Additional Script Updates
This commit is contained in:
Andrew Amason
@@ -0,0 +1,9 @@
|
||||
# Check if the certificate is installed
|
||||
$cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=CorporateCert" }
|
||||
if ($cert) {
|
||||
Write-Output "Certificate is installed"
|
||||
exit 0
|
||||
} else {
|
||||
Write-Output "Certificate is not installed"
|
||||
exit 1
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Install the certificate
|
||||
Import-Certificate -FilePath "C:\Path\To\CorporateCert.cer" -CertStoreLocation Cert:\LocalMachine\My
|
||||
Write-Output "Certificate installed"
|
||||
@@ -0,0 +1,9 @@
|
||||
# Check if the VPN profile is configured
|
||||
$vpnProfile = Get-VpnConnection -Name "CorporateVPN" -ErrorAction SilentlyContinue
|
||||
if ($vpnProfile) {
|
||||
Write-Output "VPN is configured"
|
||||
exit 0
|
||||
} else {
|
||||
Write-Output "VPN is not configured"
|
||||
exit 1
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Configure the VPN profile
|
||||
Add-VpnConnection -Name "CorporateVPN" -ServerAddress "vpn.corporate.com" -TunnelType "L2tp" -AuthenticationMethod "Eap" -EncryptionLevel "Required" -RememberCredential
|
||||
Write-Output "VPN configured"
|
||||
@@ -0,0 +1,10 @@
|
||||
# Check if the corporate wallpaper is set
|
||||
$wallpaperPath = "C:\Path\To\CorporateWallpaper.jpg"
|
||||
$currentWallpaper = Get-ItemProperty -Path "HKCU:\Control Panel\Desktop\" -Name Wallpaper
|
||||
if ($currentWallpaper.Wallpaper -ne $wallpaperPath) {
|
||||
Write-Output "Wallpaper needs to be set"
|
||||
exit 1
|
||||
} else {
|
||||
Write-Output "Wallpaper is already set"
|
||||
exit 0
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
# Set the corporate wallpaper
|
||||
$wallpaperPath = "C:\Path\To\CorporateWallpaper.jpg"
|
||||
Set-ItemProperty -Path "HKCU:\Control Panel\Desktop\" -Name Wallpaper -Value $wallpaperPath
|
||||
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
|
||||
Write-Output "Wallpaper set"
|
||||
@@ -0,0 +1,16 @@
|
||||
# Detection Script: Detect_DriveMapping.ps1
|
||||
|
||||
# Define the network drive letter and path
|
||||
$driveLetter = "Z:"
|
||||
$networkPath = "\\server\share"
|
||||
|
||||
# Check if the drive is mapped
|
||||
$drive = Get-PSDrive -Name $driveLetter -ErrorAction SilentlyContinue
|
||||
|
||||
if ($null -eq $drive -or $drive.Root -ne $networkPath) {
|
||||
Write-Output "Network drive not mapped: $driveLetter"
|
||||
exit 1
|
||||
} else {
|
||||
Write-Output "Network drive is mapped: $driveLetter"
|
||||
exit 0
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
# Remediation Script: Remediate_DriveMapping.ps1
|
||||
|
||||
# Define the network drive letter and path
|
||||
$driveLetter = "Z:"
|
||||
$networkPath = "\\server\share"
|
||||
|
||||
# Map the network drive
|
||||
New-PSDrive -Name $driveLetter -PSProvider FileSystem -Root $networkPath -Persist
|
||||
|
||||
Write-Output "Network drive has been mapped: $driveLetter"
|
||||
@@ -0,0 +1,9 @@
|
||||
# Check DNS settings
|
||||
$dnsServers = Get-DnsClientServerAddress -AddressFamily IPv4 | Select-Object -ExpandProperty ServerAddresses
|
||||
if ($dnsServers -notcontains "8.8.8.8") {
|
||||
Write-Output "DNS settings need to be updated"
|
||||
exit 1
|
||||
} else {
|
||||
Write-Output "DNS settings are correct"
|
||||
exit 0
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Set DNS settings
|
||||
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses "8.8.8.8","8.8.4.4"
|
||||
Write-Output "DNS settings updated"
|
||||
@@ -0,0 +1,9 @@
|
||||
# Detection Script (Detect_OfficeTemplates.ps1)
|
||||
$TemplatePath = "C:\Program Files\Microsoft Office\root\Templates\1033\CompanyLetter.dotx"
|
||||
if (Test-Path -Path $TemplatePath) {
|
||||
Write-Host "Template file exists: $TemplatePath"
|
||||
exit 0
|
||||
} else {
|
||||
Write-Host "Template file not found: $TemplatePath"
|
||||
exit 1
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
# Remediation Script (Remediate_OfficeTemplates.ps1)
|
||||
$SourcePath = "\\server\share\Templates\CompanyLetter.dotx"
|
||||
$DestinationPath = "C:\Program Files\Microsoft Office\root\Templates\1033\CompanyLetter.dotx"
|
||||
|
||||
if (Test-Path -Path $SourcePath) {
|
||||
Copy-Item -Path $SourcePath -Destination $DestinationPath -Force
|
||||
Write-Host "Template file copied to: $DestinationPath"
|
||||
} else {
|
||||
Write-Host "Template file not found in the central repository."
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
# Detection Script (Detect_OutlookTemplate.ps1)
|
||||
$TemplatePath = "$env:APPDATA\Microsoft\Templates\NormalEmail.dotm"
|
||||
if (Test-Path -Path $TemplatePath) {
|
||||
Write-Host "NormalEmail.dotm template exists: $TemplatePath"
|
||||
exit 0
|
||||
} else {
|
||||
Write-Host "NormalEmail.dotm template not found: $TemplatePath"
|
||||
exit 1
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
# Remediation Script (Remediate_OutlookTemplate.ps1)
|
||||
$SourcePath = "\\server\share\Templates\NormalEmail.dotm"
|
||||
$DestinationPath = "$env:APPDATA\Microsoft\Templates\NormalEmail.dotm"
|
||||
|
||||
if (Test-Path -Path $SourcePath) {
|
||||
Copy-Item -Path $SourcePath -Destination $DestinationPath -Force
|
||||
Write-Host "NormalEmail.dotm template updated."
|
||||
} else {
|
||||
Write-Host "Template file not found in the central repository."
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
# Detection Script: Detect_TimeZone.ps1
|
||||
|
||||
# Define the required time zone
|
||||
$requiredTimeZone = "Pacific Standard Time"
|
||||
|
||||
# Get the current time zone
|
||||
$currentTimeZone = (Get-TimeZone).Id
|
||||
|
||||
if ($currentTimeZone -ne $requiredTimeZone) {
|
||||
Write-Output "Incorrect time zone: $currentTimeZone"
|
||||
exit 1
|
||||
} else {
|
||||
Write-Output "Time zone is correct: $currentTimeZone"
|
||||
exit 0
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
# Remediation Script: Remediate_TimeZone.ps1
|
||||
|
||||
# Define the required time zone
|
||||
$requiredTimeZone = "Pacific Standard Time"
|
||||
|
||||
# Set the time zone
|
||||
Set-TimeZone -Id $requiredTimeZone
|
||||
|
||||
Write-Output "Time zone has been set to: $requiredTimeZone"
|
||||
@@ -0,0 +1,15 @@
|
||||
# Detection Script: Detect_UAC.ps1
|
||||
|
||||
# Check if UAC is enabled
|
||||
$uacStatus = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -ErrorAction SilentlyContinue
|
||||
|
||||
if ($null -eq $uacStatus) {
|
||||
Write-Output "UAC status: NotConfigured"
|
||||
exit 1
|
||||
} elseif ($uacStatus -eq 0) {
|
||||
Write-Output "UAC status: Disabled"
|
||||
exit 1
|
||||
} else {
|
||||
Write-Output "UAC status: Enabled"
|
||||
exit 0
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
# Remediation Script: Remediate_UAC.ps1
|
||||
|
||||
# Check if UAC is enabled
|
||||
$uacStatus = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -ErrorAction SilentlyContinue
|
||||
|
||||
if ($null -eq $uacStatus -or $uacStatus -eq 0) {
|
||||
# Enable UAC
|
||||
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -Value 1
|
||||
Write-Output "UAC has been enabled."
|
||||
} else {
|
||||
Write-Output "UAC is already enabled."
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
# Detection Script: Detect_WDAC.ps1
|
||||
|
||||
# Check if WDAC is enabled
|
||||
$wdacStatus = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
|
||||
|
||||
if ($wdacStatus.SecurityServicesConfigured -contains 2 -and $wdacStatus.SecurityServicesRunning -contains 2) {
|
||||
Write-Output "WDAC is enabled."
|
||||
exit 0
|
||||
} else {
|
||||
Write-Output "WDAC is not enabled."
|
||||
exit 1
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
# Remediation Script: Remediate_WDAC.ps1
|
||||
|
||||
# Define the path to the WDAC policy binary file
|
||||
$policyBinaryPath = "C:\Path\To\Your\Policy.cip"
|
||||
|
||||
# Copy the policy binary to the correct location
|
||||
$destinationFolder = "$env:windir\System32\CodeIntegrity\CIPolicies\Active\"
|
||||
Copy-Item -Path $policyBinaryPath -Destination $destinationFolder
|
||||
|
||||
# Enable WDAC policy
|
||||
Start-Process -FilePath "powershell.exe" -ArgumentList "-Command", "ciTool.exe --update-policy $policyBinaryPath" -NoNewWindow -Wait
|
||||
|
||||
Write-Output "WDAC policy has been applied. A system reboot is required for changes to take effect."
|
||||
@@ -0,0 +1,51 @@
|
||||
## Device Configuration
|
||||
|
||||
### Get-CorporateCertificate
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-CorporateCertificate)
|
||||
- **Detection**: Checks for a specific certificate is installed (requires modification based on your requirements).
|
||||
- **Remediation**: Installs the missing certificate from a file path.
|
||||
|
||||
### Get-CorporateVPN
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-CorporateVPN)
|
||||
- **Detection**: Checks for a specific VPN Connection is configured (requires modification based on your requirements).
|
||||
- **Remediation**: Configures the missing VPN Connection.
|
||||
|
||||
### Get-CustomWallpaper
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-CustomWallpaper)
|
||||
- **Detection**: Checks for a specific wallpaper is configured (requires modification based on your requirements).
|
||||
- **Remediation**: Configures the custom wallpaper.
|
||||
|
||||
### Get-DriveMapping
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-DriveMapping)
|
||||
- **Detection**: Checks for a specific mapped drive (requires modification based on your requirements).
|
||||
- **Remediation**: Maps the missing drive if it is not located.
|
||||
|
||||
### Get-LocalDNSSettings
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-LocalDNSSettings)
|
||||
- **Detection**: Checks for a specific DNS Setting on your Ethernet (requires modification based on your requirements).
|
||||
- **Remediation**: Configures the Local DNS settings if it is incorrect.
|
||||
|
||||
### Get-OfficeTemplates
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-OfficeTemplates)
|
||||
- **Detection**: Checks the Templates folder for a specific template file within Program Files repo.
|
||||
- **Remediation**: Will copy a template file from a network share to the Program Files repo.
|
||||
|
||||
### Get-OutlookTemplate
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-OutlookTemplate)
|
||||
- **Detection**: Checks the **NormalEmail.dotm** file within AppData associated to Outlook Emails.
|
||||
- **Remediation**: Will copy the **NormalEmail.dotm** file from a network share to the AppData repo.
|
||||
|
||||
### Get-TimeZone
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-TimeZone)
|
||||
- **Detection**: Checks for a specific Time Zone (requires modification based on your requirements).
|
||||
- **Remediation**: Corrects the endpoint's Time Zone if it is incorrect.
|
||||
|
||||
### Get-UAC
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-UAC)
|
||||
- **Detection**: Checks if UAC is enabled.
|
||||
- **Remediation**: Enables UAC if it is disabled.
|
||||
|
||||
### Get-WDAC
|
||||
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/DeviceConfiguration/Get-WDAC)
|
||||
- **Detection**: Checks for a specific WDAC Policy (requires modification based on your requirements).
|
||||
- **Remediation**: Corrects the endpoint's WDAC Policy if it is not detected.
|
||||
Reference in New Issue
Block a user