User Profile
Harm_Veenstra
MVP
Joined Nov 05, 2021
User Widgets
Recent Discussions
Re: Need a PowerShell script for the query given below
Could you explain what the 'cleaning the desktop' policy means? And blocking users from saving anything on the whole C:\ drive sounds like something that won't work/be easy? Do you want the profile to be removed on logoff? GPO or Intune is better for setting those things... And most important... What have you tried yourself already? What scripts did you try? (This forum is not a ask us to build you everything you want place)27Views0likes0CommentsRe: Get-Secret fails when PowerShell script runs as a scheduled task.
I wrote. a blog post about this a few years back, I added a a note back then: This only works when the vault is not protected by a password, you can remove the password from the vault by using: Set-SecretStoreConfiguration -Authentication None (https://powershellisfun.com/2022/07/07/using-the-powershell-secretmanagement-module/)33Views0likes0CommentsRe: Fetch Email of Login User In System Context
Ah, if devices are used by multiple users or are different from the enrollment user... Ok, I modified Andrew Taylor's script a bit to return the email address: function get-UserPrincipalNameFromLoggedOnUser() { <# .SYNOPSIS This function is used to find the logged-in user's userprincipalname as System .DESCRIPTION This function is used to find the logged-in user's userprincipalname as System .EXAMPLE getloggedindetails Returns the SID and Username in an array .NOTES NAME: getloggedindetails Written by: Andrew Taylor (https://andrewstaylor.com) and changed by Harm Veenstra to return only the User Principal Name #> ##Find logged in username $user = Get-WmiObject Win32_Process -Filter "Name='explorer.exe'" | ForEach-Object { $_.GetOwner() } | Select-Object -Unique -Expand User ##Find logged-in user's SID ##Loop through registry profile list until ProfileImagePath matches and return the path $path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" $sid = (Get-ItemProperty -Path $path | Where-Object { $_.ProfileImagePath -like "*$user" }).PSChildName try { $userprincipalname = (Get-ChildItem "Registry::HKEY_USERS\$($sid)\Software\Microsoft\Windows NT\CurrentVersion\WorkplaceJoin\AADNGC" -Recurse -ErrorAction Stop).GetValue('UserID') } catch { $userprincipalname = "Not found" } return $userprincipalname } Original source: https://andrewstaylor.com/2023/11/07/enumerating-the-logged-on-user-when-running-as-system-with-azure-ad-entra-joined-devices/38Views0likes0Comments- 88Views0likes0Comments
- 108Views0likes0Comments
Re: PowerShell scripts not delivering to Windows devices
If the installation fails but the script exits successfully (Exit 0), it will not attempt the installation again. But to troubleshoot, you can add Start-Transcript c:\windows\temp\log.txt to the top of the script and Stop-Transcript at the end of the script. Save and upload the modified script, it will rerun on the devices again, so you might want to limit this to the failing device, and check the log afterwards. You could also try adding the MSIX as a Line-of-Business-App in Windows Apps instead of using a script.214Views1like0CommentsRe: Can't add device member in Static Security Entra Group with powershell
This does work. New-MgGroupMember -GroupId XYZ -DirectoryObjectId (Get-MgDevice -Filter "displayName eq 'COMPUTERNAME' ").Id It queries using Graph for the device ID in the process using the display name of the device.115Views0likes0CommentsRe: Fetch Email of Login User In System Context
It's in the registry beneath the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo key; you could query it using: (Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo -Recurse).GetValue('UserEmail')287Views1like0CommentsRe: .Net mail message, PowerShell and Microsoft Purview Infrmation Protection
https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users.actions/send-mgusermail?view=graph-powershell-1.0 Using Send-MgUsermail gives you more options to label emails. Have you checked that already?97Views0likes0Comments
Recent Blog Articles
No content to show