Le blog technique

Toutes les astuces #tech des collaborateurs de PI Services.

#openblogPI

Voir tous les articles

Retrouvez les articles à la une

Intune : Définir le fuseau horaire automatiquement dans Windows 10/11

par | 24 Avr 2024 | ,

Afin de détecter les appareils Windows où l’option « Définir le fuseau horaire automatiquement » est désactivée, il suffit d’utiliser un script de remédiation Intune.

Script de détection :

$registrySettings = @(
    @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate"; Name = "Start"; DesiredValue = 3 }
)


    # test if the registry path exists
    if ((Test-Path $registrySettings.Path)) {

        # get the current value of the registry key
      
        $currentValueTZauto = (Get-ItemProperty -Path $registrySettings.Path -ErrorAction SilentlyContinue).$($registrySettings.Name)
  

        # If the current value is not the desired value, update it
        if ($currentValueTZauto -ne $registrySettings.DesiredValue) {
            Write-Host "the current value is Start=$currentValueTZauto, and it is not the desired value"
			exit 1
        } else {
            # If the current value is already correct, do nothing
            Write-Host "the current value is Start=$currentValueTZauto, and it is the desired value"
			exit 0
        }

    } else {
        # If the registry path does not exist, log a warning
        Write-Warning "Registry path $($registrySettings.Path) does not exist."
		exit 1
    }

 

Intune : LAPS – Création du compte admin local

par | 24 Mar 2024 | , ,

Afin de créer le compte admin local pour qui sera utilisé pour LAPS, nous pouvons utiliser un script de remédiation Intune.

Script de détection :

Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\LAPSLocalAdmin_Detect.log" -Append

$LAPSAdmin = "Laps"

$Query = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True"

$Group = Get-WmiObject -Query "Select * From Win32_Group Where LocalAccount = TRUE And SID = 'S-1-5-32-544'"

$Members=$group.GetRelated("win32_useraccount")

If ($Query.Name -notcontains $LAPSAdmin) {

    Write-Output "User: $LAPSAdmin does not existing on the device"
        
    Exit 1

}
Elseif ($Members.Name -notcontains $LAPSAdmin) {

    Write-Output "User $LAPSAdmin created but not member of the group"

    Exit 1
       
    
}
Else {
    
    Write-Output "User $LAPSAdmin exists on the device and member of the group"

    Exit 0
}
Stop-Transcript

Script de remédiation :

<pre class="wp-block-syntaxhighlighter-code">Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\LAPSLocalAdmin_Remediate.log" -Append

$LAPSAdmin = "Laps"

$Query = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True"

$Group = Get-WmiObject -Query "Select * From Win32_Group Where LocalAccount = TRUE And SID = 'S-1-5-32-544'"

$GroupName = $Group.Name

$Members=$group.GetRelated("win32_useraccount")

If ($Query.Name -notcontains $LAPSAdmin) {

    Write-Output "User: $LAPSAdmin does not existing on the device, creating user"
    
    try {
       
        $password = "fO%B2vcr36+sj2v}<£]L"

        Net User /Add $LAPSAdmin $password /Y
        Write-Output "Added Local User $LAPSAdmin"


        net localgroup $GroupName $LAPSAdmin /add
        Write-Output "Added Local User $LAPSAdmin to Administrators"
        Exit 0

    }
    catch {
        Write-Error "Couldn't create user"
        Exit 1
    }

}
Elseif ($Members.Name -notcontains $LAPSAdmin) {

try {
       
        
        Write-Output "Added Local User $LAPSAdmin"

        net localgroup $GroupName $LAPSAdmin /add
        Write-Output "Added Local User $LAPSAdmin to Administrators"
        Exit 0

    }
    catch {
        Write-Error "Couldn't add user in the group"
        Exit 1
    }

}


Else {
    Write-Output "User $LAPSAdmin exists on the device"
    Exit 0
}

Stop-Transcript</pre>

 

Intune : Lister les version Adobe Acrobat Pro via un script de remédiation

par | 24 Fév 2024 | , ,

Le script ci-dessous peut être utilisé comme un script de remédiation dans Intune.
Seule la partie « Script de détection » sera configurée afin d’avoir la liste des appareils qui ont une version Adobe Acrobat Pro installée.
 
$regkey64 = "HKLM:\SOFTWARE\Adobe\Adobe Acrobat\DC\Installer"
$regkey32 = "HKLM:\SOFTWARE\WOW6432Node\Adobe\Adobe Acrobat\DC\Installer"
$name64 = "ProductCode"
$name32 = "ENU_GUID"
    try
    {
        $exists64 = Get-ItemProperty $regkey64 $name64 -ErrorAction SilentlyContinue
        $exists32 = Get-ItemProperty $regkey32 $name32 -ErrorAction SilentlyContinue
        #Write-Host "Test-RegistryValue: $exists32"
        if ($exists64.ProductCode -eq "{AC76BA86-1033-FFFF-7760-BC15014EA700}")
        {
            Write-Host "Adobe Acrobat Pro 64"
            exit 1
        }
        elseif ($exists32.ENU_GUID -eq "{AC76BA86-1033-FFFF-7760-0C0F074E4100}")
        {
            Write-Host "Adobe Acrobat Pro 32"
            exit 1
        }
        else
        {
            Write-Host "Adobe Acrobat Reader"
            exit 0
        }
    }
    catch
    {
        return $false 
    }
Après l’exécution du script de détection sur tous les appareils Windows concernés, il suffit d’aller sur le « Devices status » :
– Ajouter la colonne « Pre-remediation detection output » pour afficher les version d’Adobe Pro
– Filtrer les appareils ‘With issues’ dans la colonne « Detection status »
 
 

Derniers articles

Catégories

Archives

Auteurs/Autrices