Le blog technique

Toutes les astuces #tech des collaborateurs de PI Services.

#openblogPI

Voir tous les articles

Retrouvez les articles à la une

Intune – Détecter l’installation et l’utilisation du New Teams

par | 24 Mai 2024 | ,

Avec l’arrivée du New Teams, les IT ont besoin d’inventorier les appareils Windows qui l’ont installé et qui l’utilisent.

Ceci est possible en utilisant un script de remédiation Intune, qui fera le check continu sur tous les appareils concernés.

Script de détection :

function Is-NewTeamsInstalled {
    return (Get-AppxPackage *MSTeams* -ErrorAction SilentlyContinue) -ne $null
}
 
# Function to check if Microsoft Teams is the default IM app
function Is-NewTeamsDefault {
    $registryPath = "HKCU:\Software\IM Providers"
    $registryKey = "DefaultIMApp"
    $defaultValue = Get-ItemProperty -Path $registryPath -Name $registryKey -ErrorAction SilentlyContinue
 
    return ($defaultValue -ne $null) -and ($defaultValue.DefaultIMApp -eq "MSTeams")
}
 
# Main script logic
$teamsInstalled = Is-NewTeamsInstalled
$teamsDefault = Is-NewTeamsDefault
 
if ($teamsInstalled -and $teamsDefault) {
    Write-Host "New Teams installed and is set Default!";Exit 0
} 
elseif ($teamsInstalled -or $teamsDefault) {
    Write-Host "New Teams installed but not set Default."
    Exit 1
}
else {
    Write-Host "New Teams not installed."
    Exit 1
}

 

Intune : Définir le fuseau horaire automatiquement dans Windows 10/11

par | 24 Avr 2024 | ,

Afin de détecter les appareils Windows où l’option « Définir le fuseau horaire automatiquement » est désactivée, il suffit d’utiliser un script de remédiation Intune.

Script de détection :

$registrySettings = @(
    @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate"; Name = "Start"; DesiredValue = 3 }
)


    # test if the registry path exists
    if ((Test-Path $registrySettings.Path)) {

        # get the current value of the registry key
      
        $currentValueTZauto = (Get-ItemProperty -Path $registrySettings.Path -ErrorAction SilentlyContinue).$($registrySettings.Name)
  

        # If the current value is not the desired value, update it
        if ($currentValueTZauto -ne $registrySettings.DesiredValue) {
            Write-Host "the current value is Start=$currentValueTZauto, and it is not the desired value"
			exit 1
        } else {
            # If the current value is already correct, do nothing
            Write-Host "the current value is Start=$currentValueTZauto, and it is the desired value"
			exit 0
        }

    } else {
        # If the registry path does not exist, log a warning
        Write-Warning "Registry path $($registrySettings.Path) does not exist."
		exit 1
    }

 

Intune : LAPS – Création du compte admin local

par | 24 Mar 2024 | , ,

Afin de créer le compte admin local pour qui sera utilisé pour LAPS, nous pouvons utiliser un script de remédiation Intune.

Script de détection :

Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\LAPSLocalAdmin_Detect.log" -Append

$LAPSAdmin = "Laps"

$Query = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True"

$Group = Get-WmiObject -Query "Select * From Win32_Group Where LocalAccount = TRUE And SID = 'S-1-5-32-544'"

$Members=$group.GetRelated("win32_useraccount")

If ($Query.Name -notcontains $LAPSAdmin) {

    Write-Output "User: $LAPSAdmin does not existing on the device"
        
    Exit 1

}
Elseif ($Members.Name -notcontains $LAPSAdmin) {

    Write-Output "User $LAPSAdmin created but not member of the group"

    Exit 1
       
    
}
Else {
    
    Write-Output "User $LAPSAdmin exists on the device and member of the group"

    Exit 0
}
Stop-Transcript

Script de remédiation :

<pre class="wp-block-syntaxhighlighter-code">Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\LAPSLocalAdmin_Remediate.log" -Append

$LAPSAdmin = "Laps"

$Query = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True"

$Group = Get-WmiObject -Query "Select * From Win32_Group Where LocalAccount = TRUE And SID = 'S-1-5-32-544'"

$GroupName = $Group.Name

$Members=$group.GetRelated("win32_useraccount")

If ($Query.Name -notcontains $LAPSAdmin) {

    Write-Output "User: $LAPSAdmin does not existing on the device, creating user"
    
    try {
       
        $password = "fO%B2vcr36+sj2v}<£]L"

        Net User /Add $LAPSAdmin $password /Y
        Write-Output "Added Local User $LAPSAdmin"


        net localgroup $GroupName $LAPSAdmin /add
        Write-Output "Added Local User $LAPSAdmin to Administrators"
        Exit 0

    }
    catch {
        Write-Error "Couldn't create user"
        Exit 1
    }

}
Elseif ($Members.Name -notcontains $LAPSAdmin) {

try {
       
        
        Write-Output "Added Local User $LAPSAdmin"

        net localgroup $GroupName $LAPSAdmin /add
        Write-Output "Added Local User $LAPSAdmin to Administrators"
        Exit 0

    }
    catch {
        Write-Error "Couldn't add user in the group"
        Exit 1
    }

}


Else {
    Write-Output "User $LAPSAdmin exists on the device"
    Exit 0
}

Stop-Transcript</pre>

 

Derniers articles

Catégories

Archives

Auteurs/Autrices