andrewamason/Intune
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Intune Initial Scripts Backup

Browse Source
This commit is contained in:
Andrew Amason
2025-04-21 14:21:38 -04:00
commit 71764cd10f
241 changed files with 28218 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
intune/Proactive Remediations/Bitlocker_KeyRecovery/Bitlocker_KeyRecovery_detection.ps1 Normal file
View File

@@ -0,0 +1,33 @@
### detection script ###
### look for Bitlocker Recovery Key Backup events of Systemdrive
try
{
### obtain protected system volume
$BLSysVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction Stop
$BLRecoveryProtector = $BLSysVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } -ErrorAction Stop
$BLprotectorguid = $BLRecoveryProtector.KeyProtectorId
### obtain backup event for System drive
$BLBackupEvent = Get-WinEvent -ProviderName Microsoft-Windows-BitLocker-API -FilterXPath "*[System[(EventID=845)] and EventData[Data[@Name='ProtectorGUID'] and (Data='$BLprotectorguid')]]" -MaxEvents 1 -ErrorAction Stop
# Check for returned values, if null, write output and exit 1
if ($BLBackupEvent -gt $null)
{
# Write eventmessage and set exit success
Write-Output $BLBackupEvent.Message
Exit 0
}
else
{
Write-Output "Key-Backup Event for Bitlocker System drive not found"
Exit 1
}
}
catch
{
$errMsg = $_.Exception.Message
Write-Output $errMsg
exit 1
}

21
intune/Proactive Remediations/Bitlocker_KeyRecovery/Bitlocker_KeyRecovery_remediation.ps1 Normal file
View File

@@ -0,0 +1,21 @@
### remediation script ###
### backup recovery key of systemdrive
try{
### obtain protected system volume
$BLSysVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive
$BLRecoveryProtector = $BLSysVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
$BLprotectorguid = $BLRecoveryProtector.KeyProtectorId
# Backup sysdrive recovery key to AAD
BackuptoAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $BLRecoveryProtector.KeyProtectorID -ErrorAction Stop
Exit 0
}
catch
{
$errMsg = $_.Exception.Message
Write-Output $errMsg
exit 1
}

28
intune/Proactive Remediations/CarbonBlack_AppControl/detect_CB_AP_Health.ps1 Normal file
View File

@@ -0,0 +1,28 @@
try {
Test-Path -Path "C:\Program Files (x86)\Bit9\Parity Agent"
}
catch {
Write-Host "Carbon Black App Control Folder Does Not Exist"
exit 1
}
try {
Test-Path -Path "C:\Program Files (x86)\Bit9\Parity Agent\DasCLI.exe"
}
catch {
Write-Host "Carbon Black App Control is not installed"
exit 1
}
Set-Location "C:\Program Files (x86)\Bit9\Parity Agent"
$CBagentstatus = .\DasCLI.exe status
if (((($CBagentstatus[55]).Split(":")[1])).Trimstart() -like "Healthy") {
Write-Host "Carbon Black agent is healthy"
Exit 0
}
else {
Write-Host "Carbon Black App Control Status is unknown" ((($CBagentstatus[55]).Split(":")[1])).Trimstart()
exit 1
}

86
intune/Proactive Remediations/DellInc-DellCommandUpdate/Detect-DellCommandUpdate.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellCommandUpdate.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellCommandUpdate"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

86
intune/Proactive Remediations/DellInc-DellCommandUpdate/Remediate-DellCommandUpdate.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellCommandUpdate.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellCommandUpdate"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellCommandUpdate/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellCommandUpdate_5.1.31.0_neutral_~_htrsf667h5kn2 version is the AppxPackage removing script

86
intune/Proactive Remediations/DellInc-DellDigitalDelivery/Detect-DellDigitalDelivery.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellDigitalDelivery.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellDigitalDelivery"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/DellInc-DellDigitalDelivery/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Detect-Remediate-Windows-11-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/DellInc-DellDigitalDelivery/Remediate-DellDigitalDelivery.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellDigitalDelivery.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellDigitalDelivery"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellDigitalDelivery/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellDigitalDelivery_5.2.0.0_neutral_~_htrsf667h5kn2 is the AppxPackage removing script

86
intune/Proactive Remediations/DellInc-DellOptimizer/Detect-DellOptimizer.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellOptimizer.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellOptimizer"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

86
intune/Proactive Remediations/DellInc-DellOptimizer/Remediate-DellOptimizer.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellOptimizer.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellOptimizer"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellOptimizer/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellOptimizer_2024.327.925.0_neutral_~_htrsf667h5kn2 is the AppxPackage removing script

86
intune/Proactive Remediations/DellInc-DellSupportAssistforPCs/Detect-DellSupportAssistforPCs.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellSupportAssistforPCs.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"DellInc.DellSupportAssistforPCs"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

86
intune/Proactive Remediations/DellInc-DellSupportAssistforPCs/Remediate-DellSupportAssistforPCs.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-DellSupportAssistforPCs.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"DellInc.DellSupportAssistforPCs"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/DellInc-DellSupportAssistforPCs/notes.txt Normal file
View File

@@ -0,0 +1 @@
This DellInc.DellSupportAssistforPCs_4.0.15.0_x64__htrsf667h5kn2 is the AppxPackage removing script

18
intune/Proactive Remediations/Detect Wifi Band Preference/Detect_PreferredBand.ps1 Normal file
View File

@@ -0,0 +1,18 @@
$null = $AdapterBandPreference
$Adapter = "Wi-Fi"
$AdapterProperty = "Preferred Band"
$DisplayValue = "2. Prefer 2.4GHz band"
Try {
$AdapterBandPreference = Get-NetAdapterAdvancedProperty -Name $Adapter -DisplayName $AdapterProperty
If ($AdapterBandPreference.DisplayValue -eq $DisplayValue){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

19
intune/Proactive Remediations/Detect Wifi Band Preference/Remediate_PreferredBand.ps1 Normal file
View File

@@ -0,0 +1,19 @@
$null = $AdapterBandPreference
$Adapter = "Wi-Fi"
$AdapterProperty = "Preferred Band"
$DisplayValue = "2. Prefer 2.4GHz band"
Try {
Set-NetAdapterAdvancedProperty -Name $Adapter -DisplayName $AdapterProperty -DisplayValue $DisplayValue
$AdapterBandPreference = Get-NetAdapterAdvancedProperty -Name $Adapter -DisplayName $AdapterProperty
If ($AdapterBandPreference.DisplayValue -eq $DisplayValue){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

10
intune/Proactive Remediations/Detect-Remediate-mDNS/Detection.ps1 Normal file
View File

@@ -0,0 +1,10 @@
$Reg = Get-ItemProperty -Path 'HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name "EnableMDNS" -ErrorAction SilentlyContinue
if ($Reg -eq $Null){
Write-host "IPv6 prefix reg is not identified "
Exit 1
}
else {
Write-Host "IPv6 prefix is identified"
Exit 0
}

9
intune/Proactive Remediations/Detect-Remediate-mDNS/Remediation.ps1 Normal file
View File

@@ -0,0 +1,9 @@
$Path = "HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"
$Name = "EnableMDNS"
$Type = "DWORD"
$Value = 0
New-ItemProperty -Path $Path -Name $Name -PropertyType $Type -Value $Value -ErrorAction SilentlyContinue
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value -ErrorAction SilentlyContinue

8
intune/Proactive Remediations/Detect-TenantAccessKey/Detect-TenantAccessKey.ps1 Normal file
View File

@@ -0,0 +1,8 @@
$TenantAssociationKey = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager" -name TenantAssociationKey).TenantAssociationKey
$desiredkeyvalue = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRpZCI6IjM0MjYxOWUwLTRhOWEtNDJlNC1hNjZmLTFmZjljODVkMDhkNiIsImFwcGlkIjoiZDM1OTBlZDYtNTJiMy00MTAyLWFlZmYtYWFkMjI5MmFiMDFjIiwiaXNzIjoiSXNzdWVyIiwiYXVkIjoiQXVkaWVuY2UifQ.D_YXC2f5Zy1ahkVMsAqViF98_B3M4yZ_ZTMIIPAZM6U"
if ($TenantAssociationKey = $desiredkeyvalue) {
return 0
}
else {
return 1
}

18
intune/Proactive Remediations/Disable LLMNR/Detect_LLMNR.ps1 Normal file
View File

@@ -0,0 +1,18 @@
$Path = "HKLM:\Software\policies\Microsoft\Windows NT\DNSClient"
$Name = "EnableMulticast"
$Type = "DWORD"
$Value = 0
Try {
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
If ($Registry -eq $Value){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

15
intune/Proactive Remediations/Disable LLMNR/Remediate_LLMNR.ps1 Normal file
View File

@@ -0,0 +1,15 @@
$Path1 ="HKLM:\Software\policies\Microsoft\Windows NT"
$Path = "HKLM:\Software\policies\Microsoft\Windows NT\DNSClient"
$Name = "EnableMulticast"
$Type = "DWORD"
$Value = 0
$DNSclient = (Get-ItemProperty $path1).psobject.properties.name -contains "dnsclient"
If ($DNSclient -eq $false)
{
New-Item -Path $Path
}
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value

6
intune/Proactive Remediations/Disable Netbios/Remediate_NetBios.ps1 Normal file
View File

@@ -0,0 +1,6 @@
$Path = "HKLM:\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\tcpip*"
$Name = "NetbiosOptions"
$Type = "DWORD"
$Value = 2
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value

34
intune/Proactive Remediations/Disable Netbios/detect_NetBios.ps1 Normal file
View File

@@ -0,0 +1,34 @@
$Path = "HKLM:\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\tcpip*"
$Name = "NetbiosOptions"
$Type = "DWORD"
$Value = 2
Try {
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
$Counter = 0
Foreach ($Entry in $Registry )
{
If ($Entry -eq $Value)
{
$Counter+=0
}
else
{
$Counter+=1
}
}
if($Counter -eq 0)
{
Write-Output "Compliant"
Exit 0
}
else
{
Write-Warning "Not Compliant"
exit 1
}
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}

2
intune/Proactive Remediations/GP Issues/detect.ps1 Normal file
View File

@@ -0,0 +1,2 @@
$GPLogs = $env:LOCALAPPDATA+"\Palo alto networks\GlobalProtect\PANGPA.log"
$logs = (Get-Content $GPLogs) | ConvertTo-Xml

131
intune/Proactive Remediations/MEM_RemoveSccmClient-main/Detect_SCCMclient.ps1 Normal file
View File

@@ -0,0 +1,131 @@
<#
.Description
Script to detect if there is any trace of SCCM agent.
Will check for CcmExec service and registry keys for services, SMS Certs, and MDM Authority.
.Notes
Source: https://github.com/robertomoir/remove-sccm/blob/master/remove-sccmagent.ps1
Source: https://www.optimizationcore.com/deployment/sccm-client-complete-remove-uninstall-powershell-script/
Source: https://jamesachambers.com/remove-microsoft-sccm-by-force/
Source: https://github.com/ChadSimmons/Scripts/blob/default/ConfigMgr/Troubleshooting/Remove-ConfigMgrClient.ps1
#>
#region Settings
$Error.Clear()
$Result = 0
$DetectSummary = ""
#New lines, easier to read Agentexecutor Log file.
Write-Host "`n`n"
#endregion Settings
#region Functions
Function Test-IfServiceExistExit1 {
Param
(
[string]$ServiceName
)
$DetectSummary = ""
$Service = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
If ($null -eq $Service) {
Write-Host "Service $ServiceName was not found."
}
else {
Write-Warning "Service $ServiceName exists."
if (-not ($DetectSummary -eq "")) { $DetectSummary += ", " }
$DetectSummary += "$ServiceName service exists"
return 1, $DetectSummary
}
return 0, $DetectSummary
}
Function Test-IfRegKeyExistExit1 {
Param
(
[string]$RegKeyPath
)
$DetectSummary = ""
$RegKey = Get-Item -Path $RegKeyPath -ErrorAction SilentlyContinue
if ($null -eq $RegKey) {
Write-Host "Registry Key $RegKeyPath was not found."
}
else {
Write-Warning "$RegKeyPath exists."
if (-not ($DetectSummary -eq "")) { $DetectSummary += ", " }
$DetectSummary += "$RegKeyPath exists"
return 1, $DetectSummary
}
return 0, $DetectSummary
}
#endregion Functions
#region Main
#Look for the services related to SCCM client.
$Services = ("CcmExec", "CCMSetup", "smstsmgr", "CmRcService")
foreach ($Serv in $Services) {
# Verify that services do not exist
$result, $serviceSummary = Test-IfServiceExistExit1 $Serv
if ($result -eq 1) {
$Result = 1
}
$DetectSummary += $serviceSummary
}
#Verify that all registry keys from SCCM agent do not exist.
$RegServicesPath = "HKLM:\SYSTEM\CurrentControlSet\Services"
$RegSoftwarePath = "HKLM:\SOFTWARE\Microsoft"
$RegSoftwareWowPath = "HKLM:\SOFTWARE\Wow6432Node\Microsoft"
$RegSmsCertsPath = "HKLM:\SOFTWARE\Microsoft\SystemCertificates\SMS\Certificates"
$RegServices = (
"$RegServicesPath\CcmExec",
"$RegServicesPath\CCMSetup",
"$RegServicesPath\smstsmgr",
"$RegServicesPath\CmRcService",
"$RegSoftwarePath\CCM",
"$RegSoftwarePath\CCMSetup",
"$RegSoftwarePath\SMS",
"$RegSoftwarePath\DeviceManageabilityCSP",
"$RegSoftwareWowPath\CCM",
"$RegSoftwareWowPath\CCMSetup",
"$RegSoftwareWowPath\SMS",
"$RegSmsCertsPath\*"
)
foreach ($RegService in $RegServices) {
# Verify that Registry Keys do not exist
$result, $regKeySummary = Test-IfRegKeyExistExit1 $RegService
if ($result -eq 1) {
$Result = 1
}
$DetectSummary += $regKeySummary
}
#New lines, easier to read Agentexecutor Log file.
Write-Host "`n`n"
# Return result
if ($Result -eq 0) {
Write-Host "OK $([datetime]::Now) : SCCM not found."
Exit 0
} else {
Write-Host "WARNING $([datetime]::Now) : $DetectSummary"
Exit 1
}
#endregion Main

612
intune/Proactive Remediations/MEM_RemoveSccmClient-main/Fix_SCCMclient.ps1 Normal file
View File

@@ -0,0 +1,612 @@
<#
.Description
Script to remove SCCM agent from PCs
Completly based on James Chambers and Chad Simmons powershell scripts to remove the SCCM agent.
Updated with other scripts and testing.
$ccmpath is path to SCCM Agent's own uninstall routine.
.Notes
Script created or based on the following:
Source: https://github.com/robertomoir/remove-sccm/blob/master/remove-sccmagent.ps1
Source: https://www.optimizationcore.com/deployment/sccm-client-complete-remove-uninstall-powershell-script/
Source: https://jamesachambers.com/remove-microsoft-sccm-by-force/
Source: https://github.com/ChadSimmons/Scripts/blob/default/ConfigMgr/Troubleshooting/Remove-ConfigMgrClient.ps1
#>
#region Functions
function Test-IsAdmin {
<#
.SYNOPSIS
Checks if the current user has administrative privileges.
.DESCRIPTION
Function determines whether the current user has administrative privileges by attempting to create a new WindowsPrincipal object and checking the IsInRole method for the "Administrator" role.
If the check fails, it throws an exception indicating the lack of administrative privileges.
.EXAMPLE
Test-IsAdmin
If the current user has administrative privileges, the function completes without any output. If not, it throws an exception.
.NOTES
This function should be called at the beginning of scripts that require administrative privileges to ensure proper execution.
#>
try {
# Create a new WindowsPrincipal object for the current user
$currentUser = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
# Check if the current user is in the "Administrators" role
if (-not $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
throw "Script needs to run with Administrative privileges."
}
} catch {
throw "Must be run with Administrative priviliges."
}
}
function Stop-WinService {
<#
.SYNOPSIS
Stops a specified Windows service if it exists and is running.
.DESCRIPTION
Function checks if a specified Windows service exists and retrieves its status. If the service is running,
it attempts to stop it. Includes error handling to catch and throw any issues encountered, with specific messages
for services that do not exist.
.PARAMETER ServiceName
The name of the Windows service to stop.
.EXAMPLE
Stop-WinService -ServiceName "wuauserv"
Attempts to stop the Windows Update service if it exists and is running.
.NOTES
This function requires administrative privileges to stop Windows services.
#>
param (
[Parameter(Mandatory = $true)]
[string]$ServiceName
)
try {
# Check if the service exists
$service = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
if ($null -eq $service) {
throw "Service '$ServiceName' does not exist."
}
# Check if the service is running
if ($service.Status -eq 'Running') {
# Attempt to stop the service
Write-Host "Stopping service '$ServiceName'..."
Stop-Service -Name $ServiceName -Force -ErrorAction Stop
Write-Host "Service '$ServiceName' stopped successfully."
} else {
Write-Host "Service '$ServiceName' is not running."
}
} catch {
throw "$_"
}
}
function Remove-RegKey {
<#
.SYNOPSIS
Deletes a specified registry key and its subkeys.
.DESCRIPTION
This function removes a specified registry key from the Windows Registry, including all its subkeys and values.
It includes error handling to catch and throw any issues encountered during the operation.
.PARAMETER RegKeyPath
The path of the registry key to delete.
.EXAMPLE
Remove-RegKey -RegKeyPath "HKLM:\SOFTWARE\MyApp"
Deletes the "MyApp" key and all its subkeys and values from the HKEY_LOCAL_MACHINE\SOFTWARE path.
.NOTES
This function requires administrative privileges to modify the Windows Registry.
#>
param (
[Parameter(Mandatory = $true)]
[string]$RegKeyPath
)
try {
# Check if the registry key exists
if (Test-Path -Path $RegKeyPath) {
# Attempt to remove the registry key
Write-Host "Removing registry key '$RegKeyPath'..."
Remove-Item -Path $RegKeyPath -Recurse -Force -Confirm:$false -ErrorAction Stop
Write-Host "Registry key '$RegKeyPath' removed successfully."
} else {
Write-Host "Registry key '$RegKeyPath' does not exist."
}
} catch {
throw "Error removing registry key '$RegKeyPath'"
}
}
function Clear-Files {
<#
.SYNOPSIS
Deletes specified files or folders, including subdirectories, and takes ownership if necessary.
.DESCRIPTION
This function iterates through an array of file paths, taking ownership of each file or directory and then deleting it.
It ensures both files and subdirectories are removed, handling any errors encountered during the process.
.PARAMETER FilePaths
An array of file paths to delete. These can be files or directories.
.EXAMPLE
$filesToDelete = @("C:\Temp\File1.txt", "C:\Temp\Folder1")
Clear-Files -FilePaths $filesToDelete
.NOTES
This function requires administrative privileges to take ownership and delete files or directories.
#>
param (
[string[]]$FilePaths
)
foreach ($FilePath in $FilePaths) {
try {
# Take ownership of the file or folder
$null = takeown.exe /F "$FilePath" /R /A /D Y 2>&1
# Delete the file or folder, including subdirectories
Remove-Item -Path $FilePath -Force -Recurse -ErrorAction Stop
Write-Host "Successfully deleted: $FilePath"
} catch {
Write-Host "Error deleting $($FilePath)"
}
}
}
function Remove-WmiNamespace {
<#
.SYNOPSIS
Removes a specified WMI namespace.
.DESCRIPTION
This function checks if a specified WMI namespace exists and removes it if found. It uses CIM (Common Information Model) cmdlets
to query and delete the WMI namespace. Errors are handled silently to ensure smooth execution.
.PARAMETER WmiName
The name of the WMI namespace to be removed.
.PARAMETER WmiNameSpace
The parent namespace where the specified WMI namespace resides.
.EXAMPLE
Remove-WmiNamespace -WmiName "ccm" -WmiNameSpace "root\ccm"
.NOTES
Ensure the script runs with administrative privileges to modify WMI namespaces.
.SOURCE
References:
- https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1
- https://docs.microsoft.com/en-us/powershell/scripting/learn/deep-dives/everything-about-powershell-cim-cmdlets?view=powershell-7.1
#>
param (
[string]$WmiName,
[string]$WmiNameSpace
)
try {
# Query for the specified WMI namespace
$WmiRepository = Get-CimInstance -query "SELECT * FROM __Namespace WHERE Name='$WmiName'" -Namespace "$WmiNameSpace" -ErrorAction SilentlyContinue
# Check if the namespace exists
if ($null -ne $WmiRepository) {
Write-Host "Found WMI Repository $WmiName, removing..."
# Remove the WMI namespace
Get-CimInstance -query "SELECT * FROM __Namespace WHERE Name='$WmiName'" -Namespace "$WmiNameSpace" | Remove-CimInstance -Confirm:$false -ErrorAction SilentlyContinue
}
else {
Write-Host "WMI Repository $WmiName not found"
}
}
catch {
throw "Error udpating WMI namespace."
}
}
function Verify-SccmClientDelete {
<#
.SYNOPSIS
Verifies the deletion of the SCCM client by checking for the absence of specific services and files.
.DESCRIPTION
Checks if the SCCM (System Center Configuration Manager) client has been successfully deleted from the system.
It does this by verifying the absence of the SCCM client service (`CcmExec`) and the SCCM setup file (`ccmsetup.exe`).
If neither the service nor the setup file is found, the deletion is considered successful.
If either the service or the setup file still exists, appropriate warnings are issued, and the function sets an exit code indicating failure.
.PARAMETER None
.EXAMPLE
$exitCode = Verify-SccmClientDelete
Write-Host "Exit Code: $exitCode"
.NOTES
This function requires administrative privileges to check the existence of services and files.
Ensure that the script is run with appropriate permissions to avoid errors.
#>
# Variables to store the SCCM service name and file path
$SccmService = "CcmExec"
$SccmFilePath = "$Env:WinDir\ccmsetup\ccmsetup.exe"
$ExitCode = 0
try {
# Attempt to retrieve the SCCM service
$CCMexecService = Get-Service -Name $SccmService -ErrorAction SilentlyContinue
# Attempt to retrieve the SCCM setup file
$CCMexecSetupFile = Get-Item -Path $SccmFilePath -ErrorAction SilentlyContinue
# Check if both the service and the setup file do not exist
if (($null -eq $CCMexecService) -and ($null -eq $CCMexecSetupFile)) {
# SCCM Client deletion confirmed.
Write-Host "Confirmation. SCCM client service does not exist!"
}
else {
# Check if the SCCM service still exists
if ($null -ne $CCMexecService) {
# Set exit code for existing service
$ExitCode = 90 # 0x431 ERROR_SERVICE_EXISTS / The specified service already exists.
Write-Warning "Service $CCMexecService still exists, completing with failure $ExitCode"
}
# Check if the SCCM setup file still exists
if ($null -ne $CCMexecSetupFile) {
# Set exit code for existing file
$ExitCode = 91 # The specified file still exists.
Write-Warning "File $CCMexecSetupFile still exists, completing with failure $ExitCode"
}
}
}
catch {
# Handle any errors that occur during the check
throw "Error verifying SCCM client deletion."
}
# Return the exit code
return $ExitCode
}
function Start-CompleteIntuneSync {
<#
.SYNOPSIS
Initiates an Intune sync session and verifies its completion through Event Viewer logs.
.DESCRIPTION
This function performs an Intune sync by creating and starting an MDM session using Windows.Management.MdmSessionManager.
It waits for 60 seconds to allow the sync process to initiate. It then checks for specific events in the Event Viewer
to confirm the sync's start and completion: Looks for events 208 and 209 in the "Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin".
The function returns the time these events were logged, or "Not found" if the events are not present.
The Journey:
Initial approach used `intunemanagementextension://syncapp` protocol as suggested by Jannik Reinhard's blog (https://jannikreinhard.com/2022/07/31/summary-of-the-intune-management-extension/). However, this method did not yield consistent results across different devices
Focus then shifted to leveraging the `Windows.Management.MdmSessionManager` class, known for managing Mobile Device Management (MDM) sessions. The use of `[Windows.Management.MdmSessionManager,Windows.Management,ContentType=WindowsRuntime]` to create and start an MDM session was adopted based on documentation and community blogs:
- https://oofhours.com/2024/03/30/when-does-a-windows-client-sync-with-intune/
Note: There was an initial attempt to use `Add-Type -AssemblyName "Windows.Management"` which resulted in an error indicating the assembly could not be found. This led to the realization that direct referencing and instantiation of the Windows Runtime type was necessary.
.REFERENCES
- "Intune Management Extension" by Jannik Reinhard: https://jannikreinhard.com/2022/07/31/summary-of-the-intune-management-extension/
- "When Does a Windows Client Sync with Intune?" by Michael Niehaus: https://oofhours.com/2024/03/30/when-does-a-windows-client-sync-with-intune/
.PARAMETER None
.EXAMPLE
Start-CompleteIntuneSync
.NOTES
This function requires administrative privileges to access Event Viewer logs.
Make sure to run this script with appropriate permissions.
#>
# Initialize variables for event checking
$eventLog = "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"
$syncStartEventID = 208
$syncCompleteEventID = 209
$syncStartTime = Get-Date
# Log the start of the sync attempt
Write-Host "Starting Intune sync at $syncStartTime"
try {
# Create and start the MDM session using Windows.Management.MdmSessionManager
[Windows.Management.MdmSessionManager,Windows.Management,ContentType=WindowsRuntime] > $null
$session = [Windows.Management.MdmSessionManager]::TryCreateSession()
$session.StartAsync() | Out-Null
# Wait for 60 seconds to allow the sync to initiate
Start-Sleep -Seconds 60
# Check for the sync start event in Event Viewer
$syncStartEvent = Get-WinEvent -LogName $eventLog | Where-Object { $_.Id -eq $syncStartEventID -and $_.TimeCreated -ge $syncStartTime }
if ($syncStartEvent) {
Write-Host "Sync start event (ID $syncStartEventID) found."
$syncStartEventTime = $syncStartEvent.TimeCreated
} else {
Write-Host "Sync start event (ID $syncStartEventID) not found."
$syncStartEventTime = "Not found"
}
# Check for the sync complete event in Event Viewer
$syncCompleteEvent = Get-WinEvent -LogName $eventLog | Where-Object { $_.Id -eq $syncCompleteEventID -and $_.TimeCreated -ge $syncStartTime }
if ($syncCompleteEvent) {
Write-Host "Sync complete event (ID $syncCompleteEventID) found."
$syncCompleteEventTime = $syncCompleteEvent.TimeCreated
} else {
Write-Host "Sync complete event (ID $syncCompleteEventID) not found."
$syncCompleteEventTime = "Not found"
}
# Return details of the sync process
return @{
SyncStartEvent = $syncStartEventTime
SyncCompleteEvent = $syncCompleteEventTime
SyncStartTime = $syncStartTime
}
} catch {
throw "Error during Intune sync process. "
}
}
function WriteAndExitWithSummary {
<#
.SYNOPSIS
Writes a summary of the script's execution to the console and then exits the script with a specified status code.
.DESCRIPTION
The function takes a status code and a summary string as parameters. It writes the summary along with the current date and time to the console using Write-Host.
After writing the summary, it exits the script with the given status code. If the given status code is below 0 (negative) it changes exit status code to 0.
.PARAMETER StatusCode
The exit status code to be used when exiting the script.
0: OK
1: FAIL
Other: WARNING
.PARAMETER Summary
The summary string that describes the script's execution status. This will be written to the console.
.EXAMPLE
WriteAndExitWithSummary -StatusCode 0 -Summary "All operations completed successfully."
.EXAMPLE
WriteAndExitWithSummary -StatusCode 1 -Summary "Error: SCCM client removal failed."
.NOTES
Last Modified: August 27, 2023
Author: Manuel Nieto
#>
param (
[int]$StatusCode,
[string]$Summary
)
# Combine the summary with the current date and time.
$finalSummary = "$([datetime]::Now) = $Summary"
# Determine the prefix based on the status code.
$prefix = switch ($StatusCode) {
0 { "OK" }
1 { "FAIL" }
default { "WARNING" }
}
# Easier to read in log file
Write-Host "`n`n"
# Write the final summary to the console.
Write-Host "$prefix $finalSummary"
# Easier to read in log file
Write-Host "`n`n"
# Exit the script with the given status code.
if ($StatusCode -lt 0) {$StatusCode = 0}
Exit $StatusCode
}
#endregion
#region Main
# Initialize
$Error.Clear() # Clear any previous errors.
$t = Get-Date # Get current date and time.
$CCMpath = "$Env:WinDir\ccmsetup\ccmsetup.exe" # Path to SCCM setup executable.
$verifyBeginResult # Variable to store beginning SCCM verification result.
$verifyEndResult # Variable to store ending SCCM verification result.
$summary = "" # Initialize summary string.
$StatusCode = 0 # Initialize status code to zero.
# New lines, easier to read Agentexecutor Log file.
Write-Host "`n`n"
#Log start time.
Write-Host "SCCM Agent cleanup start time: $t"
try {
#Test Admin rights
Test-IsAdmin
# Confirm if SCCM client is present.
$verifyBeginResult = Verify-SccmClientDelete
# Only execute if we have confirmation that SCCM client exists.
if ($verifyBeginResult -gt 0) {
# Stopping SCCM services.
try {
#Stop SCCM services.
Stop-WinService CcmExec
Stop-WinService ccmsetup
Stop-WinService smstsmgr
Stop-WinService CmRcService
$summary += "SCCM services stopped. "
} catch {
$summary += "Error stopping SCCM services: $_ "
$StatusCode = -2
}
# Remove SCCM client.
try {
# Remove SCCM client.
if (Test-Path $CCMpath) {
Write-Host "Found $CCMpath, Uninstalling SCCM agent. `n"
#Start Uninstall, Included -WorkingDirectory to Start-Process cmdlet as Workaround to error when working directory has characters "[" "]"
Start-Process -WorkingDirectory $Env:WinDir -FilePath $CCMpath -ArgumentList "/uninstall" -Wait -NoNewWindow
# wait for exit
$CCMProcess = Get-Process ccmsetup -ErrorAction SilentlyContinue
try {
$CCMProcess.WaitForExit()
} catch {}
$summary += "SCCM client removed. "
}
else {
$summary += "SCCM client not found. "
}
} catch {
$summary += "Error removing SCCM client. "
$StatusCode = -2
}
# Removing services from registry
try {
# Remove Services from Registry.
$CurrentPath = "HKLM:\SYSTEM\CurrentControlSet\Services"
Remove-RegKey "$CurrentPath\CcmExec"
Remove-RegKey "$CurrentPath\CCMSetup"
Remove-RegKey "$CurrentPath\smstsmgr"
Remove-RegKey "$CurrentPath\CmRcService"
$summary += "SCCM services removed from registry. "
} catch {
$summary += "Error removing SCCM services from registry: $_. "
$StatusCode = -2
}
try {
# Remove SCCM Client from Registry
$CurrentPath = "HKLM:\SOFTWARE\Microsoft"
Remove-RegKey "$CurrentPath\CCM"
Remove-RegKey "$CurrentPath\CCMSetup"
Remove-RegKey "$CurrentPath\SMS"
$CurrentPath = "HKLM:\SOFTWARE\Wow6432Node\Microsoft"
Remove-RegKey "$CurrentPath\CCM"
Remove-RegKey "$CurrentPath\CCMSetup"
Remove-RegKey "$CurrentPath\SMS"
$summary += "SCCM client registry keys removed. "
} catch {
$summary += "Error removing SCCM client registry keys: $_. "
$StatusCode = -2
}
try {
# Remove WMI Namespaces
Remove-WmiNamespace "ccm" "root"
Remove-WmiNamespace "sms" "root\cimv2"
$summary += "SCCM WMI namespaces removed. "
} catch {
$summary += "Error removing SCCM WMI namespaces: $_. "
$StatusCode = -2
}
try {
# Reset MDM Authority
Write-Host "MDM Authority, reviewing and deleting registry key if necessary"
$CurrentPath = "HKLM:\SOFTWARE\Microsoft"
Remove-RegKey "$CurrentPath\DeviceManageabilityCSP"
$summary += "MDM authority reset. "
} catch {
$summary += "Error resetting MDM authority. "
$StatusCode = -2
}
try {
# Remove Folders and Files
$CurrentPath = "$Env:WinDir"
Clear-Files "$CurrentPath\CCM"
Clear-Files "$CurrentPath\ccmsetup"
Clear-Files "$CurrentPath\ccmcache"
Clear-Files "$CurrentPath\SMSCFG.ini"
Clear-Files "$CurrentPath\SMS*.mif"
$summary += "SCCM related files and folders removed. "
} catch {
$summary += "Error removing SCCM files and folders: $_. "
$StatusCode = -2
}
try {
# Remove SCCM certificates
$CurrentPath = "HKLM:\SOFTWARE\Microsoft\SystemCertificates\SMS\Certificates"
Remove-RegKey "$CurrentPath\*"
$summary += "SCCM certificates removed. "
} catch {
$summary += "Error removing SCCM certificates: $_. "
$StatusCode = -2
}
try {
# Confirm if SCCM client was removed.
$verifyEndResult = Verify-SccmClientDelete
if ($verifyEndResult -eq 0) {
$summary += "SCCM client removal verified. "
} else {
$StatusCode = $verifyEndResult
$summary += "SCCM client removal failed with code $verifyEndResult. "
}
} catch {
$summary += "Error verifying SCCM client removal: $_. "
$StatusCode = -2
}
}
}
catch {
# Log error and set status code to failure
$summary += "Execution Error: $_ "
$StatusCode = 1
}
# Perform Intune sync and log the result. Only if no errors.
if ($StatusCode -le 0) {
try {
$syncDetails = Start-CompleteIntuneSync
$summary += "Intune sync request: $($syncDetails.SyncStartTime), Start: $($syncDetails.SyncStartEvent), Completed: $($syncDetails.SyncCompleteEvent). "
} catch {
$summary += "Error during Intune sync. "
}
}
# Write the summary and exit with the appropriate status code
WriteAndExitWithSummary -StatusCode $StatusCode -Summary $summary
#Finished!
#endregion

22
intune/Proactive Remediations/MEM_RemoveSccmClient-main/README.md Normal file
View File

@@ -0,0 +1,22 @@
<H1> SCCM Agent remove via Proactive Remediations v1.0 </H1>
Removes SCCM Client via MEM Intune Proactive Remediation.
I used it to move co-managed devices to Intune managed devices in an environment where SCCM was no longer present.
This script is based on the original work from the following sources:
remove-sccmagent.ps1
Author: Robert M.
source: https://github.com/robertomoir/remove-sccm/blob/master/remove-sccmagent.ps1
Remove-ConfigMgrClient.ps1
Author: Chad Simmons
Source: https://github.com/ChadSimmons/Scripts/blob/default/ConfigMgr/Troubleshooting/Remove-ConfigMgrClient.ps1
Remove All Traces of Microsoft SCCM w/ PowerShell (By Force)
Author: James A. chambers
Source: https://jamesachambers.com/remove-microsoft-sccm-by-force/
SCCM Client Complete Uninstall / Remove + Powershell Script
Source: https://www.optimizationcore.com/deployment/sccm-client-complete-remove-uninstall-powershell-script/

86
intune/Proactive Remediations/MS-Remove-DevHome/Detect-DevHome-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"Microsoft.Windows.DevHome"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-DevHome/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Remediate-DevHome-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-DevHome/Remediate-DevHome-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"Microsoft.Windows.DevHome"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-DevHome/notes.txt Normal file
View File

@@ -0,0 +1 @@
This New Outlook is the AppxPackage removing script

86
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/Detect-MicrosoftTeams.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-MicrosoftTeams.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"MicrosoftTeams"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Detect-Remediate-Windows-11-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/Remediate-MicrosoftTeams.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-MicrosoftTeams.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"MicrosoftTeams"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-MicrosoftTeams/notes.txt Normal file
View File

@@ -0,0 +1 @@
This MicrosoftTeams version is the AppxPackage removing script

86
intune/Proactive Remediations/MS-Remove-NewOutook/Detect-NewOutlook-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"Microsoft.OutlookForWindows"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-NewOutook/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Remediate-NewOutlook-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-NewOutook/Remediate-NewOutlook-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"Microsoft.OutlookForWindows"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-NewOutook/notes.txt Normal file
View File

@@ -0,0 +1 @@
This New Outlook is the AppxPackage removing script

86
intune/Proactive Remediations/MS-Remove-QuickAssist/Detect-Windows-11-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $false
)
begin {
$appxPackageList = @(
"MicrosoftCorporationII.QuickAssist"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

4
intune/Proactive Remediations/MS-Remove-QuickAssist/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "Detect-Remediate-Windows-11-Built-In-Apps.ps1"
popd

86
intune/Proactive Remediations/MS-Remove-QuickAssist/Remediate-Windows-11-Built-In-Apps.ps1 Normal file
View File

@@ -0,0 +1,86 @@
<#
.SYNOPSIS
This script is used to detect and remediate built-in apps in Windows 11.
.DESCRIPTION
The script provides two main functionalities: detection and remediation of built-in apps. By default, the script runs in detection mode, but it can also be configured to perform remediation.
The list of built-in apps to be detected and remediated can be customized by modifying the $appxPackageList array in the script.
.NOTES
File Name : Detect-Remediate-Windows-11-Built-In-Apps.ps1
Author : Martin Bengtsson
Blog : https://www.imab.dk
#>
param (
[bool]$runDetection = $true,
[bool]$runRemediation = $true
)
begin {
$appxPackageList = @(
"MicrosoftCorporationII.QuickAssist"
)
function Test-InstalledAppxPackages() {
foreach ($app in $appxPackageList) {
try {
$isAppInstalled = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
if (-NOT[string]::IsNullOrEmpty($isAppInstalled)) {
Write-Output $app
}
}
catch {
Write-Output "[ERROR] Failed to retrieve the installed app: $_"
}
}
}
function Remove-InstalledAppxPackages() {
param (
[string]$appxPackage
)
try {
Get-AppxPackage -Name $appxPackage | Remove-AppxPackage
$global:remediationSuccess += $true
}
catch {
Write-Output "[ERROR] Failed to remove the app: $_"
}
}
if ($runDetection -eq $false) {
Write-Output "[ERROR] runDetection cannot be set to false. As a minimum runDetection must be set to true."
exit 1
}
}
process {
$global:needsRemediation = @()
$global:remediationSuccess = @()
$installedAppxPackages = Test-InstalledAppxPackages
if ($runDetection -eq $true) {
if (-NOT[string]::IsNullOrEmpty($installedAppxPackages)) {
foreach ($app in $installedAppxPackages) {
$global:needsRemediation += $true
if ($runRemediation -eq $true) {
Remove-InstalledAppxPackages -appxPackage $app
}
}
}
}
}
end {
if ($runDetection -eq $true) {
if ($global:needsRemediation -contains $true -AND $global:remediationSuccess -notcontains $true) {
Write-Output "[WARNING] Built-in apps found installed. Remediation is needed."
exit 1
}
elseif ($global:remediationSuccess -contains $true -AND $global:remediationSuccess -notcontains $false) {
Write-Output "[OK] Remediation was run successfully. Built-in apps were removed."
exit 0
}
else {
Write-Output "[OK] No built-in apps found. Doing nothing."
exit 0
}
}
}

1
intune/Proactive Remediations/MS-Remove-QuickAssist/notes.txt Normal file
View File

@@ -0,0 +1 @@
This QuickAssist version is the AppxPackage removing script

4
intune/Proactive Remediations/TNS_ADMIN/Install.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
pushd %~dp0
powershell.exe -ExecutionPolicy Bypass -File "TNS_ADMIN-Detection.ps1"
popd

30
intune/Proactive Remediations/TNS_ADMIN/TNS_ADMIN-Detection.ps1 Normal file
View File

@@ -0,0 +1,30 @@
# Discovery
# path to the directory that TNS_ADMIN should point towards
# Make sure its the same in both the remediation and discovery scripts
$value = "\\ccx.carecentrix.com\public\oracle"
try {
# create the TNS_ADMIN directory if it doesn't exist, no need to use a remediation to do that
if ( (Test-Path -Path $value -ErrorAction stop) -eq $false ) {
Write-Host "$value directory missing"
exit 1
}
# check the TNS_ADMIN environmental variable
$TNS_ADMINVar = [System.Environment]::GetEnvironmentVariable('TNS_ADMIN', 'Machine')
if ($TNS_ADMINVar -ne $value) {
Write-Host "failure, TNS_ADMIN is set to $TNS_ADMINVar"
exit 1
}
Write-Host "TNS_ADMIN Variables set correctly"
exit 0
}
catch {
$errMsg = $_.Exception.Message
Write-Host $errMsg
exit 1
}

24
intune/Proactive Remediations/TNS_ADMIN/TNS_ADMIN-Remediation.ps1 Normal file
View File

@@ -0,0 +1,24 @@
# Remediation
# path to the directory that TNS_ADMIN should point towards
# Make sure its the same in both the remediation and discovery scripts
$value = "\\ccx.carecentrix.com\public\oracle"
try {
# create the TNS_ADMIN directory if it doesn't exist
if ( (Test-Path -Path $value) -eq $false ) {
New-Item -Path $value -ItemType Directory
}
# set the variables
[System.Environment]::SetEnvironmentVariable('TNS_ADMIN','\\ccx.carecentrix.com\public\oracle','Machine')
Write-Host "TNS_ADMIN Machine variables Changed"
exit 0
}
catch {
$errMsg = $_.Exception.Message
Write-Host $errMsg
exit 1
}

12
intune/Proactive Remediations/Tenable-AgentStatus/Remediate-Serverslist.ps1 Normal file
View File

@@ -0,0 +1,12 @@
$serverlist = Import-Csv '.\intune\Proactive Remediations\Tenable-AgentStatus\servers.csv'
foreach ($server in $serverlist) {
$serverName = $server.ServerName
$cred = $server.Credential
$session = New-PSSession -ComputerName $serverName -Credential $cred
Invoke-Command -Session $session -ScriptBlock {
param($serverName)
.\intune\Proactive Remediations\Tenable-AgentStatus\remediate-agent.ps1
} -ArgumentList $serverName
Remove-PSSession -Session $session
}

24
intune/Proactive Remediations/Tenable-AgentStatus/detect.ps1 Normal file
View File

@@ -0,0 +1,24 @@
cd "C:\Program Files\Tenable\Nessus Agent"
$NessusStatus = .\nessuscli agent status
$NessusStatusString = $NessusStatus | out-string
if ($nessusstatus[2].Contains("disconnected")) {
Write-Host "Nessus Agent is Disconnected and requires remediation "$nessusstatus[2]
exit 1
}
elseif ($nessusstatus[2].Contains("authentication error")) {
Write-Host "Nessus Agent is in authorization error state and requires remediation "$nessusstatus[2]
exit 1
}
elseif ($nessusstatus[2].Contains("Not linked to a manager")) {
Write-Host "Nessus Agent is Not linked to a manager "$nessusstatus[2]
exit 1
}
elseif ($nessusstatus[2].Contains("Link status: Connected to paptennm001.ccx.carecentrix.com:8834")) {
Write-Host "Nessus Agent is connected and healthy "$nessusstatus[2]
exit 0
}
else {
Write-Host "Nessus Agent in an unknown status "$nessusstatus[2]
exit 1
}

54
intune/Proactive Remediations/Tenable-AgentStatus/remediate-desktops.ps1 Normal file
View File

@@ -0,0 +1,54 @@
cd "C:\Program Files\Tenable\Nessus Agent"
$nessusstatus = .\nessuscli.exe agent status
$ServiceName = "Tenable Nessus Agent"
Write-Host "Stopping Nessus Agent"
Stop-Service $ServiceName
Start-Sleep -Seconds 5
$service = (Get-Service -Name $ServiceName -ErrorAction Stop)
if ($service.Status -eq "Stopped") {
if ($nessusstatus[2].Contains("disconnected")) {
.\Nessuscli.exe plugins --reset
start-Service $ServiceName
Start-Sleep -Seconds 600
$pluginstatus = (.\Nessuscli.exe plugins --info) | Out-String
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Plugin Reset and Agent Started: "$nessusstatus[2]
exit 0
}
elseif ($nessusstatus[2].Contains("authentication error")) {
.\Nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - VPN - GlobalProtect"
.\Nessuscli.exe plugins --reset
Start-Service $ServiceName
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
exit 0
}
elseif ($nessusstatus[2].Contains("Not linked to a manager")) {
.\Nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - VPN - GlobalProtect"
Start-Service $ServiceName
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
exit 0
}
elseif ($nessusstatus[2].Contains("Connected to paptennm001.ccx.carecentrix.com:8834")) {
Write-Host "Nessus Agent is connected and healthy: "$nessusstatus[2]
Start-Service $ServiceName
exit 0
}
else {
Write-Host "Unknown Remediation Required: "$nessusstatus[2]
Start-Service $ServiceName
exit 1
}
}
else {
Write-Host "Nessus Agent Not Stopped"
exit 1
}

55
intune/Proactive Remediations/Tenable-AgentStatus/remediate-servers.ps1 Normal file
View File

@@ -0,0 +1,55 @@
cd "C:\Program Files\Tenable\Nessus Agent"
$nessusstatus = .\nessuscli.exe agent status
$ServiceName = "Tenable Nessus Agent"
Write-Host "Stopping Nessus Agent"
Stop-Service $ServiceName
Start-Sleep -Seconds 5
$service = (Get-Service -Name $ServiceName -ErrorAction Stop)
if ($service.Status -eq "Stopped") {
if ($nessusstatus[2].Contains("disconnected")) {
.\Nessuscli.exe plugins --reset
start-Service $ServiceName
Start-Sleep -Seconds 600
$pluginstatus = (.\Nessuscli.exe plugins --info) | Out-String
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Plugin Reset and Agent Started: "$nessusstatus[2]
return true
}
elseif ($nessusstatus[2].Contains("authentication error")) {
.\nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - Windows Servers"
.\Nessuscli.exe plugins --reset
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
Start-Service $ServiceName
return true
}
elseif ($nessusstatus[2].Contains("Not linked to a manager")) {
.\nessuscli.exe agent link --key=0f0147f977db9a4ea74c34b2a24221cdac7715a36665525537718f48e5edafd5 --host=paptennm001.ccx.carecentrix.com --port=8834 --groups="Agent - Windows Servers"
Start-Service $ServiceName
Start-Sleep -Seconds 600
$nessusstatus = .\nessuscli.exe agent status
Write-Host "Agent Re-Linked: "$nessusstatus[2]
return true
}
elseif ($nessusstatus[2].Contains("Connected to paptennm001.ccx.carecentrix.com:8834")) {
Write-Host "Nessus Agent is connected and healthy: "$nessusstatus[2]
Start-Service $ServiceName
return true
}
else {
Write-Host "Unknown Remediation Required: "$nessusstatus[2]
Start-Service $ServiceName
return false
}
}
else {
Write-Host "Nessus Agent Not Stopped"
return false
}

64
intune/Proactive Remediations/Tenable-AgentStatus/servers.csv Normal file
View File

@@ -0,0 +1,64 @@
DNCRADOPSSQL02
DNCRANICEAPI01
DNCRARDSUIR01
DNCRAREDIS01
DNCRASECTEST01
DRAWSDC01
DRAWSDC02
FLT2PSQL021
PAWSZVM01
PFAX021
PMDA014
PMDA017
PMON005
PNCRAAPPSQL01
PNCRABIZSQL11
PNCRABIZSQL12
PNCRABIZSQL21
PNCRABIZSQL22
PNCRABIZSQLQ11
PNCRABIZSQLQ21
PNCRACBAC01
PNCRACMX01
PNCRADOPSSQL01
PNCRADOPSSQL02
PNCRADOPSSQL03
PNCRADOPSSQLQ01
PNCRAEDITAB01
PNCRAEISSQL01
PNCRAFSSQL01
PNCRAMISCSQL01
PNCRANICEAPI01
PNCRANICESQL01
PNCRAPSPT002
PNCRARDSUIS01
PNCRASCCMSUP01
PNCRASPWFE01
PNCRASSIS02
PNCRATABL003
PNCRAVAR03
PNCRAVB01
PNCRAVBT01
PNCRAVDIFS02
PNCRAVJB01
PNCRAVPRXY001
PNCRAVPRXY002
PNCRAWFM02
PNCRAWFM05
PNCRAWFM06
PSQL026
PSQL030A
PSQL030B
Q1NCRASSIS02
QCMX001
QNCRACMX01
QNCRARDS11
QNCRARDSJB03
QSIS010
VLANTESTING
VLANTESTING2
VM-SCCMDANE-01
VM-SCCMOSD-01
VM-SCCMOSD-02
VM-SCCMOSD-03
VM-SCCMOSD-06
1 DNCRADOPSSQL02
2 DNCRANICEAPI01
3 DNCRARDSUIR01
4 DNCRAREDIS01
5 DNCRASECTEST01
6 DRAWSDC01
7 DRAWSDC02
8 FLT2PSQL021
9 PAWSZVM01
10 PFAX021
11 PMDA014
12 PMDA017
13 PMON005
14 PNCRAAPPSQL01
15 PNCRABIZSQL11
16 PNCRABIZSQL12
17 PNCRABIZSQL21
18 PNCRABIZSQL22
19 PNCRABIZSQLQ11
20 PNCRABIZSQLQ21
21 PNCRACBAC01
22 PNCRACMX01
23 PNCRADOPSSQL01
24 PNCRADOPSSQL02
25 PNCRADOPSSQL03
26 PNCRADOPSSQLQ01
27 PNCRAEDITAB01
28 PNCRAEISSQL01
29 PNCRAFSSQL01
30 PNCRAMISCSQL01
31 PNCRANICEAPI01
32 PNCRANICESQL01
33 PNCRAPSPT002
34 PNCRARDSUIS01
35 PNCRASCCMSUP01
36 PNCRASPWFE01
37 PNCRASSIS02
38 PNCRATABL003
39 PNCRAVAR03
40 PNCRAVB01
41 PNCRAVBT01
42 PNCRAVDIFS02
43 PNCRAVJB01
44 PNCRAVPRXY001
45 PNCRAVPRXY002
46 PNCRAWFM02
47 PNCRAWFM05
48 PNCRAWFM06
49 PSQL026
50 PSQL030A
51 PSQL030B
52 Q1NCRASSIS02
53 QCMX001
54 QNCRACMX01
55 QNCRARDS11
56 QNCRARDSJB03
57 QSIS010
58 VLANTESTING
59 VLANTESTING2
60 VM-SCCMDANE-01
61 VM-SCCMOSD-01
62 VM-SCCMOSD-02
63 VM-SCCMOSD-03
64 VM-SCCMOSD-06

23
intune/Proactive Remediations/WIndows11-UpgradeRemediation/Detect-Win11.ps1 Normal file
View File

@@ -0,0 +1,23 @@
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate
Import-Module pswindowsupdate
$scheduledTaskState = (Get-ScheduledTask -TaskName "PSWindowsUpdate").state
try {
if (((Get-WindowsUpdate -Title "Windows 11, version 23H2").status -eq "-D-----") -and ($scheduledTaskState.value -ne "Ready")) {
Write-Host "Update Downloaded but not scheduled"
Exit 1
}
elseif ($scheduledTaskState.value -eq "Ready") {
Write-Host "Update Downloaded and Scheduled"
Exit 0
}
Write-Host "Not Compliant"
Exit 1
}
catch {
Write-Host "Not Compliant - Catch"
Exit 1
}

27
intune/Proactive Remediations/WIndows11-UpgradeRemediation/Remediate-Win11.ps1 Normal file
View File

@@ -0,0 +1,27 @@
Import-Module PSWindowsUpdate
if ($null -eq (Get-Module PSWindowsUpdate)) {
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate
Import-Module pswindowsupdate
}
$scheduledTaskState = (Get-ScheduledTask -TaskName "PSWindowsUpdate").state
if ($scheduledTaskState.value -eq "Ready") {
Write-Host "Update Already Scheduled"
Exit 0
}
else {
# Get-WindowsUpdate -MicrosoftUpdate -Title "Windows 11, version 23H2" -ScheduleJob (get-date((Get-Date).AddDays(1)) -Hour 01 -Minute 0 -Second 0) -Install -AcceptAll -AutoReboot -Verbose
# Monday's Update
Get-WindowsUpdate -MicrosoftUpdate -Title "Windows 11, version 23H2" -ScheduleJob (get-date((get-date 2025-01-23)) -Hour 01 -Minute 0 -Second 0) -Install -AcceptAll -AutoReboot -Verbose
$scheduledTaskState = (Get-ScheduledTask -TaskName "PSWindowsUpdate").state
if ($scheduledTaskState.value -eq "Ready") {
Write-Host "Update Scheduled"
Exit 0
else {
Write-Host "Update Failed to Schedule"
Exit 1
}
}
}

47
intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Detection.ps1 Normal file
View File

@@ -0,0 +1,47 @@
<#
Version: 1.0
Author: Jannik Reinhard (jannikreinhard.com)
Script: Move-Windows11Taskbar
Description:
Change the tastkbar alignment
Release notes:
Version 1.0: Init
#>
function Test-RegistryValue {
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Path,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Value
)
try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
return $true
}catch {
return $false
}
}
$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
$value = "TaskbarAl"
if(-not (Get-CimInstance Win32_OperatingSystem -Property *).Caption -like "*Windows 11*"){
Exit 0
}
if((Test-RegistryValue -Path $path -Value $value)){
if((Get-ItemProperty -path $path -name $value).TaskbarAl -eq "0"){
Exit 0
}
}else {
Exit 1
}

41
intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Remediation.ps1 Normal file
View File

@@ -0,0 +1,41 @@
<#
Version: 1.0
Author: Jannik Reinhard (jannikreinhard.com)
Script: Move-Windows11Taskbar
Description:
Change the tastkbar alignment
Release notes:
Version 1.0: Init
#>
function Test-RegistryValue {
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Path,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Value
)
try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
return $true
}catch {
return $false
}
}
$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
$value = "TaskbarAl"
if(Test-Path $path){
try{
Set-ItemProperty -Path $path -Name $value -Value 0 -Force
Exit 0
}catch{
Exit 1
}
}else{
Exit 1
}