User Profile
ABill1
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Kiosk mode set up - azure ad log in - multi app
HiLeonPavesic So I dont use MFA however I have gone the device config way which has worked better however I have encountered some errors Current set up This works but I need to set up pinned apps to be the ones I have added. Also some more which I am yet to add like onenote and powerpoint. What would the Start layout be to get this done?Kiosk mode set up - azure ad log in - multi app
Hello everyone, I'm struggling to enable kiosk mode and need some help. What I'm aiming for is to have users have access to only Edge, Office apps (including OneNote), Settings, and Python. Users will use Azure AD for device login, as they are managed through Intune. I attempted to follow the instructions at https://petervanderwoude.nl/post/configuring-multi-app-kiosk-mode-on-windows-11/comment-page-1/?unapproved=204857&moderation-hash=a99abbd45d2f235ba0740ff4afd06552#comment-204857 but encountered difficulties getting it to work. When applying the policy I created, I encountered an error: -2016281112. Any suggestions or ideas on how to resolve this issue would be greatly appreciated.Assistance Needed with iPad Login Configuration
Hello everyone, I'm currently experiencing difficulties with configuring an iPad to utilise login credentials for device access. Previously, the device was configured with a profile set to "enroll without user affinity." Now, I've changed the profile to "Enroll with Microsoft Entra shared mode." Despite resetting and re-enrolling the iPad, it still doesn't prompt for login details upon access. It's important to note that the device is associated with Apple School Manager. Could you please advise on what might be the issue or if there's something I might be overlooking?Re: Is it possible to disable search location in file explorer voa intune
With this script I can set it per user however not for all users on the machine and it sets permission for the folder: dlcaglefdlidioooijnigjhfcndlncfp with $folderPath = "C:\Users\A SPECIFIC USERNAME\appdata\Local\Microsoft\Edge\User Data\Default\Extensions\dlcaglefdlidioooijnigjhfcndlncfp" # Define the account for which you want to deny permissions $account = "AzureAD\A SPECIFIC USERNAME" # Get the current ACL $acl = Get-Acl -Path $folderPath # Create a rule to deny deletion and deletion of subfolders $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, "Delete, DeleteSubdirectoriesAndFiles", "Deny") # Add the rule to the ACL $acl.AddAccessRule($rule) # Apply the modified ACL to the folder Set-Acl -Path $folderPath -AclObject $acl I also cant get it to set this policy to sub folders as these can still be deleted. Any ideas?Enable device lock when screen lid is shut
Hi all, I use a mixture of dell and HP devices with intune with HP devices they lock when the lid is shut, this setting I have not made myself and seems automatic. I have followed some guides to try doing it via intune or powershell no luck. Like: https://niklastinner.medium.com/sleep-lock-device-on-lid-close-intune-configuration-profile-power-management-ec3bf45f6e05 Any ideas?Re: Is it possible to disable search location in file explorer voa intune
Yes however the SID of that group needs to be on the device which isnt the case as this policy https://www.inthecloud247.com/add-an-azure-ad-group-to-the-local-administrators-group-with-microsoft-intune/ didnt work? Or will this work without doing this policy?Re: Is it possible to disable search location in file explorer voa intune
Hi Harm_Veenstra So it failed! Any ideas why. I found the SID <groupmembership> <accessgroup desc = "Users"> <member name = "Liam C" /> <member name = "I entered my sid here" /> </accessgroup> </groupmembership> Users Is the local group Liam C is the azure ad security group I have added the users I need this to affect into the liam c security group I then set this policy to deploy to the device where the user who is in the liam c group logs on too. Is this correct? How do I identify why this isnt workingRe: Is it possible to disable search location in file explorer voa intune
So I have found a script that works if I specify the user however how would I do this if for each user which tries to delete it (standard users)? # Define the folder path $folderPath = "C:\Users\Username\appdata\Local\Microsoft\Edge\User Data\Default\Extensions\dlcaglefdlidioooijnigjhfcndlncfp" # Define the account for which you want to deny permissions $account = "AzureAD\Username" # Get the current ACL $acl = Get-Acl -Path $folderPath # Create a rule to deny deletion and deletion of subfolders $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, "Delete, DeleteSubdirectoriesAndFiles", "Deny") # Add the rule to the ACL $acl.AddAccessRule($rule) # Apply the modified ACL to the folder Set-Acl -Path $folderPath -AclObject $acl
