andrewamason/Intune
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Additional Script Updates

Browse Source
This commit is contained in:
Andrew Amason
2025-05-19 15:19:36 -04:00
parent ec2b22290a
commit 9c8438d7d1
136 changed files with 1595 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Detect-BitLockerStatusReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check BitLocker encryption status
$bitLockerStatus = Get-BitLockerVolume | Select-Object MountPoint, VolumeStatus, EncryptionPercentage
# Output the BitLocker encryption status
# Write-Output $bitLockerStatus
$csvPath = "C:\temp\BitLockerStatus.csv"
$bitLockerStatus | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "BitLocker status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-BitLockerStatusReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Detect-CertificateExpiryReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check for certificates nearing expiry
$certificates = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.NotAfter -lt (Get-Date).AddDays(30) } | Select-Object Subject, NotAfter
# Output the certificates nearing expiry
# Write-Output $certificates
$csvPath = "C:\temp\CertificateExpiryStatus.csv"
$certificates | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Certificate Expiry status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-CertificateExpiryReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Detect-DiskSpaceUsageReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check disk space usage
$diskSpace = Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{Name="Used(GB)";Expression={[math]::round($_.Used/1GB,2)}}, @{Name="Free(GB)";Expression={[math]::round($_.Free/1GB,2)}}
# Output the disk space usage
# Write-Output $diskSpace
$csvPath = "C:\temp\DiskSpaceStatus.csv"
$diskSpace | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Disk Space status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-DiskSpaceUsageReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Detect-EndpointProtectionStatusReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check endpoint protection status
$protectionStatus = Get-MpComputerStatus | Select-Object AMServiceEnabled, AMServiceVersion, AntivirusEnabled, AntivirusSignatureLastUpdated
# Output the endpoint protection status
# Write-Output $protectionStatus
$csvPath = "C:\temp\EndpointProtectionStatus.csv"
$protectionStatus | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Endpoint Protection status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-EndpointProtectionStatusReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Detect-EventLogErrorReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check for errors in the event log
$eventErrors = Get-EventLog -LogName System -EntryType Error -Newest 100 | Select-Object TimeGenerated, Source, EventID, Message
# Output the event log errors
# Write-Output $eventErrors
$csvPath = "C:\temp\EventLogErrorStatus.csv"
$eventErrors | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Event Log Error status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-EventLogErrorReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Detect-FirewallStatusReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check Windows Firewall status
$firewallStatus = Get-NetFirewallProfile | Select-Object Name, Enabled, DefaultInboundAction, DefaultOutboundAction
# Output the Firewall status
# Write-Output $firewallStatus
$csvPath = "C:\temp\FirewallProfileStatus.csv"
$firewallStatus | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Firewall Profile status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-FirewallStatusReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Detect-LocalAdminGroupReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check local administrators group membership
$localAdmins = Get-LocalGroupMember -Group "Administrators" | Select-Object Name, PrincipalSource
# Output the local administrators group membership
# Write-Output $localAdmins
$csvPath = "C:\temp\LocalAdminGroupStatus.csv"
$localAdmins | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Local Admin Group status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-LocalAdminGroupReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

10
intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Detect-PendingRebootReport.ps1 Normal file
View File

@@ -0,0 +1,10 @@
# Check for pending reboot
$pendingReboot = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -ErrorAction SilentlyContinue
if ($pendingReboot) {
Write-Output "Reboot is pending."
} else {
Write-Output "No reboot pending."
}
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-PendingRebootReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Detect-ServiceStatusReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check status of critical services
$services = Get-Service -Name "wuauserv", "BITS", "WinDefend" | Select-Object Name, Status
# Output the service status
# Write-Output $services
$csvPath = "C:\temp\ServiceStatus.csv"
$services | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Service status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-ServiceStatusReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Detect-SoftwareInventoryReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Get list of installed software
$software = Get-WmiObject -Class Win32_Product | Select-Object Name, Version
# Output the list
# Write-Output $software
$csvPath = "C:\temp\SoftwareInventoryReportStatus.csv"
$software | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Software Inventory Report status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-SoftwareInventoryReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

10
intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Detect-UptimeReport.ps1 Normal file
View File

@@ -0,0 +1,10 @@
# Get the last boot time
$lastBootTime = (Get-CimInstance -ClassName Win32_OperatingSystem).LastBootUpTime
# Calculate the uptime
$uptime = (Get-Date) - $lastBootTime
# Output the uptime
Write-Output "The system has been up for: $($uptime.Days) days, $($uptime.Hours) hours, $($uptime.Minutes) minutes."
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-UptimeReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

12
intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Detect-UserActivityReport.ps1 Normal file
View File

@@ -0,0 +1,12 @@
# Check user login times
$userLogins = Get-EventLog -LogName Security -InstanceId 4624 | Select-Object TimeGenerated, ReplacementStrings
# Output the user login times
# Write-Output $userLogins
$csvPath = "C:\temp\UserLoginsStatus.csv"
$userLogins | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "User Logins status exported to $csvPath"
Exit 0

1
intune/Externally Sourced Remediations/Reporting/Get-UserActivityReport/Remediate-Empty.ps1 Normal file
View File

@@ -0,0 +1 @@
## Remediation Script for Report

96
intune/Externally Sourced Remediations/Reporting/README.md Normal file
View File

@@ -0,0 +1,96 @@
## Reporting
Each of the following includes a Detection Script, which only includes an `Exit 0` condition, and an empty Remediation Script, for completeness. You will only be required to upload the Detection script, as the Remediation script is not a dependency.
Most of the following scripts are set to export the results to `c:\temp\` using `Export-Csv` due to the limitations of Intune Remediations currently only being able to Output a sentence and not CSV style content. I have commented out the line with the ability to output direct to Intune, in case this becomes an option in future. Please review the following contents and ensure that the path for `Export-Csv` is to a desired location.
This path can be a network share by using the following example:
```powershell
$networkPath = "\\ServerName\SharedFolder"
$csvPath = "$networkPath\BitLockerStatus.csv"
$bitLockerStatus | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "BitLocker status exported to $csvPath"
```
You can also map to a SharePoint location using the `Export-SPWeb` cmdlet if you have the necessary permissions and SharePoint modules installed. Heres an example:
```powershell
$siteUrl = "https://yoursharepointsite/sites/yoursite"
$exportPath = "C:\temp\BitLockerStatus.csv"
# Export the BitLocker encryption status to a CSV file locally
$bitLockerStatus | Export-Csv -Path $exportPath -NoTypeInformation
# Upload the CSV file to SharePoint
$destinationUrl = "$siteUrl/Shared Documents/BitLockerStatus.csv"
Add-PnPFile -Path $exportPath -Folder "Shared Documents"
Write-Output "BitLocker status exported to SharePoint at $destinationUrl"
```
> [!NOTE]
> For the SharePoint example, make sure you have the PnP PowerShell module installed and connected to your SharePoint site using `Connect-PnPOnline`.
> [!help]
> The following limitations are associated to the Write-Output function and Intune Remediation script packages.
>
> **Output Size**: Maximum allowed output size for each remediation script is 2048 characters. Exceeding this limit will cause the script to fail or truncate the output.
>
> **Data Handling**: Write-Output sends data to the pipeline, which might not be suitable for all scenarios within Intune. (This is why I have included the Export-Csv function)
---
### Get-BitLockerStatusReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-BitLockerStatusReport)
- **Detection**: Gets the Status of BitLocker on all drives present on an Endpoint.
### Get-CertificateExpiryReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-CertificateExpiryReport)
- **Detection**: Checks for any locally installed certificates which have an upcoming expiry on an Endpoint.
### Get-DiskSpaceUsageReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-DiskSpaceUsageReport)
- **Detection**: Gets the disk space usage on all drives present on an Endpoint.
### Get-EndpointProtectionStatusReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-EndpointProtectionStatusReport)
- **Detection**: Checks the **AMServiceEnabled**, **AMServiceVersion**, **AntivirusEnabled**, and **AntivirusSignatureLastUpdated** state on an Endpoint.
### Get-EventLogErrorReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-EventLogErrorReport)
- **Detection**: Gets the newest 100 event log errors present on an Endpoint. The output provides **TimeGenerated**, **Source**, **EventID**, and Message.
### Get-FirewallStatusReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-FirewallStatusReport)
- **Detection**: Checks the firewall status on an Endpoint.
### Get-LocalAdminGroupReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-LocalAdminGroupReport)
- **Detection**: Gets the **Name** and **PrincipalSource** of the Local Administrators Group on an Endpoint.
### Get-PendingRebootReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-PendingRebootReport)
- **Detection**: Gets the **ItemProperty** of **RebootPending** and reports if the endpoint is currently pending a reboot.
### Get-ServiceStatusReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-ServiceStatusReport)
- **Detection**: Gets the current status of a set of services on an Endpoint. Currently includes **wuauserv**, **BITS** and **WinDefend**.
### Get-SoftwareInventoryReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-SoftwareInventoryReport)
- **Detection**: Gets a list of the current Software Inventory report on an endpoint.
### Get-UptimeReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-UptimeReport)
- **Detection**: Gets an output of the current uptime of an endpoint.
### Get-UserActivityReport
[Link](https://github.com/AntoPorter/Intune-Remediations/tree/main/Reporting/Get-UserActivityReport)
- **Detection**: Gets a list of User Login events on an endpoint.