From 9c8438d7d1c3e75b5da842dc8e0c89336f8ef5fa Mon Sep 17 00:00:00 2001 From: Andrew Amason Date: Mon, 19 May 2025 15:19:36 -0400 Subject: [PATCH] Additional Script Updates --- .gitmodules | 6 ++ intune/App Installs/icons | 1 + .../Device Management/MacOS/intunemacadmins | 1 + .../Get-BitLocker/Detect_BitLocker.ps1 | 12 +++ .../Get-BitLocker/Remediate_BitLocker.ps1 | 6 ++ .../Detect_CredentialGuard.ps1 | 12 +++ .../Remediate_CredentialGuard.ps1 | 11 +++ .../Detect_CustomCompliance_File.ps1 | 8 ++ .../Remediate_CustomCompliance_File.ps1 | 14 +++ .../Detect_CustomCompliance_Reg.ps1 | 13 +++ .../Remediate_CustomCompliance_Reg.ps1 | 17 ++++ .../Get-DeviceGuard/Detect_DeviceGuard.ps1 | 12 +++ .../Get-DeviceGuard/Remediate_DeviceGuard.ps1 | 8 ++ .../Get-Firewall/Detect_Firewall.ps1 | 14 +++ .../Get-Firewall/Remediate_Firewall.ps1 | 6 ++ .../Get-SecureBoot/Detect_SecureBoot.ps1 | 10 ++ .../Get-SecureBoot/Remediate_SecureBoot.ps1 | 7 ++ .../DeviceCompliance/README.md | 36 +++++++ .../Detect_CorporateCertificate.ps1 | 9 ++ .../Remediate_CorporateCertificate.ps1 | 3 + .../Get-CorporateVPN/Detect_CorporateVPN.ps1 | 9 ++ .../Remediate_CorporateVPN.ps1 | 3 + .../Detect_CustomWallpaper.ps1 | 10 ++ .../Remediate_CustomWallpaper.ps1 | 5 + .../Get-DriveMapping/Detect_DriveMapping.ps1 | 16 ++++ .../Remediate_DriveMapping.ps1 | 10 ++ .../Detect_LocalDNSSettings.ps1 | 9 ++ .../Remediate_LocalDNSSettings.ps1 | 3 + .../Detect_OfficeTemplates.ps1 | 9 ++ .../Remediate_OfficeTemplates.ps1 | 10 ++ .../Detect_OutlookTemplate.ps1 | 9 ++ .../Remediate_OutlookTemplate.ps1 | 10 ++ .../Get-TimeZone/Detect_TimeZone.ps1 | 15 +++ .../Get-TimeZone/Remediate_TimeZone.ps1 | 9 ++ .../Get-UAC/Detect_UAC.ps1 | 15 +++ .../Get-UAC/Remediate_UAC.ps1 | 12 +++ .../Get-WDAC/Detect_WDAC.ps1 | 12 +++ .../Get-WDAC/Remediate_WDAC.ps1 | 13 +++ .../DeviceConfiguration/README.md | 51 ++++++++++ .../Get-DiskCleanup/Detect_DiskCleanup.ps1 | 9 ++ .../Get-DiskCleanup/Remediate_DiskCleanup.ps1 | 3 + .../Detect_InactiveUsers.ps1 | 24 +++++ .../Remediate_InactiveUsers.ps1 | 24 +++++ .../Detect_InactiveUsers.ps1 | 23 +++++ .../Remediate_InactiveUsers.ps1 | 23 +++++ .../Get-LowDiskSpace/Detect_LowDiskSpace.ps1 | 15 +++ .../Remediate_LowDiskSpace.ps1 | 14 +++ .../Detect_SystemPerformance.ps1 | 24 +++++ .../Remediate_SystemPerformance.ps1 | 20 ++++ .../Get-UserProfiles/Detect_UserProfiles.ps1 | 32 +++++++ .../Remediate_UserProfiles.ps1 | 26 +++++ .../DevicePerformance/README.md | 31 ++++++ .../Detect_CloudDeliveredProtection.ps1 | 10 ++ .../Remediate_CloudDeliveredProtection.ps1 | 3 + .../Detect_ExploitProtection.ps1 | 10 ++ .../Remdiate_ExploitProtection.ps1 | 3 + .../Detect_NetworkProtection.ps1 | 10 ++ .../Remediate_NetworkProtection.ps1 | 3 + .../Detect_PUA-Protection.ps1 | 7 ++ .../Remediate_PUA-Protection.ps1 | 9 ++ .../Get-QuickScan/Detect_Malware.ps1 | 15 +++ .../Get-QuickScan/Remediate_Malware.ps1 | 15 +++ .../Detect_RealTimeBehavior.ps1 | 7 ++ .../Remediate_RealTimeBehavior.ps1 | 9 ++ .../Detect_RealTimeProtection.ps1 | 8 ++ .../Remediate_RealTimeProtection.ps1 | 9 ++ .../Detect_ScheduledScans.ps1 | 10 ++ .../Remediate_ScheduledScans.ps1 | 4 + .../Detect_SignatureIntelligenceUpdates.ps1 | 10 ++ ...Remediate_SignatureIntelligenceUpdates.ps1 | 3 + .../Detect_TamperProtection.ps1 | 10 ++ .../Remediate_TamperProtection.ps1 | 3 + .../MicrosoftDefenderAV/README.md | 51 ++++++++++ .../detect-windowsai-regkey-hkcu.ps1 | 20 ++++ .../detect-windowsai-regkey.ps1 | 20 ++++ .../remediate-windowsai-regkey-hkcu.ps1 | 10 ++ .../remediate-windowsai-regkey.ps1 | 10 ++ .../Get-CustomScript/Detect_CustomScript.ps1 | 3 + .../Remediate_CustomScript.ps1 | 2 + .../Detect_GenericRegistryChange.ps1 | 11 +++ .../Remediate_GenericRegistryChange.ps1 | 4 + .../Detect_GenericRestartService.ps1 | 3 + .../Remediate_GenericRestartService.ps1 | 4 + ...etect-Reset-SoftwareDistributionFolder.ps1 | 4 + ...diate-Reset-SoftwareDistributionFolder.ps1 | 3 + ...etect-Reset-SoftwareDistributionFolder.ps1 | 7 ++ ...diate-Reset-SoftwareDistributionFolder.ps1 | 1 + .../Miscellaneous/README.md | 27 ++++++ .../Detect-BitLockerStatusReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-CertificateExpiryReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-DiskSpaceUsageReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-EndpointProtectionStatusReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-EventLogErrorReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-FirewallStatusReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-LocalAdminGroupReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-PendingRebootReport.ps1 | 10 ++ .../Remediate-Empty.ps1 | 1 + .../Detect-ServiceStatusReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Detect-SoftwareInventoryReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Get-UptimeReport/Detect-UptimeReport.ps1 | 10 ++ .../Get-UptimeReport/Remediate-Empty.ps1 | 1 + .../Detect-UserActivityReport.ps1 | 12 +++ .../Remediate-Empty.ps1 | 1 + .../Reporting/README.md | 96 +++++++++++++++++++ .../Detect_AntiVirusStatus.ps1 | 7 ++ .../Remediate_AntiVirusStatus.ps1 | 16 ++++ .../Detect_BatteryHealthWarning.ps1 | 7 ++ .../Remediate_BatteryHealthWarning.ps1 | 15 +++ .../Detect_CustomToastNotification.ps1 | 2 + .../Remediate_CustomToastNotification.ps1 | 19 ++++ .../Detect_FirewallStatus.ps1 | 7 ++ .../Remediate_FirewallStatus.ps1 | 15 +++ .../Get-HighCPUUsage/Detect_HighCPUUsage.ps1 | 8 ++ .../Remediate_HighCPUUsage.ps1 | 15 +++ .../Detect_HighMemoryUsage.ps1 | 8 ++ .../Remediate_HighMemoryUsage.ps1 | 15 +++ .../Get-LowDiskSpace/Detect_LowDiskSpace.ps1 | 8 ++ .../Remediate_LowDiskSpace.ps1 | 15 +++ .../Detect_NetworkConnectivityIssues.ps1 | 7 ++ .../Remediate_NetworkConnectivityIssues.ps1 | 15 +++ .../Detect_PendingWindowsUpdate.ps1 | 7 ++ .../Remediate_PendingWindowsUpdate.ps1 | 15 +++ .../Detect_PrinterIssues.ps1 | 7 ++ .../Remediate_PrinterIssues.ps1 | 15 +++ .../Detect_RebootRequired.ps1 | 8 ++ .../Remediate_RebootRequired.ps1 | 15 +++ .../ToastNotifications/README.md | 59 ++++++++++++ 136 files changed, 1595 insertions(+) create mode 160000 intune/App Installs/icons create mode 160000 intune/Device Management/MacOS/intunemacadmins create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Detect_BitLocker.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Remediate_BitLocker.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Detect_CredentialGuard.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Remediate_CredentialGuard.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Detect_CustomCompliance_File.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Remediate_CustomCompliance_File.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Detect_CustomCompliance_Reg.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Remediate_CustomCompliance_Reg.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Detect_DeviceGuard.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Remediate_DeviceGuard.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Detect_Firewall.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Remediate_Firewall.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Detect_SecureBoot.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Remediate_SecureBoot.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceCompliance/README.md create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Detect_CorporateCertificate.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Remediate_CorporateCertificate.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Detect_CorporateVPN.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Remediate_CorporateVPN.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Detect_CustomWallpaper.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Remediate_CustomWallpaper.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Detect_DriveMapping.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Remediate_DriveMapping.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Detect_LocalDNSSettings.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Remediate_LocalDNSSettings.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Detect_OfficeTemplates.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Remediate_OfficeTemplates.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Detect_OutlookTemplate.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Remediate_OutlookTemplate.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Detect_TimeZone.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Remediate_TimeZone.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Detect_UAC.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Remediate_UAC.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Detect_WDAC.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Remediate_WDAC.ps1 create mode 100644 intune/Externally Sourced Remediations/DeviceConfiguration/README.md create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Detect_DiskCleanup.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Remediate_DiskCleanup.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Detect_InactiveUsers.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Remediate_InactiveUsers.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Detect_InactiveUsers.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Remediate_InactiveUsers.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Detect_SystemPerformance.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Remediate_SystemPerformance.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Detect_UserProfiles.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Remediate_UserProfiles.ps1 create mode 100644 intune/Externally Sourced Remediations/DevicePerformance/README.md create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Detect_CloudDeliveredProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Remediate_CloudDeliveredProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Detect_ExploitProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Remdiate_ExploitProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Detect_NetworkProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Remediate_NetworkProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Detect_PUA-Protection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Remediate_PUA-Protection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Detect_Malware.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Remediate_Malware.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Detect_RealTimeBehavior.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Remediate_RealTimeBehavior.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Detect_RealTimeProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Remediate_RealTimeProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Detect_ScheduledScans.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Remediate_ScheduledScans.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Detect_SignatureIntelligenceUpdates.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Remediate_SignatureIntelligenceUpdates.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Detect_TamperProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Remediate_TamperProtection.ps1 create mode 100644 intune/Externally Sourced Remediations/MicrosoftDefenderAV/README.md create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey-hkcu.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey-hkcu.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Detect_CustomScript.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Remediate_CustomScript.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Detect_GenericRegistryChange.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Remediate_GenericRegistryChange.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Detect_GenericRestartService.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Remediate_GenericRestartService.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Detect-Reset-SoftwareDistributionFolder.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Remediate-Reset-SoftwareDistributionFolder.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Detect-Reset-SoftwareDistributionFolder.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Remediate-Reset-SoftwareDistributionFolder.ps1 create mode 100644 intune/Externally Sourced Remediations/Miscellaneous/README.md create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Detect-BitLockerStatusReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Detect-CertificateExpiryReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Detect-DiskSpaceUsageReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Detect-EndpointProtectionStatusReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Detect-EventLogErrorReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Detect-FirewallStatusReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Detect-LocalAdminGroupReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Detect-PendingRebootReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Detect-ServiceStatusReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Detect-SoftwareInventoryReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Detect-UptimeReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Detect-UserActivityReport.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Remediate-Empty.ps1 create mode 100644 intune/Externally Sourced Remediations/Reporting/README.md create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Detect_AntiVirusStatus.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Remediate_AntiVirusStatus.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Detect_BatteryHealthWarning.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Remediate_BatteryHealthWarning.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Detect_CustomToastNotification.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Remediate_CustomToastNotification.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Detect_FirewallStatus.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Remediate_FirewallStatus.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Detect_HighCPUUsage.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Remediate_HighCPUUsage.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Detect_HighMemoryUsage.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Remediate_HighMemoryUsage.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Detect_NetworkConnectivityIssues.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Remediate_NetworkConnectivityIssues.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Detect_PendingWindowsUpdate.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Remediate_PendingWindowsUpdate.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Detect_PrinterIssues.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Remediate_PrinterIssues.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Detect_RebootRequired.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Remediate_RebootRequired.ps1 create mode 100644 intune/Externally Sourced Remediations/ToastNotifications/README.md diff --git a/.gitmodules b/.gitmodules index 8f2c264..ae7c145 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,3 +10,9 @@ [submodule "intune/Device Management/MacOS/IntuneBrew"] path = intune/Device Management/MacOS/IntuneBrew url = https://github.com/ugurkocde/IntuneBrew.git +[submodule "intune/Device Management/MacOS/intunemacadmins"] + path = intune/Device Management/MacOS/intunemacadmins + url = https://github.com/ugurkocde/intunemacadmins.git +[submodule "intune/App Installs/icons"] + path = intune/App Installs/icons + url = https://github.com/aaronparker/icons.git diff --git a/intune/App Installs/icons b/intune/App Installs/icons new file mode 160000 index 0000000..2f7f8bb --- /dev/null +++ b/intune/App Installs/icons @@ -0,0 +1 @@ +Subproject commit 2f7f8bbb3fc434319475d61336b21f93f399c3e4 diff --git a/intune/Device Management/MacOS/intunemacadmins b/intune/Device Management/MacOS/intunemacadmins new file mode 160000 index 0000000..4e7cad1 --- /dev/null +++ b/intune/Device Management/MacOS/intunemacadmins @@ -0,0 +1 @@ +Subproject commit 4e7cad17d6f705e018236ba7c39f2f4175e912b6 diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Detect_BitLocker.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Detect_BitLocker.ps1 new file mode 100644 index 0000000..f6d2a77 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Detect_BitLocker.ps1 @@ -0,0 +1,12 @@ +# Detection Script: Detect_BitLocker.ps1 + +# Check if BitLocker is enabled +$bitLockerStatus = Get-BitLockerVolume -MountPoint "C:" + +if ($bitLockerStatus.ProtectionStatus -ne "On") { + Write-Output "BitLocker is not enabled on the system drive." + exit 1 +} else { + Write-Output "BitLocker is enabled on the system drive." + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Remediate_BitLocker.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Remediate_BitLocker.ps1 new file mode 100644 index 0000000..df29d5c --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-BitLocker/Remediate_BitLocker.ps1 @@ -0,0 +1,6 @@ +# Remediation Script: Remediate_BitLocker.ps1 + +# Enable BitLocker on the system drive +Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector + +Write-Output "BitLocker has been enabled on the system drive." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Detect_CredentialGuard.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Detect_CredentialGuard.ps1 new file mode 100644 index 0000000..4cb39ac --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Detect_CredentialGuard.ps1 @@ -0,0 +1,12 @@ +# Detection Script: Detect_CredentialGuard.ps1 + +# Check if Credential Guard is enabled +$credentialGuardStatus = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard + +if ($credentialGuardStatus.SecurityServicesConfigured -contains 1 -and $credentialGuardStatus.SecurityServicesRunning -contains 1) { + Write-Output "Credential Guard is enabled." + exit 0 +} else { + Write-Output "Credential Guard is not enabled." + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Remediate_CredentialGuard.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Remediate_CredentialGuard.ps1 new file mode 100644 index 0000000..4cd76ec --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Remediate_CredentialGuard.ps1 @@ -0,0 +1,11 @@ +# Remediation Script: Remediate_CredentialGuard.ps1 + +# Enable Credential Guard +$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard" +Set-ItemProperty -Path $regKey -Name "EnableVirtualizationBasedSecurity" -Value 1 +Set-ItemProperty -Path $regKey -Name "RequirePlatformSecurityFeatures" -Value 1 + +$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\LSA" +Set-ItemProperty -Path $regKey -Name "LsaCfgFlags" -Value 1 + +Write-Output "Credential Guard has been enabled." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Detect_CustomCompliance_File.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Detect_CustomCompliance_File.ps1 new file mode 100644 index 0000000..f3fc7fa --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Detect_CustomCompliance_File.ps1 @@ -0,0 +1,8 @@ +# Check if a specific file exists +$filePath = "C:\Company\Compliance\requiredfile.txt" + +if (Test-Path $filePath) { + Write-Output "Compliance file is present." +} else { + Write-Output "Compliance file is missing." +} diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Remediate_CustomCompliance_File.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Remediate_CustomCompliance_File.ps1 new file mode 100644 index 0000000..59ff79f --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-File/Remediate_CustomCompliance_File.ps1 @@ -0,0 +1,14 @@ +# Ensure the specific file is in place +$filePath = "C:\Company\Compliance\requiredfile.txt" +$fileContent = "This is a required compliance file." + +if (-Not (Test-Path $filePath)) { + # Create the directory if it doesn't exist + $directoryPath = [System.IO.Path]::GetDirectoryName($filePath) + if (-Not (Test-Path $directoryPath)) { + New-Item -Path $directoryPath -ItemType Directory -Force | Out-Null + } + # Create the file with the required content + New-Item -Path $filePath -ItemType File -Force | Out-Null + Set-Content -Path $filePath -Value $fileContent +} diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Detect_CustomCompliance_Reg.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Detect_CustomCompliance_Reg.ps1 new file mode 100644 index 0000000..067b134 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Detect_CustomCompliance_Reg.ps1 @@ -0,0 +1,13 @@ +# Check if a specific registry key exists and a service is running +$regPath = "HKLM:\Software\MyCompany\Settings" +$regName = "ComplianceSetting" +$serviceName = "MyService" + +$regExists = Test-Path "$regPath\$regName" +$serviceStatus = Get-Service -Name $serviceName -ErrorAction SilentlyContinue + +if ($regExists -and $serviceStatus.Status -eq "Running") { + Write-Output "Compliance settings are in place." +} else { + Write-Output "Compliance settings are not in place." +} diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Remediate_CustomCompliance_Reg.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Remediate_CustomCompliance_Reg.ps1 new file mode 100644 index 0000000..e8c1ef8 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-CustomCompliance-Registry/Remediate_CustomCompliance_Reg.ps1 @@ -0,0 +1,17 @@ +# Ensure the registry key is set and the service is running +$regPath = "HKLM:\Software\MyCompany\Settings" +$regName = "ComplianceSetting" +$regValue = "Enabled" +$serviceName = "MyService" + +if (-Not (Test-Path "$regPath\$regName")) { + New-Item -Path $regPath -Force | Out-Null + New-ItemProperty -Path $regPath -Name $regName -Value $regValue -PropertyType String -Force | Out-Null +} else { + Set-ItemProperty -Path $regPath -Name $regName -Value $regValue +} + +$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue +if ($service.Status -ne "Running") { + Start-Service -Name $serviceName +} diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Detect_DeviceGuard.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Detect_DeviceGuard.ps1 new file mode 100644 index 0000000..18cf6f4 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Detect_DeviceGuard.ps1 @@ -0,0 +1,12 @@ +# Detection Script: Detect_DeviceGuard.ps1 + +# Check if Device Guard is enabled +$deviceGuardStatus = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard + +if ($deviceGuardStatus.SecurityServicesConfigured -contains 2 -and $deviceGuardStatus.SecurityServicesRunning -contains 2) { + Write-Output "Device Guard is enabled." + exit 0 +} else { + Write-Output "Device Guard is not enabled." + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Remediate_DeviceGuard.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Remediate_DeviceGuard.ps1 new file mode 100644 index 0000000..47619b4 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Remediate_DeviceGuard.ps1 @@ -0,0 +1,8 @@ +# Remediation Script: Remediate_DeviceGuard.ps1 + +# Enable Device Guard +$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard" +Set-ItemProperty -Path $regKey -Name "EnableVirtualizationBasedSecurity" -Value 1 +Set-ItemProperty -Path $regKey -Name "RequirePlatformSecurityFeatures" -Value 1 + +Write-Output "Device Guard has been enabled." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Detect_Firewall.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Detect_Firewall.ps1 new file mode 100644 index 0000000..157d3f0 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Detect_Firewall.ps1 @@ -0,0 +1,14 @@ +# Detection Script: Detect_Firewall.ps1 + +# Check if the firewall is enabled +$firewallStatus = Get-NetFirewallProfile -Profile Domain,Public,Private + +foreach ($profile in $firewallStatus) { + if ($profile.Enabled -eq $false) { +Write-Output "Firewall is disabled for profile: $($profile.Name)" + exit 1 + } +} + +Write-Output "Firewall is enabled for all profiles." +exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Remediate_Firewall.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Remediate_Firewall.ps1 new file mode 100644 index 0000000..ade775d --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-Firewall/Remediate_Firewall.ps1 @@ -0,0 +1,6 @@ +# Remediation Script: Remediate_Firewall.ps1 + +# Enable the firewall for all profiles +Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True + +Write-Output "Firewall has been enabled for all profiles." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Detect_SecureBoot.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Detect_SecureBoot.ps1 new file mode 100644 index 0000000..a78a808 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Detect_SecureBoot.ps1 @@ -0,0 +1,10 @@ +# Detection Script: Detect_SecureBoot.ps1 + +# Check if Secure Boot is enabled +if (Confirm-SecureBootUEFI) { + Write-Output "Secure Boot is enabled." + exit 0 +} else { + Write-Output "Secure Boot is not enabled." + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Remediate_SecureBoot.ps1 b/intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Remediate_SecureBoot.ps1 new file mode 100644 index 0000000..f8fc16c --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/Get-SecureBoot/Remediate_SecureBoot.ps1 @@ -0,0 +1,7 @@ +# Remediation Script: Remediate_SecureBoot.ps1 + +# Enable Secure Boot +$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State" +Set-ItemProperty -Path $regKey -Name "UEFISecureBootEnabled" -Value 1 + +Write-Output "Secure Boot has been enabled. A system reboot is required for changes to take effect." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceCompliance/README.md b/intune/Externally Sourced Remediations/DeviceCompliance/README.md new file mode 100644 index 0000000..2bf326f --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceCompliance/README.md @@ -0,0 +1,36 @@ +## Device Compliance + +### Get-BitLocker +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-BitLocker) +- **Detection**: Checks if BitLocker is enabled. +- **Remediation**: Enables BitLocker if it is disabled. + +### Get-CredentialGuard +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-CredentialGuard) +- **Detection**: Checks if CredentialGuard is enabled. +- **Remediation**: Enables CredentialGuard if it is disabled. + +### Get-CustomCompliance-Registry +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-CustomCompliance-Registry) +- **Detection**: Checks for an existing Registry File, considered required for "Compliance" in your environment. +- **Remediation**: Creates the Registry File specified if the detection cannot find the mentioned registry key. + +### Get-CustomCompliance-File +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-CustomCompliance-File) +- **Detection**: Checks for an existing File in a File Path, considered required for "Compliance" in your environment. +- **Remediation**: Creates the File (and Path) specified if the detection cannot find the mentioned file. + +### Get-DeviceGuard +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-DeviceGuard) +- **Detection**: Checks if DeviceGuard is enabled. +- **Remediation**: Enables DeviceGuard if it is disabled. + +### Get-Firewall +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-Firewall) +- **Detection**: Checks if any Firewall profiles are disabled. +- **Remediation**: Enables the Firewall profiles if they are disabled. + +### Get-SecureBoot +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceCompliance/Get-SecureBoot) +- **Detection**: Checks if SecureBoot is enabled. +- **Remediation**: Enables SecureBoot if it is disabled. (This will require a reboot) \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Detect_CorporateCertificate.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Detect_CorporateCertificate.ps1 new file mode 100644 index 0000000..54c26b8 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Detect_CorporateCertificate.ps1 @@ -0,0 +1,9 @@ +# Check if the certificate is installed +$cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=CorporateCert" } +if ($cert) { + Write-Output "Certificate is installed" + exit 0 +} else { + Write-Output "Certificate is not installed" + exit 1 +} diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Remediate_CorporateCertificate.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Remediate_CorporateCertificate.ps1 new file mode 100644 index 0000000..e292300 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateCertificate/Remediate_CorporateCertificate.ps1 @@ -0,0 +1,3 @@ +# Install the certificate +Import-Certificate -FilePath "C:\Path\To\CorporateCert.cer" -CertStoreLocation Cert:\LocalMachine\My +Write-Output "Certificate installed" diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Detect_CorporateVPN.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Detect_CorporateVPN.ps1 new file mode 100644 index 0000000..8ecaf22 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Detect_CorporateVPN.ps1 @@ -0,0 +1,9 @@ +# Check if the VPN profile is configured +$vpnProfile = Get-VpnConnection -Name "CorporateVPN" -ErrorAction SilentlyContinue +if ($vpnProfile) { + Write-Output "VPN is configured" + exit 0 +} else { + Write-Output "VPN is not configured" + exit 1 +} diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Remediate_CorporateVPN.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Remediate_CorporateVPN.ps1 new file mode 100644 index 0000000..947964e --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CorporateVPN/Remediate_CorporateVPN.ps1 @@ -0,0 +1,3 @@ +# Configure the VPN profile +Add-VpnConnection -Name "CorporateVPN" -ServerAddress "vpn.corporate.com" -TunnelType "L2tp" -AuthenticationMethod "Eap" -EncryptionLevel "Required" -RememberCredential +Write-Output "VPN configured" diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Detect_CustomWallpaper.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Detect_CustomWallpaper.ps1 new file mode 100644 index 0000000..205e263 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Detect_CustomWallpaper.ps1 @@ -0,0 +1,10 @@ +# Check if the corporate wallpaper is set +$wallpaperPath = "C:\Path\To\CorporateWallpaper.jpg" +$currentWallpaper = Get-ItemProperty -Path "HKCU:\Control Panel\Desktop\" -Name Wallpaper +if ($currentWallpaper.Wallpaper -ne $wallpaperPath) { + Write-Output "Wallpaper needs to be set" + exit 1 +} else { + Write-Output "Wallpaper is already set" + exit 0 +} diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Remediate_CustomWallpaper.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Remediate_CustomWallpaper.ps1 new file mode 100644 index 0000000..d9d16ea --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-CustomWallpaper/Remediate_CustomWallpaper.ps1 @@ -0,0 +1,5 @@ +# Set the corporate wallpaper +$wallpaperPath = "C:\Path\To\CorporateWallpaper.jpg" +Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\" -Name Wallpaper -Value $wallpaperPath +RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters +Write-Output "Wallpaper set" diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Detect_DriveMapping.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Detect_DriveMapping.ps1 new file mode 100644 index 0000000..02c5976 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Detect_DriveMapping.ps1 @@ -0,0 +1,16 @@ +# Detection Script: Detect_DriveMapping.ps1 + +# Define the network drive letter and path +$driveLetter = "Z:" +$networkPath = "\\server\share" + +# Check if the drive is mapped +$drive = Get-PSDrive -Name $driveLetter -ErrorAction SilentlyContinue + +if ($null -eq $drive -or $drive.Root -ne $networkPath) { + Write-Output "Network drive not mapped: $driveLetter" + exit 1 +} else { + Write-Output "Network drive is mapped: $driveLetter" + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Remediate_DriveMapping.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Remediate_DriveMapping.ps1 new file mode 100644 index 0000000..d44f70a --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-DriveMapping/Remediate_DriveMapping.ps1 @@ -0,0 +1,10 @@ +# Remediation Script: Remediate_DriveMapping.ps1 + +# Define the network drive letter and path +$driveLetter = "Z:" +$networkPath = "\\server\share" + +# Map the network drive +New-PSDrive -Name $driveLetter -PSProvider FileSystem -Root $networkPath -Persist + +Write-Output "Network drive has been mapped: $driveLetter" \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Detect_LocalDNSSettings.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Detect_LocalDNSSettings.ps1 new file mode 100644 index 0000000..9be754f --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Detect_LocalDNSSettings.ps1 @@ -0,0 +1,9 @@ +# Check DNS settings +$dnsServers = Get-DnsClientServerAddress -AddressFamily IPv4 | Select-Object -ExpandProperty ServerAddresses +if ($dnsServers -notcontains "8.8.8.8") { + Write-Output "DNS settings need to be updated" + exit 1 +} else { + Write-Output "DNS settings are correct" + exit 0 +} diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Remediate_LocalDNSSettings.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Remediate_LocalDNSSettings.ps1 new file mode 100644 index 0000000..3d0f6fa --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-LocalDNSSettings/Remediate_LocalDNSSettings.ps1 @@ -0,0 +1,3 @@ +# Set DNS settings +Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses "8.8.8.8","8.8.4.4" +Write-Output "DNS settings updated" diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Detect_OfficeTemplates.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Detect_OfficeTemplates.ps1 new file mode 100644 index 0000000..fec284c --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Detect_OfficeTemplates.ps1 @@ -0,0 +1,9 @@ +# Detection Script (Detect_OfficeTemplates.ps1) +$TemplatePath = "C:\Program Files\Microsoft Office\root\Templates\1033\CompanyLetter.dotx" +if (Test-Path -Path $TemplatePath) { + Write-Host "Template file exists: $TemplatePath" + exit 0 +} else { + Write-Host "Template file not found: $TemplatePath" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Remediate_OfficeTemplates.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Remediate_OfficeTemplates.ps1 new file mode 100644 index 0000000..e6be72d --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OfficeTemplates/Remediate_OfficeTemplates.ps1 @@ -0,0 +1,10 @@ +# Remediation Script (Remediate_OfficeTemplates.ps1) +$SourcePath = "\\server\share\Templates\CompanyLetter.dotx" +$DestinationPath = "C:\Program Files\Microsoft Office\root\Templates\1033\CompanyLetter.dotx" + +if (Test-Path -Path $SourcePath) { + Copy-Item -Path $SourcePath -Destination $DestinationPath -Force + Write-Host "Template file copied to: $DestinationPath" +} else { + Write-Host "Template file not found in the central repository." +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Detect_OutlookTemplate.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Detect_OutlookTemplate.ps1 new file mode 100644 index 0000000..9681bf2 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Detect_OutlookTemplate.ps1 @@ -0,0 +1,9 @@ +# Detection Script (Detect_OutlookTemplate.ps1) +$TemplatePath = "$env:APPDATA\Microsoft\Templates\NormalEmail.dotm" +if (Test-Path -Path $TemplatePath) { + Write-Host "NormalEmail.dotm template exists: $TemplatePath" + exit 0 +} else { + Write-Host "NormalEmail.dotm template not found: $TemplatePath" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Remediate_OutlookTemplate.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Remediate_OutlookTemplate.ps1 new file mode 100644 index 0000000..f2c35b1 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-OutlookTemplate/Remediate_OutlookTemplate.ps1 @@ -0,0 +1,10 @@ +# Remediation Script (Remediate_OutlookTemplate.ps1) +$SourcePath = "\\server\share\Templates\NormalEmail.dotm" +$DestinationPath = "$env:APPDATA\Microsoft\Templates\NormalEmail.dotm" + +if (Test-Path -Path $SourcePath) { + Copy-Item -Path $SourcePath -Destination $DestinationPath -Force + Write-Host "NormalEmail.dotm template updated." +} else { + Write-Host "Template file not found in the central repository." +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Detect_TimeZone.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Detect_TimeZone.ps1 new file mode 100644 index 0000000..a67d278 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Detect_TimeZone.ps1 @@ -0,0 +1,15 @@ +# Detection Script: Detect_TimeZone.ps1 + +# Define the required time zone +$requiredTimeZone = "Pacific Standard Time" + +# Get the current time zone +$currentTimeZone = (Get-TimeZone).Id + +if ($currentTimeZone -ne $requiredTimeZone) { + Write-Output "Incorrect time zone: $currentTimeZone" + exit 1 +} else { + Write-Output "Time zone is correct: $currentTimeZone" + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Remediate_TimeZone.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Remediate_TimeZone.ps1 new file mode 100644 index 0000000..95e2381 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-TimeZone/Remediate_TimeZone.ps1 @@ -0,0 +1,9 @@ +# Remediation Script: Remediate_TimeZone.ps1 + +# Define the required time zone +$requiredTimeZone = "Pacific Standard Time" + +# Set the time zone +Set-TimeZone -Id $requiredTimeZone + +Write-Output "Time zone has been set to: $requiredTimeZone" \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Detect_UAC.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Detect_UAC.ps1 new file mode 100644 index 0000000..97af9b2 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Detect_UAC.ps1 @@ -0,0 +1,15 @@ +# Detection Script: Detect_UAC.ps1 + +# Check if UAC is enabled +$uacStatus = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -ErrorAction SilentlyContinue + +if ($null -eq $uacStatus) { + Write-Output "UAC status: NotConfigured" + exit 1 +} elseif ($uacStatus -eq 0) { + Write-Output "UAC status: Disabled" + exit 1 +} else { + Write-Output "UAC status: Enabled" + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Remediate_UAC.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Remediate_UAC.ps1 new file mode 100644 index 0000000..bb7e912 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-UAC/Remediate_UAC.ps1 @@ -0,0 +1,12 @@ +# Remediation Script: Remediate_UAC.ps1 + +# Check if UAC is enabled +$uacStatus = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -ErrorAction SilentlyContinue + +if ($null -eq $uacStatus -or $uacStatus -eq 0) { + # Enable UAC + Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -Value 1 + Write-Output "UAC has been enabled." +} else { + Write-Output "UAC is already enabled." +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Detect_WDAC.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Detect_WDAC.ps1 new file mode 100644 index 0000000..ece7122 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Detect_WDAC.ps1 @@ -0,0 +1,12 @@ +# Detection Script: Detect_WDAC.ps1 + +# Check if WDAC is enabled +$wdacStatus = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard + +if ($wdacStatus.SecurityServicesConfigured -contains 2 -and $wdacStatus.SecurityServicesRunning -contains 2) { + Write-Output "WDAC is enabled." + exit 0 +} else { + Write-Output "WDAC is not enabled." + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Remediate_WDAC.ps1 b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Remediate_WDAC.ps1 new file mode 100644 index 0000000..0ca1d4a --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/Get-WDAC/Remediate_WDAC.ps1 @@ -0,0 +1,13 @@ +# Remediation Script: Remediate_WDAC.ps1 + +# Define the path to the WDAC policy binary file +$policyBinaryPath = "C:\Path\To\Your\Policy.cip" + +# Copy the policy binary to the correct location +$destinationFolder = "$env:windir\System32\CodeIntegrity\CIPolicies\Active\" +Copy-Item -Path $policyBinaryPath -Destination $destinationFolder + +# Enable WDAC policy +Start-Process -FilePath "powershell.exe" -ArgumentList "-Command", "ciTool.exe --update-policy $policyBinaryPath" -NoNewWindow -Wait + +Write-Output "WDAC policy has been applied. A system reboot is required for changes to take effect." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DeviceConfiguration/README.md b/intune/Externally Sourced Remediations/DeviceConfiguration/README.md new file mode 100644 index 0000000..53a4930 --- /dev/null +++ b/intune/Externally Sourced Remediations/DeviceConfiguration/README.md @@ -0,0 +1,51 @@ +## Device Configuration + +### Get-CorporateCertificate +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-CorporateCertificate) +- **Detection**: Checks for a specific certificate is installed (requires modification based on your requirements). +- **Remediation**: Installs the missing certificate from a file path. + +### Get-CorporateVPN +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-CorporateVPN) +- **Detection**: Checks for a specific VPN Connection is configured (requires modification based on your requirements). +- **Remediation**: Configures the missing VPN Connection. + +### Get-CustomWallpaper +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-CustomWallpaper) +- **Detection**: Checks for a specific wallpaper is configured (requires modification based on your requirements). +- **Remediation**: Configures the custom wallpaper. + +### Get-DriveMapping +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-DriveMapping) +- **Detection**: Checks for a specific mapped drive (requires modification based on your requirements). +- **Remediation**: Maps the missing drive if it is not located. + +### Get-LocalDNSSettings +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-LocalDNSSettings) +- **Detection**: Checks for a specific DNS Setting on your Ethernet (requires modification based on your requirements). +- **Remediation**: Configures the Local DNS settings if it is incorrect. + +### Get-OfficeTemplates +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-OfficeTemplates) +- **Detection**: Checks the Templates folder for a specific template file within Program Files repo. +- **Remediation**: Will copy a template file from a network share to the Program Files repo. + +### Get-OutlookTemplate +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-OutlookTemplate) +- **Detection**: Checks the **NormalEmail.dotm** file within AppData associated to Outlook Emails. +- **Remediation**: Will copy the **NormalEmail.dotm** file from a network share to the AppData repo. + +### Get-TimeZone +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-TimeZone) +- **Detection**: Checks for a specific Time Zone (requires modification based on your requirements). +- **Remediation**: Corrects the endpoint's Time Zone if it is incorrect. + +### Get-UAC +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-UAC) +- **Detection**: Checks if UAC is enabled. +- **Remediation**: Enables UAC if it is disabled. + +### Get-WDAC +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-WDAC) +- **Detection**: Checks for a specific WDAC Policy (requires modification based on your requirements). +- **Remediation**: Corrects the endpoint's WDAC Policy if it is not detected. \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Detect_DiskCleanup.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Detect_DiskCleanup.ps1 new file mode 100644 index 0000000..23cf8c2 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Detect_DiskCleanup.ps1 @@ -0,0 +1,9 @@ +# Check for low disk space +$freeSpace = (Get-PSDrive -Name C).Free +if ($freeSpace -lt 10GB) { + Write-Output "Low disk space" + exit 1 +} else { + Write-Output "Sufficient disk space" + exit 0 +} diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Remediate_DiskCleanup.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Remediate_DiskCleanup.ps1 new file mode 100644 index 0000000..6902dea --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-DiskCleanup/Remediate_DiskCleanup.ps1 @@ -0,0 +1,3 @@ +# Perform disk cleanup +Start-Process -FilePath "cleanmgr.exe" -ArgumentList "/sagerun:1" -Wait +Write-Output "Disk cleanup performed" diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Detect_InactiveUsers.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Detect_InactiveUsers.ps1 new file mode 100644 index 0000000..b48dd3d --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Detect_InactiveUsers.ps1 @@ -0,0 +1,24 @@ +# Define the inactivity threshold in days +$inactivityThreshold = 90 + +# Get the current date +$currentDate = Get-Date + +# Get all user profiles on the endpoint +$userProfiles = Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } + +foreach ($profile in $userProfiles) { + # Get the last use time of the profile + $lastUseTime = [Management.ManagementDateTimeConverter]::ToDateTime($profile.LastUseTime) + + # Calculate the number of days since the profile was last used + $daysInactive = ($currentDate - $lastUseTime).Days + + if ($daysInactive -ge $inactivityThreshold) { + # Exit with code 1 to indicate an issue was detected + exit 1 + } +} + +# Exit with code 0 to indicate no issues were detected +exit 0 diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Remediate_InactiveUsers.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Remediate_InactiveUsers.ps1 new file mode 100644 index 0000000..556bcad --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-EntraID/Remediate_InactiveUsers.ps1 @@ -0,0 +1,24 @@ +# Define the inactivity threshold in days +$inactivityThreshold = 90 + +# Get the current date +$currentDate = Get-Date + +# Get all user profiles on the endpoint +$userProfiles = Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } + +foreach ($profile in $userProfiles) { + # Get the last use time of the profile + $lastUseTime = [Management.ManagementDateTimeConverter]::ToDateTime($profile.LastUseTime) + + # Calculate the number of days since the profile was last used + $daysInactive = ($currentDate - $lastUseTime).Days + + if ($daysInactive -ge $inactivityThreshold) { + # Log the profile that is inactive + Write-Output "Inactive profile detected: $($profile.LocalPath) - Last used: $lastUseTime" + + # Optionally, remove the inactive profile + # Remove-WmiObject -InputObject $profile + } +} diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Detect_InactiveUsers.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Detect_InactiveUsers.ps1 new file mode 100644 index 0000000..52cd759 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Detect_InactiveUsers.ps1 @@ -0,0 +1,23 @@ +# Detection Script: Detect_InactiveUsers.ps1 + +# Define the inactivity threshold in days +$inactivityThreshold = 90 + +# Get the current date +$currentDate = Get-Date + +# Get all user accounts +$userAccounts = Get-LocalUser + +foreach ($user in $userAccounts) { + # Check the last logon date +$lastLogonDate = (Get-LocalUser -Name $user.Name).LastLogon + + if ($lastLogonDate -lt $currentDate.AddDays(-$inactivityThreshold)) { +Write-Output "Inactive user account detected: $($user.Name)" + exit 1 + } +} + +Write-Output "No inactive user accounts detected." +exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Remediate_InactiveUsers.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Remediate_InactiveUsers.ps1 new file mode 100644 index 0000000..962927b --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-InactiveUsers-Local/Remediate_InactiveUsers.ps1 @@ -0,0 +1,23 @@ +# Remediation Script: Remediate_InactiveUsers.ps1 + +# Define the inactivity threshold in days +$inactivityThreshold = 90 + +# Get the current date +$currentDate = Get-Date + +# Get all user accounts +$userAccounts = Get-LocalUser + +foreach ($user in $userAccounts) { + # Check the last logon date +$lastLogonDate = (Get-LocalUser -Name $user.Name).LastLogon + + if ($lastLogonDate -lt $currentDate.AddDays(-$inactivityThreshold)) { + # Disable inactive user account +Disable-LocalUser -Name $user.Name +Write-Output "Disabled inactive user account: $($user.Name)" + } +} + +Write-Output "Inactive user accounts have been disabled." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 new file mode 100644 index 0000000..0820bf8 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 @@ -0,0 +1,15 @@ +# Detection Script: Detect_LowDiskSpace.ps1 + +# Define the threshold for low disk space in GB +$thresholdGB = 10 + +# Get the free space on the system drive +$freeSpaceGB = [math]::Round((Get-PSDrive -Name C).Free / 1GB, 2) + +if ($freeSpaceGB -lt $thresholdGB) { + Write-Output "Low disk space detected: $freeSpaceGB GB free" + exit 1 +} else { + Write-Output "Sufficient disk space: $freeSpaceGB GB free" + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 new file mode 100644 index 0000000..372cea5 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 @@ -0,0 +1,14 @@ +# Remediation Script: Remediate_LowDiskSpace.ps1 + +# Clear temporary files +$TempFolder = "$env:Temp" +Remove-Item "$TempFolder\*" -Recurse -Force -ErrorAction SilentlyContinue + +# Clear Windows Update cache +$WindowsUpdateCache = "C:\Windows\SoftwareDistribution\Download" +Remove-Item "$WindowsUpdateCache\*" -Recurse -Force -ErrorAction SilentlyContinue + +# Clear Recycle Bin +Clear-RecycleBin -Force -ErrorAction SilentlyContinue + +Write-Output "Disk space cleanup completed." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Detect_SystemPerformance.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Detect_SystemPerformance.ps1 new file mode 100644 index 0000000..d050244 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Detect_SystemPerformance.ps1 @@ -0,0 +1,24 @@ +# Detection Script: Detect_SystemPerformance.ps1 + +# Define thresholds for high usage +$cpuThreshold = 80 +$memoryThreshold = 80 +$diskThreshold = 80 + +# Get current CPU usage +$cpuUsage = Get-Counter '\Processor(_Total)\% Processor Time' | Select-Object -ExpandProperty CounterSamples | Select-Object -ExpandProperty CookedValue + +# Get current memory usage +$memoryUsage = (Get-Counter '\Memory\% Committed Bytes In Use').CounterSamples.CookedValue + +# Get current disk usage +$diskUsage = Get-Counter '\LogicalDisk(_Total)\% Disk Time' | Select-Object -ExpandProperty CounterSamples | Select-Object -ExpandProperty CookedValue + +# Check if any usage exceeds the threshold +if ($cpuUsage -gt $cpuThreshold -or $memoryUsage -gt $memoryThreshold -or $diskUsage -gt $diskThreshold) { + Write-Output "High system resource usage detected: CPU=$cpuUsage%, Memory=$memoryUsage%, Disk=$diskUsage%" + exit 1 +} else { + Write-Output "System resource usage is within acceptable limits: CPU=$cpuUsage%, Memory=$memoryUsage%, Disk=$diskUsage%" + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Remediate_SystemPerformance.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Remediate_SystemPerformance.ps1 new file mode 100644 index 0000000..52ec4ad --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-SystemPerformance/Remediate_SystemPerformance.ps1 @@ -0,0 +1,20 @@ +# Remediation Script: Remediate_SystemPerformance.ps1 + +# Clear temporary files +$TempFolder = "$env:Temp" +Remove-Item "$TempFolder\*" -Recurse -Force -ErrorAction SilentlyContinue + +# Clear Windows Update cache +$WindowsUpdateCache = "C:\Windows\SoftwareDistribution\Download" +Remove-Item "$WindowsUpdateCache\*" -Recurse -Force -ErrorAction SilentlyContinue + +# Optimize disk space +Start-Process -FilePath "cleanmgr.exe" -ArgumentList "/sagerun:1" -NoNewWindow -Wait + +# Defragment the disk (if not SSD) +$diskType = Get-PhysicalDisk | Where-Object MediaType -eq "HDD" +if ($diskType) { + Optimize-Volume -DriveLetter C -Defrag -Verbose +} + +Write-Output "System performance optimization tasks completed." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Detect_UserProfiles.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Detect_UserProfiles.ps1 new file mode 100644 index 0000000..dcbfd59 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Detect_UserProfiles.ps1 @@ -0,0 +1,32 @@ +# Detection Script: Detect_UserProfiles.ps1 + +# Define the size threshold in MB +$sizeThresholdMB = 500 + +# Get all user profiles +$userProfiles = Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } + +# Initialize flag for non-compliance +$nonCompliant = $false + +foreach ($profile in $userProfiles) { + # Check if the profile is corrupted + if ($profile.Status -ne 0) { + Write-Output "Corrupted profile detected: $($profile.LocalPath)" + $nonCompliant = $true + } + + # Check if the profile size exceeds the threshold + $profileSizeMB = [math]::Round((Get-ChildItem -Path $profile.LocalPath -Recurse | Measure-Object -Property Length -Sum).Sum / 1MB, 2) + if ($profileSizeMB -gt $sizeThresholdMB) { + Write-Output "Profile size exceeds threshold: $($profile.LocalPath) - Size: $profileSizeMB MB" + $nonCompliant = $true + } +} + +if ($nonCompliant) { + exit 1 +} else { + Write-Output "All user profiles are compliant." + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Remediate_UserProfiles.ps1 b/intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Remediate_UserProfiles.ps1 new file mode 100644 index 0000000..6537793 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/Get-UserProfiles/Remediate_UserProfiles.ps1 @@ -0,0 +1,26 @@ +# Remediation Script: Remediate_UserProfiles.ps1 + +# Define the size threshold in MB +$sizeThresholdMB = 500 + +# Get all user profiles +$userProfiles = Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } + +foreach ($profile in $userProfiles) { + # Check if the profile is corrupted + if ($profile.Status -ne 0) { + # Remove corrupted profile + Remove-WmiObject -InputObject $profile + Write-Output "Removed corrupted profile: $($profile.LocalPath)" + } + + # Check if the profile size exceeds the threshold + $profileSizeMB = [math]::Round((Get-ChildItem -Path $profile.LocalPath -Recurse | Measure-Object -Property Length -Sum).Sum / 1MB, 2) + if ($profileSizeMB -gt $sizeThresholdMB) { + # Remove large profile + Remove-WmiObject -InputObject $profile + Write-Output "Removed large profile: $($profile.LocalPath) - Size: $profileSizeMB MB" + } +} + +Write-Output "User profile remediation tasks completed." \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/DevicePerformance/README.md b/intune/Externally Sourced Remediations/DevicePerformance/README.md new file mode 100644 index 0000000..1451850 --- /dev/null +++ b/intune/Externally Sourced Remediations/DevicePerformance/README.md @@ -0,0 +1,31 @@ +## Device Performance + +### Get-DiskCleanup +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DevicePerformance/Get-DiskCleanup) +- **Detection**: Checks for low disk space on C: (requires modification based on your requirements). +- **Remediation**: Performs Disk Cleanup if low disk space is detected. + +### Get-InactiveUsers-EntraID +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DevicePerformance/Get-InactiveUsers-EntraID) +- **Detection**: Checks for all inactive profiles (Including Entra ID) based on a specified time period (requires modification based on your requirements). +- **Remediation**: Removes inactive profiles if detected. + +### Get-InactiveUsers-Local +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DevicePerformance/Get-InactiveUsers-Local) +- **Detection**: Checks for any local inactive profiles based on a specified time period (requires modification based on your requirements). +- **Remediation**: Removes inactive profiles if detected. + +### Get-LowDiskSpace +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DevicePerformance/Get-LowDiskSpace) +- **Detection**: Checks for low disk space on C: (requires modification based on your requirements). +- **Remediation**: Clears notable Temp locations if low disk space is detected. + +### Get-SystemPerformance +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DevicePerformance/Get-SystemPerformance) +- **Detection**: Checks the % usage of CPU/Memory/Disk (requires modification based on your requirements). +- **Remediation**: Clears notable Temp locations and performs optimization tasks if usage is above the specified threshold. + +### Get-UserProfiles +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DevicePerformance/Get-UserProfiles) +- **Detection**: Checks for large user profile sizes (requires modification based on your requirements). +- **Remediation**: Clears notable Temp locations if large profiles are detected. Also reports and clears corrupted profiles as required. \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Detect_CloudDeliveredProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Detect_CloudDeliveredProtection.ps1 new file mode 100644 index 0000000..93f9718 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Detect_CloudDeliveredProtection.ps1 @@ -0,0 +1,10 @@ +# Check if cloud-delivered protection is enabled +$cloudProtection = Get-MpPreference | Select-Object -ExpandProperty MAPSReporting + +if ($cloudProtection -ne 0) { + Write-Output "Cloud-delivered protection is enabled." + exit 0 +} else { + Write-Output "Cloud-delivered protection is disabled." + exit 1 +} diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Remediate_CloudDeliveredProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Remediate_CloudDeliveredProtection.ps1 new file mode 100644 index 0000000..4434c9c --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-CloudDeliveredProtection/Remediate_CloudDeliveredProtection.ps1 @@ -0,0 +1,3 @@ +# Enable cloud-delivered protection +Set-MpPreference -MAPSReporting Advanced +exit 0 diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Detect_ExploitProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Detect_ExploitProtection.ps1 new file mode 100644 index 0000000..205c172 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Detect_ExploitProtection.ps1 @@ -0,0 +1,10 @@ +# Check if exploit protection settings are applied +$exploitProtection = Get-MpPreference | Select-Object -ExpandProperty ExploitProtection + +if ($exploitProtection) { + Write-Output "Exploit protection settings are applied." + exit 0 +} else { + Write-Output "Exploit protection settings are not applied." + exit 1 +} diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Remdiate_ExploitProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Remdiate_ExploitProtection.ps1 new file mode 100644 index 0000000..3f27e8c --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ExploitProtection/Remdiate_ExploitProtection.ps1 @@ -0,0 +1,3 @@ +# Apply recommended exploit protection settings +Add-MpPreference -ExploitProtectionSettings "Recommended" +exit 0 diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Detect_NetworkProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Detect_NetworkProtection.ps1 new file mode 100644 index 0000000..d4dd80d --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Detect_NetworkProtection.ps1 @@ -0,0 +1,10 @@ +# Check if network protection is enabled +$networkProtection = Get-MpPreference | Select-Object -ExpandProperty EnableNetworkProtection + +if ($networkProtection -eq 1) { + Write-Output "Network protection is enabled." + exit 0 +} else { + Write-Output "Network protection is disabled." + exit 1 +} diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Remediate_NetworkProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Remediate_NetworkProtection.ps1 new file mode 100644 index 0000000..5af5d1a --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-NetworkProtection/Remediate_NetworkProtection.ps1 @@ -0,0 +1,3 @@ +# Enable network protection +Set-MpPreference -EnableNetworkProtection Enabled +exit 0 diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Detect_PUA-Protection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Detect_PUA-Protection.ps1 new file mode 100644 index 0000000..fb66e81 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Detect_PUA-Protection.ps1 @@ -0,0 +1,7 @@ +if((Get-MpPreference).PUAProtection -eq 1) { + Write-Output "Device Compliant" + exit 0 +} else { + Write-Output "Device Non-Compliant" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Remediate_PUA-Protection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Remediate_PUA-Protection.ps1 new file mode 100644 index 0000000..0f40e38 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-PUAProtection/Remediate_PUA-Protection.ps1 @@ -0,0 +1,9 @@ +try { + Set-MpPreference -PUAProtection Enabled + Write-Output "Device Remediated" + exit 0 +} +catch { + Write-Output "Remediation Failed" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Detect_Malware.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Detect_Malware.ps1 new file mode 100644 index 0000000..f13ac1a --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Detect_Malware.ps1 @@ -0,0 +1,15 @@ +# Detection Script: Detect_Malware.ps1 + +# Perform a quick scan using Microsoft Defender +Start-MpScan -ScanType QuickScan + +# Check the scan results +$scanResults = Get-MpThreatDetection + +if ($scanResults) { + Write-Output "Malware detected: $($scanResults.ThreatName)" + exit 1 +} else { + Write-Output "No malware detected." + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Remediate_Malware.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Remediate_Malware.ps1 new file mode 100644 index 0000000..17127d7 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-QuickScan/Remediate_Malware.ps1 @@ -0,0 +1,15 @@ +# Remediation Script: Remediate_Malware.ps1 + +# Perform a full scan using Microsoft Defender +Start-MpScan -ScanType FullScan + +# Check the scan results +$scanResults = Get-MpThreatDetection + +if ($scanResults) { + # Remove detected malware + Remove-MpThreat -ThreatID $scanResults.ThreatID + Write-Output "Malware removed: $($scanResults.ThreatName)" +} else { + Write-Output "No malware detected." +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Detect_RealTimeBehavior.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Detect_RealTimeBehavior.ps1 new file mode 100644 index 0000000..5a863f6 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Detect_RealTimeBehavior.ps1 @@ -0,0 +1,7 @@ +if((Get-MpComputerStatus).BehaviorMonitorEnabled -eq "True") { + Write-Output "Device Compliant" + exit 0 +} else { + Write-Output "Device Non-Compliant" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Remediate_RealTimeBehavior.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Remediate_RealTimeBehavior.ps1 new file mode 100644 index 0000000..81be131 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeBehaviour/Remediate_RealTimeBehavior.ps1 @@ -0,0 +1,9 @@ +try { + Set-MpPreference -DisableBehaviorMonitoring $false + Write-Output "Device Remediated" + exit 0 +} +catch { + Write-Output "Remediation Failed" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Detect_RealTimeProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Detect_RealTimeProtection.ps1 new file mode 100644 index 0000000..bb0a0c5 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Detect_RealTimeProtection.ps1 @@ -0,0 +1,8 @@ + +if((Get-MpComputerStatus).RealTimeProtectionEnabled -eq "True") { + Write-Output "Device Compliant" + exit 0 +} else { + Write-Output "Device Non-Compliant" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Remediate_RealTimeProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Remediate_RealTimeProtection.ps1 new file mode 100644 index 0000000..0a88594 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-RealTimeProtection/Remediate_RealTimeProtection.ps1 @@ -0,0 +1,9 @@ +try { + Set-MpPreference -DisableRealtimeMonitoring $false + Write-Output "Device Remediated" + exit 0 +} +catch { + Write-Output "Remediation Failed" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Detect_ScheduledScans.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Detect_ScheduledScans.ps1 new file mode 100644 index 0000000..e717af2 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Detect_ScheduledScans.ps1 @@ -0,0 +1,10 @@ +# Check if scheduled scans are configured +$scanSchedule = Get-MpPreference | Select-Object -ExpandProperty ScanScheduleQuickScanTime + +if ($scanSchedule) { + Write-Output "Scheduled scans are configured." + exit 0 +} else { + Write-Output "Scheduled scans are not configured." + exit 1 +} diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Remediate_ScheduledScans.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Remediate_ScheduledScans.ps1 new file mode 100644 index 0000000..89aa594 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-ScheduledScan/Remediate_ScheduledScans.ps1 @@ -0,0 +1,4 @@ +# Schedule quick scans daily and full scans weekly +Set-MpPreference -ScanScheduleQuickScanTime (Get-Date).AddDays(1).TimeOfDay +Set-MpPreference -ScanScheduleFullScanTime (Get-Date).AddDays(7).TimeOfDay +exit 0 diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Detect_SignatureIntelligenceUpdates.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Detect_SignatureIntelligenceUpdates.ps1 new file mode 100644 index 0000000..7167d28 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Detect_SignatureIntelligenceUpdates.ps1 @@ -0,0 +1,10 @@ +# Check if security intelligence updates are up-to-date +$lastUpdate = Get-MpComputerStatus | Select-Object -ExpandProperty AntivirusSignatureLastUpdated + +if ($lastUpdate -lt (Get-Date).AddDays(-1)) { + Write-Output "Security intelligence updates are outdated." + exit 1 +} else { + Write-Output "Security intelligence updates are up-to-date." + exit 0 +} diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Remediate_SignatureIntelligenceUpdates.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Remediate_SignatureIntelligenceUpdates.ps1 new file mode 100644 index 0000000..2fe5580 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates/Remediate_SignatureIntelligenceUpdates.ps1 @@ -0,0 +1,3 @@ +# Update security intelligence +Update-MpSignature +exit 0 diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Detect_TamperProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Detect_TamperProtection.ps1 new file mode 100644 index 0000000..e4fa1dd --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Detect_TamperProtection.ps1 @@ -0,0 +1,10 @@ +# Check if tamper protection is enabled +$tamperProtection = Get-MpPreference | Select-Object -ExpandProperty DisableTamperProtection + +if ($tamperProtection -eq $false) { + Write-Output "Tamper protection is enabled." + exit 0 +} else { + Write-Output "Tamper protection is disabled." + exit 1 +} diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Remediate_TamperProtection.ps1 b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Remediate_TamperProtection.ps1 new file mode 100644 index 0000000..db79d5f --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/Get-TamperProtection/Remediate_TamperProtection.ps1 @@ -0,0 +1,3 @@ +# Enable tamper protection +Set-MpPreference -DisableTamperProtection $false +exit 0 diff --git a/intune/Externally Sourced Remediations/MicrosoftDefenderAV/README.md b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/README.md new file mode 100644 index 0000000..28afa48 --- /dev/null +++ b/intune/Externally Sourced Remediations/MicrosoftDefenderAV/README.md @@ -0,0 +1,51 @@ +## Microsoft Defender AV + +### Get-CloudDeliveredProtection +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-CloudDeliveredProtection) +- **Detection**: Checks if Cloud-Delivered Protection is enabled. +- **Remediation**: Enables Cloud-Delivered Protection if it is disabled. + +### Get-ExploitProtection +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-ExploitProtection) +- **Detection**: Checks if Exploit Protection is enabled. +- **Remediation**: Enables Exploit Protection if it is disabled. + +### Get-NetworkProtection +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-NetworkProtection) +- **Detection**: Checks if Network Protection is enabled. +- **Remediation**: Enables Network Protection if it is disabled. + +### Get-PUAProtection +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-PUAProtection) +- **Detection**: Checks if PUA Protection is enabled. +- **Remediation**: Enables PUA Protection if it is disabled. + +### Get-QuickScan +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-QuickScan) +- **Detection**: Performs a Quick Scan via Defender AV on the endpoint. +- **Remediation**: Performs a Full Scan if malware is detected during the Quick Scan. + +### Get-RealTimeBehaviour +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-RealTimeBehaviour) +- **Detection**: Checks if Real Time Behaviour is enabled. +- **Remediation**: Enables Real Time Behaviour if it is disabled. + +### Get-RealTimeProtection +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-RealTimeProtection) +- **Detection**: Checks if Real Time Protection is enabled. +- **Remediation**: Enables Real Time Protection if it is disabled. + +### Get-ScheduledScan +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-ScheduledScan) +- **Detection**: Checks if a Scheduled AV Scan is present on the Endpoint. +- **Remediation**: Configures a Daily Quick Scan and Weekly Full Scan if no scan is present on the Endpoint. + +### Get-SecurityIntelligenceUpdates +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-SecurityIntelligenceUpdates) +- **Detection**: Checks if Security Intelligence Updates are current on the Endpoint. +- **Remediation**: Runs a Security Intelligence Updates if the device is found not to be running a recent version of Security Intelligence Updates. + +### Get-TamperProtection +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/MicrosoftDefenderAV/Get-TamperProtection) +- **Detection**: Checks if Tamper Protection is enabled. +- **Remediation**: Enables Tamper Protection if it is disabled. \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey-hkcu.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey-hkcu.ps1 new file mode 100644 index 0000000..bdfff21 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey-hkcu.ps1 @@ -0,0 +1,20 @@ +##Enter the path to the registry key +$regpath = "HKCU:\Software\Policies\Microsoft\Windows\WindowsAI" +##Enter the name of the registry key +$regname = "DisableAIDataAnalysis" +##Enter the value of the registry key +$regvalue = "1" + +Try { + $Registry = Get-ItemProperty -Path $regpath -Name $regname -ErrorAction Stop | Select-Object -ExpandProperty $regname + If ($Registry -eq $regvalue){ + Write-Output "Compliant" + Exit 0 + } + Write-Warning "Not Compliant" + Exit 1 +} +Catch { + Write-Output "RegKey Not Found, Compliant" + Exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey.ps1 new file mode 100644 index 0000000..afb7cfb --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/detect-windowsai-regkey.ps1 @@ -0,0 +1,20 @@ +##Enter the path to the registry key +$regpath = "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WindowsAI" +##Enter the name of the registry key +$regname = "DisableAIDataAnalysis" +##Enter the value of the registry key +$regvalue = "1" + +Try { + $Registry = Get-ItemProperty -Path $regpath -Name $regname -ErrorAction Stop | Select-Object -ExpandProperty $regname + If ($Registry -eq $regvalue){ + Write-Output "Compliant" + Exit 0 + } + Write-Warning "Not Compliant" + Exit 1 +} +Catch { + Write-Output "RegKey Not Found, Compliant" + Exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey-hkcu.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey-hkcu.ps1 new file mode 100644 index 0000000..bb71f15 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey-hkcu.ps1 @@ -0,0 +1,10 @@ +##Enter the path to the registry key +$regpath = "HKCU:\Software\Policies\Microsoft\Windows\WindowsAI" +##Enter the name of the registry key +$regname = "DisableAIDataAnalysis" +##Enter the value of the registry key +$regvalue = "1" +##Enter the type of the registry key +$regtype = "DWord" + +New-ItemProperty -Path $regpath -Name $regname -Value $regvalue -PropertyType $regtype -Force \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey.ps1 new file mode 100644 index 0000000..aa0cb40 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Disable-WindowsAI-Registry/remediate-windowsai-regkey.ps1 @@ -0,0 +1,10 @@ +##Enter the path to the registry key +$regpath = "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WindowsAI" +##Enter the name of the registry key +$regname = "DisableAIDataAnalysis" +##Enter the value of the registry key +$regvalue = "1" +##Enter the type of the registry key +$regtype = "DWord" + +New-ItemProperty -Path $regpath -Name $regname -Value $regvalue -PropertyType $regtype -Force \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Detect_CustomScript.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Detect_CustomScript.ps1 new file mode 100644 index 0000000..2ffd865 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Detect_CustomScript.ps1 @@ -0,0 +1,3 @@ +# (Detect_CustomScript.ps1) + +exit 1 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Remediate_CustomScript.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Remediate_CustomScript.ps1 new file mode 100644 index 0000000..ad16309 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-CustomScript/Remediate_CustomScript.ps1 @@ -0,0 +1,2 @@ +# (Remediate_CustomScript.ps1) +# Enter your script contents here diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Detect_GenericRegistryChange.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Detect_GenericRegistryChange.ps1 new file mode 100644 index 0000000..87a9549 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Detect_GenericRegistryChange.ps1 @@ -0,0 +1,11 @@ +# (Detect_GenericRegistryChange.ps1) +# Detect if the registry key exists + +$RegistryPath = "HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\SideCarPolicies\Scripts" +if (Test-Path -Path $RegistryPath) { + Write-Host "Registry key exists: $RegistryPath" + exit 0 +} else { + Write-Host "Registry key not found: $RegistryPath" + exit 1 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Remediate_GenericRegistryChange.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Remediate_GenericRegistryChange.ps1 new file mode 100644 index 0000000..135f913 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRegistryChange/Remediate_GenericRegistryChange.ps1 @@ -0,0 +1,4 @@ +# (Remediate_GenericRegistryChange.ps1) +# Modify a registry value + +Set-ItemProperty -Path "HKLM:\Software\MyApp" -Name "MySetting" -Value "NewValue" diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Detect_GenericRestartService.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Detect_GenericRestartService.ps1 new file mode 100644 index 0000000..10254aa --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Detect_GenericRestartService.ps1 @@ -0,0 +1,3 @@ +# (Detect_GenericRestartService.ps1) + +exit 1 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Remediate_GenericRestartService.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Remediate_GenericRestartService.ps1 new file mode 100644 index 0000000..1a4ceed --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-GenericRestartService/Remediate_GenericRestartService.ps1 @@ -0,0 +1,4 @@ +# (Remediate_GenericRestartService.ps1) +# Restart a service + +Restart-Service -Name "wuauserv" diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Detect-Reset-SoftwareDistributionFolder.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Detect-Reset-SoftwareDistributionFolder.ps1 new file mode 100644 index 0000000..d705bf1 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Detect-Reset-SoftwareDistributionFolder.ps1 @@ -0,0 +1,4 @@ +if (Test-Path C:\Windows\SoftwareDistribution.old) + {exit 0} +else + {exit 1} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Remediate-Reset-SoftwareDistributionFolder.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Remediate-Reset-SoftwareDistributionFolder.ps1 new file mode 100644 index 0000000..5f0f313 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolder/Remediate-Reset-SoftwareDistributionFolder.ps1 @@ -0,0 +1,3 @@ +Get-Service -Name wuauserv | Stop-Service +Rename-Item -Path C:\Windows\SoftwareDistribution -NewName SoftwareDistribution.old +Get-Service -Name wuauserv | Start-Service \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Detect-Reset-SoftwareDistributionFolder.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Detect-Reset-SoftwareDistributionFolder.ps1 new file mode 100644 index 0000000..7e2700b --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Detect-Reset-SoftwareDistributionFolder.ps1 @@ -0,0 +1,7 @@ +if (Test-Path C:\Windows\SoftwareDistribution.old) +{Write-Output "Folder Exist" + exit 1 +} else { + Write-Output "Folder Doesnt Exists" + exit 0 +} \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Remediate-Reset-SoftwareDistributionFolder.ps1 b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Remediate-Reset-SoftwareDistributionFolder.ps1 new file mode 100644 index 0000000..8686406 --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/Get-SoftwareDistributionFolderPT2/Remediate-Reset-SoftwareDistributionFolder.ps1 @@ -0,0 +1 @@ +Remove-Item -Path C:\Windows\SoftwareDistribution.old \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Miscellaneous/README.md b/intune/Externally Sourced Remediations/Miscellaneous/README.md new file mode 100644 index 0000000..5d3a22e --- /dev/null +++ b/intune/Externally Sourced Remediations/Miscellaneous/README.md @@ -0,0 +1,27 @@ +## Miscellaneous + +### Disable-WindowsAI-Registry +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Miscellaneous/Disable-WindowsAI-Registry) +- **Detection**: Checks the registry keys used by Windows AI. +- **Remediation**: Disables the registry keys if they are enabled. + +### Get-CustomScript +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Miscellaneous/Get-CustomScript) +- **Detection**: Includes only 'Exit 1', which will automatically run the Remediation Script. +- **Remediation**: Include the contents of your PowerShell Script you wish to run on a schedule. + +### Get-GenericRegistryChange +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Miscellaneous/Get-GenericRegistryChange) +- **Detection**: Checks for a specified registry key in the environment. +- **Remediation**: If the registry key is not found, creates the registry key. + +### Get-GenericRestartService +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Miscellaneous/Get-GenericRestartService) +- **Detection**: Includes only 'Exit 1', which will automatically run the Remediation Script. +- **Remediation**: Will restart the specified service. Example include '**wuauserv**'. + +### Get-SoftwareDistributionFolder and Get-SoftwareDistributionFolderPT2 +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Miscellaneous/Get-SoftwareDistributionFolder) +[Link - PT2](https://github.com/AntoPorter/Intune-Remediations/tree/main/Miscellaneous/Get-SoftwareDistributionFolderPT2) +- **Part 1**: Resets the device's SoftwareDistribution folder by stopping the WUAUSERV service, renaming the 'C:\Windows\SoftwareDistribution' folder to "SoftwareDistribution.old," and then starting the service. +- **Part 2**: Deletes the 'C:\Windows\SoftwareDistribution.old' folder as a cleanup step following the successful deployment of 'Reset-SoftwareDistributionFolder.' \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Detect-BitLockerStatusReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Detect-BitLockerStatusReport.ps1 new file mode 100644 index 0000000..fe1f0a1 --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Detect-BitLockerStatusReport.ps1 @@ -0,0 +1,12 @@ +# Check BitLocker encryption status +$bitLockerStatus = Get-BitLockerVolume | Select-Object MountPoint, VolumeStatus, EncryptionPercentage + +# Output the BitLocker encryption status +# Write-Output $bitLockerStatus + +$csvPath = "C:\temp\BitLockerStatus.csv" + +$bitLockerStatus | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "BitLocker status exported to $csvPath" + +Exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Detect-CertificateExpiryReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Detect-CertificateExpiryReport.ps1 new file mode 100644 index 0000000..93ede7a --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Detect-CertificateExpiryReport.ps1 @@ -0,0 +1,12 @@ +# Check for certificates nearing expiry +$certificates = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.NotAfter -lt (Get-Date).AddDays(30) } | Select-Object Subject, NotAfter + +# Output the certificates nearing expiry +# Write-Output $certificates + +$csvPath = "C:\temp\CertificateExpiryStatus.csv" + +$certificates | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Certificate Expiry status exported to $csvPath" + +Exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Detect-DiskSpaceUsageReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Detect-DiskSpaceUsageReport.ps1 new file mode 100644 index 0000000..ce4ed63 --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Detect-DiskSpaceUsageReport.ps1 @@ -0,0 +1,12 @@ +# Check disk space usage +$diskSpace = Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{Name="Used(GB)";Expression={[math]::round($_.Used/1GB,2)}}, @{Name="Free(GB)";Expression={[math]::round($_.Free/1GB,2)}} + +# Output the disk space usage +# Write-Output $diskSpace + +$csvPath = "C:\temp\DiskSpaceStatus.csv" + +$diskSpace | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Disk Space status exported to $csvPath" + +Exit 0 diff --git a/intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Detect-EndpointProtectionStatusReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Detect-EndpointProtectionStatusReport.ps1 new file mode 100644 index 0000000..a5a2d4c --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Detect-EndpointProtectionStatusReport.ps1 @@ -0,0 +1,12 @@ +# Check endpoint protection status +$protectionStatus = Get-MpComputerStatus | Select-Object AMServiceEnabled, AMServiceVersion, AntivirusEnabled, AntivirusSignatureLastUpdated + +# Output the endpoint protection status +# Write-Output $protectionStatus + +$csvPath = "C:\temp\EndpointProtectionStatus.csv" + +$protectionStatus | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Endpoint Protection status exported to $csvPath" + +Exit 0 diff --git a/intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Detect-EventLogErrorReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Detect-EventLogErrorReport.ps1 new file mode 100644 index 0000000..4042925 --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Detect-EventLogErrorReport.ps1 @@ -0,0 +1,12 @@ +# Check for errors in the event log +$eventErrors = Get-EventLog -LogName System -EntryType Error -Newest 100 | Select-Object TimeGenerated, Source, EventID, Message + +# Output the event log errors +# Write-Output $eventErrors + +$csvPath = "C:\temp\EventLogErrorStatus.csv" + +$eventErrors | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Event Log Error status exported to $csvPath" + +Exit 0 diff --git a/intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Detect-FirewallStatusReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Detect-FirewallStatusReport.ps1 new file mode 100644 index 0000000..f634283 --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Detect-FirewallStatusReport.ps1 @@ -0,0 +1,12 @@ +# Check Windows Firewall status +$firewallStatus = Get-NetFirewallProfile | Select-Object Name, Enabled, DefaultInboundAction, DefaultOutboundAction + +# Output the Firewall status +# Write-Output $firewallStatus + +$csvPath = "C:\temp\FirewallProfileStatus.csv" + +$firewallStatus | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Firewall Profile status exported to $csvPath" + +Exit 0 diff --git a/intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Detect-LocalAdminGroupReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Detect-LocalAdminGroupReport.ps1 new file mode 100644 index 0000000..4ccd59b --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Detect-LocalAdminGroupReport.ps1 @@ -0,0 +1,12 @@ +# Check local administrators group membership +$localAdmins = Get-LocalGroupMember -Group "Administrators" | Select-Object Name, PrincipalSource + +# Output the local administrators group membership +# Write-Output $localAdmins + +$csvPath = "C:\temp\LocalAdminGroupStatus.csv" + +$localAdmins | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Local Admin Group status exported to $csvPath" + +Exit 0 diff --git a/intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Detect-PendingRebootReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Detect-PendingRebootReport.ps1 new file mode 100644 index 0000000..97a0395 --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Detect-PendingRebootReport.ps1 @@ -0,0 +1,10 @@ +# Check for pending reboot +$pendingReboot = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -ErrorAction SilentlyContinue + +if ($pendingReboot) { + Write-Output "Reboot is pending." +} else { + Write-Output "No reboot pending." +} + +Exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Detect-ServiceStatusReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Detect-ServiceStatusReport.ps1 new file mode 100644 index 0000000..b7af63e --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Detect-ServiceStatusReport.ps1 @@ -0,0 +1,12 @@ +# Check status of critical services +$services = Get-Service -Name "wuauserv", "BITS", "WinDefend" | Select-Object Name, Status + +# Output the service status +# Write-Output $services + +$csvPath = "C:\temp\ServiceStatus.csv" + +$services | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Service status exported to $csvPath" + +Exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Detect-SoftwareInventoryReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Detect-SoftwareInventoryReport.ps1 new file mode 100644 index 0000000..813c88b --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Detect-SoftwareInventoryReport.ps1 @@ -0,0 +1,12 @@ +# Get list of installed software +$software = Get-WmiObject -Class Win32_Product | Select-Object Name, Version + +# Output the list +# Write-Output $software + +$csvPath = "C:\temp\SoftwareInventoryReportStatus.csv" + +$software | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "Software Inventory Report status exported to $csvPath" + +Exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Detect-UptimeReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Detect-UptimeReport.ps1 new file mode 100644 index 0000000..52d770d --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Detect-UptimeReport.ps1 @@ -0,0 +1,10 @@ +# Get the last boot time +$lastBootTime = (Get-CimInstance -ClassName Win32_OperatingSystem).LastBootUpTime + +# Calculate the uptime +$uptime = (Get-Date) - $lastBootTime + +# Output the uptime +Write-Output "The system has been up for: $($uptime.Days) days, $($uptime.Hours) hours, $($uptime.Minutes) minutes." + +Exit 0 \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Detect-UserActivityReport.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Detect-UserActivityReport.ps1 new file mode 100644 index 0000000..543716e --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Detect-UserActivityReport.ps1 @@ -0,0 +1,12 @@ +# Check user login times +$userLogins = Get-EventLog -LogName Security -InstanceId 4624 | Select-Object TimeGenerated, ReplacementStrings + +# Output the user login times +# Write-Output $userLogins + +$csvPath = "C:\temp\UserLoginsStatus.csv" + +$userLogins | Export-Csv -Path $csvPath -NoTypeInformation +Write-Output "User Logins status exported to $csvPath" + +Exit 0 diff --git a/intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Remediate-Empty.ps1 b/intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Remediate-Empty.ps1 new file mode 100644 index 0000000..3dc14ed --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Remediate-Empty.ps1 @@ -0,0 +1 @@ +## Remediation Script for Report \ No newline at end of file diff --git a/intune/Externally Sourced Remediations/Reporting/README.md b/intune/Externally Sourced Remediations/Reporting/README.md new file mode 100644 index 0000000..bf0ffb2 --- /dev/null +++ b/intune/Externally Sourced Remediations/Reporting/README.md @@ -0,0 +1,96 @@ +## Reporting + +Each of the following includes a Detection Script, which only includes an `Exit 0` condition, and an empty Remediation Script, for completeness. You will only be required to upload the Detection script, as the Remediation script is not a dependency. + +Most of the following scripts are set to export the results to `c:\temp\` using `Export-Csv` due to the limitations of Intune Remediations currently only being able to Output a sentence and not CSV style content. I have commented out the line with the ability to output direct to Intune, in case this becomes an option in future. Please review the following contents and ensure that the path for `Export-Csv` is to a desired location. + +This path can be a network share by using the following example: + +```powershell +$networkPath = "\\ServerName\SharedFolder" +$csvPath = "$networkPath\BitLockerStatus.csv" + +$bitLockerStatus | Export-Csv -Path $csvPath -NoTypeInformation + +Write-Output "BitLocker status exported to $csvPath" +``` + + +You can also map to a SharePoint location using the `Export-SPWeb` cmdlet if you have the necessary permissions and SharePoint modules installed. Here’s an example: + +```powershell +$siteUrl = "https://yoursharepointsite/sites/yoursite" +$exportPath = "C:\temp\BitLockerStatus.csv" + +# Export the BitLocker encryption status to a CSV file locally +$bitLockerStatus | Export-Csv -Path $exportPath -NoTypeInformation + +# Upload the CSV file to SharePoint +$destinationUrl = "$siteUrl/Shared Documents/BitLockerStatus.csv" +Add-PnPFile -Path $exportPath -Folder "Shared Documents" + +Write-Output "BitLocker status exported to SharePoint at $destinationUrl" +``` + + +> [!NOTE] +> For the SharePoint example, make sure you have the PnP PowerShell module installed and connected to your SharePoint site using `Connect-PnPOnline`. + + +> [!help] +> The following limitations are associated to the Write-Output function and Intune Remediation script packages. +> +> **Output Size**: Maximum allowed output size for each remediation script is 2048 characters. Exceeding this limit will cause the script to fail or truncate the output. +> +> **Data Handling**: Write-Output sends data to the pipeline, which might not be suitable for all scenarios within Intune. (This is why I have included the Export-Csv function) + + +--- + +### Get-BitLockerStatusReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-BitLockerStatusReport) +- **Detection**: Gets the Status of BitLocker on all drives present on an Endpoint. + +### Get-CertificateExpiryReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-CertificateExpiryReport) +- **Detection**: Checks for any locally installed certificates which have an upcoming expiry on an Endpoint. + +### Get-DiskSpaceUsageReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-DiskSpaceUsageReport) +- **Detection**: Gets the disk space usage on all drives present on an Endpoint. + +### Get-EndpointProtectionStatusReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-EndpointProtectionStatusReport) +- **Detection**: Checks the **AMServiceEnabled**, **AMServiceVersion**, **AntivirusEnabled**, and **AntivirusSignatureLastUpdated** state on an Endpoint. + +### Get-EventLogErrorReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-EventLogErrorReport) +- **Detection**: Gets the newest 100 event log errors present on an Endpoint. The output provides **TimeGenerated**, **Source**, **EventID**, and Message. + +### Get-FirewallStatusReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-FirewallStatusReport) +- **Detection**: Checks the firewall status on an Endpoint. + +### Get-LocalAdminGroupReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-LocalAdminGroupReport) +- **Detection**: Gets the **Name** and **PrincipalSource** of the Local Administrators Group on an Endpoint. + +### Get-PendingRebootReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-PendingRebootReport) +- **Detection**: Gets the **ItemProperty** of **RebootPending** and reports if the endpoint is currently pending a reboot. + +### Get-ServiceStatusReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-ServiceStatusReport) +- **Detection**: Gets the current status of a set of services on an Endpoint. Currently includes **wuauserv**, **BITS** and **WinDefend**. + +### Get-SoftwareInventoryReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-SoftwareInventoryReport) +- **Detection**: Gets a list of the current Software Inventory report on an endpoint. + +### Get-UptimeReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-UptimeReport) +- **Detection**: Gets an output of the current uptime of an endpoint. + +### Get-UserActivityReport +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-UserActivityReport) +- **Detection**: Gets a list of User Login events on an endpoint. diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Detect_AntiVirusStatus.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Detect_AntiVirusStatus.ps1 new file mode 100644 index 0000000..4c009de --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Detect_AntiVirusStatus.ps1 @@ -0,0 +1,7 @@ +$antivirusStatus = Get-MpComputerStatus +if ($antivirusStatus.AntivirusEnabled -eq $false) { + Write-Output "Antivirus is disabled" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Remediate_AntiVirusStatus.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Remediate_AntiVirusStatus.ps1 new file mode 100644 index 0000000..6d0753e --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-AntiVirusStatus/Remediate_AntiVirusStatus.ps1 @@ -0,0 +1,16 @@ +# Define the toast notification content +$Group = "Security Alerts" +$Title = "Antivirus Disabled" +$Message = "Your antivirus is currently disabled. Please enable it to protect your system from threats." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) + diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Detect_BatteryHealthWarning.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Detect_BatteryHealthWarning.ps1 new file mode 100644 index 0000000..ce13673 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Detect_BatteryHealthWarning.ps1 @@ -0,0 +1,7 @@ +$batteryStatus = Get-WmiObject -Query "Select * from Win32_Battery" +if ($batteryStatus.EstimatedChargeRemaining -lt 25) { + Write-Output "Battery health warning" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Remediate_BatteryHealthWarning.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Remediate_BatteryHealthWarning.ps1 new file mode 100644 index 0000000..03f5e49 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-BatteryHealthWarning/Remediate_BatteryHealthWarning.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Battery Alerts" +$Title = "Battery Health Warning" +$Message = "Your battery health is below 50%. Consider replacing it to avoid unexpected shutdowns." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Detect_CustomToastNotification.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Detect_CustomToastNotification.ps1 new file mode 100644 index 0000000..bccdc69 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Detect_CustomToastNotification.ps1 @@ -0,0 +1,2 @@ +# Detection script +exit 1 diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Remediate_CustomToastNotification.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Remediate_CustomToastNotification.ps1 new file mode 100644 index 0000000..c9edd68 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-CustomToastNotification/Remediate_CustomToastNotification.ps1 @@ -0,0 +1,19 @@ +# Define the toast notification content +# Group defines the notification grouping (eg. category). This allows for multiple use cases, which all align within the same group. +# Title defines the heading of the Toast Notification. +# Message defines the contents of the Toast Notification + +$Group = "This is a Notification!" +$Title = "This is the Title!" +$Message = "This is the Message!" + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Detect_FirewallStatus.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Detect_FirewallStatus.ps1 new file mode 100644 index 0000000..9c96424 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Detect_FirewallStatus.ps1 @@ -0,0 +1,7 @@ +$firewallStatus = Get-NetFirewallProfile -Profile Domain,Public,Private +if ($firewallStatus.Enabled -contains $false) { + Write-Output "Firewall is disabled" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Remediate_FirewallStatus.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Remediate_FirewallStatus.ps1 new file mode 100644 index 0000000..1753f9d --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-FirewallStatus/Remediate_FirewallStatus.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Security Alerts" +$Title = "Firewall Disabled" +$Message = "Your firewall is currently disabled. Please enable it to protect your system from threats." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Detect_HighCPUUsage.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Detect_HighCPUUsage.ps1 new file mode 100644 index 0000000..ff81360 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Detect_HighCPUUsage.ps1 @@ -0,0 +1,8 @@ +$cpuUsage = Get-Counter '\Processor(_Total)\% Processor Time' +$averageCpuUsage = [math]::round($cpuUsage.CounterSamples.CookedValue, 2) +if ($averageCpuUsage -gt 80) { + Write-Output "High CPU usage" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Remediate_HighCPUUsage.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Remediate_HighCPUUsage.ps1 new file mode 100644 index 0000000..940d233 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighCPUUsage/Remediate_HighCPUUsage.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Performance Alerts" +$Title = "High CPU Usage" +$Message = "Your CPU usage has been consistently high. Consider closing some applications to improve performance." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Detect_HighMemoryUsage.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Detect_HighMemoryUsage.ps1 new file mode 100644 index 0000000..db7ee1e --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Detect_HighMemoryUsage.ps1 @@ -0,0 +1,8 @@ +$memoryUsage = Get-Counter '\Memory\% Committed Bytes In Use' +$averageMemoryUsage = [math]::round($memoryUsage.CounterSamples.CookedValue, 2) +if ($averageMemoryUsage -gt 80) { + Write-Output "High memory usage" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Remediate_HighMemoryUsage.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Remediate_HighMemoryUsage.ps1 new file mode 100644 index 0000000..12014d1 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-HighMemoryUsage/Remediate_HighMemoryUsage.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Performance Alerts" +$Title = "High Memory Usage" +$Message = "Your memory usage has been consistently high. Consider closing some applications to improve performance." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 new file mode 100644 index 0000000..f7a02a5 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Detect_LowDiskSpace.ps1 @@ -0,0 +1,8 @@ +$freeSpace = (Get-PSDrive -Name C).Free +$freeSpaceGB = [math]::round($freeSpace / 1GB, 2) +if ($freeSpaceGB -lt 10) { + Write-Output "Low disk space" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 new file mode 100644 index 0000000..bf7cddb --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-LowDiskSpace/Remediate_LowDiskSpace.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "System Alerts" +$Title = "Low Disk Space" +$Message = "Your C: drive is running low on space. Please free up some space to avoid system issues." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Detect_NetworkConnectivityIssues.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Detect_NetworkConnectivityIssues.ps1 new file mode 100644 index 0000000..7841690 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Detect_NetworkConnectivityIssues.ps1 @@ -0,0 +1,7 @@ +$pingResult = Test-Connection -ComputerName google.com -Count 2 -Quiet +if (-not $pingResult) { + Write-Output "Network connectivity issues" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Remediate_NetworkConnectivityIssues.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Remediate_NetworkConnectivityIssues.ps1 new file mode 100644 index 0000000..7bcedaa --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-NetworkConnectivityIssues/Remediate_NetworkConnectivityIssues.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Network Alerts" +$Title = "Network Connectivity Issues" +$Message = "Your system is experiencing network connectivity issues. Please check your network connection." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Detect_PendingWindowsUpdate.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Detect_PendingWindowsUpdate.ps1 new file mode 100644 index 0000000..b593520 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Detect_PendingWindowsUpdate.ps1 @@ -0,0 +1,7 @@ +$updates = Get-WindowsUpdate -AcceptAll -IgnoreReboot +if ($updates.Count -gt 0) { + Write-Output "Pending Windows updates" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Remediate_PendingWindowsUpdate.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Remediate_PendingWindowsUpdate.ps1 new file mode 100644 index 0000000..87146fb --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-PendingWindowsUpdate/Remediate_PendingWindowsUpdate.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Update Alerts" +$Title = "Pending Windows Updates" +$Message = "There are pending Windows updates. Please install them to keep your system secure and up-to-date." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Detect_PrinterIssues.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Detect_PrinterIssues.ps1 new file mode 100644 index 0000000..77db345 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Detect_PrinterIssues.ps1 @@ -0,0 +1,7 @@ +$printerStatus = Get-Printer | Where-Object { $_.PrinterStatus -ne 'Idle' } +if ($printerStatus) { + Write-Output "Printer issues detected" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Remediate_PrinterIssues.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Remediate_PrinterIssues.ps1 new file mode 100644 index 0000000..c06ad57 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-PrinterIssues/Remediate_PrinterIssues.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "Printer Alerts" +$Title = "Printer Issues Detected" +$Message = "There are issues with your printer. Please check the printer status and resolve any errors." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Detect_RebootRequired.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Detect_RebootRequired.ps1 new file mode 100644 index 0000000..10ffea3 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Detect_RebootRequired.ps1 @@ -0,0 +1,8 @@ +$uptime = (Get-CimInstance Win32_OperatingSystem).LastBootUpTime +$daysUptime = (Get-Date) - $uptime +if ($daysUptime.Days -ge 7) { + Write-Output "Reboot required" + exit 1 +} else { + exit 0 +} diff --git a/intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Remediate_RebootRequired.ps1 b/intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Remediate_RebootRequired.ps1 new file mode 100644 index 0000000..0400e6d --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/Get-RebootRequired/Remediate_RebootRequired.ps1 @@ -0,0 +1,15 @@ +# Define the toast notification content +$Group = "System Alerts" +$Title = "Reboot Required" +$Message = "Your system has been running for over 7 days. Please reboot to ensure optimal performance." + +# Create the toast notification +[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null +$template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 +$toastXml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($template) +$toastTextElements = $toastXml.GetElementsByTagName("text") +$toastTextElements.Item(0).AppendChild($toastXml.CreateTextNode($Title)) | Out-Null +$toastTextElements.Item(1).AppendChild($toastXml.CreateTextNode($Message)) | Out-Null +$toast = [Windows.UI.Notifications.ToastNotification]::new($toastXml) +$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($Group) +$notifier.Show($toast) diff --git a/intune/Externally Sourced Remediations/ToastNotifications/README.md b/intune/Externally Sourced Remediations/ToastNotifications/README.md new file mode 100644 index 0000000..43df6f4 --- /dev/null +++ b/intune/Externally Sourced Remediations/ToastNotifications/README.md @@ -0,0 +1,59 @@ +## Toast Notifications + +### Get-AntivirusStatus +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-AntivirusStatus) +- **Detection**: Checks MpComputerStaus for if Antivirus is Disabled. +- **Remediation**: Runs a Security Alert related Toast Notification. + +### Get-BatteryHealthWarning +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-BatteryHealthWarning) +- **Detection**: Checks Battery Health for Estimated Charge Remaining. +- **Remediation**: Runs a Battery Alert related Toast Notification. + +### Get-CustomToastNotification +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-CustomToastNotification) +- **Detection**: An Exit 1, Prompting the Remediation. +- **Remediation**: Runs a Toast Notification. Update the Group, Title and Notification in the script and Set the Schedule. + +### Get-FirewallStatus +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-FirewallStatus) +- **Detection**: Checks if all Firewall Profiles are currently Enabled, Prompts for Remediation if any are found Disabled. +- **Remediation**: Runs a Security Alert related Toast Notification. + +### Get-HighCPUUsage +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-HighCPUUsage) +- **Detection**: Checks if the average CPU usage is greater than 80%. +- **Remediation**: Runs a Performance Alert related Toast Notification. + +### Get-HighMemoryUsage +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-HighMemoryUsage) +- **Detection**: Checks if the average Memory usage is greater than 80%. +- **Remediation**: Runs a Performance Alert related Toast Notification. + +### Get-LowDiskSpace +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-LowDiskSpace) +- **Detection**: Checks if the C: Drive disk space is less than 10GB. +- **Remediation**: Runs a System Alert related Toast Notification. + + +### Get-NetworkConnectivityIssues +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-NetworkConnectivityIssues) +- **Detection**: Checks if google.com receives a ping response. +- **Remediation**: Runs a Network Alert related Toast Notification. + + +### Get-PendingWindowsUpdate +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-PendingWindowsUpdate) +- **Detection**: Checks if there is any outstanding Windows Updates pending on the endpoint. +- **Remediation**: Runs a Update Alert related Toast Notification. + + +### Get-PrinterIssues +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-PrinterIssues) +- **Detection**: Checks if there is any outstanding printing issues. +- **Remediation**: Runs a Printer Alert related Toast Notification. + +### Get-RebootRequired +[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/ToastNotifications/Get-RebootRequired) +- **Detection**: Checks the Endpoints last boot up time, If greater than 7 days, prompts for Remediation. +- **Remediation**: Runs a System Alert related Toast Notification. \ No newline at end of file