Hi @Harm_Veenstra ,

 

Even using the option "-Scope Currentuser" I see the following error in the log:

 

[PowerShell] User Id = c16a6a16-2f0d-4148-80be-8bf7cca6fbf2, Policy id = bc108d02-ac34-41c3-a072-e16b7f26b1ae, policy result = Failed
[PowerShell] Fail, the details are {"Version":1,"SigningCode":649,"SigningMsg":"(Success) AccountId:95fb4322-d2af-4011-af4b-e98b056b4560,PolicyId:bc108d02-ac34-41c3-a072-e16b7f26b1ae,Type:1,Enforce: Audit. OSVersion:10.0.19044,AgentVersion:1.50.203.0. ","ExecutionMsg":"Powershell execution has exceeded defined timeout."}

 

NOTE 1: The same script works manually on the workstation.

 

NOTE 2: The file (bc108d02-ac34-41c3-a072-e16b7f26b1ae.ps1) is successfully created on the workstation and after the timeout error it is automatically deleted.

 

Any ideas, is it possible to increase the timeout?

Perhaps a start-transcript c:\temp\log.txt can give you more insight when being started by Intune? (create folder first)

Hi

Just wondering but I guess because when using -scope currentuser, you have targeted the powershell script to run as the user or as system?

But how are you getting your results back? as it just outputs the results... I would try to convert it to a proactive remediation... so you could install the module in the detection part and in the remediation checking the results and if it gets back good results exit with 0.

Hi @Rudy_Ooms_MVP ,

 

If I understand correctly, I'm doing what you recommend. I'll attach the log here, if you can take a look.

Hi @Acreature 

 

I'm using Stop-Transcript, but same issue occur. 

 

If I'm using it locally, the script runs fine, but when it runs through intune it just writes the beginning and nothing else happens.

The script

#######

Start-Transcript $env:TEMP\saida_speculation.txt
Set-Variable -Name 'ConfirmPreference' -Value 'None' -Scope Global
$SaveExecutionPolicy = Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned -Scope Process -Force -Confirm:$false
try {
$SpeculationControlModule = Get-InstalledModule -Name SpeculationControl -ErrorAction Stop -Verbose:$false
if ($SpeculationControlModule -ne $null) {
$LatestModuleVersion = (Find-Module -Name SpeculationControl -ErrorAction Stop -Verbose:$false).Version
if ($LatestModuleVersion -gt $SpeculationControlModule.Version) {
$UpdateModuleInvocation = Update-Module -Name SpeculationControl -Force -Scope Process -ErrorAction Stop -Confirm:$false
}
}
}
catch [System.Exception] {
try {
$PackageProvider = Install-PackageProvider -Name NuGet -Scope CurrentUser -Confirm:$false
Install-Module -Name SpeculationControl -Force -ErrorAction Stop -Scope CurrentUser -Confirm:$false
}
catch [System.Exception] {
Write-Host "An error occurred while attempting to install SpeculationControl module. Error message: $($_.Exception.Message)" ; break
}
}
Import-Module SpeculationControl
Get-SpeculationControlSettings | Out-File -FilePath $Env:ProgramData\speculationcontrol.txt
Set-ExecutionPolicy $SaveExecutionPolicy -Scope Process -Force -Confirm:$false
exit 0
exit
Stop-Transcript

#######

The output

**********************
Windows PowerShell transcript start
Start time: 20220211184851
Username: AzureAD\xxxx
RunAs User: AzureAD\xxxx
Configuration Name:
Machine: DESKTOP-xxxxxx (Microsoft Windows NT)
Host Application: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -executionPolicy bypass -file C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts\ca16a6aa16-2f0d-4x48-80be-8bxf7cca6fbf2_xbc108d02-ac34yy-41c3-a14072-e16b7f2336b1ae.ps1
Process ID: 7176
PSVersion: xxxx
PSEdition: Desktop
PSCompatibleVersions: xxxx
BuildVersion: xxxx
CLRVersion: xxxx
WSManStackVersion: xxxx
PSRemotingProtocolVersion: xxxx
SerializationVersion: xxx
**********************
Transcript started, output file is C:\Users\xxxxxx\AppData\Local\Temp\saida_speculation.txt


Some help?

Hi did you also run the script with the use of psexec -i -s powershell.exe to get in the system context? does that work?
And if you are deploying this powershell script with intune there must be something in the agentexector.log in the IME folder. Could you take a look at that log

Looging at the script.. It exits the script without the stop-transcript and not exiting correctly?

Change:
"
exit 0
exit
Stop-Transcript
"
to:
"
Stop-Transcript
exit 0
"

Hi @Rudy_Ooms_MVP 

 

yep, when I use psexec local it works fine, but when in the Intune, same issue occur.
The issue only occurs through Intune, if I run the local script it runs fine.

 

Yes, in the agentexecutor.log I can see the script starting and after 30 min I see the timeout fail.

 

# Output agentexecutor.log

cmd line for running powershell is -NoProfile -executionPolicy bypass -file "C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts\xscddefr-2f0d-4148-80be-8bf7cca6fbf2_bc108d02-ac34-41c3-a072-deswdefr.ps1"
[Executor] created powershell with process id 5567

 

# And output IntuneManagementExtension.log
[PowerShell] Fail, the details are {"Version":1,"SigningCode":649,"SigningMsg":"(Success) AccountId:swdefr-d2af-4011-af4b-e234556b4560,PolicyId:bc108d02-ac34-41c3-a072-e16ys6stgeh,Type:1,Enforce: Audit. OSVersion:10.0.19043,AgentVersion:1.51.204.0. ","ExecutionMsg":"Powershell execution has exceeded defined timeout."}

 

# and the Start-Transcript you can see above

 

:(

Hi @Harm_Veenstra ,

 

This sunday I changed this to:

"

Stop-Transcript

exit 0

"

 

But, same occur.

Still no transcript log containing the steps from your script? Weird...

I reinforce that this behavior only occurs when it is running through Intune, if I run the local script, everything works fine

Just uploaded it to intune, lets find out what the issue is

 

EDIT: very weird... I have altered almost the whole script... but it just doesn't get executed... I am beginning to guess whats wrong with it.. will update this post when I have the answer

@Rudy_Ooms_MVP ,

 

Thank you very much, I will look forward to it.

if (Get-PackageProvider -ListAvailable -Name NuGet)
{
Write-Host "Module exists"
}else
{
Install-PackageProvider "NuGet" -MinimumVersion 2.8 -Force | Out-Null
}
if (Get-Module -ListAvailable -Name SpeculationControl)
{
Write-Host "Module exists"
Import-Module SpeculationControl
New-Item -Path c:\programdata -Name "testfile2.txt" -ItemType "file" -Value "PassedRound1."
Get-SpeculationControlSettings | Out-File -FilePath c:\ProgramData\speculationcontrol.txt
}else
{
Install-module -Name SpeculationControl -force
Import-Module SpeculationControl
New-Item -Path c:\programdata -Name "testfile3.txt" -ItemType "file" -Value "PassedRound1b."
Get-SpeculationControlSettings | Out-File -FilePath c:\ProgramData\speculationcontrol.txt
}
New-Item -Path c:\programdata -Name "testfile4.txt" -ItemType "file" -Value "PassedAll."

Altered it a bit as you could notice. I also added some additional testfiles to know at which stage it broke/timeout
My money is on this line:
Set-Variable -Name 'ConfirmPreference' -Value 'None' -Scope Global

Uploaded the script above to my test tenant and in the programdata the output is saved..

Did you already had time to test it?