Forum Discussion
Help deploy a powershell script to install speculation module
Hi folks,
I need help checking the status "Speculation Execution Side-Channel Vulnerabilities".
I use the document "https://support.microsoft.com/en-us/topic/understanding-get-speculationcontrolsettings-powershell-script-output-fd70a80a-a63f-e539-cda5-5be4c9e67c04" with reference.
I'm trying to use a powershell script via intune, but there is a permission error because users don't have admin permission on their workstations.
Is it possible to configure the script or environment to allow installing the module with a regular user?
22 Replies
elvys_marchon
You need to Unblock the file first. The timeout error comes because in the backend it stuck at "Security Warning" message.
"Security warning
Run only scripts that you trust. While scripts from the internet
can be useful, this script can potentially harm your computer. If
you trust this script, use the Unblock-File cmdlet to allow the
script to run without this warning message. Do you want to run
C:\Users\NBRameshDh\Downloads\SetTimezoneWPFGUI_Buttons_Removed.p
s1?
[D] Do not run [R] Run once [S] Suspend [?] Help
(default is "D"):"
So for this you need to unblock the file "Unblock-File .\FileName.ps1"I have found what's wrong. When your script using Start-Transcript you definitely need to use Stop-Transcript at end of the script. Or Intune cannot finish with success status
Hi Acreature
I'm using Stop-Transcript, but same issue occur.
If I'm using it locally, the script runs fine, but when it runs through intune it just writes the beginning and nothing else happens.
- Hi did you also run the script with the use of psexec -i -s powershell.exe to get in the system context? does that work?
And if you are deploying this powershell script with intune there must be something in the agentexector.log in the IME folder. Could you take a look at that log
- import-Module .\SpeculationControl.psd1 -Scope Currentuser doesn't work?
Hi Harm_Veenstra ,
Even using the option "-Scope Currentuser" I see the following error in the log:
[PowerShell] User Id = c16a6a16-2f0d-4148-80be-8bf7cca6fbf2, Policy id = bc108d02-ac34-41c3-a072-e16b7f26b1ae, policy result = Failed
[PowerShell] Fail, the details are {"Version":1,"SigningCode":649,"SigningMsg":"(Success) AccountId:95fb4322-d2af-4011-af4b-e98b056b4560,PolicyId:bc108d02-ac34-41c3-a072-e16b7f26b1ae,Type:1,Enforce: Audit. OSVersion:10.0.19044,AgentVersion:1.50.203.0. ","ExecutionMsg":"Powershell execution has exceeded defined timeout."}NOTE 1: The same script works manually on the workstation.
NOTE 2: The file (bc108d02-ac34-41c3-a072-e16b7f26b1ae.ps1) is successfully created on the workstation and after the timeout error it is automatically deleted.
Any ideas, is it possible to increase the timeout?
- Hi
Just wondering but I guess because when using -scope currentuser, you have targeted the powershell script to run as the user or as system?
But how are you getting your results back? as it just outputs the results... I would try to convert it to a proactive remediation... so you could install the module in the detection part and in the remediation checking the results and if it gets back good results exit with 0.
