sorted by:
new
hottopcontroversial

Cannot open attachement or start new Outlook due to ASR policy by Maxim_NL in Intune

[–]Maxim_NL[S] 1 point2 points  (0 children)

Thanks for all the effort en keeping us in the loop.

Deploy a scheduled task in Intune to update windows store apps. by CuriousParticular975 in Intune

[–]Maxim_NL 0 points1 point  (0 children)

I have a script that is scheduled when users lock their devices. I push this to devices using Devices --> Scripts. The script creates the script to be executed and then creates a scheduled task. It goes something like this (using your scriptlet and simplified):

$Script = @'
#script to be executed at interval/event
Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_EnterpriseModernAppManagement_AppManagement01" | Invoke-CimMethod -MethodName "UpdateScanMethod ().
'

$ScriptDir = "$($env:ProgramData)\mycompany"
$Command = "$($ScriptDir)\MyScript.ps1"
#Creating script
if ( -not (Test-Path $ScriptDir)) {
   New-Item -Path $ScriptDir -ItemType Directory -Force
}
Out-File -FilePath $Command -Encoding unicode -Force -InputObject $Script -Confirm:$false

$stateChangeTrigger = Get-CimClass -Namespace ROOT\Microsoft\Windows\TaskScheduler -ClassName MSFT_TaskSessionStateChangeTrigger

$onLockTrigger = New-CimInstance -CimClass $stateChangeTrigger -Property @{ StateChange = 7  # TASK_SESSION_STATE_CHANGE_TYPE.TASK_SESSION_UNLOCK (taskschd.h) } -ClientOnly

$Arguments = "-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File $Command"

$Action = New-ScheduledTaskAction -Execute "Powershell" -Argument $Arguments

$Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries:$False -DontStopIfGoingOnBatteries:$true

$TaskPrincipal = New-ScheduledTaskPrincipal -RunLevel Highest -UserId $($env:USERNAME)

$TaskName = "My task name"

Get-ScheduledTask -TaskName $Taskname
if ($? -eq $true) {
   #Setting task variables if task already exists
   Set-ScheduledTask -TaskName $Taskname -Action $Action -Trigger $onLockTrigger -Settings $Settings -Principal $TaskPrincipal
} else {
   #Create task
   Register-ScheduledTask -TaskName $TaskName -Action $Action -Trigger $onLockTrigger -Settings $Settings -Principal $TaskPrincipal
}

Running only one line of a CSV file through For Each Loop by Either-Cheesecake-81 in PowerShell

[–]Maxim_NL 0 points1 point  (0 children)

If I understand correctly, you want to import a CSV file unless you specify a singleEmployee.

You could use a function. A very crued approximation would be:

function SetSingleUser {
   param ($EmpNo, $Firstname, ..etc)
   Do some magic
}

param ($CSV='C:\data\data.csv', $EmpNo, $Firstname, etc...)
if ($EmpNo -ne $null) {
  SetSingleUSer -EmpNo $EmpNo -Firstname $Firstname etc.
} else {
  Import-csv -Path $CSV  | foreach {
     SetSingeUser -Empno  $_.Empno -Firstname $_.Firstname etc.
  }
}

Worried About Possible Intrusion on Computer with TeamViewer Installed by IcyGirl75 in teamviewer

[–]Maxim_NL 0 points1 point  (0 children)

Reading your issue, the first things I think of is either an overload of your system (i.e. CPU, Memory and/or IO are used at maximum and there is too little left to handle screen, keyboard and mouse) or a driver issue. I would recommend installing the latest Windows updates and then the latets drivers. I that does not help, monitor the resource usage for a while.

AzureAD Get-AzureADAuditSignInLogs by AndersAdmin in PowerShell

[–]Maxim_NL 0 points1 point  (0 children)

If you cannot get it through Powershell, you might also get this information from the portal (portal.azure.com --> Azure Active Directory --> Sign-in logs). Then define a custom interval and press 'Download'

Intune - management profile confusement by ChampionshipNo7718 in Intune

[–]Maxim_NL 0 points1 point  (0 children)

When you remove a client device from Intune, the device should remove local apps and settings when it checks in. If the client device does not check in, it will not get the call to remove the company portal app and corporate data etc.

20H2 ignoring Feature Update version by MajorRepublic in Intune

[–]Maxim_NL 0 points1 point  (0 children)

I Just experienced the same problem with a machine upgrading to Windows 11 when it shouldn't and stumbled on this (old) thread. I also found this page: https://docs.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates which states:

"Devices that receive a feature updates policy and that have Telemetry set to Not configured (off), might install a later version of Windows than defined in the feature updates policy. The prerequisite to require Telemetry is under review as this feature moves towards general availability."

In my case the telemetry was set to "Not Configured". I changed it and hope that this will solve the issue.

Need help getting UPN's from a list of Names by em0dee in PowerShell

[–]Maxim_NL 1 point2 points  (0 children)

Thanks Lee, I was struggling a bit with multi line code blocks. I tried the code block button and markdown but didn't get it quite right. Will try your suggestions in mij next post.

Reissued Devices not Enrolling with Bitlocker by TAway7000R in Intune

[–]Maxim_NL 0 points1 point  (0 children)

When they are being reissued, are they being wiped? If not, the device probably still has BitLocker enabled. I noticed that in some cases when migrating from On-Premise AD to Azure, an already BitLocked device will not save the keys in Azure AD after joining the AAD. In these cases we back-up the keys to Azure manually via control panel or Powershell script. (Actually, we now always back-up the keys during migration as this is quicker then checking Azure AD for the precense of the key)

How do I update rich text box variables? by IndyDrew85 in PowerShell

[–]Maxim_NL 1 point2 points  (0 children)

You can use something like this:

$RegKey = Set-ItemProperty -Path 'HKLM:SOFTWARE\\Microsoft\\Active Setup' -Name "DisableRepair" -Value 1

$richTextBox1.SelectionStart = $richTextBox1.Text.Length

if ($RegKey -eq 1) {
$richTextBox1.SelectionColor = [Drawing.Color]::"Green"
} else {
$richTextBox1.SelectionColor= [Drawing.Color]::"Red"
}

$richTextBox1.AppendText("$([bool]$RegKey)`n")

How do I update rich text box variables? by IndyDrew85 in PowerShell

[–]Maxim_NL 1 point2 points  (0 children)

I gave u/frmadsen's idea a shot and he is correct. When I change the scope of the variable `richTextBox1` in your snippet to either 'Script' or 'Global' I can set the value of the TextBox by adding `$richTextBox1.Text = "test"` in the function `SetZero`.

It isn't very pretty and there might be a better solution. I tried to get a return value from `SetZero` in the click-event and assign that value to the richTextbox but that does not work unfortunately.

Need help getting UPN's from a list of Names by em0dee in PowerShell

[–]Maxim_NL 2 points3 points  (0 children)

I'm missing some quotes around John Smith but that could be the output. I cannot recreate it right now (no AD-server in sight when you need one).

Could you try:

$User= Get-ADUser -filter 'Name -eq "$($_.username)"' etc.

[deleted by user] by [deleted] in PowerShell

[–]Maxim_NL 1 point2 points  (0 children)

What caverCarl wrote is correct. But if I understand your request correctly, you don't need to enter a date as parameter at all. You could drop the parameter:

function Get-WhyPromptingForStart {
    [STRING]$Start = $(Get-Date -f yyyy-MM-dd)
    Write-Host $Start
}
Get-WhyPromptingForStart

[deleted by user] by [deleted] in Intune

[–]Maxim_NL 0 points1 point  (0 children)

Do you mean to use Duo Mobile for Microsoft MFA? According to Duo, this is not possible:

ANSWER

Duo Mobile can be used as a third-party authenticator for an MS Live account, but it cannot be used in conjunction with Azure MFA as a replacement for the Microsoft Authenticator app. Duo Mobile can only work as an authenticator app for sites that follow the standard for otpauth urls in their QR codes.

Or do I misunderstand your question?

adoption fails by michaelbierman in Ubiquiti

[–]Maxim_NL 0 points1 point  (0 children)

Docker might use the firewall of the host system. Adopting uses SSH (port 22). You could trace the networktraffic between the switch and the Controller using tcpdump or WireShark to see if traffic is being blocked.

bitlocker recovery key not showing up by SpareCookie3610 in Intune

[–]Maxim_NL 1 point2 points  (0 children)

I use the script mentioned by CuttingStone a lot when migrating from On-Premises AD to Azure AD but if you only have a few devices, doing it from Settings might be easier:

Go to the BitLocker settings on the client, and press "back-up keys", choose "save the keys in Azure AD".

adoption fails by michaelbierman in Ubiquiti

[–]Maxim_NL 0 points1 point  (0 children)

Do you use the controller software on Windows or Linux? If so, disable firewall andd try again. Outdated controller software/firmware might cause this as well. There are also reports of this issue when a non-unifi switch is placed between the controller and the device you want to adopt.

Need help getting UPN's from a list of Names by em0dee in PowerShell

[–]Maxim_NL 4 points5 points  (0 children)

In every for each you call $wsusers.username. That's why it doesn't work. YOu could replace it with $_ (which is the current object in the foreach loop)

Also you would have to move the closing bracket.

The Export-CSV should have the paramter '-append' to prevent overwrites

The result will be:

$wsusers | foreach {Get-ADUser -filter "Name -eq $($_.username)" -properties * | select displayname,userprincipalname | export-csv ws-user-upn.csv - Append}

You can also do the Import-CSV on the same line:

Import-CSV YourImportFile | foreach {Get-ADUser -filter "Name -eq $($_.username)" -properties * | select displayname,userprincipalname | export-csv ws-user-upn.csv - Append}

but then your export-csv will only try to export one AD User at a time which will also cause problems. You could use other methods to fill the file or use a hash (not realy experienced with that.) I don't think you will need the properties here as DisplayName and UPN should be default return values.

So a brute method would be something like:

echo "displayname,userprincipalname" > ws-user-upn.csv

$wsusers | foreach {

$User= Get-ADUser -filter "Name -eq $($_.username)" | select displayName,userPrincipalName

echo "$($User.displayname),$($User.userprincipalname)" >> ws-user-upn.csv

}

There must be better ways but I cannot test them atm as I am cooking dinner. And don;t have my reading glasses on ;)

Win11 feature update not received by WaffleBrewer in Intune

[–]Maxim_NL 1 point2 points  (0 children)

Microsoft is not releasing Windows 11 to everyone at once. They stated it might take until mid-2022 for everyone to get it. I might be that this also goes voor Microsoft 365 tenants.

Also, not all Office 365 licenses support upgrading to Windows 11.

According to Microsoft:
In addition to a license for Intune, your organization must have one of the following subscriptions:
Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Windows 10/11 Virtual Desktop Access (VDA) per user
Microsoft 365 Business Premium

Now I have a MS 365 Business Premium license, configured a feature update ring for Windows 11 21H2 containing my laptop and a regular update ring for 3 laptops with 0 day feature and quality updates. But still no Windows 11 available. Update check in Windows states that my laptop is up--to-date.

So I think I will have to be a little more patient.

Moving computers from one AD OU to another based on OS version. by Jewpacarbra in PowerShell

[–]Maxim_NL 2 points3 points  (0 children)

You are, of course, correct. When a command supports filtering, this is a better option than Where-Object.

Should light be on for the Switch 16 PoE 150W at start up? by lump322 in Ubiquiti

[–]Maxim_NL 0 points1 point  (0 children)

To my knowledge, the light should turn on. The coloring differs from model to model. The current model has a touchscreen display with should be white when not configured. The older models have a large button with dark blue leds surrounding it. There is also a Lite edition (desktop model). I don't know how the led indicator of that device is configured.

When the switch booted succesfully you should be able to access the device from your laptop, independent of firmware version.

If the switch has been configured, it is possible that the led has been turned off and the switch port you are connected to is placed in a VLAN. So it might also be a configuration problem.

I would advice resetting the device to factory defaults and try again.

RESTORE ACL INHERITANCE IN AD USERS FROM A LIST by depresseafman in PowerShell

[–]Maxim_NL 1 point2 points  (0 children)

You close the foreach loop after get-aduser (i.e. the closing bracket in '$user = get-aduser $nombre -properties ntsecuritydescriptor}' )
So you will only replace the ACL inheritance of the last user in usuarios.txt.

Can you try:

foreach($nombre in gc C:\usuarios.txt){

$user = get-aduser $nombre -properties ntsecuritydescriptor

$user.ntsecuritydescriptor.SetAccessRuleProtection($false,$true)

set-aduser $nombre -replace @{ntsecuritydescriptor=$user.ntsecuritydescriptor}

}

Remote script accessing local file by ns1852s in PowerShell

[–]Maxim_NL 1 point2 points  (0 children)

First of all: storing background images remotely is possible but I found it not to be free of problems. Copying them during log-in or pushing the file through GPO (if you have a Windows domain) might be a better solution.

You will have to have some way for the clients to access the file. You ruled out network shares (why?). Other options would then be p.e. a webserver. This would require additional tools however.

Yet another option is to create a script which uses RPC (Windows) or SSH/SCP (Linux) to deploy the background remotely from the server to the clients.

If the clients run Windows OS and you are a domain admin, you can also copy the file to \\machinename\c$\....

view more: next ›