andrewamason/Intune
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Additional Script Updates

Browse Source
This commit is contained in:
Andrew Amason
2025-05-19 15:19:36 -04:00
parent ec2b22290a
commit 9c8438d7d1
136 changed files with 1595 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Detect_DeviceGuard.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Detection Script: Detect_DeviceGuard.ps1
# Check if Device Guard is enabled
$deviceGuardStatus = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
if ($deviceGuardStatus.SecurityServicesConfigured -contains 2 -and $deviceGuardStatus.SecurityServicesRunning -contains 2) {
Write-Output "Device Guard is enabled."
exit 0
} else {
Write-Output "Device Guard is not enabled."
exit 1
}

8
intune/Externally Sourced Remediations/DeviceCompliance/Get-DeviceGuard/Remediate_DeviceGuard.ps1 Normal file
View File

@@ -0,0 +1,8 @@
# Remediation Script: Remediate_DeviceGuard.ps1
# Enable Device Guard
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard"
Set-ItemProperty -Path $regKey -Name "EnableVirtualizationBasedSecurity" -Value 1
Set-ItemProperty -Path $regKey -Name "RequirePlatformSecurityFeatures" -Value 1
Write-Output "Device Guard has been enabled."