├── Active Directory ├── Get-ActiveComputersLastLogonDateFromAllDCs.ps1 └── Set-EmployeeId │ ├── Set-EmployeeIdCSV.ps1 │ └── employeeid.csv ├── Azure AD ├── Backup-BitlockerRecoveryKeyToAAD.ps1 ├── Get-AadJoinInformation.ps1 └── Get-DeletableWindowsAadObjects.ps1 ├── ConfigMgr └── Detection method │ └── Compare-OneDriveFileVersion.ps1 ├── Deployment └── MDT │ └── Bulk Import Applications │ ├── Download.xml │ ├── ImportApplicationToMDT1.0.ps1 │ └── ImportApplicationstoMDT1.0.zip ├── Hyper-V └── CreateStandardVM.ps1 ├── Intune ├── Admx │ ├── Harmonie ADMX │ │ ├── Harmonie.admx │ │ ├── Harmonie.txt │ │ └── en-US │ │ │ └── Harmonie.adml │ ├── Office ADMX │ │ ├── OfficeCustomizations.admx │ │ └── en-us │ │ │ └── OfficeCustomizations.adml │ └── Windows ADMX │ │ ├── WindowsCustomizations.admx │ │ ├── WindowsCustomizations.txt │ │ └── en-us │ │ └── WindowsCustomizations.adml ├── Apps │ ├── HPIA │ │ ├── Install-HPIA.ps1 │ │ ├── ReadMe.txt │ │ └── Uninstall-HPIA.ps1 │ ├── Intune Force Full Sync │ │ ├── App install.txt │ │ ├── Run-Detection.ps1 │ │ ├── Start-FullSync.intunewin │ │ └── Start-FullSync.ps1 │ └── Printer │ │ ├── ADM-RestrictDriverInstallationToAdministrators │ │ ├── App Info.txt │ │ ├── in │ │ │ ├── App info.txt │ │ │ ├── Install-RestrictDriverInstallationToAdministrators.ps1 │ │ │ └── UnInstall-RestrictDriverInstallationToAdministrators.ps1 │ │ └── package.bat │ │ └── ADM-Skrivare TEST │ │ ├── App Info.txt │ │ ├── in │ │ ├── ADM-IntuneTest-Detect.ps1 │ │ ├── ADM-IntuneTest-Install.ps1 │ │ └── ADM-IntuneTest-Uninstall.ps1 │ │ └── package.bat ├── Autopilot │ ├── Autopilot Branding Kit │ │ ├── App install.txt │ │ ├── Associations.xml │ │ ├── AutopilotBranding.ps1 │ │ └── configuration.xml │ └── Import from CSV │ │ ├── import.csv │ │ └── importcsv.ps1 ├── Browser │ └── Manage-InternetExplorer Deprecated.ps1 ├── Documenting │ └── Create-DocumentGroupsDependencyies.ps1 ├── Drivers │ └── Check-DriverCrash.ps1 ├── Functions │ ├── Focus-Window.ps1 │ ├── Template-Ballon.ps1 │ ├── Template-RestartInto64bit with StdErr.ps1 │ └── Template-RestartInto64bit.ps1 ├── Graph samples │ └── DeviceConfiguration │ │ └── DeviceConfiguration_Get.ps1 ├── Network │ ├── Configure-WirelessNetworkConnections.ps1 │ └── Detect-WirelessNetworkConnections.ps1 ├── Office │ └── Uninstall-Office365Home.ps1 ├── OneDrive │ ├── OneDrive legacy synchronization │ │ └── Set-OneDriverLegacySyncDomainGuid.ps1 │ └── Update-OneDrive │ │ ├── Readme.txt │ │ ├── Update-OneDrive.intunewin │ │ └── Update-OneDrive.ps1 ├── StartLayout │ └── Configure-StartLayoutCustomization DEPRECATED.ps1 ├── User │ ├── Add-InteractiveToAdmins.ps1 │ ├── Add-UsersToLocalAdmin.ps1 │ ├── Get-UserInfo.ps1 │ ├── Remove-AllFromLocalAdmin.ps1 │ └── Remove-InteractiveFromAdmin.ps1 └── Windows │ ├── Add-DriveMap - LETTER SHARE-NAME.ps1 │ ├── Add-Printer-PRINTERNAME.ps1 │ ├── Backup-BitlockerToAAD.ps1 │ ├── Configure-TelemetryCustomization.ps1 │ ├── Connect-UserHomeDirectory-Detection.ps1 │ ├── Connect-UserHomeDirectory.ps1 │ ├── Disable-WindowsManageDefaultPrinter.ps1 │ ├── DriveMapping - LETTER - Detect 2.ps1 │ ├── DriveMapping - LETTER - Remediate 2.ps1 │ ├── Remove Builtin Apps.ps1 │ ├── Set-BitLockerPin-Advanced.ps1 │ ├── Set-BitLockerPin-Simple.ps1 │ ├── Set-ComputerNameToSN DEPRECTED.ps1 │ ├── Set-CurrentUserDisplayLanguage.ps1 │ ├── Set-ScreensaverTimeout.ps1 │ ├── Set-TimeZoneAndReSync.ps1 │ ├── Set-Windows10SkuProDowngrade.ps1 │ ├── Test-HybridJoinUrlsWithProxy.ps1 │ ├── Test-WebbAccessOverProxy.ps1 │ ├── Trash-MicrosoftCopyDesktopShortcuts.ps1 │ └── Uninstall-CoreApps.ps1 ├── LICENSE ├── Misc └── PowerShell Webhook │ └── PowerShell Webhook.ps1.txt ├── Office365 ├── Download Files from OneDrive │ ├── Download-IniFiles.ps1 │ └── SampleFile.csv ├── Remove-OfficeFileTypes.ps1 └── Skype │ └── AutoSignInSkypefB.ps1 ├── README.md └── Windows ├── Background └── YetAnotherBGInfo.ps1 ├── Check-PendingRestart.ps1 ├── Create Big File.vbs ├── Extract-Icons.ps1 ├── Get-WorkplaceJoinSetting.ps1 ├── NotificationLegacy.ps1 ├── Performance └── DiagnosticPerformance.ps1 ├── Remove-ControlledValidationHybridJoin.ps1 ├── Set-ControlledValidationHybridJoin.ps1 ├── Sync-Time - 1.1.ps1 └── Sync-Time.ps1 /Active Directory/Get-ActiveComputersLastLogonDateFromAllDCs.ps1: -------------------------------------------------------------------------------- 1 | $DebugPreference = "Continue" 2 | $VerbosePreference = "Silently" 3 | Write-Host "Script warming up......" 4 | 5 | $Computers = @{} 6 | $ComputersVersion = @{} 7 | 8 | Write-Host "Script starting......" 9 | 10 | $DomainControllers = @(Get-ADDomainController -Filter *) 11 | 12 | $DomainControllers | foreach { 13 | #get computers for each dc here 14 | $dc = $_.HostName 15 | 16 | $tempComputers = $null 17 | $tempComputers = Get-ADComputer -Filter 'objectCategory -like "computer" -and operatingsystem -notlike "*server*" -and enabled -eq "true"' -Properties Name,Operatingsystem,OperatingSystemVersion,LastLogonDate,SID,DistinguishedName -Server $dc 18 | 19 | foreach ($computer in $tempComputers.GetEnumerator()) { 20 | #check if the computer is in the list and if the logon stamp is the latest 21 | Write-Debug "Computer $($computer.Name)" 22 | if ($Computers.Contains($computer.Name)) { 23 | Write-Debug "$($computer.LastLogonDate) -greater than $($computers[$computer.Name]) = $(($computer.LastLogonDate) -gt $Computers[$computer.Name]))" 24 | if ($computer.LastLogonDate -gt $Computers[$computer.Name]) { 25 | Write-Debug "This DC has the lasted date" 26 | $Computers[$computer.Name] = $computer.LastLogonDate 27 | } elseif ($computer.LastLogonDate -lt $Computers[$computer.Name]) { 28 | Write-Debug "Lastest date already in the list" 29 | } else { 30 | Write-Debug "Same date, do nothing" 31 | } 32 | } else { 33 | Write-Debug "Add computer to list" 34 | $Computers.Add($computer.Name, $computer.LastLogonDate) 35 | if ($computer.OperatingSystemVersion -like "*(*") { 36 | $ComputersVersion.Add($computer.Name, $computer.OperatingSystemVersion.Replace(" (",".").Replace(")","")) 37 | } else { 38 | $ComputersVersion.Add($computer.Name, $computer.OperatingSystemVersion) 39 | } 40 | } 41 | 42 | Write-Host 43 | } 44 | } 45 | 46 | Write-Host "Script done.." 47 | 48 | "`"Name`",`"Version`",`"LastLogonDate`",`"Raw LastLogonDate`"" | Out-File -FilePath .\computers.csv 49 | foreach ($computer in $Computers.GetEnumerator()) { 50 | if ($computer.Value) { 51 | $rawDate = $computer.Value 52 | $parsedDate = [Datetime]::Parse($computer.Value.DateTime).ToString("yyyy-MM-dd hh:mm:ss") 53 | } else { 54 | $rawDate = $parsedDate = "" 55 | } 56 | "`"$($computer.Name)`",`"$($ComputersVersion[$computer.Name])`",`"$($parsedDate)`",`"$($rawDate)`"" | Out-File -FilePath .\computers.csv -Append 57 | #[Datetime]::Parse($computer.Value.DateTime).ToString("yyyy-MM-dd hh:mm:ss") 58 | } 59 | 60 | #$Computers.GetEnumerator() | ConvertTo-Csv -NoTypeInformation | Out-File -FilePath .\computers.csv 61 | -------------------------------------------------------------------------------- /Active Directory/Set-EmployeeId/Set-EmployeeIdCSV.ps1: -------------------------------------------------------------------------------- 1 | try 2 | { 3 | $Users = Import-Csv -Path employeeid.csv 4 | } 5 | Catch [Exception] 6 | { 7 | Write-Host "Error reading CSV file" -BackgroundColor Red 8 | break; 9 | } 10 | 11 | 12 | foreach ($user in $users.GetEnumerator()) 13 | { 14 | # Write-Host "Looking for $($user.samaccount) to set $($user.employeeid)" 15 | 16 | $sam = $user.samaccount 17 | $Identity = Get-ADUser -Properties EmployeeId -Filter {(SamAccountName -like $sam ) -and (ObjectClass -eq "user")} 18 | 19 | try { 20 | Set-ADUser -Identity $Identity -EmployeeID $user.employeeid 21 | Write-Host "EmployeeID was set for $($user.samaccount)" 22 | } 23 | Catch [Exception] 24 | { 25 | Write-Host "Error setting employeeId for $($user.samaccount)" -BackgroundColor Red 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /Active Directory/Set-EmployeeId/employeeid.csv: -------------------------------------------------------------------------------- 1 | samaccount,employeeid 2 | user1,1234567-1234 3 | user2,3456787-0124 -------------------------------------------------------------------------------- /Azure AD/Backup-BitlockerRecoveryKeyToAAD.ps1: -------------------------------------------------------------------------------- 1 | BackupToAAD-BitLockerKeyProtector -MountPoint C: -KeyProtectorId ((Get-BitLockerVolume c:).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId 2 | -------------------------------------------------------------------------------- /Azure AD/Get-AadJoinInformation.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows AzureAD TenantID AAD AADJ ADJ AD DeviceID 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | 30 | #> 31 | 32 | <# 33 | .SYNOPSIS 34 | Get information from the local computer such as Azure AD join status, tenant Id, device id 35 | .DESCRIPTION 36 | Get information from the local computer such as Azure AD join status, tenant Id, device id and such. Similar information as dsregcmd /status 37 | .EXAMPLE 38 | .\Get-AadJoinInformation.ps1 39 | 40 | #> 41 | 42 | 43 | Add-Type -TypeDefinition @' 44 | using System; 45 | using System.Collections.Generic; 46 | using System.Text; 47 | using System.Runtime.InteropServices; 48 | 49 | public class NetAPI32{ 50 | public enum DSREG_JOIN_TYPE { 51 | DSREG_UNKNOWN_JOIN, 52 | DSREG_DEVICE_JOIN, 53 | DSREG_WORKPLACE_JOIN 54 | } 55 | 56 | [StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)] 57 | public struct DSREG_USER_INFO { 58 | [MarshalAs(UnmanagedType.LPWStr)] public string UserEmail; 59 | [MarshalAs(UnmanagedType.LPWStr)] public string UserKeyId; 60 | [MarshalAs(UnmanagedType.LPWStr)] public string UserKeyName; 61 | } 62 | 63 | [StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)] 64 | public struct CERT_CONTEX { 65 | public uint dwCertEncodingType; 66 | public byte pbCertEncoded; 67 | public uint cbCertEncoded; 68 | public IntPtr pCertInfo; 69 | public IntPtr hCertStore; 70 | } 71 | 72 | [StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)] 73 | public struct DSREG_JOIN_INFO 74 | { 75 | public int joinType; 76 | public IntPtr pJoinCertificate; 77 | [MarshalAs(UnmanagedType.LPWStr)] public string DeviceId; 78 | [MarshalAs(UnmanagedType.LPWStr)] public string IdpDomain; 79 | [MarshalAs(UnmanagedType.LPWStr)] public string TenantId; 80 | [MarshalAs(UnmanagedType.LPWStr)] public string JoinUserEmail; 81 | [MarshalAs(UnmanagedType.LPWStr)] public string TenantDisplayName; 82 | [MarshalAs(UnmanagedType.LPWStr)] public string MdmEnrollmentUrl; 83 | [MarshalAs(UnmanagedType.LPWStr)] public string MdmTermsOfUseUrl; 84 | [MarshalAs(UnmanagedType.LPWStr)] public string MdmComplianceUrl; 85 | [MarshalAs(UnmanagedType.LPWStr)] public string UserSettingSyncUrl; 86 | public IntPtr pUserInfo; 87 | } 88 | 89 | [DllImport("netapi32.dll", CharSet=CharSet.Unicode, SetLastError=true)] 90 | public static extern void NetFreeAadJoinInformation( 91 | IntPtr pJoinInfo); 92 | 93 | [DllImport("netapi32.dll", CharSet=CharSet.Unicode, SetLastError=true)] 94 | public static extern int NetGetAadJoinInformation( 95 | string pcszTenantId, 96 | out IntPtr ppJoinInfo); 97 | } 98 | '@ 99 | 100 | $pcszTenantId = $null 101 | $ptrJoinInfo = [IntPtr]::Zero 102 | 103 | # https://docs.microsoft.com/en-us/windows/win32/api/lmjoin/nf-lmjoin-netgetaadjoininformation 104 | #[NetAPI32]::NetFreeAadJoinInformation([IntPtr]::Zero); 105 | $retValue = [NetAPI32]::NetGetAadJoinInformation($pcszTenantId, [ref]$ptrJoinInfo); 106 | 107 | # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d 108 | if ($retValue -eq 0) 109 | { 110 | # https://support.microsoft.com/en-us/help/2909958/exceptions-in-windows-powershell-other-dynamic-languages-and-dynamical 111 | 112 | $ptrJoinInfoObject = New-Object NetAPI32+DSREG_JOIN_INFO 113 | $joinInfo = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ptrJoinInfo, [System.Type] $ptrJoinInfoObject.GetType()) 114 | $joinInfo | fl 115 | 116 | $ptrUserInfo = $joinInfo.pUserInfo 117 | $ptrUserInfoObject = New-Object NetAPI32+DSREG_USER_INFO 118 | $userInfo = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ptrUserInfo, [System.Type] $ptrUserInfoObject.GetType()) 119 | $userInfo | fl 120 | 121 | Write-Host "Device is $([NetAPI32+DSREG_JOIN_TYPE]($joinInfo.joinType))" 122 | switch ($joinInfo.joinType) 123 | { 124 | ([NetAPI32+DSREG_JOIN_TYPE]::DSREG_DEVICE_JOIN.value__) { Write-Host "Device is joined" } 125 | ([NetAPI32+DSREG_JOIN_TYPE]::DSREG_UNKNOWN_JOIN.value__) { Write-Host "Device is not joined, or unknown type" } 126 | ([NetAPI32+DSREG_JOIN_TYPE]::DSREG_WORKPLACE_JOIN.value__) { Write-Host "Device workplace joined" } 127 | } 128 | 129 | $ptrJoinCertificate = $joinInfo.pJoinCertificate 130 | $ptrJoinCertificateObject = New-Object NetAPI32+CERT_CONTEX 131 | $joinCertificate = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ptrJoinCertificate, [System.Type] $ptrJoinCertificateObject.GetType()) 132 | #$JoinCertificate | fl 133 | 134 | #Release pointers 135 | [System.Runtime.InterOpServices.Marshal]::Release($ptrJoinInfo) | Out-Null 136 | [System.Runtime.InterOpServices.Marshal]::Release($ptrUserInfo) | Out-Null 137 | [System.Runtime.InterOpServices.Marshal]::Release($ptrJoinCertificate) | Out-Null 138 | } 139 | else 140 | { 141 | Write-Host "Not Azure Joined" 142 | } 143 | -------------------------------------------------------------------------------- /Azure AD/Get-DeletableWindowsAadObjects.ps1: -------------------------------------------------------------------------------- 1 | 2 | Connect-AzureAD 3 | 4 | $allDevices = Get-AzureADDevice -All $true | Where-Object { $_.DeviceOSType -eq "Windows" } 5 | Write-Host "We found $($allDevices.Count) Windows devices that are connected to Azure AD" 6 | 7 | #All Hybrid Joined devices 8 | $allHybridDevices = $allDevices | Where-Object { $_.DeviceTrustType -eq "ServerAd" } 9 | Write-Host "We found $($allHybridDevices.Count) Windows devices that are Hybrid joined" -BackgroundColor Yellow 10 | 11 | #All Azure AD regged devices 12 | $allAadRegDevices = $allDevices | Where-Object { $_.DeviceTrustType -eq "Workplace" } 13 | Write-Host "We found $($allAadRegDevices.Count) Windows devices that are Azure AD registred" -BackgroundColor Yellow 14 | 15 | $dups = 0 16 | $deleteDevices = @{} 17 | foreach ($device in $allAadRegDevices) 18 | { 19 | #Check if the Azure AD registred name have a corresponding hybrid joined device as well 20 | #add more logic if neccessary... 21 | if ($device.DisplayName -in $allHybridDevices.DisplayName) 22 | { 23 | #Write-Host "Device found as Hybrid Joined and Azure AD device registred `t$($device.DisplayName) `t$($device.DeviceTrustType)`t$($device.ObjectId)" 24 | $hybrid = $allHybridDevices | Where-Object { $_.DisplayName -eq $device.DisplayName } 25 | 26 | #Only delete the object where the computer is Intune managed 27 | if ($hybrid.IsManaged -eq $true) 28 | { 29 | Write-Host "$($hybrid.DisplayName) `tfound as MDM managed and the corresponding Azure AD registred device may be removed = $($device.ObjectId)" 30 | $dups++ 31 | $deleteDevices.Add($device.ObjectId,$device.DisplayName) 32 | } 33 | } 34 | } 35 | 36 | if ($dups -eq $deleteDevices.Count) 37 | { 38 | Write-Host "Found $($dups) for subject to be removed" -BackgroundColor Yellow 39 | Write-Host 40 | 41 | foreach ($delete in $deleteDevices.GetEnumerator()) 42 | { 43 | $deldevice = Get-AzureADDevice -ObjectId $delete.Name 44 | Write-Host "Removing $($deldevice.ObjectId) $($deldevice.DisplayName)..." 45 | 46 | #Remove this comment to actually remove the objects 47 | #Remove-AzureADDevice -ObjectId $deldevice.ObjectId 48 | 49 | #remove the break if you want to delete all objects or only the first one in the hash list 50 | break 51 | } 52 | } 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /ConfigMgr/Detection method/Compare-OneDriveFileVersion.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows OneDrive ConfigMgr SCCM Configuration Manager PowerShell 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | 30 | #> 31 | 32 | <# 33 | .SYNOPSIS 34 | Use this for detection method for upgrading OneDrive for Business 35 | Check the version of OneDrive.exe towards a target version 36 | 37 | .DESCRIPTION 38 | This will check the file version of %localappdata%\Microsoft\OneDrive\OneDrive.exe 39 | If version is less than specified target version, return nothing, else return $true 40 | Will log to C:\Windows\Logs\OneDriveDetection.log 41 | Use this as an alterative to detection method in Microsoft deployment package 42 | URL: https://docs.microsoft.com/en-us/onedrive/deploy-on-windows 43 | 44 | .EXAMPLE 45 | 46 | #> 47 | $OneDriveTargetVersion = [Version]"18.091.0506" 48 | 49 | [String]$LogfileName = "OneDriveDetection" 50 | [String]$Logfile = "$env:SystemRoot\logs\$LogfileName.log" 51 | Function Write-Log 52 | { 53 | Param ([string]$logstring) 54 | If (Test-Path $Logfile) 55 | { 56 | If ((Get-Item $Logfile).Length -gt 2MB) 57 | { 58 | Rename-Item $Logfile $Logfile".bak" -Force 59 | } 60 | } 61 | $WriteLine = (Get-Date).ToString() + " " + $logstring 62 | Add-content $Logfile -value $WriteLine 63 | } 64 | 65 | $User = gwmi win32_computersystem -Property Username 66 | $UserName = $User.UserName 67 | $UserSplit = $User.UserName.Split("\") 68 | $OneDrive = "$env:SystemDrive\users\" + $UserSplit[1] +"\appdata\local\microsoft\onedrive\onedrive.exe" 69 | # Parameter to Log 70 | Write-Log "Start Script Execution" 71 | Write-Log "Logged on User: $UserName" 72 | Write-Log "Detection-String: $OneDrive" 73 | If(Test-Path $OneDrive) 74 | { 75 | Write-Log "Found DetectionFile" 76 | $OneDriveFile = Get-Item $OneDrive 77 | Write-Log "Get File Details" 78 | Write-Log "Version found:$($OneDriveFile.VersionInfo.FileVersion)" 79 | Write-Log "Script Exectuion End!" 80 | Write-Log "Comparing version to $($OneDriveTargetVersion)" 81 | $OneDriveVersion = [Version]$OneDriveFile.VersionInfo.FileVersion 82 | if ($OneDriveVersion -le $OneDriveTargetVersion) { 83 | Write-Log "Warning: Time to upgrade you are running $($OneDriveVersion) and you need higher than $($OneDriveTargetVersion)!" 84 | 85 | } else { 86 | Write-Log "You are runinng correct version, doing nothing" 87 | Write-Log "" 88 | Return $true 89 | 90 | } 91 | } 92 | Else 93 | { 94 | Write-Log "Warning: OneDrive.exe not found – need to install App!" 95 | 96 | } 97 | -------------------------------------------------------------------------------- /Deployment/MDT/Bulk Import Applications/ImportApplicationToMDT1.0.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | ######################################################################################### 3 | # This Sample Code is provided for the purpose of illustration only and is not 4 | # intended to be used in a production environment. 5 | # 6 | # WARNING: 7 | # YOU SHOULD NEVER RUN A SCRIPT IN PRODUCTION IF YOU AREN’T 100% CERTAIN OF WHAT IT 8 | # WILL DO. ALL SCRIPTS SHOULD BE THOROUGHLY UNDERSTOOD AND TESTED IN A NON-PRODUCTION 9 | # ENVIRONMENT PRIOR TO BEING USED IN PRODUCTION. THIS HELPS ENSURE THAT PRODUCTION 10 | # PROBLEMS DO NOT OCCUR AS A RESULT OF RUNNING SCRIPTS THAT HAVE NOT BEEN TESTED AND 11 | # VALIDATED BEFOREHAND. 12 | # 13 | # THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY 14 | # OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 15 | # WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. 16 | ######################################################################################### 17 | 18 | ################################################################################## 19 | # Script name: ImportApplicationToMDT.ps1 20 | # Created: 2017-09-12 21 | # Author: Mattias Fors 22 | # @MattiasFors 23 | # http://www.deploywindows.com 24 | # History: 25 | # 1.0 Created first version 26 | ################################################################################## 27 | 28 | #> 29 | 30 | $MDT_Install_Dir = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Deployment 4\" -Name "Install_Dir" -ErrorAction SilentlyContinue 31 | if ($MDT_Install_Dir -eq $null ) { 32 | Write-Host "Do you have MDT installed?" 33 | break 34 | } 35 | 36 | if (@($(Get-Module -Name "MicrosoftDeploymentToolkit")).Count -ge 1) { 37 | Write-Host "Module already loaded" 38 | } else { 39 | Import-Module "$($MDT_Install_Dir)\bin\MicrosoftDeploymentToolkit.psd1" 40 | } 41 | 42 | if (@($(Get-MDTPersistentDrive)).Count -ne 1){ 43 | Write-Host "Do not have support for more than one deployment share ATM..."; 44 | break; 45 | } 46 | # Get deployment share information and mount drive 47 | $MDT_DeployShare_Name = (Get-MDTPersistentDrive).Name 48 | $MDT_DeployShare_Path = (Get-MDTPersistentDrive).Path 49 | if (@($(Get-PSDrive -PSProvider MDTProvider -Name $MDT_DeployShare_Name -ErrorAction SilentlyContinue).Count -ge 1)) { 50 | Remove-PSDrive -Name $MDT_DeployShare_Name -PSProvider MDTProvider 51 | } 52 | New-PSDrive -Name $MDT_DeployShare_Name -PSProvider MDTProvider -Root $MDT_DeployShare_Path | Out-Null 53 | 54 | #Get-ChildItem -Path "DS001:\" 55 | #Get-Item "DS001:\Task Sequences\Test\Test 01" 56 | #Import-MDTApplication -Path "DS001:\Applications\Microsoft Visual C++" -enable "True" -Name "Microsoft Visual C++ 2005 x64" -ShortName "VS2005" -Version "1" -Publisher "Microsoft" -CommandLine "vcredist_x64.exe /qb /norestart" -WorkingDirectory ".\Applications\VS2005" -ApplicationSourcePath "C:\Downloads\VS2005" -DestinationFolder "VS2005" –Verbose 57 | #Import-MDTApplication -Path "DS001:\Applications\Microsoft Visual C++" -enable "True" -Name "Microsoft Visual C++ 2005 x86" -ShortName "VS2005" -Version "1" -Publisher "Microsoft" -CommandLine "vcredist_x86.exe" -WorkingDirectory ".\Applications\VS2005" -NoSource -Verbose 58 | 59 | $MDT_Applications_Path = "$($MDT_DeployShare_Name):\Applications" 60 | $Download_Path = "$($PSScriptRoot)\Downloads" 61 | $Download_File = "$($PSScriptRoot)\Download.xml" 62 | 63 | # Read download file, download necessary files and import applications in MDT 64 | [xml]$Data = Get-Content -Path $Download_File 65 | ForEach($DataRecord in $Data.Download.DownloadItem) 66 | { 67 | Write-Host "Download and import MDT application: $($DataRecord.FullName)" 68 | 69 | # Create folder in Applications node if needed 70 | if ($DataRecord.MDTFolderName -like $null) { 71 | $MDTFolderName = "$($MDT_Applications_Path)" 72 | } else { 73 | $MDTFolderName = "$($MDT_Applications_Path)\$($DataRecord.MDTFolderName)" 74 | New-Item -path "$($MDT_Applications_Path)" -enable "True" ` 75 | -Name "$($DataRecord.MDTFolderName)" -Comments "" -ItemType "folder" ` 76 | -ErrorAction SilentlyContinue 77 | } 78 | 79 | if ($DataRecord.Source -notlike $null) { 80 | # Application with source 81 | 82 | # Download the source files from HTTP/HTTPS 83 | New-Item -Path "$($Download_Path)\$($DataRecord.DestinationFolder)" ` 84 | -ItemType Directory -ErrorAction SilentlyContinue | Out-Null 85 | if ($DataRecord.Source -like "http*") { 86 | # If you need to encode an source use this command 87 | # [System.Web.HttpUtility]::UrlEncode("https://server/file?a=b&c=d") 88 | Start-BitsTransfer -Destination "$($Download_Path)\$($DataRecord.DestinationFolder)\$($DataRecord.DestinationFile)" ` 89 | -Source "$([System.Web.HttpUtility]::UrlDecode($DataRecord.Source))" -Description "Download $($DataRecord.FullName)" ` 90 | -ErrorAction Continue 91 | if ($DataRecord.CommandAfterDownload -notlike $null) { 92 | # If the downloaded file requires to be extracted before import, run these commands 93 | # https://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx#Invoke-Command_ICM 94 | $exe = "$($Download_Path)\$($DataRecord.DestinationFolder)\$($DataRecord.CommandAfterDownload)" 95 | $CommandLineSwitchesAfterDownload = $DataRecord.CommandLineSwitchesAfterDownload 96 | Start-Process -FilePath $exe -ArgumentList $CommandLineSwitchesAfterDownload ` 97 | -WorkingDirectory "$($Download_Path)\$($DataRecord.DestinationFolder)" ` 98 | -Wait -WindowStyle Normal 99 | } 100 | } elseif ((($DataRecord.Source).Substring(0,3) -in @((Get-PSDrive -PSProvider FileSystem).Root)) -or ($DataRecord.Source -like "\\*")) { 101 | # Local source 102 | if (Test-Path $DataRecord-Source) { 103 | Write-Host "This is not implemented yet" -ForegroundColor Yellow 104 | } else { 105 | Write-Host "Something wrong with the folder!" -ForegroundColor Red 106 | } 107 | } 108 | 109 | Import-MDTApplication -Path $MDTFolderName -Enable "True" -Name $DataRecord.FullName ` 110 | -ShortName $DataRecord.ShortName -Publisher $DataRecord.Publisher ` 111 | -CommandLine "$($DataRecord.Command) $($DataRecord.CommandLineSwitches)" ` 112 | -WorkingDirectory ".\Applications\$($DataRecord.DestinationFolder)" ` 113 | -ApplicationSourcePath "$($Download_Path)\$($DataRecord.DestinationFolder)" ` 114 | -Version $DataRecord.Version ` 115 | -DestinationFolder $DataRecord.DestinationFolder; 116 | } else { 117 | # Application without source 118 | Import-MDTApplication -enable "True" -path $MDTFolderName -Name $DataRecord.FullName ` 119 | -ShortName $DataRecord.ShortName -Version $DataRecord.Version -Publisher $DataRecord.Publisher ` 120 | -Language "" -CommandLine "$($DataRecord.Command) $($DataRecord.CommandLineSwitches)" ` 121 | -WorkingDirectory "$($DataRecord.DestinationFolder)" -NoSource; 122 | } 123 | 124 | } 125 | -------------------------------------------------------------------------------- /Deployment/MDT/Bulk Import Applications/ImportApplicationstoMDT1.0.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeployWindowsCom/DeployWindows-Scripts/f09bc35ff971680e9f1203bfd0f09299faf7f424/Deployment/MDT/Bulk Import Applications/ImportApplicationstoMDT1.0.zip -------------------------------------------------------------------------------- /Intune/Admx/Harmonie ADMX/Harmonie.admx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | true 19 | 20 | 21 | false 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /Intune/Admx/Harmonie ADMX/Harmonie.txt: -------------------------------------------------------------------------------- 1 | ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Harmonie/Policy/HarmonieAdmx01 2 | String 3 | Content from admx 4 | 5 | ./Device/Vendor/MSFT/Policy/Config/Harmonie~Policy~harmonie/UseWindowsCredentialsForBrowserAuthentication 6 | String 7 | -------------------------------------------------------------------------------- /Intune/Admx/Harmonie ADMX/en-US/Harmonie.adml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Mainsoft Harmon.ie 4 | enter description here 5 | 6 | 7 | Harmonie 8 | Use Windows Credentials For Browser Authentication 9 | Use Windows Credentials For Browser Authentication. 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /Intune/Admx/Office ADMX/OfficeCustomizations.admx: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /Intune/Admx/Office ADMX/en-us/OfficeCustomizations.adml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Office Customizations 5 | Various group policy settings for unmanaged Microsoft Office settings. Build for version 15 and 16. 6 | 7 | 8 | 9 | Office 15 Customizations 10 | Office 16 Customizations 11 | 12 | 13 | Disable Office 15.0 default file type 14 | Enable this setting to hide the question for Default File type. 15 | This automatically choose Office Open XML-format instead of OpenDocument-format 16 | 17 | Disable Office First Run on application boot 18 | This policy setting determines whether the Office First Run comes up on first application boot if not previously viewed.If you enable this policy setting, the Office First Run does not run on first application boot.If you disable or do not configure this policy setting, the Office First Run about signing-in to Office comes up on first application boot if not previously viewed. 19 | 20 | Disable First Run Movie 21 | This policy setting determines whether a video about signing-in to Office is played when Office first runs.If you enable this policy setting, the video does not run during Office First Run.If you disable or do not configure this policy setting, a video about signing-in to Office plays when Office first runs. 22 | 23 | Disable Opt-in Wizard on first run 24 | This policy setting controls whether users see the Opt-in Wizard the first time they run a Microsoft Office 2013 application. If you enable this policy setting, the Opt-in Wizard does not display the first time users run an Office 2013 application. If you disable or do not configure this policy setting, the Opt-in Wizard displays the first time users run a Microsoft Office 2013 application, which allows them to opt into Internet--based services that will help improve their Office experience, such as Microsoft Update, the Customer Experience Improvement Program, Office Diagnostics, and Online Help. 25 | 26 | Improve Proofing Tools 27 | This policy setting controls whether the Help Improve Proofing Tools feature sends usage data to Microsoft. The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. If you enable this policy setting, this feature is enabled if users choose to participate in the Customer Experience Improvement Program (CEIP). If your organization has policies that govern the use of external resources such as the CEIP, allowing the use of the Help Improve Proofing Tools feature might cause them to violate these policies. If you disable this policy setting, the Help Improve Proofing Tools feature does not collect proofing tool usage information and transmit it to Microsoft. If you do not configure this policy setting, the behavior is the equivalent of setting the policy to "Enabled". 28 | 29 | Enable Customer Experience Improvement Program 30 | This policy setting controls whether users can participate in the Microsoft Office Customer Experience Improvement Program to help improve Microsoft Office. When users choose to participate in the Customer Experience Improvement Program (CEIP), Office 2013 applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often. This feature does not collect users' names, addresses, or any other identifying information except the IP address that is used to send the data. If you enable this policy setting, users have the opportunity to opt into participation in the CEIP the first time they run an Office application. If your organization has policies that govern the use of external resources such as the CEIP, allowing users to opt in to the program might cause them to violate these policies. If you disable this policy setting, Office 2013 users cannot participate in the Customer Experience Improvement Program. If you do not configure this policy setting, the behavior is the equivalent of setting the policy to "Enabled". 31 | 32 | 33 | 34 | 35 | Disable Office 16.0 default file type 36 | Enable this setting to hide the question for Default File type. 37 | This automatically choose Office Open XML-format instead of OpenDocument-format 38 | 39 | Disable Office First Run on application boot 40 | This policy setting determines whether the Office First Run comes up on first application boot if not previously viewed.If you enable this policy setting, the Office First Run does not run on first application boot.If you disable or do not configure this policy setting, the Office First Run about signing-in to Office comes up on first application boot if not previously viewed. 41 | 42 | Disable First Run Movie 43 | This policy setting determines whether a video about signing-in to Office is played when Office first runs.If you enable this policy setting, the video does not run during Office First Run.If you disable or do not configure this policy setting, a video about signing-in to Office plays when Office first runs. 44 | 45 | Disable Opt-in Wizard on first run 46 | This policy setting controls whether users see the Opt-in Wizard the first time they run a Microsoft Office 2016 application. If you enable this policy setting, the Opt-in Wizard does not display the first time users run an Office 2016 application. If you disable or do not configure this policy setting, the Opt-in Wizard displays the first time users run a Microsoft Office 2016 application, which allows them to opt into Internet--based services that will help improve their Office experience, such as Microsoft Update, the Customer Experience Improvement Program, Office Diagnostics, and Online Help. 47 | 48 | Improve Proofing Tools 49 | This policy setting controls whether the Help Improve Proofing Tools feature sends usage data to Microsoft. The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. If you enable this policy setting, this feature is enabled if users choose to participate in the Customer Experience Improvement Program (CEIP). If your organization has policies that govern the use of external resources such as the CEIP, allowing the use of the Help Improve Proofing Tools feature might cause them to violate these policies. If you disable this policy setting, the Help Improve Proofing Tools feature does not collect proofing tool usage information and transmit it to Microsoft. If you do not configure this policy setting, the behavior is the equivalent of setting the policy to "Enabled". 50 | 51 | Enable Customer Experience Improvement Program 52 | This policy setting controls whether users can participate in the Microsoft Office Customer Experience Improvement Program to help improve Microsoft Office. When users choose to participate in the Customer Experience Improvement Program (CEIP), Office 2016 applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often. This feature does not collect users' names, addresses, or any other identifying information except the IP address that is used to send the data. If you enable this policy setting, users have the opportunity to opt into participation in the CEIP the first time they run an Office application. If your organization has policies that govern the use of external resources such as the CEIP, allowing users to opt in to the program might cause them to violate these policies. If you disable this policy setting, Office 2016 users cannot participate in the Customer Experience Improvement Program. If you do not configure this policy setting, the behavior is the equivalent of setting the policy to "Enabled". 53 | 54 | 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /Intune/Admx/Windows ADMX/WindowsCustomizations.admx: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /Intune/Admx/Windows ADMX/WindowsCustomizations.txt: -------------------------------------------------------------------------------- 1 | ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Windows/Policy/WindowsCustomizationsAdmx 2 | String 3 | content from admx 4 | 5 | ./Device/Vendor/MSFT/Policy/Config/Windows~Policy~C_Edge/DisableEdgeDesktopShortcutCreation 6 | String 7 | -------------------------------------------------------------------------------- /Intune/Admx/Windows ADMX/en-us/WindowsCustomizations.adml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Microsoft Edge Customizations 5 | Various group policy settings for unmanaged Microsoft Edge settings 6 | 7 | 8 | 9 | Microsoft Edge Customizations 10 | 11 | 12 | Prevent Edge Desktop Shortcut creation 13 | Enable this setting to prevent Edge shortcut on desktop 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /Intune/Apps/HPIA/Install-HPIA.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | # This will install HPIA from the current folder and creates a shortcut on the start menu 4 | # Download HPIA and place the file in the same folder 5 | # https://ftp.hp.com/pub/caps-softpaq/cmit/HPIA.html 6 | # https://ftp.hp.com/pub/softpaq/sp107001-107500/sp107374.exe 7 | # 8 | #.EXAMPLE 9 | # 10 | #.NOTES 11 | # 12 | #Version 13 | # 1.0 First release 14 | # 15 | ############################## 16 | #Author 17 | #@MattiasFors 18 | #https://deploywindows.com 19 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 20 | ############################## 21 | 22 | #Init variables 23 | $TargetDir = "$($env:WinDir)\Temp\HPIA" 24 | 25 | #Extract the files 26 | $exe = "sp107374.exe" 27 | $exeParams = "/s /e /f `"$($TargetDir)\App`"" 28 | Start-Process -FilePath $exe -ArgumentList $exeParams -Wait -WindowStyle Hidden 29 | 30 | # Create the Shortcut 31 | $TargetFile = "$($TargetDir)\App\HPImageAssistant.exe" 32 | $ShortcutFile = "$($env:ALLUSERSPROFILE)\Microsoft\Windows\Start Menu\Programs\HP Image Assistant.lnk" 33 | $WScriptShell = New-Object -ComObject WScript.Shell 34 | $Shortcut = $WScriptShell.CreateShortcut($ShortcutFile) 35 | $Shortcut.TargetPath = $TargetFile 36 | $shortcut.Arguments = "/SoftPaqDownloadFolder:$($TargetDir)\SoftPaq /ReportFolder:$($TargetDir)" 37 | $shortcut.RelativePath = $($TargetDir) 38 | $Shortcut.Save() 39 | -------------------------------------------------------------------------------- /Intune/Apps/HPIA/ReadMe.txt: -------------------------------------------------------------------------------- 1 | Download HPIA 2 | https://ftp.hp.com/pub/softpaq/sp107001-107500/sp107374.exe 3 | Save the file in the same folder 4 | Repackage the application as Intune Win32 app 5 | 6 | Use these install commands 7 | powershell.exe -NoLogo -ExecutionPolicy Bypass -File .\Install-HPIA.ps1 8 | powershell.exe -NoLogo -ExecutionPolicy Bypass -File .\Uninstall-HPIA.ps1 -------------------------------------------------------------------------------- /Intune/Apps/HPIA/Uninstall-HPIA.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | # This will uninstall HPIA from the specified folder and removes the shortcut on the start menu 4 | # 5 | #.EXAMPLE 6 | # 7 | #.NOTES 8 | # 9 | #Version 10 | # 1.0 First release 11 | # 12 | ############################## 13 | #Author 14 | #@MattiasFors 15 | #https://deploywindows.com 16 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 17 | ############################## 18 | 19 | #Init variables 20 | $TargetDir = "$($env:WinDir)\Temp\HPIA" 21 | $ShortcutFile = "$($env:ALLUSERSPROFILE)\Microsoft\Windows\Start Menu\Programs\HP Image Assistant.lnk" 22 | 23 | Remove-Item -Recurse -Path $TargetDir 24 | Remove-Item -Path $ShortcutFile 25 | -------------------------------------------------------------------------------- /Intune/Apps/Intune Force Full Sync/App install.txt: -------------------------------------------------------------------------------- 1 | Note! 2 | ONLY publish this app as available, NEVER ever publish as required installation 3 | 4 | Name 5 | Force a full Intune synchronization 6 | 7 | Install command 8 | powershell.exe -noprofile -executionpolicy bypass -file .\Start-FullSync.ps1 9 | 10 | Uninstall command (does not do anything) 11 | %comspec% /c 12 | 13 | Detection 14 | Use a custom detection script 15 | Run-Detection.ps1 -------------------------------------------------------------------------------- /Intune/Apps/Intune Force Full Sync/Run-Detection.ps1: -------------------------------------------------------------------------------- 1 | 2 | #Checks if any event occured the last 3 minutes 3 | #Exit with 0 if there is more than 1 event 4 | 5 | $Date = (Get-Date).AddMinutes(-3) 6 | if ((Get-WinEvent -FilterHashtable @{ LogName='Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin'; StartTime=$Date; Id='208' }).Count -ge 1) { 7 | Write-Host "0" 8 | Exit 0 9 | } else { 10 | write-host "1" 11 | Exit 1 12 | } 13 | -------------------------------------------------------------------------------- /Intune/Apps/Intune Force Full Sync/Start-FullSync.intunewin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeployWindowsCom/DeployWindows-Scripts/f09bc35ff971680e9f1203bfd0f09299faf7f424/Intune/Apps/Intune Force Full Sync/Start-FullSync.intunewin -------------------------------------------------------------------------------- /Intune/Apps/Intune Force Full Sync/Start-FullSync.ps1: -------------------------------------------------------------------------------- 1 | 2 | Start-Transcript -Path "$($env:Temp)\ForceSync.log" -Force 3 | 4 | Write-Output "Trigger Intune full sync Scheduled task" 5 | Get-ScheduledTask -TaskName "Schedule #3 created by enrollment client" | Start-ScheduledTask 6 | 7 | Write-Output "Trigger full sync of IME, Intune Management Extension" 8 | $Shell = New-Object -ComObject Shell.Application 9 | $Shell.open("intunemanagementextension://syncapp") 10 | 11 | Write-Output "Sleep for a while, might take a small while until it logs the sync event" 12 | Start-Sleep -Seconds 90 13 | 14 | Stop-Transcript 15 | 16 | Write-Host "Always exit successfully" 17 | Exit 0 18 | -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-RestrictDriverInstallationToAdministrators/App Info.txt: -------------------------------------------------------------------------------- 1 | Name 2 | Pre-Req for printer installation from printserver 3 | 4 | 5 | Settings 6 | Install behaviour = System 7 | 8 | Install command 9 | PowerShell.exe -noprofile -WindowStyle Hidden -Executionpolicy bypass -file .\Install-RestrictDriverInstallationToAdministrators.ps1 10 | 11 | 12 | Uninstall command 13 | PowerShell.exe -noprofile -WindowStyle Hidden -Executionpolicy bypass -file .\UnInstall-RestrictDriverInstallationToAdministrators.ps1 14 | 15 | Detection 16 | Manually configure detection rules 17 | Detection rules 18 | Registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ 19 | RestrictDriverInstallationToAdministrators Integer comparision Equals 0 20 | 21 | Dependency 22 | Policy to restrict Point and Print settings 23 | 24 | -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-RestrictDriverInstallationToAdministrators/in/App info.txt: -------------------------------------------------------------------------------- 1 | App info 2 | 3 | Detect registry 4 | HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ 5 | RestrictDriverInstallationToAdministrators = 0 [DWORD] 6 | 7 | -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-RestrictDriverInstallationToAdministrators/in/Install-RestrictDriverInstallationToAdministrators.ps1: -------------------------------------------------------------------------------- 1 | #Version history 2 | # 0.1 MA First version 3 | 4 | $logFile = "$($env:temp)\MEM_Install-RestrictDriverInstallationToAdministrators.log" 5 | $message = "" 6 | $errorExitCode = 100 7 | 8 | 9 | # Add registry to allow standard users to install printers 10 | #HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ 11 | #RestrictDriverInstallationToAdministrators DWORD = 0 12 | $test = Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" -Name RestrictDriverInstallationToAdministrators -ErrorAction SilentlyContinue 13 | if ($test) { 14 | $message += "RestrictDriverInstallationToAdministrators already configured `n" 15 | $message | Out-File -FilePath $logFile 16 | $errorExitCode = 0 17 | } else { 18 | try { 19 | New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" -Force -ErrorAction Stop 20 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" -Name RestrictDriverInstallationToAdministrators -Value 0 -PropertyType DWORD -Force -ErrorAction Stop 21 | $message += "RestrictDriverInstallationToAdministrators configured`n" 22 | $message | Out-File -FilePath $logFile 23 | $errorExitCode = 0 24 | } catch { 25 | $message += "Error while adding RestrictDriverInstallationToAdministrators registry $($_.Exception.Message)`n" 26 | $message | Out-File -FilePath $logFile 27 | $errorExitCode = 200 28 | } 29 | } 30 | 31 | $message += "Exit with code $($errorExitCode)" 32 | Write-Host $message 33 | $message | Out-File -FilePath $logFile 34 | Exit $errorExitCode 35 | -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-RestrictDriverInstallationToAdministrators/in/UnInstall-RestrictDriverInstallationToAdministrators.ps1: -------------------------------------------------------------------------------- 1 | #Version history 2 | # 0.1 MA First version 3 | 4 | $logFile = "$($env:temp)\MEM_Install-RestrictDriverInstallationToAdministrators.log" 5 | $message = "" 6 | $errorExitCode = 100 7 | 8 | 9 | # Add registry to allow standard users to install printers 10 | #HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ 11 | #RestrictDriverInstallationToAdministrators DWORD = 0 12 | $test = Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" -Name RestrictDriverInstallationToAdministrators -ErrorAction SilentlyContinue 13 | if ($test) { 14 | try { 15 | $message += "RestrictDriverInstallationToAdministrators already configured removing..`n" 16 | $errorExitCode = 0 17 | Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" -Name RestrictDriverInstallationToAdministrators -Value 0 -PropertyType DWORD -Force -ErrorAction Stop 18 | } catch { 19 | $message += "Error while removing RestrictDriverInstallationToAdministrators registry $($_.Exception.Message)`n" 20 | $message | Out-File -FilePath $logFile 21 | $errorExitCode = 200 22 | } 23 | } else { 24 | $message += "RestrictDriverInstallationToAdministrators does not exist`n" 25 | $message | Out-File -FilePath $logFile 26 | $errorExitCode = 0 27 | } 28 | 29 | $message += "Exit with code $($errorExitCode)" 30 | Write-Host $message 31 | $message | Out-File -FilePath $logFile 32 | Exit $errorExitCode 33 | -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-RestrictDriverInstallationToAdministrators/package.bat: -------------------------------------------------------------------------------- 1 | 2 | cd "%~dp0" 3 | 4 | .\IntuneWinAppUtil.exe -c .\in -o .\out -s ADM-EKS04V04-Win10SkrivUt-Install.ps1 5 | 6 | pause -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-Skrivare TEST/App Info.txt: -------------------------------------------------------------------------------- 1 | Name 2 | Printer IntuneTEST 3 | 4 | Settings 5 | Install behaviour = User 6 | 7 | Install command 8 | PowerShell.exe -noprofile -WindowStyle Hidden -Executionpolicy bypass -file .\ADM-IntuneTest-Install.ps1 9 | 10 | 11 | Uninstall command 12 | PowerShell.exe -noprofile -WindowStyle Hidden -NonInteractive -executionpolicy bypass -file .\ADM-IntuneTest-Uninstall.ps1 13 | 14 | Detection 15 | Run script as 32-bit process on 64-bit clients = NonInteractive 16 | Custom Script 17 | ADM-IntuneTest-Detect.ps1 18 | 19 | Dependency 20 | There is a Dependency on a registry key RestrictDriverInstallationToAdministrators 21 | Policy to restrict Point and Print settings / From settings catalog 22 | Only use Package Point and print = Enabled 23 | Package Point and print - Approved servers = Enabled 24 | Enter fully qualified server names (Device) = printserver.domain.com 25 | Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers = Disabled 26 | 27 | -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-Skrivare TEST/in/ADM-IntuneTest-Detect.ps1: -------------------------------------------------------------------------------- 1 | #Version history 2 | # 0.1 MA First version 3 | 4 | #region Main script 5 | 6 | $Printer = "\\server01.domain.com\IntuneTest" 7 | $message = "" 8 | $errorExitCode = 0 9 | 10 | if (Get-Printer -Name $Printer) { 11 | # Printer is installed 12 | $message += "Printer installed`n" 13 | 14 | } else { 15 | $message += "Printer NOT installed`n" 16 | $errorExitCode = 100 17 | 18 | } 19 | 20 | Write-Host $message 21 | Exit $errorExitCode 22 | 23 | #endregion Main script -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-Skrivare TEST/in/ADM-IntuneTest-Install.ps1: -------------------------------------------------------------------------------- 1 | #Version history 2 | # 0.4 MA Added ErrorAction Stop for catch to work and log settings for PointAndPrinter 3 | # 0.6 MA Test logic updated with TcpTestSucceeded 4 | 5 | #region Main script 6 | 7 | $Printer = "\\server01.domain.com\IntuneTest" 8 | $message = "" 9 | $errorExitCode = 0 10 | $logFile = "$($env:temp)\MEM_Install-printer.log" 11 | 12 | # Checking if print server is possible to reach 13 | $test = (Test-NetConnection -ComputerName $($printer.split('\')[2]) -CommonTCPPort SMB) 14 | if ($test.TcpTestSucceeded -eq $true) { 15 | $message += "Successfull connection to print server $($printer.split('\')[2])`n" 16 | $message | Out-File -FilePath $logFile 17 | 18 | # Adding printer 19 | try { 20 | Add-Printer -ConnectionName $Printer -ErrorAction Stop 21 | $message += "Printer added, hold script for 5 min to validate successfull installation `n" 22 | $message | Out-File -FilePath $logFile 23 | 24 | #Wait for printer to get installed or 5 minutes (60*5 = 300 seconds = 30 sec * 10 counts) 25 | $count = 0 26 | do { 27 | $message += "Waiting for installation count $($count) `n" 28 | $message | Out-File -FilePath $logFile 29 | Start-Sleep -Seconds 30 30 | $count++ 31 | } until (((@(Get-Printer -Name $Printer -ErrorAction SilentlyContinue)).Count -ge 1) ` 32 | -or ($count -ge 10)) 33 | 34 | if ((@(Get-Printer -Name $Printer -ErrorAction SilentlyContinue)).Count -ge 1) { 35 | $message += "Printer is installed" 36 | $message | Out-File -FilePath $logFile 37 | $errorExitCode = 0 38 | 39 | } else { 40 | $message += "Printer is NOT installed" 41 | $message | Out-File -FilePath $logFile 42 | $errorExitCode = 200 43 | 44 | } 45 | } 46 | catch { 47 | $message += "Error during installing printer, permission? `nMessage`t $($_.Exception.Message)`nMessageId`t$($_.Exception.nMessageId)" 48 | $message += "HKLM\..\PointAndPrint: $(Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\' -ErrorAction SilentlyContinue)" 49 | $message += "HKCU\..\PointAndPrint: $(Get-ItemProperty 'HKCU:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\' -ErrorAction SilentlyContinue)" 50 | $message | Out-File -FilePath $logFile 51 | $errorExitCode = 300 52 | } 53 | 54 | } else { 55 | $message += "Failed connection to print server $($printer.split('\')[2])`n" 56 | $message | Out-File -FilePath $logFile 57 | $errorExitCode = 100 58 | 59 | } 60 | 61 | $message += "Exit with code $($errorExitCode)" 62 | Write-Host $message 63 | $message | Out-File -FilePath $logFile 64 | Exit $errorExitCode 65 | 66 | #endregion Main script -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-Skrivare TEST/in/ADM-IntuneTest-Uninstall.ps1: -------------------------------------------------------------------------------- 1 | #Version history 2 | # 0.2 MA Added ErrorAction Stop for catch to work 3 | 4 | #region Main script 5 | 6 | $Printer = "\\server01.domain.com\IntuneTest" 7 | $message = "" 8 | $errorExitCode = 0 9 | 10 | # Adding printer 11 | try { 12 | Remove-Printer -ConnectionName $Printer -ErrorAction Stop 13 | $message += "Printer removed `n" 14 | $errorExitCode = 0 15 | } 16 | catch { 17 | $message += "Error during removing printer $($_.Exception.Message)`n" 18 | $errorExitCode = 100 19 | } 20 | 21 | Write-Host $message 22 | Exit $errorExitCode 23 | 24 | #endregion Main script -------------------------------------------------------------------------------- /Intune/Apps/Printer/ADM-Skrivare TEST/package.bat: -------------------------------------------------------------------------------- 1 | 2 | cd "%~dp0" 3 | 4 | .\IntuneWinAppUtil.exe -c .\in -o .\out -s ADM-IntuneTest-Install.ps1 5 | 6 | pause -------------------------------------------------------------------------------- /Intune/Autopilot/Autopilot Branding Kit/App install.txt: -------------------------------------------------------------------------------- 1 | 2 | Name 3 | Autopilot branding 4 | PowerShell script, configuration.xml, Associations.xml 5 | 6 | Install command 7 | powershell.exe -noprofile -executionpolicy bypass -file .\AutopilotBranding.ps1 8 | 9 | Uninstall command (does not do anything) 10 | %comspec% /c 11 | 12 | Detection 13 | Registry 14 | HKLM\SOFTWARE\AutopilotBranding 15 | Version 16 | 1 # equal 17 | # CHECK VERSION IN CONFIGURATION.xml 18 | -------------------------------------------------------------------------------- /Intune/Autopilot/Autopilot Branding Kit/AutopilotBranding.ps1: -------------------------------------------------------------------------------- 1 | #region Restart into 64-bit 2 | $Is64Bit = [System.Environment]::Is64BitProcess; 3 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 4 | 5 | if (($Is64OS) -and (-not $Is64Bit)) { 6 | # Running AMD64 but no AMD64 Process, Restart script 7 | $Invocation = $PSCommandPath 8 | if ($null -eq $Invocation) { return } 9 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 10 | $Ret = Start-Process "$SysNativePath\powershell.exe" -ArgumentList "-ex ByPass -file `"$Invocation`" " -WindowStyle normal -PassThru -Wait 11 | $Ret.WaitForExit() 12 | Write-Error -Message "Exit with errors" 13 | Exit $Ret.ExitCode; 14 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 15 | #Running x86 and no AMD64 Process, Do not bother restarting 16 | } 17 | #endregion 18 | 19 | ############################################### 20 | # Main script starts here 21 | ############################################### 22 | 23 | 24 | #Set to TRUE to test the settings and what should have been changed 25 | # False will perform all changes 26 | $script:WhatIf = $false 27 | 28 | $installFolder = "$(Split-Path $($MyInvocation.MyCommand.Path) -Parent)\" 29 | $logfile = Join-Path -Path $env:TEMP -ChildPath "Log-AutopilotBranding.log" 30 | Add-Content -Path $logfile -Value "$(Get-Date): Script starting up" 31 | 32 | #Get all local user profiles 33 | $UserProfile = Get-ChildItem 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList' | ForEach-Object { $_.GetValue('ProfileImagePath') } 34 | 35 | #region Initialize: Load the Config.xml 36 | Add-Content -Path $logfile -Value "$(Get-Date): Install path: $($installFolder)" 37 | Add-Content -Path $logfile -Value "$(Get-Date): Loading configuration from file: $($installFolder)Configuration.xml" 38 | try { 39 | [Xml]$config = Get-Content "$($installFolder)Configuration.xml" 40 | } 41 | catch { 42 | Add-Content -Path $logfile -Value "$(Get-Date): configuration file cannot be loaded" 43 | } 44 | #endregion Initialize: Load the Config.xml 45 | 46 | #region Only run during OS setup 47 | if (($UserProfile -like '*defaultuser*') ){ 48 | 49 | #region Activity 1: Set time zone (if specified) 50 | if ($config.Branding.TimeZone) { 51 | if ($config.Branding.TimeZone.Id) { 52 | Add-Content -Path $logfile -Value "$(Get-Date): Set time zone: $($config.Branding.TimeZone.OuterXml)" 53 | if (-not $script:WhatIf) { Set-Timezone -Id $config.Branding.TimeZone.Id } 54 | } 55 | if ($config.Branding.TimeZone.SynchronizeTimeService) { 56 | if (($config.Branding.TimeZone.SynchronizeTimeService) -eq "true") { 57 | Add-Content -Path $logfile -Value "$(Get-Date): SynchronizeTimeService: $($config.Branding.TimeZone.SynchronizeTimeService)" 58 | if (-not $script:WhatIf) { 59 | Start-Service w32time 60 | Start-Process -FilePath "w32tm.exe" -ArgumentList @("/resync","/force") -NoNewWindow -Wait -PassThru 61 | } 62 | } else { 63 | Add-Content -Path $logfile -Value "$(Get-Date): SynchronizeTimeService: $($config.Branding.TimeZone.SynchronizeTimeService)" 64 | } 65 | } 66 | } 67 | #endregion Activity 1: Set time zone (if specified) 68 | 69 | #region Activity 2: Remove provisioned apps if exists 70 | if ($config.Branding.RemoveApps) { 71 | $apps = Get-AppxProvisionedPackage -online 72 | $config.Branding.RemoveApps.App | % { 73 | $current = $_ 74 | $apps | ? {$_.DisplayName -eq $current} | % { 75 | Add-Content -Path $logfile -Value "$(Get-Date): Remove provisioned app: $current" 76 | if (-not $script:WhatIf) { $_ | Remove-AppxProvisionedPackage -Online | Out-Null } 77 | } 78 | } 79 | } 80 | #endregion Activity 2: Remove provisioned apps if exists 81 | 82 | #region Activity 3: Add features 83 | if ($config.Branding.AddFeatures) { 84 | $config.Branding.AddFeatures.Feature | % { 85 | Add-Content -Path $logfile -Value "$(Get-Date): Add feature: $_" 86 | if (-not $script:WhatIf) { Add-WindowsCapability -Online -Name $_ } 87 | } 88 | } 89 | #endregion Activity 3: Add features 90 | 91 | #region Activity 4: Add registry hacks 92 | if ($config.Branding.AddRegistry) { 93 | foreach ($item in $config.Branding.AddRegistry.Item) { 94 | Add-Content -Path $logfile -Value "$(Get-Date): Add Registry: $($item.Description)" 95 | if (-not (Test-Path $item.RegistryPath -PathType Container)) { 96 | Add-Content -Path $logfile -Value "$(Get-Date): Add Registry: Create Path $($item.RegistryPath)" 97 | if (-not $script:WhatIf) { New-Item -Path $item.RegistryPath -Force | Out-Null } 98 | } 99 | $propertyType = $null 100 | switch ($item.RegistryType) { 101 | "REG_DWORD" { $propertyType = "DWORD" } 102 | "DWORD" { $propertyType = "DWORD" } 103 | "REG_SZ" { $propertyType = "String" } 104 | "String" { $propertyType = "String" } 105 | "REG_EXPAND_SZ" { $propertyType = "ExpandString" } 106 | "ExpandString" { $propertyType = "ExpandString" } 107 | "REG_BINARY" { $propertyType = "Binary" } 108 | "BINARY" { $propertyType = "String" } 109 | "REG_QWORD" { $propertyType = "Qword" } 110 | "QWORD" { $propertyType = "Qword" } 111 | "REG_MULTI_SZ" { $propertyType = "MultiString" } 112 | "MultiString" { $propertyType = "MultiString" } 113 | Default { Add-Content -Path $logfile -Value "$(Get-Date): Add Registry: Unknown registry type $($item.RegistryType)" } 114 | } 115 | if ($propertyType) { 116 | Add-Content -Path $logfile -Value "$(Get-Date): Add Registry: Creating registry item ($($item.RegistryPath)\$($item.RegistryName)[$($propertyType)]=$($item.RegistryData))" 117 | if (-not $script:WhatIf) { New-ItemProperty -Path $item.RegistryPath -Name $item.RegistryName -Value $item.RegistryData -PropertyType $propertyType -Force | Out-Null } 118 | } 119 | } 120 | } 121 | #endregion Activity 4: Add registry hacks 122 | 123 | #region Activity 5: Add default associations 124 | # Export associations Dism.exe /online /export-defaultappassociations:C:\temp\CustomFileAssoc.xml 125 | # https://techcommunity.microsoft.com/t5/ask-the-performance-team/how-to-configure-file-associations-for-it-pros/ba-p/1313151 126 | if ($config.Branding.DefaultApps) { 127 | Add-Content -Path $logfile -Value "$(Get-Date): Set DefaultApps: Associations file $($config.Branding.DefaultApps.File)" 128 | if (-not $script:WhatIf) { & Dism.exe /Online /Import-DefaultAppAssociations:`"$($installFolder)$($config.Branding.DefaultApps.File)`" } 129 | } 130 | #endregion Activity 5: Add features 131 | 132 | #region Activity 6: Upgrade OneDrive and change to pre-system installation 133 | # if the installed version is less than downloaded version, it will initialize an upgrade 134 | # Release info https://support.office.com/en-us/article/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0 135 | if ($config.Branding.OneDriveSetup) { 136 | switch ($config.Branding.OneDriveSetup.Install) 137 | { 138 | "production" { $DownloadPath = $config.Branding.OneDriveSetup.Production } 139 | "deferred" { $DownloadPath = $config.Branding.OneDriveSetup.Deferred } 140 | Default { $DownloadPath = $config.Branding.OneDriveSetup.Production } 141 | } 142 | Add-Content -Path $logfile -Value "$(Get-Date): OneDrive setup: Starting download latest OneDrive client $($DownloadPath)" 143 | Invoke-WebRequest -Uri $($DownloadPath) -OutFile (Join-Path "$($env:TEMP)" "OneDriveSetup.exe") 144 | $OneDriveSetup = (Join-Path "$($env:TEMP)" "OneDriveSetup.exe") 145 | Add-Content -Path $logfile -Value "$(Get-Date): OneDrive setup: Time to upgrade OneDrive $($OneDriveSetup) /allusers" 146 | if (-not $script:WhatIf) { 147 | $proc = Start-Process -FilePath $OneDriveSetup -ArgumentList "/allusers" -NoNewWindow -Wait -PassThru 148 | do { Start-Sleep -Seconds 2 } until ( $proc.HasExited ) 149 | Add-Content -Path $logfile -Value "$(Get-Date): OneDrive setup Exit code: $($proc.ExitCode)" 150 | } 151 | } 152 | #endregion Activity 6: Add features 153 | 154 | } 155 | #endregion Only run during OS setup 156 | 157 | #region Post script: Tag Branding version in registry 158 | if ($config.Branding.BrandingVersion) { 159 | Add-Content -Path $logfile -Value "$(Get-Date): Post script: Tattoo version in registry $($config.Branding.BrandingPath)\$($config.Branding.BrandingName)=$($config.Branding.BrandingVersion)" 160 | if (-not (Test-Path $config.Branding.BrandingPath -PathType Container)) { 161 | Add-Content -Path $logfile -Value "$(Get-Date): Post script: Create Path $($config.Branding.BrandingPath)" 162 | if (-not $script:WhatIf) { New-Item -Path $config.Branding.BrandingPath -Force | Out-Null } 163 | } 164 | Add-Content -Path $logfile -Value "$(Get-Date): Post script: Creating registry item" 165 | if (-not $script:WhatIf) { New-ItemProperty -Path $config.Branding.BrandingPath -Name $config.Branding.BrandingName -Value $config.Branding.BrandingVersion -PropertyType "string" -Force | Out-Null } 166 | } 167 | #endregion Post script: Tag Branding version in registry 168 | 169 | 170 | Write-Host "Script ending.." 171 | exit 0 172 | -------------------------------------------------------------------------------- /Intune/Autopilot/Autopilot Branding Kit/configuration.xml: -------------------------------------------------------------------------------- 1 | 2 | HKLM:\SOFTWARE\AutopilotBranding 3 | Version 4 | 1 5 | 6 | 9 | 10 | 11 | 12 | True 13 | 14 | 15 | Microsoft.SkypeApp 16 | MicrosoftTeams 17 | 18 | 19 | 20 | 21 | 22 | 25 | 26 | 27 | Block Edge from creating shortcut on desktop 28 | HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer 29 | DisableEdgeDesktopShortcutCreation 30 | REG_DWORD 31 | 1 32 | 33 | 34 | Set registered user and organization 1/2 35 | HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion 36 | RegisteredOwner 37 | REG_SZ 38 | Sanoma User 39 | 40 | 41 | Set registered user and organization 2/2 42 | HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion 43 | RegisteredOrganization 44 | REG_SZ 45 | Sanoma 46 | 47 | 48 | Disable network location fly-out 49 | HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff 50 | 51 | 52 | 53 | 54 | 55 | 56 | 59 | 60 | 61 | Production 62 | https://go.microsoft.com/fwlink/?linkid=844652 63 | https://go.microsoft.com/fwlink/?linkid=860987 64 | 65 | -------------------------------------------------------------------------------- /Intune/Autopilot/Import from CSV/import.csv: -------------------------------------------------------------------------------- 1 | Device Serial Number,Windows Product ID,Hardware Hash,Group Tag 2 | 4392-0047-4824-7941-2337-4721-31,,T0FuAgEAHAAAAAoAAQBjR,Testing import 3 | -------------------------------------------------------------------------------- /Intune/Autopilot/Import from CSV/importcsv.ps1: -------------------------------------------------------------------------------- 1 | 2 | $devices = @(Import-Csv -Path .\import.csv -Delimiter ",") 3 | 4 | 5 | Write-Host "We found $($devices.Count) devices (more than 500 is not supported)" 6 | if ($devices.count -gt 500) { Exit -1 } 7 | Write-Host 8 | 9 | 10 | # Connect to Microsoft Graph 11 | Write-Progress -Activity "Connecting to Microsoft Graph" -Status "Connect to Microsoft Graph" 12 | try { 13 | Connect-MSGraph | Out-Null 14 | } catch 15 | { 16 | Write-Host "Not successfully connected to Microsoft Graph" -Background Red 17 | Write-Host 18 | break 19 | } 20 | Write-Host "Connected to Microsoft Graph" 21 | Write-Host 22 | 23 | 24 | foreach ($device in $devices) { 25 | if ($device.OrderId) 26 | { 27 | Write-Host "Order ID is set, please change to Group Tag" -BackgroundColor Red 28 | Exit -1 29 | } 30 | 31 | if ($device.'Group Tag') 32 | { 33 | $script:groupTag = $device.'Group Tag' 34 | } 35 | else 36 | { 37 | Write-Host "Group tag is empty for $($device.'Device Serial Number')" -BackgroundColor Yellow 38 | $script:groupTag = "" 39 | } 40 | 41 | if ($device.'Device Serial Number') 42 | { 43 | $script:serialNumber = $device.'Device Serial Number' 44 | } 45 | else { 46 | Write-Host "Device Serial number is empty, exiting" -BackgroundColor Red 47 | Break 48 | } 49 | 50 | if ($device.'Hardware Hash') 51 | { 52 | $script:deviceHardwareData = $device.'Hardware Hash' 53 | } 54 | else { 55 | Write-Host "Hardware hash is empty, exiting" -BackgroundColor Red 56 | Break 57 | } 58 | 59 | $script:productKey = "" 60 | 61 | $script:jsonContent = @{ 62 | "@odata.type" = "#microsoft.graph.importedWindowsAutopilotDeviceIdentity" 63 | "orderIdentifier" = "$($script:groupTag)" 64 | "serialNumber" = "$($script:serialNumber)" 65 | "productKey" = "$($script:productKey)" 66 | "hardwareIdentifier" = "$($script:deviceHardwareData)" 67 | "state" = @{ 68 | "@odata.type" = "microsoft.graph.importedWindowsAutopilotDeviceIdentityState" 69 | "deviceImportStatus" = "pending" 70 | "deviceRegistrationId" = "" 71 | "deviceErrorCode" = 0 72 | "deviceErrorName" = "" 73 | } 74 | } 75 | 76 | Write-Host "importing $($script:serialNumber)" 77 | 78 | # Import the device 79 | $script:autopilotDevice = Invoke-MSGraphRequest -Url "https://graph.microsoft.com/beta/deviceManagement/importedWindowsAutopilotDeviceIdentities" -Content $script:jsonContent -HttpMethod POST 80 | 81 | $script:autopilotDevice 82 | } 83 | 84 | 85 | 86 | 87 | -------------------------------------------------------------------------------- /Intune/Browser/Manage-InternetExplorer Deprecated.ps1: -------------------------------------------------------------------------------- 1 | ######################################################################################### 2 | # This Sample Code is provided for the purpose of illustration only and is not 3 | # intended to be used in a production environment. 4 | # 5 | # WARNING: 6 | # YOU SHOULD NEVER RUN A SCRIPT IN PRODUCTION IF YOU AREN’T 100% CERTAIN OF WHAT IT 7 | # WILL DO. ALL SCRIPTS SHOULD BE THOROUGHLY UNDERSTOOD AND TESTED IN A NON-PRODUCTION 8 | # ENVIRONMENT PRIOR TO BEING USED IN PRODUCTION. THIS HELPS ENSURE THAT PRODUCTION 9 | # PROBLEMS DO NOT OCCUR AS A RESULT OF RUNNING SCRIPTS THAT HAVE NOT BEEN TESTED AND 10 | # VALIDATED BEFOREHAND. 11 | # 12 | # THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY 13 | # OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 14 | # WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. 15 | ######################################################################################### 16 | <# 17 | .SYNOPSIS 18 | This PowerShell script will update settings in Internet Explorer. 19 | .DESCRIPTION 20 | Support for 21 | * Zone mapped sites, i.e Trusted Sites 22 | * Clean trusted sites 23 | * Automatically do not require HTTPS URL if HTTP URL is in zone map 24 | * Start page 25 | .EXAMPLE 26 | .NOTES 27 | Tested on: Windows 10 1703 28 | 29 | Source: 30 | http://DeployWindows.info 31 | Twitter: @MattiasFors 32 | 33 | Version: 34 | 1.0.0 Created 35 | 36 | #> 37 | 38 | # Do all configuration here 39 | $CleanTrustedSites = $false # True if clean zone list 40 | $HTTPSTrustedSites = "microsoft.com","deploywindows.info" 41 | $HTTPTrustedSites = "" 42 | 43 | $HomePageOverride = $true # Configure homepage even if already set 44 | $HomePageUrl = "https://www.deploywindows.info" 45 | 46 | $SetFirstRunWizardHomePage = $true # True to set first run wizard to Home page 47 | 48 | 49 | # Initialize key variables. Do not change if you know what you are doing 50 | $UserZoneMapPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" 51 | $DWord = 2 # Zone mapping: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone 52 | $UserZoneSettingsPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones" 53 | $UserMainPath = "HKCU:\Software\Microsoft\Internet Explorer\Main" 54 | 55 | #region Functions 56 | Function CreateKeyReg 57 | { 58 | Param 59 | ( 60 | [String]$KeyPath, 61 | [String]$Name 62 | ) 63 | 64 | If(Test-Path -Path $KeyPath) 65 | { 66 | Write-Verbose "Creating a new key '$Name' under $KeyPath." 67 | New-Item -Path "$KeyPath" -ItemType File -Name "$Name" ` 68 | -ErrorAction SilentlyContinue | Out-Null 69 | } 70 | Else 71 | { 72 | Write-Warning "The path '$KeyPath' not found." 73 | } 74 | } 75 | 76 | Function SetRegValue 77 | { 78 | Param 79 | ( 80 | [Boolean]$blnHTTP=$false, 81 | [String]$RegPath 82 | ) 83 | 84 | Try 85 | { 86 | If($blnHTTP) 87 | { 88 | Write-Verbose "Creating a Dword value named 'HTTP' and set the value to 2." 89 | Set-ItemProperty -Path $RegPath -Name "http" -Value $DWord -ErrorAction SilentlyContinue | Out-Null 90 | 91 | # If there is a HTTP URL, disable require HTTPS URLs (Hex 43 or Decimal 67) 92 | Write-Verbose "Disable Require server verification (https:) for all sites in this zone for the Zone." 93 | Set-ItemProperty -Path "$($UserZoneSettingsPath)\$($DWord)" -Name "Flags" -Value 67 -ErrorAction SilentlyContinue | Out-Null 94 | } 95 | Else 96 | { 97 | Write-Verbose "Creating a Dword value named 'HTTPS' and set the value to 2." 98 | Set-ItemProperty -Path $RegPath -Name "https" -Value $DWord ` 99 | -ErrorAction SilentlyContinue | Out-Null 100 | } 101 | } 102 | Catch 103 | { 104 | Write-Host "Failed to add trusted sites in Internet Explorer." -BackgroundColor Red 105 | } 106 | 107 | } 108 | 109 | Function AddHomePage 110 | { 111 | Param 112 | ( 113 | [Boolean]$Override=$false, 114 | [String]$URL 115 | ) 116 | 117 | if ($URL.Length -le 1) 118 | { 119 | Write-Verbose "Start Page seems invalid" 120 | } 121 | Else 122 | { 123 | If ($Override) 124 | { 125 | Set-ItemProperty -Path $UserMainPath -Name "Start Page" -Value $URL -Force -ErrorAction SilentlyContinue | Out-Null 126 | Write-Verbose "Start Page set to $($URL)." 127 | } 128 | Else 129 | { 130 | Write-Verbose "Do NOT override Start Page." 131 | } 132 | } 133 | } 134 | 135 | Function DisableFirstRunWizard 136 | { 137 | Param 138 | ( 139 | [Boolean]$Homepage=$true 140 | ) 141 | 142 | If ($Homepage) 143 | { 144 | Set-ItemProperty -Path $UserMainPath -Name "DisableFirstRunCustomize" -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null 145 | Write-Verbose "DisableFirstRunWizard set to 1, Start page." 146 | } 147 | Else 148 | { 149 | Set-ItemProperty -Path $UserMainPath -Name "DisableFirstRunCustomize" -Value 2 -Force -ErrorAction SilentlyContinue | Out-Null 150 | Write-Verbose "DisableFirstRunWizard set to 2, Welcome IE Page." 151 | } 152 | } 153 | 154 | 155 | Function AddTrustedSites 156 | { 157 | Param 158 | ( 159 | [Boolean]$HTTP=$false, 160 | [String[]]$TrustedSites 161 | ) 162 | 163 | If($TrustedSites) 164 | { 165 | #Adding trusted sites in the registry 166 | Foreach($TrustedSite in $TrustedSites) 167 | { 168 | If ($TrustedSite.Split(".").Count -eq 2) 169 | { 170 | #Settings the primary domain only 171 | If($HTTP) 172 | { 173 | CreateKeyReg -KeyPath $UserZoneMapPath -Name $TrustedSite 174 | SetRegValue -RegPath "$UserZoneMapPath\$TrustedSite" -blnHTTP $true -DWord $DWord 175 | Write-Host "Successfully added '$TrustedSite' domain to trusted Sites in Internet Explorer." 176 | } 177 | Else 178 | { 179 | CreateKeyReg -KeyPath $UserZoneMapPath -Name $TrustedSite 180 | SetRegValue -RegPath "$UserZoneMapPath\$TrustedSite" -blnHTTP $false -DWord $DWord 181 | Write-Host "Successfully added '$TrustedSite' domain to to trusted Sites in Internet Explorer." 182 | } 183 | } 184 | ElseIf ($TrustedSite.Split(".").Count -gt 2) 185 | { 186 | $PrimaryDomain = "$($TrustedSite.Split(".")[($TrustedSite.Split(".").Count-2)]).$($TrustedSite.Split(".")[($TrustedSite.Split(".").Count-1)])" 187 | Write-Host $TrustedSite $PrimaryDomain 188 | $SubDomain = $TrustedSite.Replace(".$($PrimaryDomain)","") 189 | #Settings with sub-domain 190 | If($HTTP) 191 | { 192 | CreateKeyReg -KeyPath $UserZoneMapPath -Name $PrimaryDomain 193 | CreateKeyReg -KeyPath "$UserZoneMapPath\$PrimaryDomain" -Name $SubDomain 194 | SetRegValue -RegPath "$UserZoneMapPath\$PrimaryDomain\$SubDomain" -blnHTTP $true -DWord $DWord 195 | Write-Host "Successfully added $SubDomain.$PrimaryDomain' domain to trusted Sites in Internet Explorer." 196 | } 197 | Else 198 | { 199 | CreateKeyReg -KeyPath $UserZoneMapPath -Name $PrimaryDomain 200 | CreateKeyReg -KeyPath "$UserZoneMapPath\$PrimaryDomain" -Name $SubDomain 201 | SetRegValue -RegPath "$UserZoneMapPath\$PrimaryDomain\$SubDomain" -blnHTTP $false -DWord $DWord 202 | Write-Host "Successfully added '$SubDomain.$PrimaryDomain' domain to trusted Sites in Internet Explorer." 203 | } 204 | } 205 | } 206 | } 207 | } 208 | #endregion Functions 209 | 210 | #region Main 211 | if ($CleanTrustedSites) 212 | { 213 | foreach ($Domain in Get-ChildItem "hkcu:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains") 214 | { 215 | Remove-Item -Path $Domain.PSPath -Recurse -Force 216 | Write-Host "Successfully cleaned $Domain.Name" 217 | } 218 | Write-Host "Zone cleaned." 219 | } 220 | 221 | AddTrustedSites -HTTP $false -TrustedSites $HTTPSTrustedSites 222 | AddTrustedSites -HTTP $true -TrustedSites $HTTPTrustedSites 223 | 224 | AddHomePage -URL $HomePageUrl -Override $HomePageOverride 225 | 226 | DisableFirstRunWizard -Homepage $SetFirstRunWizardHomePage 227 | #endregion Main -------------------------------------------------------------------------------- /Intune/Drivers/Check-DriverCrash.ps1: -------------------------------------------------------------------------------- 1 | 2 | $StartTime = (Get-Date).AddDays(-14) 3 | $appEvents = @(Get-WinEvent -ErrorAction SilentlyContinue -FilterHashtable @{Logname="System"; ProviderName="Display"; EventId="4101"; StartTime=$StartTime}) 4 | #$appEvents.Count 5 | 6 | $errorCount = 0 7 | foreach ($appEvent in $appEvents) { 8 | $errorCount++ 9 | } 10 | 11 | if ($errorCount -gt 0) 12 | { 13 | Write-Host "$($errorCount)`tCrashes for application found" -BackgroundColor Red 14 | # Exit $errorCount 15 | } 16 | else 17 | { 18 | Write-Host "No crasches found" 19 | # Exit 0 20 | } 21 | 22 | -------------------------------------------------------------------------------- /Intune/Functions/Focus-Window.ps1: -------------------------------------------------------------------------------- 1 | 2 | 3 | function Focus-Windows([string]$proc, [bool]$maximize) 4 | { 5 | #Credits to https://stackoverflow.com/questions/42566799/how-to-bring-focus-to-window-by-process-name 6 | 7 | [string] $adm 8 | 9 | Add-Type @" 10 | using System; 11 | using System.Runtime.InteropServices; 12 | public class WinAp { 13 | [DllImport("user32.dll")] 14 | [return: MarshalAs(UnmanagedType.Bool)] 15 | public static extern bool SetForegroundWindow(IntPtr hWnd); 16 | 17 | [DllImport("user32.dll")] 18 | [return: MarshalAs(UnmanagedType.Bool)] 19 | public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow); 20 | } 21 | "@ 22 | $p = Get-Process | Where {$_.mainWindowTitle} | 23 | Where {$_.Name -like "$proc"} 24 | if (($p -eq $null) -and ($adm -ne "")) { 25 | Start-Process "$proc" -Verb runAs 26 | } elseif (($p -eq $null) -and ($adm -eq "")) { 27 | Start-Process "$proc" 28 | } else { 29 | $h = $p.MainWindowHandle 30 | [void] [WinAp]::SetForegroundWindow($h) 31 | if ($maximize) 32 | { 33 | [void] [WinAp]::ShowWindow($h, 3) 34 | } else { 35 | [void] [WinAp]::ShowWindow($h, 1) 36 | } 37 | } 38 | 39 | } 40 | 41 | Focus-Windows "notepad" $false -------------------------------------------------------------------------------- /Intune/Functions/Template-Ballon.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | #Show Windows Toast/ballon for a logged on user 4 | # 5 | #.PARAMETER ToastTitle 6 | #Parameter Title of the toast 7 | # 8 | #.PARAMETER ToastText 9 | #Parameter Text for the toast 10 | # 11 | #.PARAMETER Image 12 | #Parameter Define image either http://, https:// or file:// 13 | # 14 | #.PARAMETER ToastDuration 15 | #Parameter Define how long the toast should stay, long or short, 10 or 4 seconds for alternative popup 16 | # 17 | #.EXAMPLE 18 | # ShowToast -Image "https://picsum.photos/150/150?image=1060" 19 | # -ToastTitle "Headline" -ToastText "Text" -ToastDuration short 20 | # ShowToast -ToastTitle "Headline" -ToastText "Text" -ToastDuration short 21 | # 22 | #.NOTES 23 | #It will modify the registry value ShowInActionCenter to 1 for PowerShell 24 | # Location HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID 25 | # 26 | #Version 27 | # 1.0 First release 28 | # 1.1 Fix for 64-bit OS 29 | # 30 | ############################## 31 | 32 | ############################## 33 | #Author 34 | #@MattiasFors 35 | #https://deploywindows.com 36 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 37 | ############################## 38 | 39 | #region Restart into 64-bit 40 | $Is64Bit = [System.Environment]::Is64BitProcess; 41 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 42 | 43 | if (($Is64OS) -and (-not $Is64Bit)) { 44 | # Running AMD64 but no AMD64 Process, Restart script 45 | $Invocation = $PSCommandPath 46 | if ($null -eq $Invocation) { return } 47 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 48 | $pinfo = New-Object System.Diagnostics.ProcessStartInfo 49 | $pinfo.FileName = "$SysNativePath\powershell.exe" 50 | $pinfo.RedirectStandardError = $true 51 | $pinfo.RedirectStandardOutput = $true 52 | $pinfo.UseShellExecute = $false 53 | $pinfo.WindowStyle = "hidden" 54 | $pinfo.Arguments = "-ex ByPass -file `"$Invocation`" " 55 | $proc = New-Object System.Diagnostics.Process 56 | $proc.StartInfo = $pinfo 57 | $proc.Start() | Out-Null 58 | $proc.WaitForExit() 59 | $StdErr = $proc.StandardError.ReadToEnd() 60 | $StdOut = $proc.StandardOutput.ReadToEnd() 61 | $ExitCode = $proc.ExitCode 62 | if ($StdErr) { Write-Error -Message "$($StdErr)" } 63 | Write-Host $ExitCode 64 | Exit $ExitCode 65 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 66 | #Running x86 and no AMD64 Process, Do not bother restarting 67 | } 68 | #endregion 69 | 70 | function ShowToast { 71 | param( 72 | [parameter(Mandatory=$true,Position=2)] 73 | [string] $ToastTitle, 74 | [parameter(Mandatory=$true,Position=3)] 75 | [string] $ToastText, 76 | [parameter(Position=1)] 77 | [string] $Image = $null, 78 | [parameter()] 79 | [ValidateSet('long','short')] 80 | [string] $ToastDuration = "long" 81 | ) 82 | # Toast overview: https://msdn.microsoft.com/en-us/library/windows/apps/hh779727.aspx 83 | # Toasts templates: https://msdn.microsoft.com/en-us/library/windows/apps/hh761494.aspx 84 | [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null 85 | 86 | # Define Toast template, w/wo image 87 | $ToastTemplate = [Windows.UI.Notifications.ToastTemplateType]::ToastImageAndText02 88 | if ($Image.Length -le 0) { $ToastTemplate = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 } 89 | 90 | # Download or define a local image. Toast images must have dimensions =< 1024x1024 size =< 200 KB 91 | if ($Image -match "http*") { 92 | [System.Reflection.Assembly]::LoadWithPartialName("System.web") | Out-Null 93 | $Image = [System.Web.HttpUtility]::UrlEncode($Image) 94 | $imglocal = "$($env:TEMP)\ToastImage.png" 95 | Start-BitsTransfer -Destination $imglocal -Source $([System.Web.HttpUtility]::UrlDecode($Image)) -ErrorAction Continue 96 | } else { $imglocal = $Image } 97 | 98 | # Define the toast template and create variable for XML manipulation 99 | # Customize the toast title, text, image and duration 100 | $toastXml = [xml] $([Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent(` 101 | $ToastTemplate)).GetXml() 102 | $toastXml.GetElementsByTagName("text")[0].AppendChild($toastXml.CreateTextNode($ToastTitle)) | Out-Null 103 | $toastXml.GetElementsByTagName("text")[1].AppendChild($toastXml.CreateTextNode($ToastText)) | Out-Null 104 | if ($Image.Length -ge 1) { $toastXml.GetElementsByTagName("image")[0].SetAttribute("src", $imglocal) } 105 | $toastXml.toast.SetAttribute("duration", $ToastDuration) 106 | 107 | # Convert back to WinRT type 108 | $xml = New-Object Windows.Data.Xml.Dom.XmlDocument; $xml.LoadXml($toastXml.OuterXml); 109 | $toast = [Windows.UI.Notifications.ToastNotification]::new($xml) 110 | 111 | # Get an unique AppId from start, and enable notification in registry 112 | if ([System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value.ToString() -eq "S-1-5-18") { 113 | # Popup alternative when running as system. https://msdn.microsoft.com/en-us/library/x83z1d9f(v=vs.84).aspx 114 | $wshell = New-Object -ComObject Wscript.Shell 115 | if ($ToastDuration -eq "long") { $return = $wshell.Popup($ToastText,10,$ToastTitle,0x100) } 116 | else { $return = $wshell.Popup($ToastText,4,$ToastTitle,0x100) } 117 | } else { 118 | $AppID = ((Get-StartApps -Name 'Windows Powershell') | Select -First 1).AppId 119 | New-Item "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID" -Force | Out-Null 120 | Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID" ` 121 | -Name "ShowInActionCenter" -Type Dword -Value "1" -Force | Out-Null 122 | # Create and show the toast, dont forget AppId 123 | [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppID).Show($Toast) 124 | } 125 | } 126 | 127 | # Example images from https://picsum.photos/ 128 | ShowToast -Image "https://picsum.photos/150/150?image=1060" -ToastTitle "Windows tweaked!" ` 129 | -ToastText "IT Support has deployed new settings for you! Please logout when possible" -ToastDuration short; 130 | 131 | ShowToast -ToastTitle "Windows tweaked!" ` 132 | -ToastText "IT Support has deployed new settings for you! Please logout when possible" -ToastDuration long; 133 | -------------------------------------------------------------------------------- /Intune/Functions/Template-RestartInto64bit with StdErr.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | # This will backup your BitLocker RecoveryPassword to Azure Active Directory 4 | # 5 | #.EXAMPLE 6 | # 7 | #.NOTES 8 | # 9 | #Version 10 | # 1.0 First release 11 | # 12 | ############################## 13 | #Author 14 | #@MattiasFors 15 | #https://deploywindows.com 16 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 17 | ############################## 18 | 19 | #region Restart into 64-bit 20 | $Is64Bit = [System.Environment]::Is64BitProcess; 21 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 22 | 23 | if (($Is64OS) -and (-not $Is64Bit)) { 24 | # Running AMD64 but no AMD64 Process, Restart script 25 | $Invocation = $PSCommandPath 26 | if ($null -eq $Invocation) { return } 27 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 28 | $pinfo = New-Object System.Diagnostics.ProcessStartInfo 29 | $pinfo.FileName = "$SysNativePath\powershell.exe" 30 | $pinfo.RedirectStandardError = $true 31 | $pinfo.RedirectStandardOutput = $true 32 | $pinfo.UseShellExecute = $false 33 | $pinfo.WindowStyle = "hidden" 34 | $pinfo.Arguments = "-ex ByPass -file `"$Invocation`" " 35 | $proc = New-Object System.Diagnostics.Process 36 | $proc.StartInfo = $pinfo 37 | $proc.Start() | Out-Null 38 | $proc.WaitForExit() 39 | $StdErr = $proc.StandardError.ReadToEnd() 40 | $StdOut = $proc.StandardOutput.ReadToEnd() 41 | $ExitCode = $proc.ExitCode 42 | if ($StdErr) { Write-Error -Message "$($StdErr)" } 43 | Write-Host $ExitCode 44 | Exit $ExitCode 45 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 46 | #Running x86 and no AMD64 Process, Do not bother restarting 47 | } 48 | #endregion 49 | 50 | #region Main script 51 | $ScriptName = $PSCommandPath.Split("\")[$PSCommandPath.Split("\").Count -1]; 52 | Start-Transcript -Path "$($env:TEMP)\$($ScriptName).log" -Force 53 | 54 | 55 | #put your content here and do some error handling 56 | $ErrorActionPreference = Stop; 57 | try { 58 | # Put some stuff here 59 | 60 | } catch { 61 | $ErrorMessage = $_.Exception.Message 62 | $ErrorCode = $_.Exception.ExitCode 63 | Write-Error "$($ErrorCode) with error $($ErrorMessage)" 64 | } 65 | 66 | 67 | Stop-Transcript 68 | #endregion Main script 69 | 70 | -------------------------------------------------------------------------------- /Intune/Functions/Template-RestartInto64bit.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | #This will restart your PowerShell script in 64-bit environment, on 64-bit OS only 4 | #Just paste this script at the top of your script 5 | #.EXAMPLE 6 | #N/A 7 | # 8 | #.NOTES 9 | # 10 | #Version 11 | # 1.0 First release 12 | # 13 | ############################## 14 | 15 | ############################## 16 | #Author 17 | #@MattiasFors 18 | #https://deploywindows.com 19 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 20 | ############################## 21 | 22 | #region Restart into 64-bit 23 | $Is64Bit = [System.Environment]::Is64BitProcess; 24 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 25 | 26 | if (($Is64OS) -and (-not $Is64Bit)) { 27 | # Running AMD64 but no AMD64 Process, Restart script 28 | $Invocation = $PSCommandPath 29 | if ($null -eq $Invocation) { return } 30 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 31 | $Ret = Start-Process "$SysNativePath\powershell.exe" -ArgumentList "-ex ByPass -file `"$Invocation`" " -WindowStyle normal -PassThru -Wait 32 | $Ret.WaitForExit() 33 | Write-Error -Message "Exit with error" 34 | Exit $Ret.ExitCode; 35 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 36 | #Running x86 and no AMD64 Process, Do not bother restarting 37 | } 38 | #endregion 39 | 40 | #region Main script here 41 | $ScriptName = $PSCommandPath.Split("\")[$PSCommandPath.Split("\").Count -1]; 42 | Start-Transcript -Path "$($env:TEMP)\$($ScriptName).log" -Force 43 | 44 | 45 | #Put your content here 46 | 47 | #exit with this if error 48 | Exit -1 49 | 50 | #try catch sample 51 | $ErrorActionPreference = Stop; 52 | try { 53 | # Put some stuff here 54 | 55 | } catch { 56 | $ErrorMessage = $_.Exception.Message 57 | $ErrorCode = $_.Exception.ExitCode 58 | Write-Error "$($ErrorCode) with error $($ErrorMessage)" 59 | } 60 | 61 | 62 | 63 | Stop-Transcript 64 | #endregion -------------------------------------------------------------------------------- /Intune/Network/Configure-WirelessNetworkConnections.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Alvbring 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .TAGS Windows Intune PowerShell Network Wireless NetworkCategory 12 | 13 | .RELEASENOTES 14 | Version 1.0: Original 15 | 16 | #> 17 | 18 | <# 19 | .SYNOPSIS 20 | Automatically sets networks to correct network category; private/public 21 | 22 | .DESCRIPTION 23 | This script will configure wireless network settings 24 | WIFI1 - Will set this network as Private if not already identified as DomainAuthenticated already 25 | WIFIGuest - Will set this network as Public and manual connect 26 | 27 | 28 | .EXAMPLE 29 | 30 | #> 31 | 32 | $output = "" 33 | foreach ($wifi in $(Get-NetConnectionProfile -InterfaceAlias Wi-Fi*)) { 34 | $output += "$($wifi.Name) with index $($wifi.InterfaceIndex)." 35 | 36 | switch ($wifi.Name) { 37 | "wifi1" { 38 | #if network is not identified as DomainAuthenticated set as private 39 | switch ((Get-NetConnectionProfile -InterfaceIndex $wifi.InterfaceIndex).NetworkCategory) { 40 | "DomainAuthenticated" { 41 | $output += "$($wifi.Name) identified as DomainAuthenticated - Do nothing." 42 | } 43 | "Public" { 44 | $output += "$($wifi.Name) identified as Public, set as Private." 45 | Set-NetConnectionProfile -InterfaceIndex $wifi.InterfaceIndex -NetworkCategory Private 46 | } 47 | Default {} 48 | } 49 | } 50 | "wifiguest" { 51 | #if network is not identified something else than Public set as Public 52 | switch ((Get-NetConnectionProfile -InterfaceIndex $wifi.InterfaceIndex).NetworkCategory) { 53 | "Public" { 54 | $output += "$($wifi.Name) identified as Public, do nothing." 55 | } 56 | Default { 57 | $output += "$($wifi.Name) identified as NON-Public, set as Public." 58 | Set-NetConnectionProfile -InterfaceIndex $wifi.InterfaceIndex -NetworkCategory Public 59 | } 60 | } 61 | } 62 | Default {} 63 | } 64 | 65 | } 66 | 67 | #Set network to manual connect rather than automatic 68 | $ssid = "wifiguest" 69 | $ret = netsh wlan show profiles name="$($ssid)" | select-string "Connection mode" 70 | if ($null -ne $ret) { 71 | if ($ret -match "Connect manually") { 72 | $output += "$($ssid) is already set to Manual." 73 | } else { 74 | $output += "$($ssid) is set to automatic." 75 | 76 | #alternative way 77 | #$retProcess = Start-Process -FilePath "netsh.exe" -ArgumentList "wlan set profileparameter name=`"$($ssid)`" ConnectionMode=manual" -PassThru -Wait -WindowStyle Hidden 78 | #$output += "Setting netsh wlan set profileparameter name=$($ssid) ConnectionMode=manual exit with code: $($retProcess.ExitCode)" 79 | 80 | #Set SSID to connect manual not auto 81 | $retAction = netsh wlan set profileparameter name=`"$($ssid)`" ConnectionMode=manual 82 | if ($null -ne $retAction) { 83 | $output += "Setting netsh wlan set profileparameter name=$($ssid) ConnectionMode=manual exit with code: $($retAction.ExitCode)`n$($retAction)." 84 | } 85 | 86 | $retPostAction = netsh wlan show profiles name="$($ssid)" | select-string "Connection mode" 87 | $output += "Now ConnectionMode is set to $($retPostAction)." 88 | } 89 | } else { 90 | $output += "No WiFi profiles found with name $($ssid)." 91 | } 92 | 93 | Write-Output $output -------------------------------------------------------------------------------- /Intune/Network/Detect-WirelessNetworkConnections.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Alvbring 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .TAGS Windows Intune PowerShell Network Wireless NetworkCategory 12 | 13 | .RELEASENOTES 14 | Version 1.0: Original 15 | 16 | #> 17 | 18 | <# 19 | .SYNOPSIS 20 | Detection script if network settings is correct 21 | 22 | .DESCRIPTION 23 | This script will check for 24 | WIFI1 - Will set this network as Private if not already identified as DomainAuthenticated already 25 | WIFIGuest - Will set this network as Public and manual connect 26 | 27 | 28 | .EXAMPLE 29 | 30 | #> 31 | 32 | $output = "" 33 | foreach ($wifi in $(Get-NetConnectionProfile -InterfaceAlias Wi-Fi*)) { 34 | $output += "Found WiFi: $($wifi.Name) with index $($wifi.InterfaceIndex)." 35 | 36 | switch ($wifi.Name) { 37 | "wifi1" { 38 | #if network is not identified as DomainAuthenticated set as private 39 | switch ((Get-NetConnectionProfile -InterfaceIndex $wifi.InterfaceIndex).NetworkCategory) { 40 | "Public" { 41 | $output += "$($wifi.Name) is identified as public: $($wifi.NetworkCategory) - Need fixing." 42 | Write-Output $output 43 | exit 1 44 | } 45 | Default {} 46 | } 47 | } 48 | "wifiguest" { 49 | #if network is not identified something else than Public set as Public 50 | switch ((Get-NetConnectionProfile -InterfaceIndex $wifi.InterfaceIndex).NetworkCategory) { 51 | "Public" { 52 | } 53 | Default { 54 | $output += "$($wifi.Name) is identified as NON-public: $($wifi.NetworkCategory) - Need fixing." 55 | Write-Output $output 56 | exit 1 57 | } 58 | } 59 | } 60 | Default {} 61 | } 62 | 63 | } 64 | 65 | $ssid = "wifiguest" 66 | $ret = netsh wlan show profiles name="$($ssid)" | select-string "Connection mode" 67 | if ($null -ne $ret) { 68 | if ($ret -match "Connect manually") { 69 | #Write-Host "$($ssid) is already set to Manual" 70 | } else { 71 | $output += "$($ssid) is set to automatic." 72 | Write-Output $output 73 | exit 1 74 | } 75 | } else { 76 | $output += "No WiFi profiles found with name $($ssid)." 77 | } 78 | 79 | #Successfull exit 80 | Write-Output $output 81 | exit 0 82 | -------------------------------------------------------------------------------- /Intune/Office/Uninstall-Office365Home.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | #When deploying Office 365 ProPlus to a Windows 10 signature edition there is a Home Premium version installed 4 | #and therefore Office 365 PP cannot be installed. 5 | #This script will execute the uninstall command for all Office 365 HomePremRetail version and languages installed on the computer 6 | #This script requires 64-bit on 64-bit OS 7 | #.EXAMPLE 8 | #To configure the script define the variables 9 | #Only change other settings if you know what you are doing 10 | #.NOTES 11 | #Upload the script to Microsoft Intune, run in system context and apply to all users 12 | # 13 | #Version 14 | # 1.0 First release 15 | # 16 | ############################## 17 | 18 | ############################## 19 | #Author 20 | #@MattiasFors 21 | #https://deploywindows.com 22 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 23 | ############################## 24 | 25 | 26 | #region User defined variables 27 | $UninstallRegistryFilter = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\O365HomePremRetail*" 28 | $LogFile = "UninstallOffice365Home.log" 29 | $ScriptFolder = "DeployWindows" 30 | $ScriptFolderFullPath = "$($Env:ProgramData)\$($ScriptFolder)" 31 | #endregion 32 | 33 | #region Restart into 64-bit 34 | $Is64Bit = [System.Environment]::Is64BitProcess; 35 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 36 | 37 | if (($Is64OS) -and (-not $Is64Bit)) { 38 | # Running AMD64 but no AMD64 Process, Restart script 39 | Write-Host "Running AMD64 OS and x86 environment, restart script" 40 | $Invocation = $PSCommandPath 41 | if ($Invocation -eq $null) { return } 42 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 43 | $Ret = Start-Process "$SysNativePath\powershell.exe" -ArgumentList "-ex ByPass -file `"$Invocation`" " -WindowStyle normal -PassThru -Wait 44 | return $Ret.ExitCode; 45 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 46 | #Running x86 and no AMD64 Process, Do not bother restarting 47 | Write-Host "Running x86 OS and x86 environment, continue" 48 | } 49 | #endregion 50 | 51 | function ShowToast { 52 | param( 53 | [parameter(Mandatory=$true,Position=2)] 54 | [string] $ToastTitle, 55 | [parameter(Mandatory=$true,Position=3)] 56 | [string] $ToastText, 57 | [parameter(Position=1)] 58 | [string] $Image = $null, 59 | [parameter()] 60 | [ValidateSet('long','short')] 61 | [string] $ToastDuration = "long" 62 | ) 63 | 64 | # Toast overview: https://msdn.microsoft.com/en-us/library/windows/apps/hh779727.aspx 65 | # Toasts templates: https://msdn.microsoft.com/en-us/library/windows/apps/hh761494.aspx 66 | [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null 67 | 68 | # Define Toast template, w/wo image 69 | $ToastTemplate = [Windows.UI.Notifications.ToastTemplateType]::ToastImageAndText02 70 | if ($Image.Length -le 0) { 71 | $ToastTemplate = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 72 | } 73 | 74 | #region Download or define a local image file://c:/image.png 75 | # Toast images must have dimensions =< 1024x1024 size =< 200 KB 76 | if ($Image -match "http*") { 77 | [System.Reflection.Assembly]::LoadWithPartialName("System.web") | Out-Null 78 | $Image = [System.Web.HttpUtility]::UrlEncode($Image) 79 | $imglocal = "$($env:TEMP)\ToastImage.png" 80 | Start-BitsTransfer -Destination $imglocal -Source $([System.Web.HttpUtility]::UrlDecode($Image)) -ErrorAction Continue 81 | } else { 82 | $imglocal = $Image 83 | } 84 | #endregion 85 | 86 | # Define the toast template and create variable for XML manipuration 87 | # Customize the toast title, text, image and duration 88 | $toastXml = [xml] $([Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent(` 89 | $ToastTemplate)).GetXml() 90 | $toastXml.GetElementsByTagName("text")[0].AppendChild($toastXml.CreateTextNode($ToastTitle)) | Out-Null 91 | $toastXml.GetElementsByTagName("text")[1].AppendChild($toastXml.CreateTextNode($ToastText)) | Out-Null 92 | if ($Image.Length -ge 1) { $toastXml.GetElementsByTagName("image")[0].SetAttribute("src", $imglocal) } 93 | $toastXml.toast.SetAttribute("duration", $ToastDuration) 94 | 95 | # Convert back to WinRT type 96 | $xml = New-Object Windows.Data.Xml.Dom.XmlDocument; $xml.LoadXml($toastXml.OuterXml); 97 | $toast = [Windows.UI.Notifications.ToastNotification]::new($xml) 98 | 99 | # Get an unique AppId from start, and enable notification in registry 100 | if ([System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value.ToString() -eq "S-1-5-18") { 101 | # Popup alternative when running as system 102 | # https://msdn.microsoft.com/en-us/library/x83z1d9f(v=vs.84).aspx 103 | $wshell = New-Object -ComObject Wscript.Shell 104 | if ($ToastDuration -eq "long") { 105 | $return = $wshell.Popup($ToastText,10,$ToastTitle,0x100) 106 | } else { 107 | $return = $wshell.Popup($ToastText,4,$ToastTitle,0x100) 108 | } 109 | } else { 110 | $AppID = ((Get-StartApps -Name 'Windows Powershell') | Select -First 1).AppId 111 | New-Item "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID" -Force | Out-Null 112 | Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID" ` 113 | -Name "ShowInActionCenter" -Type Dword -Value "1" -Force | Out-Null 114 | # Create and show the toast, dont forget AppId 115 | [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppID).Show($Toast) 116 | } 117 | } 118 | 119 | 120 | #region Require running in 64-bit environment 121 | 122 | Start-Transcript "$($ScriptFolderFullPath)\$($LogFile)" 123 | 124 | $Programs = @(Get-Item -Path $UninstallRegistryFilter) 125 | Write-Host "Found $($Programs.Count) Programs from $($Programs[0].PSPath) with the filter $($UninstallRegistryFilter)" 126 | ShowToast -ToastTitle "Uninstalling applications" ` 127 | -ToastText "Found $($Programs.Count) Programs with filter $($UninstallRegistryFilter)" -ToastDuration short; 128 | 129 | foreach ($Program in $Programs) { 130 | $UninstallString = $empty 131 | $UninstallString = $(Get-ItemPropertyValue -Path $Program.PSPath -Name "UninstallString" -ErrorAction SilentlyContinue) 132 | if ($UninstallString -eq $empty) { 133 | Write-Host "Missing uninstall command" 134 | } else { 135 | $cmd = $UninstallString.Substring(0,$UninstallString.IndexOf(".exe") + 5).Trim() 136 | $args = $UninstallString.Substring($UninstallString.IndexOf(".exe") + 5).TrimStart() 137 | Write-Host "Execute command: $($cmd)" 138 | Write-Host "Parameters $($args)" 139 | 140 | $ps = new-object System.Diagnostics.Process 141 | $ps.StartInfo.Filename = $cmd 142 | $ps.StartInfo.Arguments = $args 143 | $ps.StartInfo.RedirectStandardOutput = $True 144 | $ps.StartInfo.UseShellExecute = $false 145 | $ps.start() 146 | $ps.WaitForExit() 147 | } 148 | } 149 | Stop-Transcript 150 | 151 | #endregion 152 | -------------------------------------------------------------------------------- /Intune/OneDrive/OneDrive legacy synchronization/Set-OneDriverLegacySyncDomainGuid.ps1: -------------------------------------------------------------------------------- 1 | # This script will set a registry key to allow OneDrive to synchronize to legacy domain settings 2 | 3 | # Get domain GUID with the following PS command 4 | # Get-ADDomain -Current LocalComputer 5 | $script:DomainGUID = "aaaaaaaa-2222-1111-0000-aaaaaaaa" 6 | $script:RegistryPath = "HKLM:\Software\Policies\Microsoft\OneDrive" 7 | 8 | if (Test-Path -Path $script:RegistryPath) { 9 | Write-Host "$($RegistryPath) exists, set the domain Guid.." 10 | } else { 11 | Write-Host "$($RegistryPath) does not exist, create the path and set the Guid.." 12 | New-Item -ItemType directory -Path $script:RegistryPath -Force 13 | } 14 | 15 | Set-ItemProperty -Path $script:RegistryPath -Name "AADJMachineDomainGuid" -Value $DomainGUID -Force 16 | 17 | -------------------------------------------------------------------------------- /Intune/OneDrive/Update-OneDrive/Readme.txt: -------------------------------------------------------------------------------- 1 | Add the resulting Win32 app (.intunewin) to Intune. The installation command line should be: 2 | 3 | powershell.exe -noprofile -executionpolicy bypass -file .\Update-OneDrive.ps1 4 | 5 | 6 | Description 7 | Updates and installes OneDrive per-machine 8 | Log: Windows\Temp\OneDrive.log 9 | Detection fil: %ProgramData%\Microsoft OneDrive\setup\Update-OneDrive.ps1.tag 10 | 11 | 12 | The uninstall command line should be (there is no uninstallation, potentially you could delete the tag file) 13 | 14 | cmd.exe /c 15 | 16 | 17 | The detection rule should look for the existence of this file: 18 | 19 | File or folder exists 20 | %ProgramData%\Microsoft OneDrive\setup\Update-OneDrive.ps1.tag 21 | -------------------------------------------------------------------------------- /Intune/OneDrive/Update-OneDrive/Update-OneDrive.intunewin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeployWindowsCom/DeployWindows-Scripts/f09bc35ff971680e9f1203bfd0f09299faf7f424/Intune/OneDrive/Update-OneDrive/Update-OneDrive.intunewin -------------------------------------------------------------------------------- /Intune/OneDrive/Update-OneDrive/Update-OneDrive.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.1 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows Intune OneDrive Automation Silent 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | Version 1.1: Updated for to install OneDrive for all users 30 | Version 1.2: Totally rewritten to only download and install per-machine 31 | 32 | #> 33 | 34 | <# 35 | .SYNOPSIS 36 | Download lastest and set installation to per-machine OneDrive 37 | 38 | .DESCRIPTION 39 | Download lastest and set installation to per-machine OneDrive 40 | Recommendation is to update if running version c 41 | 42 | .EXAMPLE 43 | .\Update-OneDrive.ps1 44 | 45 | #> 46 | 47 | #if the installed version is less than this version, it will initialize an upgrade 48 | # Release info https://support.office.com/en-us/article/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0 49 | $OneDriveDownloadURI = "https://go.microsoft.com/fwlink/?linkid=844652" 50 | 51 | #region Restart into 64-bit 52 | $Is64Bit = [System.Environment]::Is64BitProcess; 53 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 54 | 55 | if (($Is64OS) -and (-not $Is64Bit)) { 56 | # Running AMD64 but no AMD64 Process, Restart script 57 | & "$($env:WINDIR)\SysNative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -NoProfile -File "$PSCommandPath" 58 | Exit $LASTEXITCODE 59 | } 60 | #endregion 61 | 62 | #region Main 63 | Start-Transcript -Path (Join-Path $env:TEMP "OneDrive.log") -Append -Force 64 | 65 | #Start download 66 | Write-Host "Starting download latest OneDrive client" 67 | Invoke-WebRequest -Uri $OneDriveDownloadURI -OutFile (Join-Path "$($env:TEMP)" "OneDriveSetup.exe") 68 | 69 | Write-Host "Initialize OneDriveSetup with allusers argument..." 70 | $OneDriveSetup = (Join-Path "$($env:TEMP)" "OneDriveSetup.exe") 71 | 72 | Write-Host "Now time to install OneDrive in program folder $($OneDriveSetup) /allusers" 73 | $proc = Start-Process -FilePath $OneDriveSetup -ArgumentList "/allusers" -WindowStyle Hidden -PassThru 74 | $proc.WaitForExit() 75 | Write-Host "OneDriveSetup exit code: $($proc.ExitCode)" 76 | 77 | # Create a file just so Intune knows this was installed 78 | if (-not (Test-Path "$($env:ProgramData)\Microsoft OneDrive\setup")) 79 | { 80 | Mkdir "$($env:ProgramData)\Microsoft OneDrive\setup" 81 | } 82 | Set-Content -Path "$($env:ProgramData)\Microsoft OneDrive\setup\Update-OneDrive.ps1.tag" -Value "Installed" 83 | 84 | 85 | Stop-Transcript 86 | #endregion -------------------------------------------------------------------------------- /Intune/StartLayout/Configure-StartLayoutCustomization DEPRECATED.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | #When using Windows 10 and Microsoft Intune a partial locked Start Layout will all default icons to show 4 | #This script will run once on each computer directly after enrollment and remove the last used profile 5 | #and the Start Layout will be nice and clean 6 | #.EXAMPLE 7 | #Upload the script to Microsoft Intune, run in system context and apply to all users 8 | #.NOTES 9 | #This script will remove the last used profile on the computer with a scheduled task, and notify the user when the script has run 10 | #To configure the script define the variables 11 | #Only change other settings if you know what you are doing 12 | # 13 | #Version 14 | # 1.0 First release 15 | # 16 | ############################## 17 | 18 | ############################## 19 | #Author 20 | #@MattiasFors 21 | #https://deploywindows.com 22 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 23 | ############################## 24 | 25 | 26 | #region User defined variables 27 | $ScriptFolder = "DeployWindows" 28 | $ScheduledScriptName = "ConfigureStartLayoutCustomization.ps1" 29 | $ScheduledTaskName = "ConfigureStartLayoutCustomization" 30 | $ScriptFolderFullPath = "$($Env:ProgramData)\$($ScriptFolder)" 31 | $ScriptRegistryPath = "HKLM:\SOFTWARE\$($ScriptFolder)" 32 | $ScriptRegistryResultName = "$($ScheduledTaskName)Result" 33 | $ForceRestart = $true 34 | $ForceRestartTimeout = 10 35 | $ResetIntuneManagementExtensionPolicies = $false 36 | #endregion 37 | 38 | function ShowToast { 39 | param( 40 | [parameter(Mandatory=$true,Position=2)] 41 | [string] $ToastTitle, 42 | [parameter(Mandatory=$true,Position=3)] 43 | [string] $ToastText, 44 | [parameter(Position=1)] 45 | [string] $Image = $null, 46 | [parameter()] 47 | [ValidateSet('long','short')] 48 | [string] $ToastDuration = "long" 49 | ) 50 | 51 | # Toast overview: https://msdn.microsoft.com/en-us/library/windows/apps/hh779727.aspx 52 | # Toasts templates: https://msdn.microsoft.com/en-us/library/windows/apps/hh761494.aspx 53 | [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null 54 | 55 | # Define Toast template, w/wo image 56 | $ToastTemplate = [Windows.UI.Notifications.ToastTemplateType]::ToastImageAndText02 57 | if ($Image.Length -le 0) { 58 | $ToastTemplate = [Windows.UI.Notifications.ToastTemplateType]::ToastText02 59 | } 60 | 61 | #region Download or define a local image file://c:/image.png 62 | # Toast images must have dimensions =< 1024x1024 size =< 200 KB 63 | if ($Image -match "http*") { 64 | [System.Reflection.Assembly]::LoadWithPartialName("System.web") | Out-Null 65 | $Image = [System.Web.HttpUtility]::UrlEncode($Image) 66 | $imglocal = "$($env:TEMP)\ToastImage.png" 67 | Start-BitsTransfer -Destination $imglocal -Source $([System.Web.HttpUtility]::UrlDecode($Image)) -ErrorAction Continue 68 | } else { 69 | $imglocal = $Image 70 | } 71 | #endregion 72 | 73 | # Define the toast template and create variable for XML manipuration 74 | # Customize the toast title, text, image and duration 75 | $toastXml = [xml] $([Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent(` 76 | $ToastTemplate)).GetXml() 77 | $toastXml.GetElementsByTagName("text")[0].AppendChild($toastXml.CreateTextNode($ToastTitle)) | Out-Null 78 | $toastXml.GetElementsByTagName("text")[1].AppendChild($toastXml.CreateTextNode($ToastText)) | Out-Null 79 | if ($Image.Length -ge 1) { $toastXml.GetElementsByTagName("image")[0].SetAttribute("src", $imglocal) } 80 | $toastXml.toast.SetAttribute("duration", $ToastDuration) 81 | 82 | # Convert back to WinRT type 83 | $xml = New-Object Windows.Data.Xml.Dom.XmlDocument; $xml.LoadXml($toastXml.OuterXml); 84 | $toast = [Windows.UI.Notifications.ToastNotification]::new($xml) 85 | 86 | # Get an unique AppId from start, and enable notification in registry 87 | if ([System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value.ToString() -eq "S-1-5-18") { 88 | # Popup alternative when running as system 89 | # https://msdn.microsoft.com/en-us/library/x83z1d9f(v=vs.84).aspx 90 | $wshell = New-Object -ComObject Wscript.Shell 91 | if ($ToastDuration -eq "long") { 92 | $return = $wshell.Popup($ToastText,10,$ToastTitle,0x100) 93 | } else { 94 | $return = $wshell.Popup($ToastText,4,$ToastTitle,0x100) 95 | } 96 | } else { 97 | $AppID = ((Get-StartApps -Name 'Windows Powershell') | Select -First 1).AppId 98 | New-Item "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID" -Force | Out-Null 99 | Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\$AppID" ` 100 | -Name "ShowInActionCenter" -Type Dword -Value "1" -Force | Out-Null 101 | # Create and show the toast, dont forget AppId 102 | [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppID).Show($Toast) 103 | } 104 | } 105 | 106 | $ScheduledScript = 'Start-Transcript -Path "' + $ScriptFolderFullPath + '\' + $ScheduledScriptName + '.log" -Append 107 | #Remove the last used profile 108 | $Error.Clear() 109 | $UserProfile = Get-WmiObject -Class Win32_UserProfile -ComputerName Localhost -Filter "LocalPath like ''c:\\Users%''" | Sort LastUseTime -Descending | select -First 1 110 | $UserProfile.Delete() 111 | if ($Error.Count -eq 0) { Unregister-ScheduledTask -TaskName "' + $ScheduledTaskName + '" -Confirm:$false -ErrorAction Continue } 112 | Stop-Transcript' 113 | 114 | $ScheduledTask = [xml](' 115 | 116 | 117 | 2018-01-08T08:00:00.0000000 118 | Administrator 119 | Last Used Profile Remover for Microsoft Intune. This is used to clean user start layout 120 | \Create Start 121 | 122 | 123 | 124 | true 125 | 126 | 127 | true 128 | ConsoleDisconnect 129 | 130 | 131 | 132 | 133 | S-1-5-18 134 | HighestAvailable 135 | 136 | 137 | 138 | IgnoreNew 139 | true 140 | true 141 | true 142 | false 143 | false 144 | 145 | true 146 | false 147 | 148 | true 149 | true 150 | false 151 | false 152 | false 153 | true 154 | false 155 | PT72H 156 | 7 157 | 158 | 159 | 160 | powershell.exe 161 | -ExecutionPolicy ByPass "' + $ScriptFolderFullPath + '\' + $ScheduledScriptName + '" 162 | 163 | 164 | ') 165 | 166 | $ScriptAlreadyExecuted = Get-ItemProperty -Path $ScriptRegistryPath -Name $ScriptRegistryResultName -ErrorAction SilentlyContinue 167 | if ($ScriptAlreadyExecuted -eq $empty) { 168 | # Script has never run, continue 169 | } else { 170 | Write-Output "Stopping script: The script has already run" 171 | break 0 172 | } 173 | 174 | New-Item -ItemType Directory -Path $ScriptFolderFullPath -Force -ErrorAction SilentlyContinue | Out-Null 175 | $ScheduledScript | Out-File -FilePath "$($ScriptFolderFullPath)\$($ScheduledScriptName)" -Force 176 | Register-ScheduledTask -Xml $ScheduledTask.OuterXml -TaskName $ScheduledTaskName 177 | 178 | # Create a registy value to ensure not rerun by mistake 179 | New-Item -ItemType Directory -Path $ScriptRegistryPath -Force -ErrorAction SilentlyContinue | Out-Null 180 | New-ItemProperty -Path $ScriptRegistryPath -Name $ScriptRegistryResultName -Value 1 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null 181 | 182 | if ($ResetIntuneManagementExtensionPolicies) { 183 | #This will make sure all Intune Management Extension Policies that already have run, will rerun after user logon 184 | $IMEPolicyRegistryPath = "HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\Policies" 185 | Remove-Item -Path $IMEPolicyRegistryPath -Recurse -Force -ErrorAction SilentlyContinue | Out-Null 186 | New-Item -ItemType Directory -Path $IMEPolicyRegistryPath -Force -ErrorAction SilentlyContinue | Out-Null 187 | } 188 | 189 | if ($ForceRestart) { 190 | ShowToast -ToastTitle "$($ScheduledTaskName) installed" -ToastText "Computer will restart within: $($ForceRestartTimeout)" -ToastDuration long 191 | Start-Sleep -Seconds $ForceRestartTimeout 192 | Restart-Computer -Force 193 | } else { 194 | ShowToast -ToastTitle "$($ScheduledTaskName) installed" -ToastText "Please restart computer as soon as possible!" -ToastDuration long 195 | } 196 | 197 | #Always return true 198 | 0 -------------------------------------------------------------------------------- /Intune/User/Add-InteractiveToAdmins.ps1: -------------------------------------------------------------------------------- 1 | # Translate the S-1-5-32-544 (.\Administrators) SID to a group name, the name varies depending on the language version of Windows. 2 | $sid2 = 'S-1-5-32-544' 3 | $objSID2 = New-Object System.Security.Principal.SecurityIdentifier($sid2) 4 | $localadminsgroup = (( $objSID2.Translate([System.Security.Principal.NTAccount]) ).Value).Split("\")[1] 5 | 6 | # Translate the S-1-5-4 (NT AUTHORITY\Interactive) SID to an account name, the name varies depending on the language version of Windows. 7 | $sid1 = 'S-1-5-4' 8 | $auth = New-Object System.Security.Principal.SecurityIdentifier($sid1) 9 | $interactive = $auth.Translate([System.Security.Principal.NTAccount]) 10 | 11 | 12 | # Add the security principal name to the local administrators group. (used old style of adding group members due to compatibility reasons) 13 | 14 | try { 15 | Write-Host "Adding security principal: $interactive to the $localadminsgroup group..." 16 | 17 | net localgroup $localadminsgroup $interactive /add 18 | } 19 | Catch { 20 | write-host $_.Exception.Message 21 | } -------------------------------------------------------------------------------- /Intune/User/Add-UsersToLocalAdmin.ps1: -------------------------------------------------------------------------------- 1 | # Translate the S-1-5-32-544 (.\Administrators) SID to a group name, the name varies depending on the language version of Windows. 2 | $sid2 = 'S-1-5-32-544' 3 | $objSID2 = New-Object System.Security.Principal.SecurityIdentifier($sid2) 4 | $localadminsgroup = (( $objSID2.Translate([System.Security.Principal.NTAccount]) ).Value).Split("\")[1] 5 | 6 | # Add the users that should be in the group 7 | $accounts = @("AzureAD\account1@domain.com","AzureAD\account2@domain.com") 8 | 9 | # Add the security principal name to the local administrators group. (used old style of adding group members due to compatibility reasons) 10 | 11 | try { 12 | foreach ($account in $accounts) { 13 | Write-Host "Adding security principal: $($account) to the $($localadminsgroup) group..." 14 | 15 | net localgroup $localadminsgroup $account /add 16 | } 17 | } 18 | Catch { 19 | write-host $_.Exception.Message 20 | } -------------------------------------------------------------------------------- /Intune/User/Get-UserInfo.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows Intune SID username UPN 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | 30 | #> 31 | 32 | <# 33 | .SYNOPSIS 34 | Get SID, Username or UPN from local registry/WMI 35 | 36 | .DESCRIPTION 37 | This will try to figure out the username, sid and UPN of a logon user 38 | 39 | Note! This will not work if you are running terminal sessions or enhanced mode in Hyper-V 40 | 41 | .EXAMPLE 42 | .\Get-UserInfo.ps1 43 | 44 | #> 45 | 46 | 47 | 48 | $username = Gwmi -Class Win32_ComputerSystem | select username 49 | $objuser = New-Object System.Security.Principal.NTAccount($username.username) 50 | $sid = $objuser.Translate([System.Security.Principal.SecurityIdentifier]) 51 | $upn = Get-ItemPropertyValue -path HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\$($sid.value)\IdentityCache\$($sid.value) -Name "UserName" 52 | 53 | Write-Host "User information: " 54 | Write-Host $username.username 55 | if ($username.username.IndexOf("\") -gt 0) { Write-Host $username.username.Split("\")[0] } 56 | if ($username.username.IndexOf("\") -gt 0) { Write-Host $username.username.Split("\")[1] } 57 | Write-Host $sid.Value 58 | Write-Host $upn 59 | 60 | 61 | -------------------------------------------------------------------------------- /Intune/User/Remove-AllFromLocalAdmin.ps1: -------------------------------------------------------------------------------- 1 | $excludeUsers = @( 2 | "Administratör", 3 | "username1") 4 | 5 | # Translate the S-1-5-32-544 (.\Administrators) SID to a group name, the name varies depending on the language version of Windows. 6 | $sid = 'S-1-5-32-544' 7 | $objSID = New-Object System.Security.Principal.SecurityIdentifier($sid) 8 | $localadminsgroup = (( $objSID.Translate([System.Security.Principal.NTAccount]) ).Value).Split("\")[1] 9 | 10 | $group = [ADSI]("WinNT://$($env:COMPUTERNAME)/$($localadminsgroup),group") 11 | foreach ($user in $group.Members() ) 12 | { 13 | $adsPath = $user.GetType().InvokeMember('Adspath', 'GetProperty', $null, $user, $null) 14 | $username = $adsPath.Split('/', [System.StringSplitOptions]::RemoveEmptyEntries)[-1] 15 | $domain = $adsPath.Split('/', [System.StringSplitOptions]::RemoveEmptyEntries)[-2] 16 | 17 | if ($excludeUsers -contains $username) 18 | { 19 | Write-Host "Do not remove $($username)" 20 | } 21 | elseif ($domain -ne "WinNT:") 22 | { 23 | Write-Host "Remove the user $($username)" 24 | try 25 | { 26 | $group.Remove("WinNT://$($env:COMPUTERNAME)/$($domain)/$($username)") 27 | } 28 | catch 29 | { 30 | Write-Host "Trying to remove user $($username) $($_.Exception.Message)" -BackgroundColor Red 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /Intune/User/Remove-InteractiveFromAdmin.ps1: -------------------------------------------------------------------------------- 1 | # Translate the S-1-5-32-544 (.\Administrators) SID to a group name, the name varies depending on the language version of Windows. 2 | $sid2 = 'S-1-5-32-544' 3 | $objSID2 = New-Object System.Security.Principal.SecurityIdentifier($sid2) 4 | $localadminsgroup = (( $objSID2.Translate([System.Security.Principal.NTAccount]) ).Value).Split("\")[1] 5 | 6 | # Translate the S-1-5-4 (NT AUTHORITY\Interactive) SID to an account name, the name varies depending on the language version of Windows. 7 | $sid1 = 'S-1-5-4' 8 | $auth = New-Object System.Security.Principal.SecurityIdentifier($sid1) 9 | $interactive = $auth.Translate([System.Security.Principal.NTAccount]) 10 | 11 | 12 | # Add the security principal name to the local administrators group. (used old style of adding group members due to compatibility reasons) 13 | 14 | try { 15 | Write-Host "Adding security principal: $interactive to the $localadminsgroup group..." 16 | 17 | net localgroup $localadminsgroup $interactive /delete 18 | } 19 | Catch { 20 | write-host $_.Exception.Message 21 | } -------------------------------------------------------------------------------- /Intune/Windows/Add-DriveMap - LETTER SHARE-NAME.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows Intune Map DriveLetter Automation PowerShell 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | 30 | #> 31 | 32 | <# 33 | .SYNOPSIS 34 | Automatically maps drives 35 | 36 | .DESCRIPTION 37 | This script will map drives and create network share in NetHood. 38 | The Script will rerun until it is successfull and mapped the drive letter AND created the network share 39 | The script will log information in Event log in the source EventSystem, with ID 10, 11, 12 40 | 41 | .EXAMPLE 42 | 43 | #> 44 | $UNC = "\\filserver.deploywindows.com\user$\$($env:USERNAME)" 45 | $Letter = "U" 46 | #$UNC = "\\localhost\admin$" 47 | 48 | $ShortcutName = $UNC.Split("\")[$UNC.Split("\").Count -1].Replace("$","") 49 | 50 | 51 | $WshShell = New-Object -comObject WScript.Shell 52 | $UserNetHood = $WshShell.SpecialFolders("NetHood") 53 | 54 | $Script:RetErr = $false 55 | 56 | 57 | function CreateShortcut ($ShortcutLocation, $TargetPath, $TargetArgs) 58 | { 59 | Write-Host "Creating shortcut: $($ShortcutLocation), TargetPath: $($TargetPath), TargetArgs: $($TargetArgs)" 60 | 61 | try { 62 | $WshShell = New-Object -comObject WScript.Shell 63 | $Shortcut = $WshShell.CreateShortcut($ShortcutLocation) 64 | $Shortcut.TargetPath = $TargetPath 65 | $Shortcut.Arguments = $TargetArgs 66 | $Shortcut.Save() 67 | } 68 | catch [System.Exception] { 69 | $ErrorDesc = "Shortcut error: $($ShortcutLocation) ($($_.Exception.Message))" 70 | Write-Host $ErrorDescr 71 | Write-EventLog -LogName "Application" -Source "EventSystem" -EventId 11 -Message $ErrorDescr -EntryType Error 72 | 73 | $Script:RetErr = $True 74 | } 75 | } 76 | 77 | function CreateDriveMap ($DriveLetter, $UNCPath) 78 | { 79 | Write-Host "Creating drive map: $($DriveLetter), UNCPath: $($UNCPath)" 80 | 81 | try { 82 | New-PSDrive -Name $DriveLetter -PSProvider "FileSystem" -Root $UNCPath -Persist -Scope Global -ErrorAction Stop 83 | # Old style mapping 84 | # $WshNet = New-Object -comObject WScript.Network 85 | # $WshNet.RemoveNetworkDrive($DriveLetter) 86 | # $WshNet.MapNetworkDrive($DriveLetter, $UNCPath) 87 | } 88 | catch [System.Exception] { 89 | $ErrorDescr = "Drive map error: $($UNCPath) ($($_.Exception.Message)" 90 | Write-Host $ErrorDescr 91 | Write-EventLog -LogName "Application" -Source "EventSystem" -EventId 12 -Message $ErrorDescr -EntryType Error 92 | 93 | $Script:RetErr = $True 94 | } 95 | if (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue) { 96 | Write-Host "Drive exists" 97 | } 98 | else { 99 | Write-Host "Drive does not exist" 100 | $Script:RetErr = $true 101 | } 102 | } 103 | 104 | CreateDriveMap $Letter $UNC 105 | CreateShortcut "$($UserNetHood)\$($ShortcutName).lnk" $UNC "" 106 | 107 | 108 | if ($Script:RetErr -eq $true) { 109 | $ErrorDescr = "This is a Microsoft Intune Script.`nMapping did not work. $($Letter) = $($UNC)" 110 | Write-Host $ErrorDescr 111 | Write-EventLog -LogName "Application" -Source "EventSystem" -EventId 10 -Message $ErrorDescr -EntryType Error 112 | 113 | Exit 10 114 | } 115 | -------------------------------------------------------------------------------- /Intune/Windows/Add-Printer-PRINTERNAME.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows Intune Printer Automation PowerShell 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | 30 | #> 31 | 32 | <# 33 | .SYNOPSIS 34 | Automatically install shared printer from a Windows print server 35 | 36 | .DESCRIPTION 37 | This script will add a shared printer 38 | 39 | 40 | .EXAMPLE 41 | 42 | #> 43 | 44 | 45 | $Printer = "\\printserver.deploywindows.com\PRINTER-SHARED-NAME" 46 | 47 | try { 48 | Add-Printer -ConnectionName $Printer 49 | Write-Host "Printer added: $($Printer)" 50 | } 51 | Catch [System.Exception] { 52 | Write-Host "Error adding printer $($Printer) with error $($_.Exception.Message)" 53 | } 54 | 55 | -------------------------------------------------------------------------------- /Intune/Windows/Backup-BitlockerToAAD.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | # This will backup your BitLocker RecoveryPassword to Azure Active Directory 4 | # 5 | #.EXAMPLE 6 | # 7 | #.NOTES 8 | # 9 | #Version 10 | # 1.0 First release 11 | # 1.1 Some Logging added 12 | # 13 | ############################## 14 | #Author 15 | #@MattiasFors 16 | #https://deploywindows.com 17 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 18 | ############################## 19 | 20 | #region Restart into 64-bit 21 | $Is64Bit = [System.Environment]::Is64BitProcess; 22 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 23 | 24 | if (($Is64OS) -and (-not $Is64Bit)) { 25 | # Running AMD64 but no AMD64 Process, Restart script 26 | $Invocation = $PSCommandPath 27 | if ($null -eq $Invocation) { return } 28 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 29 | $pinfo = New-Object System.Diagnostics.ProcessStartInfo 30 | $pinfo.FileName = "$SysNativePath\powershell.exe" 31 | $pinfo.RedirectStandardError = $true 32 | $pinfo.RedirectStandardOutput = $true 33 | $pinfo.UseShellExecute = $false 34 | $pinfo.WindowStyle = "hidden" 35 | $pinfo.Arguments = "-ex ByPass -file `"$Invocation`" " 36 | $proc = New-Object System.Diagnostics.Process 37 | $proc.StartInfo = $pinfo 38 | $proc.Start() | Out-Null 39 | $proc.WaitForExit() 40 | $StdErr = $proc.StandardError.ReadToEnd() 41 | $StdOut = $proc.StandardOutput.ReadToEnd() 42 | $ExitCode = $proc.ExitCode 43 | if ($StdErr) { Write-Error -Message "$($StdErr)" } 44 | Write-Host $ExitCode 45 | Exit $ExitCode 46 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 47 | #Running x86 and no AMD64 Process, Do not bother restarting 48 | } 49 | #endregion 50 | 51 | #region Main script 52 | $ScriptName = $PSCommandPath.Split("\")[$PSCommandPath.Split("\").Count -1]; 53 | Start-Transcript -Path "$($env:TEMP)\$($ScriptName).log" -Force 54 | 55 | 56 | $ErrorActionPreference = 'Stop'; 57 | try { 58 | if (((Get-BitLockerVolume -MountPoint $env:SystemDrive).KeyProtector | Where-Object { $_.KeyProtectorType -eq "RecoveryPassword" }) -eq $null) { 59 | Write-Host "No BitLocker volume found, no backup needed" 60 | } else { 61 | BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId "$(@(((Get-BitLockerVolume -MountPoint $env:SystemDrive).KeyProtector | Where-Object { $_.KeyProtectorType -eq "RecoveryPassword" })[0]).KeyProtectorId)" 62 | } 63 | } catch { 64 | $Err = $_.Exception 65 | Write-Error -Message "`n$($Err.GetType()) `n$($Err.Message)" -Category OperationStopped 66 | 67 | } 68 | 69 | 70 | Stop-Transcript 71 | #endregion Main script -------------------------------------------------------------------------------- /Intune/Windows/Configure-TelemetryCustomization.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | # This script will enable to share Device name in Telemetry and disable notification 4 | # This script is used since Policy CSP does not work 5 | # 6 | #Version 7 | # 1.0 First release 8 | # 1.1 Added DoNotShowFeedbackNotification 9 | # 1.2 Minior logging updates 10 | # 11 | ############################## 12 | 13 | ############################## 14 | #Author 15 | #@MattiasFors 16 | #https://deploywindows.com 17 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 18 | ############################## 19 | 20 | #region Restart into 64-bit 21 | $Is64Bit = [System.Environment]::Is64BitProcess; 22 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 23 | 24 | if (($Is64OS) -and (-not $Is64Bit)) { 25 | # Running AMD64 but no AMD64 Process, Restart script 26 | $Invocation = $PSCommandPath 27 | if ($null -eq $Invocation) { return } 28 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 29 | $pinfo = New-Object System.Diagnostics.ProcessStartInfo 30 | $pinfo.FileName = "$SysNativePath\powershell.exe" 31 | $pinfo.RedirectStandardError = $true 32 | $pinfo.RedirectStandardOutput = $true 33 | $pinfo.UseShellExecute = $false 34 | $pinfo.WindowStyle = "hidden" 35 | $pinfo.Arguments = "-ex ByPass -file `"$Invocation`" " 36 | $proc = New-Object System.Diagnostics.Process 37 | $proc.StartInfo = $pinfo 38 | $proc.Start() | Out-Null 39 | $proc.WaitForExit() 40 | $StdErr = $proc.StandardError.ReadToEnd() 41 | $StdOut = $proc.StandardOutput.ReadToEnd() 42 | $ExitCode = $proc.ExitCode 43 | if ($StdErr) { Write-Error -Message "$($StdErr)" } 44 | Write-Host $ExitCode 45 | Exit $ExitCode 46 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 47 | #Running x86 and no AMD64 Process, Do not bother restarting 48 | } 49 | #endregion 50 | 51 | #region Your content goes here 52 | $ScriptName = $PSCommandPath.Split("\")[$PSCommandPath.Split("\").Count -1]; 53 | Start-Transcript -Path "$($env:TEMP)\$($ScriptName).log" -Force 54 | 55 | $TelemetryReg = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" 56 | 57 | if((Test-Path -Path $TelemetryReg) -eq $false) { 58 | New-Item -Path $TelemetryReg -ItemType Key 59 | } 60 | 61 | $ErrorActionPreference = 'Stop'; 62 | try { 63 | New-ItemProperty -Path $TelemetryReg -Name AllowDeviceNameInTelemetry -PropertyType DWord -Value 1 -Force -ErrorAction Stop 64 | New-ItemProperty -Path $TelemetryReg -Name DisableTelemetryOptInChangeNotification -PropertyType DWord -Value 1 -Force -ErrorAction Stop 65 | New-ItemProperty -Path $TelemetryReg -Name DoNotShowFeedbackNotifications -PropertyType DWord -Value 1 -Force -ErrorAction Stop 66 | } catch { 67 | $Err = $_.Exception 68 | Write-Error -Message "`n$($Err.GetType()) `n$($Err.Message)" -Category OperationStopped 69 | } 70 | 71 | Stop-Transcript 72 | #endregion -------------------------------------------------------------------------------- /Intune/Windows/Connect-UserHomeDirectory-Detection.ps1: -------------------------------------------------------------------------------- 1 | # Connects home directory with H: by creating registry settings under HKCU\Network\H 2 | # To be used as a Proative Remediation script, this is the detection script 3 | # Remember to run the script using the logged-on user 4 | 5 | 6 | $domainControllers = @("dc1.deploywindows.com", "dc2.deploywindows.com") 7 | 8 | $domainPath = "dc=ad,dc=deploywindows,dc=com" 9 | $registryPath = "HKCU:\Network\H" 10 | 11 | $errorExitCode = 100 12 | $message = "" 13 | 14 | $username = $env:USERNAME 15 | if ($null -eq $username) { 16 | $username = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split('\')[1] 17 | } 18 | 19 | foreach ($dc in $domainControllers) { 20 | $message += "Trying to connect $($dc)...." 21 | 22 | #TCP Port 636 for LDAPs and 389 for LDAP 23 | if (((Test-NetConnection -ComputerName $dc -Port 636).TcpTestSucceeded -eq $true) -or 24 | ((Test-NetConnection -ComputerName $dc -Port 389).TcpTestSucceeded -eq $true)) { 25 | #if connection to DC is successful, return ERROR to run remediation 26 | 27 | try { 28 | $message += "Connected to $($dc), searching for user, $($username), in path $($domainPath).." 29 | $domainInfo = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($dc)/$($domainPath)") 30 | $ad = New-Object System.DirectoryServices.DirectorySearcher($domainInfo) 31 | $ad.Filter = "(&(ObjectCategory=user)(samaccountname=$($username)))" 32 | $user = $ad.FindOne() 33 | 34 | if ($null -eq $user) { 35 | $message += "Found nothing, was looking for $($whoAmI).." 36 | $errorExitCode = 404 37 | 38 | } else { 39 | if ($null -eq $user.Properties.homedirectory) { 40 | if ((Get-Item -Path $registryPath -ErrorAction SilentlyContinue)) { 41 | $message += "User's home directory is empty and registry exists, exit with ERROR.." 42 | $errorExitCode = 200 43 | 44 | } else { 45 | $message += "User's home directory is empty and NO registry exist, exit with SUCCESS .." 46 | $errorExitCode = 0 47 | 48 | } 49 | } else { 50 | # home directory found 51 | if (-not (Get-Item -Path $registryPath -ErrorAction SilentlyContinue)) { 52 | # nothing in registry is found 53 | $message += "User's home directory found but registry is NOT found, exit with error.." 54 | $errorExitCode = 300 55 | 56 | } else { 57 | # registry for home directory is found 58 | if ($null -eq (Get-ItemProperty -Path $registryPath).RemotePath) { 59 | # Path to home directory is empty 60 | $message += "User's home directory found but registry remotePath is empty, exit with error.." 61 | $errorExitCode = 400 62 | 63 | } else { 64 | # Path to home directory is NOT empty 65 | if ((Get-ItemProperty -Path $registryPath).RemotePath -eq $user.Properties.homedirectory) { 66 | # Everything fine, AD and Registy is equal 67 | $message += "User's home directory found AND registry remotePath is EQUAL, exit with SUCCESS.." 68 | $errorExitCode = 0 69 | 70 | } else { 71 | # Nothing is fine, AD and Registy is NOT equal 72 | $message += "User's home directory found AND registry remotePath is found but NOT EQUAL, exit with error.." 73 | $errorExitCode = 500 74 | 75 | } 76 | } 77 | } 78 | } 79 | } 80 | 81 | } catch [Exception] { 82 | $message += "Something is wrong looking up dc/user: $($_.Exception.Message).." 83 | $ErrorExitCode = 600 84 | 85 | } 86 | 87 | } else { 88 | $message += "Cannot connect to $($dc) over TCP port 636 or 389.." 89 | 90 | if ((Get-Item -Path $registryPath -ErrorAction SilentlyContinue)) { 91 | $message += "Drive mapping exist in registry.." 92 | # Drive mapping in registry found, return OK 93 | $errorExitCode = 0 94 | 95 | } else { 96 | $message += "Drive mapping does not exist in registy, $($registryPath).." 97 | # Drive mapping in registry NOT found, return ERROR to run remediation 98 | $errorExitCode = 700 99 | 100 | } 101 | 102 | } 103 | if ($errorExitCode -eq 0) { break; } 104 | } 105 | 106 | $message += "Exit with code $($errorExitCode)" 107 | Write-Output $message 108 | Exit $errorExitCode 109 | -------------------------------------------------------------------------------- /Intune/Windows/Connect-UserHomeDirectory.ps1: -------------------------------------------------------------------------------- 1 | # Connects home directory with H: by creating registry settings under HKCU\Network\H 2 | # It featches dynamically the home diretory attribute from on-premes AD if a domain controller is accessible 3 | # To be used as a Proative Remediation script, this is the remediation script 4 | # Remember to run the script using the logged-on user 5 | 6 | $domainControllers = @("dc1.deploywindows.com", "dc2.deploywindows.com") 7 | 8 | $domainPath = "dc=ad,dc=deploywindows,dc=com" 9 | $registryPath = "HKCU:\Network\H" 10 | 11 | $homeDirectoryConnected = $false 12 | $ErrorExitCode = 100 13 | $message = "" 14 | 15 | $username = $env:USERNAME 16 | if ($null -eq $username) { 17 | $username = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split('\')[1] 18 | } 19 | 20 | foreach ($dc in $domainControllers) { 21 | $message += "Trying to connect $($dc)..`n" 22 | 23 | #TCP Port 636 for LDAPs and 389 for LDAP 24 | if (((Test-NetConnection -ComputerName $dc -Port 636).TcpTestSucceeded -eq $true) -or 25 | ((Test-NetConnection -ComputerName $dc -Port 389).TcpTestSucceeded -eq $true)) { 26 | try { 27 | $message += "Connected to DC, searching for user, $($username), in path $($domainPath)..`n" 28 | $domainInfo = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($dc)/$($domainPath)") 29 | $ad = New-Object System.DirectoryServices.DirectorySearcher($domainInfo) 30 | $ad.Filter = "(&(ObjectCategory=user)(samaccountname=$($username)))" 31 | $user = $ad.FindOne() 32 | 33 | if ($null -eq $user) { 34 | $message += "Found nothing, was looking for $($whoAmI)`n" 35 | $ErrorExitCode = 404 36 | 37 | } else { 38 | if ($null -eq $user.Properties.homedirectory) { 39 | $message += "User's home directory is empty, removing drive`n" 40 | if ((Get-Item -Path $registryPath -ErrorAction SilentlyContinue)) { 41 | Remove-Item -Path $registryPath -Force | Out-Null 42 | } 43 | } else { 44 | # Adding registry settings for drive mapping 45 | if (-not (Get-Item -Path $registryPath -ErrorAction SilentlyContinue)) { 46 | $message += "Creating registry path $($registryPath)`n" 47 | New-Item -Path $registryPath -ItemType Registry -Force | Out-Null 48 | } 49 | 50 | New-ItemProperty -Path $registryPath -Name "ConnectionType" -PropertyType DWORD -Value 1 -Force | Out-Null 51 | New-ItemProperty -Path $registryPath -Name "DeferFlags" -PropertyType DWORD -Value 4 -Force | Out-Null 52 | New-ItemProperty -Path $registryPath -Name "ProviderType" -PropertyType DWORD -Value 0x20000 -Force | Out-Null 53 | New-ItemProperty -Path $registryPath -Name "ProviderName" -PropertyType STRING -Value "Microsoft Windows Network" -Force | Out-Null 54 | New-ItemProperty -Path $registryPath -Name "UserName" -PropertyType STRING -Value "" -Force | Out-Null 55 | New-ItemProperty -Path $registryPath -Name "RemotePath" -PropertyType STRING -Value $user.Properties.homedirectory -Force | Out-Null 56 | 57 | $message += "Path added for $($user.Properties.homedirectory)`n" 58 | } 59 | $homeDirectoryConnected = $true 60 | } 61 | 62 | } catch [Exception] { 63 | 64 | $message += "Something wrong looking up user: $($_.Exception.Message)`n" 65 | $ErrorExitCode = 200 66 | 67 | } 68 | } else { 69 | $message += "Cannot connect to $($dc) over TCP port 636 or 389`n" 70 | $ErrorExitCode = 300 71 | 72 | } 73 | if ($homeDirectoryConnected) { break; } 74 | } 75 | 76 | Write-Output $message 77 | if ($homeDirectoryConnected) { 78 | #Exit with standard exit code 0 - if home directory is connected 79 | Exit 0 80 | 81 | } else { 82 | #Exit with non standard exit code - if home directory is NOT connected 83 | Exit $ErrorExitCode 84 | 85 | } 86 | -------------------------------------------------------------------------------- /Intune/Windows/Disable-WindowsManageDefaultPrinter.ps1: -------------------------------------------------------------------------------- 1 | ############################## 2 | #.SYNOPSIS 3 | # This script will disable Windows to manage the default printer 4 | # This script is used since Windows CSP missing and ADMX ingest does not work 5 | # 6 | #Version 7 | # 1.0 First release 8 | # 9 | ############################## 10 | 11 | ############################## 12 | #Author 13 | #@MattiasFors 14 | #https://deploywindows.com 15 | #https://github.com/DeployWindowsCom/DeployWindows-Scripts 16 | ############################## 17 | 18 | #region Restart into 64-bit 19 | $Is64Bit = [System.Environment]::Is64BitProcess; 20 | $Is64OS = $false; if (($env:PROCESSOR_ARCHITEW6432 -like "AMD64") -or ($env:PROCESSOR_ARCHITECTURE -like "AMD64")) { $Is64OS = $true; } 21 | 22 | if (($Is64OS) -and (-not $Is64Bit)) { 23 | # Running AMD64 but no AMD64 Process, Restart script 24 | $Invocation = $PSCommandPath 25 | if ($null -eq $Invocation) { return } 26 | $SysNativePath = $PSHOME.ToLower().Replace("syswow64", "sysnative") 27 | $pinfo = New-Object System.Diagnostics.ProcessStartInfo 28 | $pinfo.FileName = "$SysNativePath\powershell.exe" 29 | $pinfo.RedirectStandardError = $true 30 | $pinfo.RedirectStandardOutput = $true 31 | $pinfo.UseShellExecute = $false 32 | $pinfo.WindowStyle = "hidden" 33 | $pinfo.Arguments = "-ex ByPass -file `"$Invocation`" " 34 | $proc = New-Object System.Diagnostics.Process 35 | $proc.StartInfo = $pinfo 36 | $proc.Start() | Out-Null 37 | $proc.WaitForExit() 38 | $StdErr = $proc.StandardError.ReadToEnd() 39 | $StdOut = $proc.StandardOutput.ReadToEnd() 40 | $ExitCode = $proc.ExitCode 41 | if ($StdErr) { Write-Error -Message "$($StdErr)" } 42 | Write-Host $ExitCode 43 | Exit $ExitCode 44 | } elseif ((-not $Is64OS) -and (-not $Is64Bit)) { 45 | #Running x86 and no AMD64 Process, Do not bother restarting 46 | } 47 | #endregion 48 | 49 | #region Your content goes here 50 | $ScriptName = $PSCommandPath.Split("\")[$PSCommandPath.Split("\").Count -1]; 51 | Start-Transcript -Path "$($env:TEMP)\$($ScriptName).log" -Force 52 | 53 | $RegKey = "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Windows" 54 | 55 | if((Test-Path -Path $RegKey) -eq $false) { 56 | New-Item -Path $RegKey -ItemType Key 57 | } 58 | 59 | $ErrorActionPreference = 'Stop'; 60 | try { 61 | New-ItemProperty -Path $RegKey -Name LegacyDefaultPrinterMode -PropertyType DWord -Value 1 -Force -ErrorAction Stop 62 | } catch { 63 | $Err = $_.Exception 64 | Write-Error -Message "`n$($Err.GetType()) `n$($Err.Message)" -Category OperationStopped 65 | } 66 | 67 | 68 | Stop-Transcript 69 | #endregion -------------------------------------------------------------------------------- /Intune/Windows/DriveMapping - LETTER - Detect 2.ps1: -------------------------------------------------------------------------------- 1 | 2 | # Change only Drive letter here 3 | $DriveLetter = "H" 4 | $Version = "2" 5 | 6 | $schtaskName = "Intune-$($DriveLetter) DriveMapping $($Version)" 7 | 8 | try { 9 | if (Get-ScheduledTask $schtaskName -ErrorAction Stop) { 10 | Write-Host "$($schtaskName) exist" 11 | exit 0 12 | } 13 | } 14 | catch { 15 | Write-Host "$($schtaskName) do NOT exist" 16 | exit 1 17 | } 18 | 19 | -------------------------------------------------------------------------------- /Intune/Windows/DriveMapping - LETTER - Remediate 2.ps1: -------------------------------------------------------------------------------- 1 | # Change only Drive UNC and letter here 2 | $DriveUNC = "\\server.domain.local\dfs\homefolders\%USERNAME%" 3 | $DriveLetter = "H" 4 | $Version = "2" 5 | 6 | $schtaskName = "Intune-$($DriveLetter) DriveMapping $($Version)" 7 | $schtaskDescription = "Map network drives from Intune" 8 | try { 9 | $schtaskTrigger = New-ScheduledTaskTrigger -AtLogOn 10 | # Users in Local group USERS will run this task 11 | $schtaskPrincipal = New-ScheduledTaskPrincipal -GroupId "S-1-5-32-545" -Id "Author" 12 | $schtaskAction = New-ScheduledTaskAction -Execute "%comspec%" -Argument "/c start /i /min net.exe use $($DriveLetter): `"$($DriveUNC)`" /PERSISTENT:Yes" 13 | $schtaskSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries 14 | 15 | $null = Register-ScheduledTask -TaskName $schtaskName -Trigger $schtaskTrigger -Action $schtaskAction -Principal $schtaskPrincipal -Settings $schtaskSettings -Description $schtaskDescription -Force -ErrorAction Stop 16 | 17 | Start-ScheduledTask -TaskName $schtaskName 18 | exit 0 19 | } 20 | catch { 21 | Write-Host "Error while creating network mapping $($schtaskName)" 22 | exit 1 23 | } 24 | 25 | -------------------------------------------------------------------------------- /Intune/Windows/Remove Builtin Apps.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Fors 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .COPYRIGHT 12 | 13 | .TAGS Windows Intune Remove Apps Appx AppxPackages Automation PowerShell 14 | 15 | .LICENSEURI 16 | 17 | .PROJECTURI 18 | 19 | .ICONURI 20 | 21 | .EXTERNALMODULEDEPENDENCIES 22 | 23 | .REQUIREDSCRIPTS 24 | 25 | .EXTERNALSCRIPTDEPENDENCIES 26 | 27 | .RELEASENOTES 28 | Version 1.0: Original 29 | 30 | #> 31 | 32 | <# 33 | .SYNOPSIS 34 | Remove specified built-in apps from Windows 35 | 36 | .DESCRIPTION 37 | This script will try to remove the specified apps from the running Windows 10 target machine 38 | 39 | 40 | .EXAMPLE 41 | 42 | #> 43 | 44 | #Use this command to list all appx package 45 | # Get-AppxPackage -PackageTypeFilter Bundle -AllUsers | Select-Object -Property Name, PackageFullName | Sort-Object -Property Name 46 | 47 | $AppsList = @( 48 | "Microsoft.XboxApp", 49 | "Microsoft.SkypeApp", 50 | "Microsoft.MicrosoftOfficeHub", 51 | "Microsoft.Getstarted", 52 | "Microsoft.WindowsFeedbackHub", 53 | "Microsoft.GetHelp", 54 | "Microsoft.Messaging", 55 | "Microsoft.MicrosoftSolitaireCollection", 56 | "Microsoft.Office.OneNote", 57 | "Microsoft.OneConnect", 58 | "Microsoft.Wallet", 59 | "Microsoft.ZuneMusic", 60 | "Microsoft.ZuneVideo", 61 | "Microsoft.WindowsCommunicationsApps" 62 | ) 63 | 64 | ForEach ($App in $AppsList) { 65 | Write-Host "Removing $($App)" 66 | 67 | $PackageFullName = Get-AppxPackage -Name $App | Select-Object -ExpandProperty PackageFullName -First 1 68 | $ProPackageFullName = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like $App } | Select-Object -ExpandProperty PackageName -First 1 69 | Write-Host "$($PackageFullName) - $($ProPackageFullName)" 70 | 71 | # This will attempt to remove the appx package 72 | if ($PackageFullName -ne $null) { 73 | try { 74 | Write-Host "Removing Package: $($PackageFullName)" 75 | Remove-AppxPackage -Package $PackageFullName -ErrorAction Stop | Out-Null 76 | } 77 | catch [System.Exception] { 78 | Write-Host "Removing AppxPackage '$($PackageFullName)' failed: $($_.Exception.Message)" 79 | } 80 | } 81 | else { 82 | Write-Host "Unable to locate AppxPackage: $($PackageFullName)" 83 | } 84 | 85 | # This will attempt to remove the provision package 86 | if ($ProPackageFullName -ne $null) { 87 | try { 88 | Write-Host "Removing AppxProvisioningPackage: $($ProPackageFullName)" 89 | Remove-AppxProvisionedPackage -PackageName $ProPackageFullName -Online -ErrorAction Stop | Out-Null 90 | } 91 | catch [System.Exception] { 92 | Write-Host "Removing AppxProvisioningPackage '$($ProPackageFullName)' failed: $($_.Exception.Message)" 93 | } 94 | } 95 | else { 96 | Write-Host "Unable to locate AppxProvisioningPackage: $($ProPackageFullName)" 97 | } 98 | } 99 | 100 | -------------------------------------------------------------------------------- /Intune/Windows/Set-BitLockerPin-Advanced.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | 3 | .VERSION 1.0 4 | 5 | .GUID 6 | 7 | .AUTHOR Mattias Alvbring 8 | 9 | .COMPANYNAME DeployWindows.com 10 | 11 | .TAGS Windows Intune PowerShell BitLocker Pin 12 | 13 | .RELEASENOTES 14 | Version 1.0: Original 15 | 16 | #> 17 | 18 | <# 19 | .SYNOPSIS 20 | Prompts user to set a BitLocker PIN if not exists 21 | 22 | .DESCRIPTION 23 | Should be used with serviceui.exe from MDT 24 | Use with a Win32 app in Intune 25 | With detection script that checks if a pin is already set 26 | if (@($(Get-BitLockerVolume -MountPoint $env:SystemDrive).KeyProtector | Where { $_.KeyProtectorType -eq 'TpmPin' }).Count -ge 1) { 27 | Write-Output "BitLocker pin exists"; Exit 0; } else { 28 | Write-Output "BitLocker pin does not exist" Exit 1: } 29 | 30 | .EXAMPLE 31 | 32 | #> 33 | 34 | ############### START DESIGN ############### 35 | $XmlDesign = [XML] ' 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 57 | 58 | 59 | 60 | 61 | 62 | You are enforced to secure your computer with a BitLocker startup PIN 63 | 64 | 72 | 73 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 |