Turn on Memory Integrity via Intune
Hi, I want to turn on Memory Integrity via Intune. I used the following script to turn on Memory Integrity, but it didn't. Also, there are no errors or failure statuses on the Intune Scripts Status page. Could someone please suggest This is the script I used: # Registry key path $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" # Desired value for Memory Integrity (1 for enabled with UEFI lock) $desiredValue = 1 # Initialize exit code $exitCode = 0 # 0 indicates success by convention try { # Check if the key exists if (Test-Path -Path $registryPath) { $currentValue = Get-ItemProperty -Path $registryPath | Select-Object -ExpandProperty "Enabled" # Check if the value is already set to the desired value if ($currentValue -eq $desiredValue) { Write-Host "Memory Integrity is already enabled with UEFI lock. No changes made." } else { # If the key exists but the value is not as desired, set it to the desired value Set-ItemProperty -Path $registryPath -Name "Enabled" -Value $desiredValue Write-Host "Memory Integrity enabled with UEFI lock successfully." } } else { # If the key does not exist, create it and set it to the desired value New-Item -Path $registryPath -Force Set-ItemProperty -Path $registryPath -Name "Enabled" -Value $desiredValue Write-Host "Memory Integrity enabled with UEFI lock successfully." } } catch { Write-Host "An error occurred: $_" $exitCode = 1 # 1 indicates failure } # Exit with the specified exit code exit $exitCode Output of the regedit: Enabled : 1 PSPath : Microsoft.PowerShell.Core\Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity PSParentPath : Microsoft.PowerShell.Core\Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios PSChildName : HypervisorEnforcedCodeIntegrity PSProvider : Microsoft.PowerShell.Core\RegistryScript status showing failed however, the desktop Icon is installed. Deployed script via Intune
I have the following script deployed in Intune. The script is working fine- it is deploying the desktop icon that I want. But the issue is even though the desktop icon is there- it is still showing as status failed in Intune status page #Variables creating local folder and download .ico file $LocalIconFolderPath = "C:\Intune\Xxxxxxxxxxxxxxx" $SourceIcon = "https://xxxxxxxx/xxxxxxxxlogo-wo-wb/xxxxxxxxlogo-wo-wb.ico" $DestinationIcon = "C:\Intune\Xxxxxxxxxxxxxxx\xxxxxxxxlogo-wo-wb.ico" #Step 1 - Create a folder to place the URL icon New-Item $LocalIconFolderPath -Type Directory #Step 2 - Download a ICO file from a website into previous created folder curl $SourceIcon -o $DestinationIcon #Step 3 - Add the custom URL shortcut to your Desktop with custom icon $new_object = New-Object -ComObject WScript.Shell $destination = $new_object.SpecialFolders.Item('AllUsersDesktop') $source_path = Join-Path -Path $destination -ChildPath '\\Global Intranet.lnk' $source = $new_object.CreateShortcut($source_path) $source.TargetPath = 'https://xxxxxxxxxxxxx.sharepoint.com/sites/GlobalIntranet?web=1' $source.IconLocation = ”C:\Intune\Xxxxxxxxxxxxxxx\xxxxxxxxlogo-wo-wb.ico” $source.Save()
Validate your Lync Server 2013 or Skype for Business 2015 Hybrid Configuration
First published on TECHNET on Sep 27, 2016 Ever wondered if your Skype for Business 2015 or Lync Server 2013 Hybrid Configuration is setup properly? Tony Quintanilla and I have developed a script to help customers troubleshoot their hybrid environments.
Powershell Script behaviour - User Context
I have an issue with a specific application that requires each user logon to have registration data for the app in their current user key location. The issue I have is that the system is in KIOSK mode and therefore only applications that are whitelisted are allowed to run. If I whitelist the powershell application I can successfully run the script adding the required values to the registry. In doing this however it presents a tile on the KIOSK setup. Question! How do I allow the use of powershell without presenting a tile? To clarify this doesn't appear to work using the scripts facility on Intune endpoint manager setting the script to user context mode. If I review the AppLocker log following an attempt I can see powershell is blocked. Any assistance with this would be much appreciated. Regards, Jon MasonWorkflow to be run for every specific document or content type?
I will need to look for the solution to implement the manual script initiation for specific file type in the document library (ex. force unlocking a document). Idea is that I will add additional column with the link to manually trigger a workflow to every item with appropriate content type (only MS Office file types). It should look like this: User click on the link of workflow of specific document --> Workflow (param documentId) --> execute the script on the server (with documentId param). Is that scenario possible, if not with workflows, how can I achieve that?Updated Automatic Australian RGS/Response Groups Holiday Sets v.2.20
Update19/05/2018 Released Version 2.2 to fix an issue with multiple pool selection, typos and even cleaning up my code with ISESteriods Aboutthe tool For those that don't know, I've been writing and maintaining this script for a few years over on TechNet This is a script that adds/maintains the relevant Australian Holidays to your Skype4B / Lync environment for the next 12 months based on data available from the Australian Government Website. I re-wrote most of the script from scratch and added a whole bunch of code to try and catch a lot of the errors etc that happened in the older versions.I’ve also tried to make it alot simpler to use for everyone that’s not me. Data is taken fromhttp://www.australia.gov.au/about-australia/special-dates-and-events/public-holidaysand I have done my best to be as error free as possible. Shout of toGreig in Sydneyfor beta testing and providing the red pen. That guy would have made a brilliant English teacher. Instructions Download, and run on a Frontend or any machine with the Lync / Skype4B management tools installed The script will attempt to detect your Skype4B Setup and proceed accordingly If it only detects a single FrontEnd it will prompt you to confirm the selected pool and then configure new Holiday sets Should it detect multiple pools it will ask you to confirm which pool to use and configure new Holiday sets If it finds Holiday sets with the same name they will automatically have any existing entriesremoved If you already have holiday sets with the name names or you need to add a country code. You can specify a string with the-RGSPrependparameter to prepend to the Holiday set names. Unattended (Scheduled Task) execution You can also use the script on a scheduled task to automatically pull and update the latest holidays on a monthly basis if your server has internet access. Simply specify -FrontEndPool <FEPoolFQDN> and -Unattended in the scheduled task. You can also still specify the-ServiceID and -Unattendedparameters at the commandline if you want to specify the ServiceID directly. UseGet-CsRgsConfiguration -Identity Frontend.Skype4bAdmin.comto see valid service id’s Note either of these options will disable script update checking. So it pays to check manually every now and again. Applying the Holiday sets After you have run the script, you can find the time frames in the Response Groups Editor, Simply tick the states you want the workflow closed for. Note: each of the states already includes the National holiday set, so there is no need to tick both. Fork Me As alot of my code is open source, I’ve moved from storing my Git repo on VSTS over to GitHub. Feel free to fork the code for your own purposes over here https://github.com/Atreidae/New-CsRgsAustralianHolidayList Advanced The default holiday set names are “National”,”Victoria”,”New South Wales”,”Queensland”,”ACT”,”Northern Territory”,”South Australia”,”Western Australia”,”Tasmania” If you need to change these for whatever reason update the following lines in the script 1 2 3 4 5 6 7 8 9 $National = $RGSPrepend+"National" $Vic = $RGSPrepend+"Victoria" $NSW = $RGSPrepend+"New South Wales" $QLD = $RGSPrepend+"Queensland" $ACT = $RGSPrepend+"ACT" $NT = $RGSPrepend+"Northern Territory" $SA = $RGSPrepend+"South Australia" $WA = $RGSPrepend+"Western Australia" $Tas = $RGSPrepend+"Tasmania" Version history Update19/05/2018 Released Version 2.2 Fixed a bug with logging system culture Removed some old redundant code Passed script through ISESteriods PSSharper and applied corrections Fixed a few typos Fixed a few bugs introduced cleaning up my dodgy code Fixed a bug with multiple pools using the same holiday set names Deprecated the ServiceID parameter, Specify the pool FQDN instead Added warning for deprecated ServiceID Updated Pat Richard's website Removed PowerShell 5.1 cmdlet (Get-Timezone), now using a WMI query instead Update11/05/2018 Released Version 2.1 with TLS 1.2 support Added Script logging Updated to use my new autoupdate code Added ability to switch between devel/master branches Added timezone offset detection / warning Added TLS 1.2 support for the new Govt website requirements Update09/10/2017 Released Version 2.0 with a Massive Overhaul, updated for 2018! Added Autodetecton of single RGS pool: Added Autodetecton of single RGS pool Complete Rewrite of existing rule rewrite code , Should make for alot less red text! More User friendly and better instructions Fixed a few typo’s causing dates to be incorrect. You no longer need to “Reassign” the holiday sets to response groups anymore. Update2/11/2016: Released Version 1.1 of the script. Fixed Onedrive download link Fix for Typo in Victora Holiday set causing import to fail Fix ForEach loop not correctly removing old time frames Fix Documentation not including the SID for ServiceID parameter Update26/09/2016: Fixed some Typo’s. ThanksGrieg
Sharepoint Team Group site - can not add script, lacking role? How can i fix this?
Hi Im struggling to create a webpage for my Team Sharepoint Group Site. I can not use the Modern UI pages since they dont allow me to insert any scripts. So i have created a wiki page where i can add a script. But when i add a script im faced with a error message that i do not have the correct roles. But i have tried with an global admin account and it does not work. The error message is in swedish, but roughly transleted it says HTML-code can not be attatched becaouse you can not add a webpart that uses scripts on this webpage. Contact an administrator if you think you should have access to do this. (HTML-koden kan inte infogas eftersom du inte kan lägga till webbdelar som kan användas i skript på den här webbplatsen. Kontakta administratören om du anser att du bör ha behörighet att göra detta.) I have asked our support and they say they can not find any more access to give me to allow me to add scripts. Can anyone help me find what i need? Note: I am doing this on a Microsoft Teams Group Sharepoint site. Created a wiki-page and trying to add a script. See screenshots: http://prntscr.com/jdnktw http://prntscr.com/jdnlcf Hope someone can help or at least point me in the right direction!
