If you click into the rule, you get an overview of the status. Here we can see that one device was a problem – With issues – and that the device was remediated with the remediation script. Once created, click Refresh and you will see the new rule and it will show as Active.Īs the script executes on devices, you’ll get feedback on the devices Without issues, With issues and if any Issues are fixed etc. I can go back to the rule and set to something less aggressive once I know it’s successful. Here you can choose how often the rule checks for non-complianceįor my testing only, I’m going to choose this rule Frequency to run hourly and Repeat every 1 hour – just so I can push through the test and ensure all is OK. I’m not going to set any scope tags for this proactive remediation, but I am going to assign it to test device via a group. I’m going to leave defaults for the rest of the options.
Now upload the remediation script and the same will occur. Upload the detection script and you’ll notice the Detection script section fill with the PS code.
Click the folder icon next to the Detection script file. In the next screen of the wizard, you will see fields for uploading your detection and remediation script files. Click the Create script package link.Įnter a Name and optional Description for the proactive remediation. In the MEM admin center, select Reports\Endpoint analytics\Proactive Remediation. Start-Process $InstallerX86 $Arguements -Wait Start-Process $Installer $Arguements -Wait $Chromex86 = "C:\Program Files (x86)\Google\Chrome\Application\$ChromeVersion\Installer\chrmstp.exe" $Chrome圆4 = "C:\Program Files\Google\Chrome\Application\$ChromeVersion\Installer\chrmstp.exe" $ChromeVersion = $chromeInstalled.ProductVersion $chromeInstalled = (Get-Item (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe' -ErrorAction Silentl圜ontinue).'(Default)').VersionInfo $Arguements = "-uninstall -chrome -system-level -multi-install -force-uninstall" $InstallerX86 = "$\Google\Chrome\Application\$ChromeVersion\Installer\chrmstp.exe" $Installer = "$env:ProgramFiles\Google\Chrome\Application\$ChromeVersion\Installer\chrmstp.exe" I’m sure there’s a much more elegant way to script this, but it works for me. The script captures both x86 and 圆4 installs. Next we have our remediation script which will perform the remediation process and uninstall Google Chrome for us. Write-Host "Google Chrome is not installed" $chromeInstalled = Test-Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe'
Ccleaner installed chrome without notifying me code#
Intune will remediate anything that exits with exit code 1, so we need to make sure that if Google Chrome is detected that we exit with that value. The first script checks for the existence of Google Chrome on the device. As mentioned two PowerShell scripts are needed, one to detect and one to remediate. This blog post just shows you how you can use a simple script to do something effectively, in this case I wanted to remove Google Chrome for end users devices when the user had installed the application. I’m not going to go through all the pre-requisites you need in place for this to work, I’ll just point you to the official MS docs and you can take a look yourself. You need a detection script to capture the current state of what you are checking for – does something exist or not, and then remediate the problem with another script.
If you are familiar with configuration items and baselines in SCCM then you will be comfortable already with the approach you need to take when using a proactive remediation. Proactive remediation is a cool new Intune feature which allow you to script to detect and fix problems on your endpoints.
0 kommentar(er)
