Deleting RegistryKeys on Clients via Intune

Occasional Contributor

Dear All,

 

Because of the vulnerability mentioned in the below link, I am trying to delete the relevant registry key on all clients via Intune:

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-...

 

I have tried to do this via a powershell script as suggested in the below link, but tests failed:

https://cloudbyte.nl/change-or-edit-registry-on-windows-10-device-from-intune-endpoint-manger/

 

The script looks like this:

GuelenToker_0-1654252442169.png

I am not very much experienced with Intune, so I am not able to troubleshoot this.

Would anyone have some advice?

Many thanks in advance.

 

Gülen

 

11 Replies

@GuelenToker We have the same issue i tried something if it works i'll leet u know ;)

Hi @GuelenToker i can confirm to you that the script works through Intune 

 

the only thing you need to set in de script is: 

reg delete "HKEY_CLASSES_ROOT\ms-msdt" /f

 

Intune runs thorugh system account in de computers and it also gonna take care of the powershell execution policy so that is not needed. 

putting the commanbd abouve on a ps script worked just fine in our Intune.

side note:

you wont see that it worked until the computers in the group you deploy to are restarted.

 

good luck.

Thanks very much I will try this out:)

I modified the script and did the reboot. Although I still receive error in Intune, the key is deleted. @DiazAlain .

We tested similar steps as in the link you provided and now it is ok @DineshCR 

Thanks both for the help:)

What @DineshCR sent is also a good approach i couldn't find earlier
but i just wonder to what kind of group where you assigning ? was a device or a user group.
super that it worked at last.
I chose all devices , I have anyway 3 Windows Clients on VM on my test tenant.
That's interesting i wonder what your logs show about why it failed but if is resolved that is the most important.
If I knew how to get the logs, I would provide you this feedback:-P Sorry to new in this topic:)
Hey Geulen no problem
the logs you can find here "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
and is the AgentExecutor.log where yo will exactly what happened
i recommend you use cmtrace to open this logs otherwise is gonna be complicated to see exactly something as a text file
of course you can always send it to have a look as well.