'"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
(Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).value
}
else {
$Resource = "deviceManagement/managedDevices?`$filter=(((deviceType%20eq%20%27desktop%27)%20or%20(deviceType%20eq%20%27windowsRT%27)%20or%20(deviceType%20eq%20%27winEmbedded%27)%20or%20(deviceType%20eq%20%27surfaceHub%27)))"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
(Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).value
}
} catch {
$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
throw "Get-IntuneManagedDevices error"
}
}
function Get-IntuneDevicePrimaryUser {
<#
.SYNOPSIS
This lists the Intune device primary user
.DESCRIPTION
This lists the Intune device primary user
.EXAMPLE
Get-IntuneDevicePrimaryUser
.NOTES
NAME: Get-IntuneDevicePrimaryUser
#>
[cmdletbinding()]
param
(
[Parameter(Mandatory=$true)]
[string] $deviceId
)
$graphApiVersion = "beta"
$Resource = "deviceManagement/managedDevices"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" + "/" + $deviceId + "/users"
try {
$primaryUser = Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get
return $primaryUser.value."id"
} catch {
$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
throw "Get-IntuneDevicePrimaryUser error"
}
}
#$authtoken = Get-AuthToken -User andrew.amason@carecentrix.com
$Devices = Get-Win10IntuneManagedDevice | where usersLoggedOn -ne $Null
Foreach ($Device in $Devices) {
Write-Host "Device name:" $device."deviceName" -ForegroundColor Cyan
$IntuneDevicePrimaryUser = Get-IntuneDevicePrimaryUser -deviceId $Device.id
#Check if there is a Primary user set on the device already
if ($IntuneDevicePrimaryUser -eq $null) {
Write-Host "No Intune Primary User Id set for Intune Managed Device" $Device."deviceName" -f Red
}
else {
$PrimaryAADUser = Get-AzureADUser -ObjectId $IntuneDevicePrimaryUser
Write-Host "Intune Device Primary User:" $PrimaryAADUser.displayName
}
#Get the objectID of the last logged in user for the device, which is the last object in the list of usersLoggedOn
$LastLoggedInUser = ($Device.usersLoggedOn[-1]).userId
#Using the objectID, get the user from the Microsoft Graph for logging purposes
$User = Get-AzureADUser -ObjectId $LastLoggedInUser
#Check if the current primary user of the device is the same as the last logged in user
if ($IntuneDevicePrimaryUser -notmatch $User.ObjectId) {
#If the user does not match, then set the last logged in user as the new Primary User
$SetIntuneDevicePrimaryUser = Set-IntuneDevicePrimaryUser -IntuneDeviceId $Device.id -userId $User.id
if ($SetIntuneDevicePrimaryUser -eq "") {
Write-Host "User"$User.displayName"set as Primary User for device '$($Device.deviceName)'..." -ForegroundColor Green
}
}
else {
#If the user is the same, then write to host that the primary user is already correct.
Write-Host "The user '$($User.displayName)' is already the Primary User on the device..." -ForegroundColor Yellow
}
Write-Host
}

2
intune/Intune Scripts/Disable_MSOnline.ps1 Normal file
View File

@@ -0,0 +1,2 @@
new-item -Path HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Internet
New-ItemProperty -Path HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Internet -Name OnlineStorage -PropertyType DWORD -Value 3

67
intune/Intune Scripts/rotate_all_bitlocker_keys.ps1 Normal file
View File

@@ -0,0 +1,67 @@
<#
.SYNOPSIS
Rotates All BitLocker keys for all Windows devices in Intune using Graph API.
.DESCRIPTION
This script connects to Intune via Graph API and rotates the BitLocker keys for all managed Windows devices.
.NOTES
Author: Ugur Koc
GitHub: https://github.com/ugurkocde
Twitter: https://x.com/UgurKocDe
LinkedIn: https://www.linkedin.com/in/ugurkocde/
Version: 1.0
Created: 07/20/2024
Version: 1.1 (07/20/2024)
- Changed Authentication to Connect-MgGraph -Scopes only.
Version: 1.2 (07/20/2024)
- Added pagination.
- Moved the OS Filter to the top, to avoid unnecessary API calls.
.REQUIREMENTS
- PowerShell 5.1 or later
- Microsoft.Graph.Authentication module
.LINK
https://learn.microsoft.com/en-us/graph/api/intune-devices-manageddevice-rotatebitlockerkeys?view=graph-rest-beta
.EXAMPLE
.\rotate_all_bitlocker_keys.ps1
.NOTES
Disclaimer: This script is provided AS IS without warranty of any kind. Use it at your own risk.
#>
Connect-MgGraph -Scopes "DeviceManagementManagedDevices.ReadWrite.All" -NoWelcome
# Get all managed Windows devices from Intune with pagination
$managedDevices = @()
$nextLink = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$select=id,deviceName,operatingSystem&`$filter=operatingSystem eq 'Windows'"
# This loop will get all managed devices from Intune with pagination
while ($nextLink) {
$response = Invoke-MgGraphRequest -Method GET -Uri $nextLink
$managedDevices += $response.value
$nextLink = $response.'@odata.nextLink'
}
foreach ($device in $managedDevices) {
$deviceId = $device.id
$deviceName = $device.deviceName
Write-Host "Processing device: $deviceName" -ForegroundColor Cyan
# Attempt to rotate the BitLocker keys
try {
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$deviceId')/rotateBitLockerKeys" -ContentType "application/json"
Write-Host "Successfully rotated BitLocker keys for device $deviceName" -ForegroundColor Green
}
catch {
Write-Host "Failed to rotate BitLocker keys for device $deviceName" -ForegroundColor Red
Write-Host "Error: $_" -ForegroundColor Red
}
}
Write-Host "BitLocker key rotation process completed." -ForegroundColor Cyan

33
intune/Proactive Remediations/Bitlocker_KeyRecovery/Bitlocker_KeyRecovery_detection.ps1 Normal file
View File

@@ -0,0 +1,33 @@
### detection script ###
### look for Bitlocker Recovery Key Backup events of Systemdrive
try
{
### obtain protected system volume
$BLSysVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction Stop
$BLRecoveryProtector = $BLSysVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } -ErrorAction Stop
$BLprotectorguid = $BLRecoveryProtector.KeyProtectorId
### obtain backup event for System drive
$BLBackupEvent = Get-WinEvent -ProviderName Microsoft-Windows-BitLocker-API -FilterXPath "*[System[(EventID=845)] and EventData[Data[@Name='ProtectorGUID'] and (Data='$BLprotectorguid')]]" -MaxEvents 1 -ErrorAction Stop
# Check for returned values, if null, write output and exit 1
if ($BLBackupEvent -gt $null)
{
# Write eventmessage and set exit success
Write-Output $BLBackupEvent.Message
Exit 0
}
else
{
Write-Output "Key-Backup Event for Bitlocker System drive not found"
Exit 1
}
}
catch
{
$errMsg = $_.Exception.Message
Write-Output $errMsg
exit 1
}

21
intune/Proactive Remediations/Bitlocker_KeyRecovery/Bitlocker_KeyRecovery_remediation.ps1 Normal file
View File

@@ -0,0 +1,21 @@
### remediation script ###
### backup recovery key of systemdrive
try{
### obtain protected system volume
$BLSysVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive
$BLRecoveryProtector = $BLSysVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
$BLprotectorguid = $BLRecoveryProtector.KeyProtectorId
# Backup sysdrive recovery key to AAD
BackuptoAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $BLRecoveryProtector.KeyProtectorID -ErrorAction Stop
Exit 0
}
catch
{
$errMsg = $_.Exception.Message
Write-Output $errMsg
exit 1
}

28
intune/Proactive Remediations/CarbonBlack_AppControl/detect_CB_AP_Health.ps1 Normal file
View File

@@ -0,0 +1,28 @@
try {
Test-Path -Path "C:\Program Files (x86)\Bit9\Parity Agent"
}
catch {
Write-Host "Carbon Black App Control Folder Does Not Exist"
exit 1
}
try {
Test-Path -Path "C:\Program Files (x86)\Bit9\Parity Agent\DasCLI.exe"
}
catch {
Write-Host "Carbon Black App Control is not installed"
exit 1
}
Set-Location "C:\Program Files (x86)\Bit9\Parity Agent"
$CBagentstatus = .\DasCLI.exe status
if (((($CBagentstatus[55]).Split(":")[1])).Trimstart() -like "Healthy") {
Write-Host "Carbon Black agent is healthy"
Exit 0
}
else {
Write-Host "Carbon Black App Control Status is unknown" ((($CBagentstatus[55]).Split(":")[1])).Trimstart()
exit 1
}

86
intune/Proactive Remediations/DellInc-DellCommandUpdate/Detect-DellCommandUpdate.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellCommandUpdate.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellCommandUpdate"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

86
intune/Proactive Remediations/DellInc-DellCommandUpdate/Remediate-DellCommandUpdate.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellCommandUpdate.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellCommandUpdate"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellCommandUpdate/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellCommandUpdate_5.1.31.0_neutral_~_htrsf667h5kn2 version is the AppxPackage removing script

86
intune/Proactive Remediations/DellInc-DellDigitalDelivery/Detect-DellDigitalDelivery.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellDigitalDelivery.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellDigitalDelivery"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/DellInc-DellDigitalDelivery/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Detect-Remediate-Windows-11-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/DellInc-DellDigitalDelivery/Remediate-DellDigitalDelivery.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellDigitalDelivery.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellDigitalDelivery"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellDigitalDelivery/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellDigitalDelivery_5.2.0.0_neutral_~_htrsf667h5kn2 is the AppxPackage removing script

86
intune/Proactive Remediations/DellInc-DellOptimizer/Detect-DellOptimizer.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellOptimizer.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellOptimizer"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

86
intune/Proactive Remediations/DellInc-DellOptimizer/Remediate-DellOptimizer.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellOptimizer.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellOptimizer"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellOptimizer/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellOptimizer_2024.327.925.0_neutral_~_htrsf667h5kn2 is the AppxPackage removing script

86
intune/Proactive Remediations/DellInc-DellSupportAssistforPCs/Detect-DellSupportAssistforPCs.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellSupportAssistforPCs.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellSupportAssistforPCs"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

86
intune/Proactive Remediations/DellInc-DellSupportAssistforPCs/Remediate-DellSupportAssistforPCs.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellSupportAssistforPCs.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellSupportAssistforPCs"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellSupportAssistforPCs/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellSupportAssistforPCs_4.0.15.0_x64__htrsf667h5kn2 is the AppxPackage removing script

18
intune/Proactive Remediations/Detect Wifi Band Preference/Detect_PreferredBand.ps1 Normal file
View File

@@ -0,0 +1,18 @@
$null = $AdapterBandPreference
$Adapter = "Wi-Fi"
$AdapterProperty = "Preferred Band"
$DisplayValue = "2. Prefer 2.4GHz band"
Try {
$AdapterBandPreference = Get-NetAdapterAdvancedProperty -Name $Adapter -DisplayName $AdapterProperty
If ($AdapterBandPreference.DisplayValue -eq $DisplayValue){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

19
intune/Proactive Remediations/Detect Wifi Band Preference/Remediate_PreferredBand.ps1 Normal file
View File

@@ -0,0 +1,19 @@
$null = $AdapterBandPreference
$Adapter = "Wi-Fi"
$AdapterProperty = "Preferred Band"
$DisplayValue = "2. Prefer 2.4GHz band"
Try {
Set-NetAdapterAdvancedProperty -Name $Adapter -DisplayName $AdapterProperty -DisplayValue $DisplayValue
$AdapterBandPreference = Get-NetAdapterAdvancedProperty -Name $Adapter -DisplayName $AdapterProperty
If ($AdapterBandPreference.DisplayValue -eq $DisplayValue){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

10
intune/Proactive Remediations/Detect-Remediate-mDNS/Detection.ps1 Normal file
View File

@@ -0,0 +1,10 @@
$Reg = Get-ItemProperty -Path 'HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name "EnableMDNS" -ErrorAction SilentlyContinue
if ($Reg -eq $Null){
Write-host "IPv6 prefix reg is not identified "
Exit 1
}
else {
Write-Host "IPv6 prefix is identified"
Exit 0
}

9
intune/Proactive Remediations/Detect-Remediate-mDNS/Remediation.ps1 Normal file
View File

@@ -0,0 +1,9 @@
$Path = "HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"
$Name = "EnableMDNS"
$Type = "DWORD"
$Value = 0
New-ItemProperty -Path $Path -Name $Name -PropertyType $Type -Value $Value -ErrorAction SilentlyContinue
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value -ErrorAction SilentlyContinue

8
intune/Proactive Remediations/Detect-TenantAccessKey/Detect-TenantAccessKey.ps1 Normal file
View File

@@ -0,0 +1,8 @@
$TenantAssociationKey = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager" -name TenantAssociationKey).TenantAssociationKey
$desiredkeyvalue = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRpZCI6IjM0MjYxOWUwLTRhOWEtNDJlNC1hNjZmLTFmZjljODVkMDhkNiIsImFwcGlkIjoiZDM1OTBlZDYtNTJiMy00MTAyLWFlZmYtYWFkMjI5MmFiMDFjIiwiaXNzIjoiSXNzdWVyIiwiYXVkIjoiQXVkaWVuY2UifQ.D_YXC2f5Zy1ahkVMsAqViF98_B3M4yZ_ZTMIIPAZM6U"
if ($TenantAssociationKey = $desiredkeyvalue) {
return 0
}
else {
return 1
}

18
intune/Proactive Remediations/Disable LLMNR/Detect_LLMNR.ps1 Normal file
View File

@@ -0,0 +1,18 @@
$Path = "HKLM:\Software\policies\Microsoft\Windows NT\DNSClient"
$Name = "EnableMulticast"
$Type = "DWORD"
$Value = 0
Try {
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
If ($Registry -eq $Value){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

15
intune/Proactive Remediations/Disable LLMNR/Remediate_LLMNR.ps1 Normal file
View File

@@ -0,0 +1,15 @@
$Path1 ="HKLM:\Software\policies\Microsoft\Windows NT"
$Path = "HKLM:\Software\policies\Microsoft\Windows NT\DNSClient"
$Name = "EnableMulticast"
$Type = "DWORD"
$Value = 0
$DNSclient = (Get-ItemProperty $path1).psobject.properties.name -contains "dnsclient"
If ($DNSclient -eq $false)
{
New-Item -Path $Path
}
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value

6
intune/Proactive Remediations/Disable Netbios/Remediate_NetBios.ps1 Normal file
View File

@@ -0,0 +1,6 @@
$Path = "HKLM:\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\tcpip*"
$Name = "NetbiosOptions"
$Type = "DWORD"
$Value = 2
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value

34
intune/Proactive Remediations/Disable Netbios/detect_NetBios.ps1 Normal file
View File

@@ -0,0 +1,34 @@
$Path = "HKLM:\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\tcpip*"
$Name = "NetbiosOptions"
$Type = "DWORD"
$Value = 2
Try {
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
$Counter = 0
Foreach ($Entry in $Registry )
{
If ($Entry -eq $Value)
{
$Counter+=0
}
else
{
$Counter+=1
}
}
if($Counter -eq 0)
{
Write-Output "Compliant"
Exit 0
}
else
{
Write-Warning "Not Compliant"
exit 1
}
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

2
intune/Proactive Remediations/GP Issues/detect.ps1 Normal file
View File

@@ -0,0 +1,2 @@
$GPLogs = $env:LOCALAPPDATA+"\Palo alto networks\GlobalProtect\PANGPA.log"
$logs = (Get-Content $GPLogs) | ConvertTo-Xml

131
intune/Proactive Remediations/MEM_RemoveSccmClient-main/Detect_SCCMclient.ps1 Normal file
View File

@@ -0,0 +1,131 @@
<#
.Description
Script to detect if there is any trace of SCCM agent.
Will check for CcmExec service and registry keys for services, SMS Certs, and MDM Authority.
.Notes
Source: https://github.com/robertomoir/remove-sccm/blob/master/remove-sccmagent.ps1
Source: https://www.optimizationcore.com/deployment/sccm-client-complete-remove-uninstall-powershell-script/
Source: https://jamesachambers.com/remove-microsoft-sccm-by-force/
Source: https://github.com/ChadSimmons/Scripts/blob/default/ConfigMgr/Troubleshooting/Remove-ConfigMgrClient.ps1
#>
#region Settings
$Error.Clear()
$Result = 0
$DetectSummary = ""
#New lines, easier to read Agentexecutor Log file.
Write-Host "`n`n"
#endregion Settings
#region Functions
Function Test-IfServiceExistExit1 {
Param
(
[string]$ServiceName
)
$DetectSummary = ""
$Service = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
If ($null -eq $Service) {
Write-Host "Service $ServiceName was not found."
}
else {
Write-Warning "Service $ServiceName exists."
if (-not ($DetectSummary -eq "")) { $DetectSummary += ", " }
$DetectSummary += "$ServiceName service exists"
return 1, $DetectSummary
}
return 0, $DetectSummary
}
Function Test-IfRegKeyExistExit1 {
Param
(
[string]$RegKeyPath
)
$DetectSummary = ""
$RegKey = Get-Item -Path $RegKeyPath -ErrorAction SilentlyContinue
if ($null -eq $RegKey) {
Write-Host "Registry Key $RegKeyPath was not found."
}
else {
Write-Warning "$RegKeyPath exists."
if (-not ($DetectSummary -eq "")) { $DetectSummary += ", " }
$DetectSummary += "$RegKeyPath exists"
return 1, $DetectSummary
}
return 0, $DetectSummary
}
#endregion Functions
#region Main
#Look for the services related to SCCM client.
$Services = ("CcmExec", "CCMSetup", "smstsmgr", "CmRcService")
foreach ($Serv in $Services) {
# Verify that services do not exist
$result, $serviceSummary = Test-IfServiceExistExit1 $Serv
if ($result -eq 1) {
$Result = 1
}
$DetectSummary += $serviceSummary
}
#Verify that all registry keys from SCCM agent do not exist.
$RegServicesPath = "HKLM:\SYSTEM\CurrentControlSet\Services"
$RegSoftwarePath = "HKLM:\SOFTWARE\Microsoft"
$RegSoftwareWowPath = "HKLM:\SOFTWARE\Wow6432Node\Microsoft"
$RegSmsCertsPath = "HKLM:\SOFTWARE\Microsoft\SystemCertificates\SMS\Certificates"
$RegServices = (
"$RegServicesPath\CcmExec",
"$RegServicesPath\CCMSetup",
"$RegServicesPath\smstsmgr",
"$RegServicesPath\CmRcService",
"$RegSoftwarePath\CCM",
"$RegSoftwarePath\CCMSetup",
"$RegSoftwarePath\SMS",
"$RegSoftwarePath\DeviceManageabilityCSP",
"$RegSoftwareWowPath\CCM",
"$RegSoftwareWowPath\CCMSetup",
"$RegSoftwareWowPath\SMS",
"$RegSmsCertsPath\*"
)
foreach ($RegService in $RegServices) {
# Verify that Registry Keys do not exist
$result, $regKeySummary = Test-IfRegKeyExistExit1 $RegService
if ($result -eq 1) {
$Result = 1
}
$DetectSummary += $regKeySummary
}
#New lines, easier to read Agentexecutor Log file.
Write-Host "`n`n"
# Return result
if ($Result -eq 0) {
Write-Host "OK $([datetime]::Now) : SCCM not found."
Exit 0
} else {
Write-Host "WARNING $([datetime]::Now) : $DetectSummary"
Exit 1
}
#endregion Main

612
intune/Proactive Remediations/MEM_RemoveSccmClient-main/Fix_SCCMclient.ps1 Normal file
View File

@@ -0,0 +1,612 @@
<#
.Description
Script to remove SCCM agent from PCs
Completly based on James Chambers and Chad Simmons powershell scripts to remove the SCCM agent.
Updated with other scripts and testing.
$ccmpath is path to SCCM Agent's own uninstall routine.
.Notes
Script created or based on the following:
Source: https://github.com/robertomoir/remove-sccm/blob/master/remove-sccmagent.ps1
Source: https://www.optimizationcore.com/deployment/sccm-client-complete-remove-uninstall-powershell-script/
Source: https://jamesachambers.com/remove-microsoft-sccm-by-force/
Source: https://github.com/ChadSimmons/Scripts/blob/default/ConfigMgr/Troubleshooting/Remove-ConfigMgrClient.ps1
#>
#region Functions
function Test-IsAdmin {
<#
.SYNOPSIS
Checks if the current user has administrative privileges.
.DESCRIPTION
Function determines whether the current user has administrative privileges by attempting to create a new WindowsPrincipal object and checking the IsInRole method for the "Administrator" role.
If the check fails, it throws an exception indicating the lack of administrative privileges.
.EXAMPLE
Test-IsAdmin
If the current user has administrative privileges, the function completes without any output. If not, it throws an exception.
.NOTES
This function should be called at the beginning of scripts that require administrative privileges to ensure proper execution.
#>
try {
# Create a new WindowsPrincipal object for the current user
$currentUser = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
# Check if the current user is in the "Administrators" role
if (-not $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
throw "Script needs to run with Administrative privileges."
}
} catch {
throw "Must be run with Administrative priviliges."
}
}
function Stop-WinService {
<#
.SYNOPSIS
Stops a specified Windows service if it exists and is running.
.DESCRIPTION
Function checks if a specified Windows service exists and retrieves its status. If the service is running,
it attempts to stop it. Includes error handling to catch and throw any issues encountered, with specific messages
for services that do not exist.
.PARAMETER ServiceName
The name of the Windows service to stop.
.EXAMPLE
Stop-WinService -ServiceName "wuauserv"
Attempts to stop the Windows Update service if it exists and is running.
.NOTES
This function requires administrative privileges to stop Windows services.
#>
param (
[Parameter(Mandatory = $true)]
[string]$ServiceName
)
try {
# Check if the service exists
$service = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
if ($null -eq $service) {
throw "Service '$ServiceName' does not exist."
}
# Check if the service is running
if ($service.Status -eq 'Running') {
# Attempt to stop the service
Write-Host "Stopping service '$ServiceName'..."
Stop-Service -Name $ServiceName -Force -ErrorAction Stop
Write-Host "Service '$ServiceName' stopped successfully."
} else {
Write-Host "Service '$ServiceName' is not running."
}
} catch {
throw "$_"
}
}
function Remove-RegKey {
<#
.SYNOPSIS
Deletes a specified registry key and its subkeys.
.DESCRIPTION
This function removes a specified registry key from the Windows Registry, including all its subkeys and values.
It includes error handling to catch and throw any issues encountered during the operation.
.PARAMETER RegKeyPath
The path of the registry key to delete.
.EXAMPLE
Remove-RegKey -RegKeyPath "HKLM:\SOFTWARE\MyApp"
Deletes the "MyApp" key and all its subkeys and values from the HKEY_LOCAL_MACHINE\SOFTWARE path.
.NOTES
This function requires administrative privileges to modify the Windows Registry.
#>
param (
[Parameter(Mandatory = $true)]
[string]$RegKeyPath
)
try {
# Check if the registry key exists
if (Test-Path -Path $RegKeyPath) {
# Attempt to remove the registry key
Write-Host "Removing registry key '$RegKeyPath'..."
Remove-Item -Path $RegKeyPath -Recurse -Force -Confirm:$false -ErrorAction Stop
Write-Host "Registry key '$RegKeyPath' removed successfully."
} else {
Write-Host "Registry key '$RegKeyPath' does not exist."
}
} catch {
throw "Error removing registry key '$RegKeyPath'"
}
}
function Clear-Files {
<#
.SYNOPSIS
Deletes specified files or folders, including subdirectories, and takes ownership if necessary.
.DESCRIPTION
This function iterates through an array of file paths, taking ownership of each file or directory and then deleting it.
It ensures both files and subdirectories are removed, handling any errors encountered during the process.
.PARAMETER FilePaths
An array of file paths to delete. These can be files or directories.
.EXAMPLE
$filesToDelete = @("C:\Temp\File1.txt", "C:\Temp\Folder1")
Clear-Files -FilePaths $filesToDelete
.NOTES
This function requires administrative privileges to take ownership and delete files or directories.
#>
param (
[string[]]$FilePaths
)
foreach ($FilePath in $FilePaths) {
try {
# Take ownership of the file or folder
$null = takeown.exe /F "$FilePath" /R /A /D Y 2>&1
# Delete the file or folder, including subdirectories
Remove-Item -Path $FilePath -Force -Recurse -ErrorAction Stop
Write-Host "Successfully deleted: $FilePath"
} catch {
Write-Host "Error deleting $($FilePath)"
}
}
}
function Remove-WmiNamespace {
<#
.SYNOPSIS
Removes a specified WMI namespace.
.DESCRIPTION
This function checks if a specified WMI namespace exists and removes it if found. It uses CIM (Common Information Model) cmdlets
to query and delete the WMI namespace. Errors are handled silently to ensure smooth execution.
.PARAMETER WmiName
The name of the WMI namespace to be removed.
.PARAMETER WmiNameSpace
The parent namespace where the specified WMI namespace resides.
.EXAMPLE
Remove-WmiNamespace -WmiName "ccm" -WmiNameSpace "root\ccm"
.NOTES
Ensure the script runs with administrative privileges to modify WMI namespaces.
.SOURCE
References:
- https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1
- https://docs.microsoft.com/en-us/powershell/scripting/learn/deep-dives/everything-about-powershell-cim-cmdlets?view=powershell-7.1
#>
param (
[string]$WmiName,
[string]$WmiNameSpace
)
try {
# Query for the specified WMI namespace
$WmiRepository = Get-CimInstance -query "SELECT * FROM __Namespace WHERE Name='$WmiName'" -Namespace "$WmiNameSpace" -ErrorAction SilentlyContinue
# Check if the namespace exists
if ($null -ne $WmiRepository) {
Write-Host "Found WMI Repository $WmiName, removing..."
# Remove the WMI namespace
Get-CimInstance -query "SELECT * FROM __Namespace WHERE Name='$WmiName'" -Namespace "$WmiNameSpace" | Remove-CimInstance -Confirm:$false -ErrorAction SilentlyContinue
}
else {
Write-Host "WMI Repository $WmiName not found"
}
}
catch {
throw "Error udpating WMI namespace."
}
}
function Verify-SccmClientDelete {
<#
.SYNOPSIS
Verifies the deletion of the SCCM client by checking for the absence of specific services and files.
.DESCRIPTION
Checks if the SCCM (System Center Configuration Manager) client has been successfully deleted from the system.
It does this by verifying the absence of the SCCM client service (`CcmExec`) and the SCCM setup file (`ccmsetup.exe`).
If neither the service nor the setup file is found, the deletion is considered successful.
If either the service or the setup file still exists, appropriate warnings are issued, and the function sets an exit code indicating failure.
.PARAMETER None
.EXAMPLE
$exitCode = Verify-SccmClientDelete
Write-Host "Exit Code: $exitCode"
.NOTES
This function requires administrative privileges to check the existence of services and files.
Ensure that the script is run with appropriate permissions to avoid errors.
#>
# Variables to store the SCCM service name and file path
$SccmService = "CcmExec"
$SccmFilePath = "$Env:WinDir\ccmsetup\ccmsetup.exe"
$ExitCode = 0
try {
# Attempt to retrieve the SCCM service
$CCMexecService = Get-Service -Name $SccmService -ErrorAction SilentlyContinue
# Attempt to retrieve the SCCM setup file
$CCMexecSetupFile = Get-Item -Path $SccmFilePath -ErrorAction SilentlyContinue
# Check if both the service and the setup file do not exist
if (($null -eq $CCMexecService) -and ($null -eq $CCMexecSetupFile)) {
# SCCM Client deletion confirmed.
Write-Host "Confirmation. SCCM client service does not exist!"
}
else {
# Check if the SCCM service still exists
if ($null -ne $CCMexecService) {
# Set exit code for existing service
$ExitCode = 90 # 0x431 ERROR_SERVICE_EXISTS / The specified service already exists.
Write-Warning "Service $CCMexecService still exists, completing with failure $ExitCode"
}
# Check if the SCCM setup file still exists
if ($null -ne $CCMexecSetupFile) {
# Set exit code for existing file
$ExitCode = 91 # The specified file still exists.
Write-Warning "File $CCMexecSetupFile still exists, completing with failure $ExitCode"
}
}
}
catch {
# Handle any errors that occur during the check
throw "Error verifying SCCM client deletion."
}
# Return the exit code
return $ExitCode
}
function Start-CompleteIntuneSync {
<#
.SYNOPSIS
Initiates an Intune sync session and verifies its completion through Event Viewer logs.
.DESCRIPTION
This function performs an Intune sync by creating and starting an MDM session using Windows.Management.MdmSessionManager.
It waits for 60 seconds to allow the sync process to initiate. It then checks for specific events in the Event Viewer
to confirm the sync's start and completion: Looks for events 208 and 209 in the "Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin".
The function returns the time these events were logged, or "Not found" if the events are not present.
The Journey:
Initial approach used `intunemanagementextension://syncapp` protocol as suggested by Jannik Reinhard's blog (https://jannikreinhard.com/2022/07/31/summary-of-the-intune-management-extension/). However, this method did not yield consistent results across different devices
Focus then shifted to leveraging the `Windows.Management.MdmSessionManager` class, known for managing Mobile Device Management (MDM) sessions. The use of `[Windows.Management.MdmSessionManager,Windows.Management,ContentType=WindowsRuntime]` to create and start an MDM session was adopted based on documentation and community blogs:
- https://oofhours.com/2024/03/30/when-does-a-windows-client-sync-with-intune/
Note: There was an initial attempt to use `Add-Type -AssemblyName "Windows.Management"` which resulted in an error indicating the assembly could not be found. This led to the realization that direct referencing and instantiation of the Windows Runtime type was necessary.
.REFERENCES
- "Intune Management Extension" by Jannik Reinhard: https://jannikreinhard.com/2022/07/31/summary-of-the-intune-management-extension/
- "When Does a Windows Client Sync with Intune?" by Michael Niehaus: https://oofhours.com/2024/03/30/when-does-a-windows-client-sync-with-intune/
.PARAMETER None
.EXAMPLE
Start-CompleteIntuneSync
.NOTES
This function requires administrative privileges to access Event Viewer logs.
Make sure to run this script with appropriate permissions.
#>
# Initialize variables for event checking
$eventLog = "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"
$syncStartEventID = 208
$syncCompleteEventID = 209
$syncStartTime = Get-Date
# Log the start of the sync attempt
Write-Host "Starting Intune sync at $syncStartTime"
try {
# Create and start the MDM session using Windows.Management.MdmSessionManager
[Windows.Management.MdmSessionManager,Windows.Management,ContentType=WindowsRuntime] > $null
$session = [Windows.Management.MdmSessionManager]::TryCreateSession()
$session.StartAsync() | Out-Null
# Wait for 60 seconds to allow the sync to initiate
Start-Sleep -Seconds 60
# Check for the sync start event in Event Viewer
$syncStartEvent = Get-WinEvent -LogName $eventLog | Where-Object { $_.Id -eq $syncStartEventID -and $_.TimeCreated -ge $syncStartTime }
if ($syncStartEvent) {
Write-Host "Sync start event (ID $syncStartEventID) found."
$syncStartEventTime = $syncStartEvent.TimeCreated
} else {
Write-Host "Sync start event (ID $syncStartEventID) not found."
$syncStartEventTime = "Not found"
}
# Check for the sync complete event in Event Viewer
$syncCompleteEvent = Get-WinEvent -LogName $eventLog | Where-Object { $_.Id -eq $syncCompleteEventID -and $_.TimeCreated -ge $syncStartTime }
if ($syncCompleteEvent) {
Write-Host "Sync complete event (ID $syncCompleteEventID) found."
$syncCompleteEventTime = $syncCompleteEvent.TimeCreated
} else {
Write-Host "Sync complete event (ID $syncCompleteEventID) not found."
$syncCompleteEventTime = "Not found"
}
# Return details of the sync process
return @{
SyncStartEvent = $syncStartEventTime
SyncCompleteEvent = $syncCompleteEventTime
SyncStartTime = $syncStartTime
}
} catch {
throw "Error during Intune sync process. "
}
}
function WriteAndExitWithSummary {
<#
.SYNOPSIS
Writes a summary of the script's execution to the console and then exits the script with a specified status code.
.DESCRIPTION
The function takes a status code and a summary string as parameters. It writes the summary along with the current date and time to the console using Write-Host.
After writing the summary, it exits the script with the given status code. If the given status code is below 0 (negative) it changes exit status code to 0.
.PARAMETER StatusCode
The exit status code to be used when exiting the script.
0: OK
1: FAIL
Other: WARNING
.PARAMETER Summary
The summary string that describes the script's execution status. This will be written to the console.
.EXAMPLE
WriteAndExitWithSummary -StatusCode 0 -Summary "All operations completed successfully."
.EXAMPLE
WriteAndExitWithSummary -StatusCode 1 -Summary "Error: SCCM client removal failed."
.NOTES
Last Modified: August 27, 2023
Author: Manuel Nieto
#>
param (
[int]$StatusCode,
[string]$Summary
)
# Combine the summary with the current date and time.
$finalSummary = "$([datetime]::Now) = $Summary"
# Determine the prefix based on the status code.
$prefix = switch ($StatusCode) {
0 { "OK" }
1 { "FAIL" }
default { "WARNING" }
}
# Easier to read in log file
Write-Host "`n`n"
# Write the final summary to the console.
Write-Host "$prefix $finalSummary"
# Easier to read in log file
Write-Host "`n`n"
# Exit the script with the given status code.
if ($StatusCode -lt 0) {$StatusCode = 0}
Exit $StatusCode
}
#endregion
#region Main
# Initialize
$Error.Clear() # Clear any previous errors.
$t = Get-Date # Get current date and time.
$CCMpath = "$Env:WinDir\ccmsetup\ccmsetup.exe" # Path to SCCM setup executable.
$verifyBeginResult # Variable to store beginning SCCM verification result.
$verifyEndResult # Variable to store ending SCCM verification result.
$summary = "" # Initialize summary string.
$StatusCode = 0 # Initialize status code to zero.
# New lines, easier to read Agentexecutor Log file.
Write-Host "`n`n"
#Log start time.
Write-Host "SCCM Agent cleanup start time: $t"
try {
#Test Admin rights
Test-IsAdmin
# Confirm if SCCM client is present.
$verifyBeginResult = Verify-SccmClientDelete
# Only execute if we have confirmation that SCCM client exists.
if ($verifyBeginResult -gt 0) {
# Stopping SCCM services.
try {
#Stop SCCM services.
Stop-WinService CcmExec
Stop-WinService ccmsetup
Stop-WinService smstsmgr
Stop-WinService CmRcService
$summary += "SCCM services stopped. "
} catch {
$summary += "Error stopping SCCM services: $_ "
$StatusCode = -2
}
# Remove SCCM client.
try {
# Remove SCCM client.
if (Test-Path $CCMpath) {
Write-Host "Found $CCMpath, Uninstalling SCCM agent. `n"
#Start Uninstall, Included -WorkingDirectory to Start-Process cmdlet as Workaround to error when working directory has characters "[" "]"
Start-Process -WorkingDirectory $Env:WinDir -FilePath $CCMpath -ArgumentList "/uninstall" -Wait -NoNewWindow
# wait for exit
$CCMProcess = Get-Process ccmsetup -ErrorAction SilentlyContinue
try {
$CCMProcess.WaitForExit()
} catch {}
$summary += "SCCM client removed. "
}
else {
$summary += "SCCM client not found. "
}
} catch {
$summary += "Error removing SCCM client. "
$StatusCode = -2
}
# Removing services from registry
try {
# Remove Services from Registry.
$CurrentPath = "HKLM:\SYSTEM\CurrentControlSet\Services"
Remove-RegKey "$CurrentPath\CcmExec"
Remove-RegKey "$CurrentPath\CCMSetup"
Remove-RegKey "$CurrentPath\smstsmgr"
Remove-RegKey "$CurrentPath\CmRcService"
$summary += "SCCM services removed from registry. "
} catch {
$summary += "Error removing SCCM services from registry: $_. "
$StatusCode = -2
}
try {
# Remove SCCM Client from Registry
$CurrentPath = "HKLM:\SOFTWARE\Microsoft"
Remove-RegKey "$CurrentPath\CCM"
Remove-RegKey "$CurrentPath\CCMSetup"
Remove-RegKey "$CurrentPath\SMS"
$CurrentPath = "HKLM:\SOFTWARE\Wow6432Node\Microsoft"
Remove-RegKey "$CurrentPath\CCM"
Remove-RegKey "$CurrentPath\CCMSetup"
Remove-RegKey "$CurrentPath\SMS"
$summary += "SCCM client registry keys removed. "
} catch {
$summary += "Error removing SCCM client registry keys: $_. "
$StatusCode = -2
}
try {
# Remove WMI Namespaces
Remove-WmiNamespace "ccm" "root"
Remove-WmiNamespace "sms" "root\cimv2"
$summary += "SCCM WMI namespaces removed. "
} catch {
$summary += "Error removing SCCM WMI namespaces: $_. "
$StatusCode = -2
}
try {
# Reset MDM Authority
Write-Host "MDM Authority, reviewing and deleting registry key if necessary"
$CurrentPath = "HKLM:\SOFTWARE\Microsoft"
Remove-RegKey "$CurrentPath\DeviceManageabilityCSP"
$summary += "MDM authority reset. "
} catch {
$summary += "Error resetting MDM authority. "
$StatusCode = -2
}
try {
# Remove Folders and Files
$CurrentPath = "$Env:WinDir"
Clear-Files "$CurrentPath\CCM"
Clear-Files "$CurrentPath\ccmsetup"
Clear-Files "$CurrentPath\ccmcache"
Clear-Files "$CurrentPath\SMSCFG.ini"
Clear-Files "$CurrentPath\SMS*.mif"
$summary += "SCCM related files and folders removed. "
} catch {
$summary += "Error removing SCCM files and folders: $_. "
$StatusCode = -2
}
try {
# Remove SCCM certificates
$CurrentPath = "HKLM:\SOFTWARE\Microsoft\SystemCertificates\SMS\Certificates"
Remove-RegKey "$CurrentPath\*"
$summary += "SCCM certificates removed. "
} catch {
$summary += "Error removing SCCM certificates: $_. "
$StatusCode = -2
}
try {
# Confirm if SCCM client was removed.
$verifyEndResult = Verify-SccmClientDelete
if ($verifyEndResult -eq 0) {
$summary += "SCCM client removal verified. "
} else {
$StatusCode = $verifyEndResult
$summary += "SCCM client removal failed with code $verifyEndResult. "
}
} catch {
$summary += "Error verifying SCCM client removal: $_. "
$StatusCode = -2
}
}
}
catch {
# Log error and set status code to failure
$summary += "Execution Error: $_ "
$StatusCode = 1
}
# Perform Intune sync and log the result. Only if no errors.
if ($StatusCode -le 0) {
try {
$syncDetails = Start-CompleteIntuneSync
$summary += "Intune sync request: $($syncDetails.SyncStartTime), Start: $($syncDetails.SyncStartEvent), Completed: $($syncDetails.SyncCompleteEvent). "
} catch {
$summary += "Error during Intune sync. "
}
}
# Write the summary and exit with the appropriate status code
WriteAndExitWithSummary -StatusCode $StatusCode -Summary $summary
#Finished!
#endregion

22
intune/Proactive Remediations/MEM_RemoveSccmClient-main/README.md Normal file
View File

@@ -0,0 +1,22 @@
<H1> SCCM Agent remove via Proactive Remediations v1.0 </H1>
Removes SCCM Client via MEM Intune Proactive Remediation.
I used it to move co-managed devices to Intune managed devices in an environment where SCCM was no longer present.
This script is based on the original work from the following sources:
remove-sccmagent.ps1
Author: Robert M.
source: https://github.com/robertomoir/remove-sccm/blob/master/remove-sccmagent.ps1
Remove-ConfigMgrClient.ps1
Author: Chad Simmons
Source: https://github.com/ChadSimmons/Scripts/blob/default/ConfigMgr/Troubleshooting/Remove-ConfigMgrClient.ps1
Remove All Traces of Microsoft SCCM w/ PowerShell (By Force)
Author: James A. chambers
Source: https://jamesachambers.com/remove-microsoft-sccm-by-force/
SCCM Client Complete Uninstall / Remove + Powershell Script
Source: https://www.optimizationcore.com/deployment/sccm-client-complete-remove-uninstall-powershell-script/

86
intune/Proactive Remediations/MS-Remove-DevHome/Detect-DevHome-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"Microsoft.Windows.DevHome"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-DevHome/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Remediate-DevHome-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-DevHome/Remediate-DevHome-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"Microsoft.Windows.DevHome"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-DevHome/notes.txt Normal file
View File

@@ -0,0 +1 @@
This New Outlook is the AppxPackage removing script

86
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/Detect-MicrosoftTeams.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-MicrosoftTeams.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"MicrosoftTeams"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Detect-Remediate-Windows-11-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/Remediate-MicrosoftTeams.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-MicrosoftTeams.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"MicrosoftTeams"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/notes.txt Normal file
View File

@@ -0,0 +1 @@
This MicrosoftTeams version is the AppxPackage removing script

86
intune/Proactive Remediations/MS-Remove-NewOutook/Detect-NewOutlook-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"Microsoft.OutlookForWindows"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-NewOutook/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Remediate-NewOutlook-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-NewOutook/Remediate-NewOutlook-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"Microsoft.OutlookForWindows"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-NewOutook/notes.txt Normal file
View File

@@ -0,0 +1 @@
This New Outlook is the AppxPackage removing script

86
intune/Proactive Remediations/MS-Remove-QuickAssist/Detect-Windows-11-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"MicrosoftCorporationII.QuickAssist"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-QuickAssist/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Detect-Remediate-Windows-11-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-QuickAssist/Remediate-Windows-11-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"MicrosoftCorporationII.QuickAssist"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-QuickAssist/notes.txt Normal file
View File

@@ -0,0 +1 @@
This QuickAssist version is the AppxPackage removing script

4
intune/Proactive Remediations/TNS_ADMIN/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "TNS_ADMIN-Detection.ps1"
popd

30
intune/Proactive Remediations/TNS_ADMIN/TNS_ADMIN-Detection.ps1 Normal file
View File

@@ -0,0 +1,30 @@
# Discovery
# path to the directory that TNS_ADMIN should point towards
# Make sure its the same in both the remediation and discovery scripts
$value = "\\ccx.carecentrix.com\public\oracle"
try {
# create the TNS_ADMIN directory if it doesn't exist, no need to use a remediation to do that
if ( (Test-Path -Path $value -ErrorAction stop) -eq $false ) {
Write-Host "$value directory missing"
exit 1
}
# check the TNS_ADMIN environmental variable
$TNS_ADMINVar = [System.Environment]::GetEnvironmentVariable('TNS_ADMIN', 'Machine')
if ($TNS_ADMINVar -ne $value) {
Write-Host "failure, TNS_ADMIN is set to $TNS_ADMINVar"
exit 1
}
Write-Host "TNS_ADMIN Variables set correctly"
exit 0
}
catch {
$errMsg = $_.Exception.Message
Write-Host $errMsg
exit 1
}

24
intune/Proactive Remediations/TNS_ADMIN/TNS_ADMIN-Remediation.ps1 Normal file
View File

@@ -0,0 +1,24 @@
# Remediation
# path to the directory that TNS_ADMIN should point towards
# Make sure its the same in both the remediation and discovery scripts
$value = "\\ccx.carecentrix.com\public\oracle"
try {
# create the TNS_ADMIN directory if it doesn't exist
if ( (Test-Path -Path $value) -eq $false ) {
New-Item -Path $value -ItemType Directory
}
# set the variables
[System.Environment]::SetEnvironmentVariable('TNS_ADMIN','\\ccx.carecentrix.com\public\oracle','Machine')
Write-Host "TNS_ADMIN Machine variables Changed"
exit 0
}
catch {
$errMsg = $_.Exception.Message
Write-Host $errMsg
exit 1
}

12
intune/Proactive Remediations/Tenable-AgentStatus/Remediate-Serverslist.ps1 Normal file
View File

@@ -0,0 +1,12 @@
$serverlist = Import-Csv '.\intune\Proactive Remediations\Tenable-AgentStatus\servers.csv'
foreach ($server in $serverlist) {
$serverName = $server.ServerName
$cred = $server.Credential
$session = New-PSSession -ComputerName $serverName -Credential $cred
Invoke-Command -Session $session -ScriptBlock {
param($serverName)
.\intune\Proactive Remediations\Tenable-AgentStatus\remediate-agent.ps1
} -ArgumentList $serverName
Remove-PSSession -Session $session
}

24
intune/Proactive Remediations/Tenable-AgentStatus/detect.ps1 Normal file
View File

@@ -0,0 +1,24 @@
cd "C:\Program Files\Tenable\Nessus Agent"
$NessusStatus = .\nessuscli agent status
$NessusStatusString = $NessusStatus | out-string
if ($nessusstatus[2].Contains("disconnected")) {
Write-Host "Nessus Agent is Disconnected and requires remediation "$nessusstatus[2]
exit 1
}
elseif ($nessusstatus[2].Contains("authentication error")) {
Write-Host "Nessus Agent is in authorization error state and requires remediation "$nessusstatus[2]
exit 1
}
elseif ($nessusstatus[2].Contains("Not linked to a manager")) {
Write-Host "Nessus Agent is Not linked to a manager "$nessusstatus[2]
exit 1
}
elseif ($nessusstatus[2].Contains("Link status: Connected to paptennm001.ccx.carecentrix.com:8834")) {
Write-Host "Nessus Agent is connected and healthy "$nessusstatus[2]
exit 0
}
else {
Write-Host "Nessus Agent in an unknown status "$nessusstatus[2]
exit 1
}

54
intune/Proactive Remediations/Tenable-AgentStatus/remediate-desktops.ps1 Normal file
View File

@@ -0,0 +1,54 @@
cd "C:\Program Files\Tenable\Nessus Agent"
$nessusstatus = .\nessuscli.exe agent status
$ServiceName = "Tenable Nessus Agent"
Write-Host "Stopping Nessus Agent"
Stop-Service $ServiceName
Start-Sleep -Seconds 5
$service = (Get-Service -Name $ServiceName -ErrorAction Stop)
if ($service.Status -eq "Stopped") {
if ($nessusstatus[2].Contains("disconnected")) {
.\Nessuscli.exe plugins --reset
start-Service $ServiceName
Start-Sleep -Seconds 600
$pluginstatus = (.\Nessuscli.exe plugins --info) | Out-String
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Plugin Reset and Agent Started: "$nessusstatus[2]
exit 0
}
elseif ($nessusstatus[2].Contains("authentication error")) {
.\Nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - VPN - GlobalProtect"
.\Nessuscli.exe plugins --reset
Start-Service $ServiceName
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
exit 0
}
elseif ($nessusstatus[2].Contains("Not linked to a manager")) {
.\Nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - VPN - GlobalProtect"
Start-Service $ServiceName
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
exit 0
}
elseif ($nessusstatus[2].Contains("Connected to paptennm001.ccx.carecentrix.com:8834")) {
Write-Host "Nessus Agent is connected and healthy: "$nessusstatus[2]
Start-Service $ServiceName
exit 0
}
else {
Write-Host "Unknown Remediation Required: "$nessusstatus[2]
Start-Service $ServiceName
exit 1
}
}
else {
Write-Host "Nessus Agent Not Stopped"
exit 1
}

55
intune/Proactive Remediations/Tenable-AgentStatus/remediate-servers.ps1 Normal file
View File

@@ -0,0 +1,55 @@
cd "C:\Program Files\Tenable\Nessus Agent"
$nessusstatus = .\nessuscli.exe agent status
$ServiceName = "Tenable Nessus Agent"
Write-Host "Stopping Nessus Agent"
Stop-Service $ServiceName
Start-Sleep -Seconds 5
$service = (Get-Service -Name $ServiceName -ErrorAction Stop)
if ($service.Status -eq "Stopped") {
if ($nessusstatus[2].Contains("disconnected")) {
.\Nessuscli.exe plugins --reset
start-Service $ServiceName
Start-Sleep -Seconds 600
$pluginstatus = (.\Nessuscli.exe plugins --info) | Out-String
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Plugin Reset and Agent Started: "$nessusstatus[2]
return true
}
elseif ($nessusstatus[2].Contains("authentication error")) {
.\nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - Windows Servers"
.\Nessuscli.exe plugins --reset
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
Start-Service $ServiceName
return true
}
elseif ($nessusstatus[2].Contains("Not linked to a manager")) {
.\nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - Windows Servers"
Start-Service $ServiceName
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
return true
}
elseif ($nessusstatus[2].Contains("Connected to paptennm001.ccx.carecentrix.com:8834")) {
Write-Host "Nessus Agent is connected and healthy: "$nessusstatus[2]
Start-Service $ServiceName
return true
}
else {
Write-Host "Unknown Remediation Required: "$nessusstatus[2]
Start-Service $ServiceName
return false
}
}
else {
Write-Host "Nessus Agent Not Stopped"
return false
}

64
intune/Proactive Remediations/Tenable-AgentStatus/servers.csv Normal file
View File

@@ -0,0 +1,64 @@
DNCRADOPSSQL02
DNCRANICEAPI01
DNCRARDSUIR01
DNCRAREDIS01
DNCRASECTEST01
DRAWSDC01
DRAWSDC02
FLT2PSQL021
PAWSZVM01
PFAX021
PMDA014
PMDA017
PMON005
PNCRAAPPSQL01
PNCRABIZSQL11
PNCRABIZSQL12
PNCRABIZSQL21
PNCRABIZSQL22
PNCRABIZSQLQ11
PNCRABIZSQLQ21
PNCRACBAC01
PNCRACMX01
PNCRADOPSSQL01
PNCRADOPSSQL02
PNCRADOPSSQL03
PNCRADOPSSQLQ01
PNCRAEDITAB01
PNCRAEISSQL01
PNCRAFSSQL01
PNCRAMISCSQL01
PNCRANICEAPI01
PNCRANICESQL01
PNCRAPSPT002
PNCRARDSUIS01
PNCRASCCMSUP01
PNCRASPWFE01
PNCRASSIS02
PNCRATABL003
PNCRAVAR03
PNCRAVB01
PNCRAVBT01
PNCRAVDIFS02
PNCRAVJB01
PNCRAVPRXY001
PNCRAVPRXY002
PNCRAWFM02
PNCRAWFM05
PNCRAWFM06
PSQL026
PSQL030A
PSQL030B
Q1NCRASSIS02
QCMX001
QNCRACMX01
QNCRARDS11
QNCRARDSJB03
QSIS010
VLANTESTING
VLANTESTING2
VM-SCCMDANE-01
VM-SCCMOSD-01
VM-SCCMOSD-02
VM-SCCMOSD-03
VM-SCCMOSD-06
1 DNCRADOPSSQL02
2 DNCRANICEAPI01
3 DNCRARDSUIR01
4 DNCRAREDIS01
5 DNCRASECTEST01
6 DRAWSDC01
7 DRAWSDC02
8 FLT2PSQL021
9 PAWSZVM01
10 PFAX021
11 PMDA014
12 PMDA017
13 PMON005
14 PNCRAAPPSQL01
15 PNCRABIZSQL11
16 PNCRABIZSQL12
17 PNCRABIZSQL21
18 PNCRABIZSQL22
19 PNCRABIZSQLQ11
20 PNCRABIZSQLQ21
21 PNCRACBAC01
22 PNCRACMX01
23 PNCRADOPSSQL01
24 PNCRADOPSSQL02
25 PNCRADOPSSQL03
26 PNCRADOPSSQLQ01
27 PNCRAEDITAB01
28 PNCRAEISSQL01
29 PNCRAFSSQL01
30 PNCRAMISCSQL01
31 PNCRANICEAPI01
32 PNCRANICESQL01
33 PNCRAPSPT002
34 PNCRARDSUIS01
35 PNCRASCCMSUP01
36 PNCRASPWFE01
37 PNCRASSIS02
38 PNCRATABL003
39 PNCRAVAR03
40 PNCRAVB01
41 PNCRAVBT01
42 PNCRAVDIFS02
43 PNCRAVJB01
44 PNCRAVPRXY001
45 PNCRAVPRXY002
46 PNCRAWFM02
47 PNCRAWFM05
48 PNCRAWFM06
49 PSQL026
50 PSQL030A
51 PSQL030B
52 Q1NCRASSIS02
53 QCMX001
54 QNCRACMX01
55 QNCRARDS11
56 QNCRARDSJB03
57 QSIS010
58 VLANTESTING
59 VLANTESTING2
60 VM-SCCMDANE-01
61 VM-SCCMOSD-01
62 VM-SCCMOSD-02
63 VM-SCCMOSD-03
64 VM-SCCMOSD-06

23
intune/Proactive Remediations/WIndows11-UpgradeRemediation/Detect-Win11.ps1 Normal file
View File

@@ -0,0 +1,23 @@
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate
Import-Module pswindowsupdate
$scheduledTaskState = (Get-ScheduledTask -TaskName "PSWindowsUpdate").state
try {
if (((Get-WindowsUpdate -Title "Windows 11, version 23H2").status -eq "-D-----") -and ($scheduledTaskState.value -ne "Ready")) {
Write-Host "Update Downloaded but not scheduled"
Exit 1
}
elseif ($scheduledTaskState.value -eq "Ready") {
Write-Host "Update Downloaded and Scheduled"
Exit 0
}
Write-Host "Not Compliant"
Exit 1
}
catch {
Write-Host "Not Compliant - Catch"
Exit 1
}

27
intune/Proactive Remediations/WIndows11-UpgradeRemediation/Remediate-Win11.ps1 Normal file
View File

@@ -0,0 +1,27 @@
Import-Module PSWindowsUpdate
if ($null -eq (Get-Module PSWindowsUpdate)) {
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate
Import-Module pswindowsupdate
}
$scheduledTaskState = (Get-ScheduledTask -TaskName "PSWindowsUpdate").state
if ($scheduledTaskState.value -eq "Ready") {
Write-Host "Update Already Scheduled"
Exit 0
}
else {
# Get-WindowsUpdate -MicrosoftUpdate -Title "Windows 11, version 23H2" -ScheduleJob (get-date((Get-Date).AddDays(1)) -Hour 01 -Minute 0 -Second 0) -Install -AcceptAll -AutoReboot -Verbose
# Monday's Update
Get-WindowsUpdate -MicrosoftUpdate -Title "Windows 11, version 23H2" -ScheduleJob (get-date((get-date 2025-01-23)) -Hour 01 -Minute 0 -Second 0) -Install -AcceptAll -AutoReboot -Verbose
$scheduledTaskState = (Get-ScheduledTask -TaskName "PSWindowsUpdate").state
if ($scheduledTaskState.value -eq "Ready") {
Write-Host "Update Scheduled"
Exit 0
else {
Write-Host "Update Failed to Schedule"
Exit 1
}
}
}

47
intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Detection.ps1 Normal file
View File

@@ -0,0 +1,47 @@
<#
Version: 1.0
Author: Jannik Reinhard (jannikreinhard.com)
Script: Move-Windows11Taskbar
Description:
Change the tastkbar alignment
Release notes:
Version 1.0: Init
#>
function Test-RegistryValue {
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Path,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Value
)
try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
return $true
}catch {
return $false
}
}
$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
$value = "TaskbarAl"
if(-not (Get-CimInstance Win32_OperatingSystem -Property *).Caption -like "*Windows 11*"){
Exit 0
}
if((Test-RegistryValue -Path $path -Value $value)){
if((Get-ItemProperty -path $path -name $value).TaskbarAl -eq "0"){
Exit 0
}
}else {
Exit 1
}

41
intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Remediation.ps1 Normal file
View File

@@ -0,0 +1,41 @@
<#
Version: 1.0
Author: Jannik Reinhard (jannikreinhard.com)
Script: Move-Windows11Taskbar
Description:
Change the tastkbar alignment
Release notes:
Version 1.0: Init
#>
function Test-RegistryValue {
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Path,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Value
)
try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
return $true
}catch {
return $false
}
}
$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
$value = "TaskbarAl"
if(Test-Path $path){
try{
Set-ItemProperty -Path $path -Name $value -Value 0 -Force
Exit 0
}catch{
Exit 1
}
}else{
Exit 1
}

BIN
intune/SystemRenamer/IntuneWinAppUtil.exe Normal file
View File

Binary file not shown.

21
intune/SystemRenamer/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2020 Michael Niehaus
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

20
intune/SystemRenamer/README.md Normal file
View File

@@ -0,0 +1,20 @@
# RenameComputer
Sample app for renaming a Hybrid Azure AD joined (AD-joined) device after an Autopilot deployment. Note that you will probably want to customize the RenameComputer.ps1 script to add your own naming logic, then build a new RenameComputer.intunewin package by running the "makeapp.cmd" file from a command prompt.
To set up the RenameComputer app in Intune, perform the following steps.
Add the UpdateOS.intunewin app to Intune and specify the following command line:
powershell.exe -noprofile -executionpolicy bypass -file .\RenameComputer.ps1
To "uninstall" the app, the following can be used (for example, to get the app to re-install):
cmd.exe /c del %ProgramData%\Microsoft\RenameComputer\RenameComputer.ps1.tag
Specify the platforms and minimum OS version that you want to support.
For a detection rule, specify the path and file and "File or folder exists" detection method:
%ProgramData%\Microsoft\RenameComputer RenameComputer.ps1.tag
Deploy the app as a required app to an appropriate set of devices.

BIN
intune/SystemRenamer/RenameComputer.intunewin Normal file
View File

Binary file not shown.

154
intune/SystemRenamer/RenameComputer/RenameComputer.ps1 Normal file
View File

@@ -0,0 +1,154 @@
<#PSScriptInfo
.VERSION 1.0
.GUID 3b42d8c8-cda5-4411-a623-90d812a8e29e
.AUTHOR Michael Niehaus
.COMPANYNAME Microsoft
.COPYRIGHT
.TAGS
.LICENSEURI
.PROJECTURI
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES
Version 1.0: Initial version.
.PRIVATEDATA
#>
<#
.DESCRIPTION
Rename the computer
#>
Param()
# If we are running as a 32-bit process on an x64 system, re-launch as a 64-bit process
if ("$env:PROCESSOR_ARCHITEW6432" -ne "ARM64")
{
if (Test-Path "$($env:WINDIR)\SysNative\WindowsPowerShell\v1.0\powershell.exe")
{
& "$($env:WINDIR)\SysNative\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy bypass -File "$PSCommandPath"
Exit $lastexitcode
}
}
# Create a tag file just so Intune knows this was installed
if (-not (Test-Path "$($env:ProgramData)\Microsoft\RenameComputer"))
{
Mkdir "$($env:ProgramData)\Microsoft\RenameComputer"
}
Set-Content -Path "$($env:ProgramData)\Microsoft\RenameComputer\RenameComputer.ps1.tag" -Value "Installed"
# Initialization
$dest = "$($env:ProgramData)\Microsoft\RenameComputer"
if (-not (Test-Path $dest))
{
mkdir $dest
}
Start-Transcript "$dest\RenameComputer.log" -Append
# Make sure we are already domain-joined
$goodToGo = $true
$details = Get-ComputerInfo
if (-not $details.CsPartOfDomain)
{
Write-Host "Not part of a domain."
$goodToGo = $false
}
# Make sure we have connectivity
$dcInfo = [ADSI]"LDAP://RootDSE"
if ($dcInfo.dnsHostName -eq $null)
{
Write-Host "No connectivity to the domain."
$goodToGo = $false
}
if ($goodToGo)
{
# Get the new computer name
#get system serial #:
$SystemSerial = Get-WmiObject win32_bios | select Serialnumber
#Ignore original naming Convention
#$newName = Invoke-RestMethod -Method GET -Uri "https://generatename.azurewebsites.net/api/HttpTrigger1?prefix=AD-"
$newName = $SystemSerial.Serialnumber
# Set the computer name
Write-Host "Renaming computer to $($SystemSerial.Serialnumber)"
Rename-Computer -NewName $SystemSerial.Serialnumber
# Remove the scheduled task
Disable-ScheduledTask -TaskName "RenameComputer" -ErrorAction Ignore
Unregister-ScheduledTask -TaskName "RenameComputer" -Confirm:$false -ErrorAction Ignore
Write-Host "Scheduled task unregistered."
# Make sure we reboot if still in ESP/OOBE by reporting a 1641 return code (hard reboot)
if ($details.CsUserName -match "defaultUser")
{
Write-Host "Exiting during ESP/OOBE with return code 1641"
Stop-Transcript
Exit 1641
}
else {
Write-Host "Initiating a restart in 10 minutes"
& shutdown.exe /g /t 600 /f /c "Restarting the computer due to a computer name change. Save your work."
Stop-Transcript
Exit 0
}
}
else
{
# Check to see if already scheduled
$existingTask = Get-ScheduledTask -TaskName "RenameComputer" -ErrorAction SilentlyContinue
if ($existingTask -ne $null)
{
Write-Host "Scheduled task already exists."
Stop-Transcript
Exit 0
}
# Copy myself to a safe place if not already there
if (-not (Test-Path "$dest\RenameComputer.ps1"))
{
Copy-Item $PSCommandPath "$dest\RenameComputer.PS1"
}
# Create the scheduled task action
$action = New-ScheduledTaskAction -Execute "Powershell.exe" -Argument "-NoProfile -ExecutionPolicy bypass -WindowStyle Hidden -File $dest\RenameComputer.ps1"
# Create the scheduled task trigger
$timespan = New-Timespan -minutes 5
$triggers = @()
$triggers += New-ScheduledTaskTrigger -Daily -At 9am
$triggers += New-ScheduledTaskTrigger -AtLogOn -RandomDelay $timespan
$triggers += New-ScheduledTaskTrigger -AtStartup -RandomDelay $timespan
# Register the scheduled task
Register-ScheduledTask -User SYSTEM -Action $action -Trigger $triggers -TaskName "RenameComputer" -Description "RenameComputer" -Force
Write-Host "Scheduled task created."
}
Stop-Transcript

30
intune/SystemRenamer/SystemRenamer-Remediation/RenameComputer-Detect.ps1 Normal file
View File

@@ -0,0 +1,30 @@
Try {
$details = Get-ComputerInfo
if (-not $details.CsPartOfDomain) {
Write-Output 'Not Domain Joined'
Exit 0
}
$serial = Get-WmiObject Win32_bios | Select-Object -ExpandProperty SerialNumber
$newName = $serial
$newName = $newName.Replace(' ', '')
if ($newName.Length -ge 15) {
$newName = $newName.substring(0, 15)
}
If ($details.CsName -ne $newName) {
Write-Warning "Existing Computer name $($details.CsName) should be $newName"
Exit 1
}
Else {
Write-Output "Computer has correct name: $($details.CsName)"
Exit 0
}
}
Catch {
Write-Error $_.Exception
Exit 2000
}

33
intune/SystemRenamer/SystemRenamer-Remediation/RenameComputer-Remediate.ps1 Normal file
View File

@@ -0,0 +1,33 @@
$domain = 'ccx.carecentrix.com'
$waitTime = '45'
Try {
$dcInfo = [ADSI]"LDAP://$domain"
if ($null -eq $dcInfo.Path) {
Write-Error "No connectivity to $domain"
}
$serial = Get-WmiObject Win32_bios | Select-Object -ExpandProperty SerialNumber
If (Get-WmiObject -Class win32_battery) {
$newName = $serial
}
Else {
$newName = $serial
}
$newName = $newName.Replace(' ', '')
if ($newName.Length -ge 15) {
$newName = $newName.substring(0, 15)
}
Rename-Computer -NewName $newName
$waitSeconds = (New-TimeSpan -Minutes $waitTime).TotalSeconds
Write-Host "Initiating a restart in $waitime minutes"
& shutdown.exe /g /t $waitSeconds /f /c "Your system requires are reboot due to a computer name change. Please save your work and either reboot now or your system will reboot in $waitTime minutes."
Write-Output "Computer renamed from $($details.CsName) to $newName"
}
Catch {
Write-Error $_.Exception
Exit 2000
}

1
intune/SystemRenamer/debug.log Normal file
View File

@@ -0,0 +1 @@
[0609/152259.905:ERROR:registration_protocol_win.cc(106)] CreateFile: The system cannot find the file specified. (0x2)

1
intune/SystemRenamer/makeapp.cmd Normal file
View File

@@ -0,0 +1 @@
intunewinapputil.exe -c RenameComputer -s RenameComputer.ps1 -o .\ -q