okieselbach / intune Goto Github PK
View Code? Open in Web Editor NEWIntune Scripts and Helpers.
Intune Scripts and Helpers.
The script only searches the current (latest) IME log - sometimes the download info may have aged out of the current log into a rolled over log.
The code updates below will search all IME logs:
function ExtractIntuneAppDetailsFromLogFile()
{
$IMELogs = Get-ChildItem -Path $env:ProgramData\Microsoft\IntuneManagementExtension\Logs -Filter IntuneManagementExtension*.log -Recurse -ErrorAction SilentlyContinue
foreach ($IMELog in $IMELogs)
{
$agentLogPath = $IMELog.FullName
$stringToSearch = "<![LOG[Response from Intune = {".ToLower()
Get-Content $agentLogPath | ForEach-Object {
...
how can it decrypt a null certcollection.
Stuck here. Please help.
Hi Oliver,
thanks for the collection of scripts!
As I couldn't find a license information, I'd kindly ask to consider adding a license file. Without a license it's unclear from a legal perspective how to use your collection.
Another repository is already licensed under the MIT License: https://github.com/okieselbach/SyncMLViewer/blob/master/LICENSE
function Convert-SIDGUID {
<#
.SYNOPSIS
This will help translate SIDS into GUIDS and vice versa. Checks if input is SID or GUID and returns the other.
.DESCRIPTION
Based on code from https://tech.nicolonsky.ch/validating-a-guid-with-powershell/ and https://oliverkieselbach.com/2020/05/13/powershell-helpers-to-convert-azure-ad-object-ids-and-sids/
.PARAMETER InputObject
The SID or GUID to convert
#>
param
(
[Parameter(Mandatory = $true, Position = 0, ValueFromPipelineByPropertyName = $true)]
[AllowEmptyString()]
[string]$InputObject
)
$tryguid = [guid]::TryParse($InputObject, $([ref][guid]::Empty))
if ($tryguid) {
$bytes = [Guid]::Parse($ObjectId).ToByteArray()
$array = New-Object 'UInt32[]' 4
[Buffer]::BlockCopy($bytes, 0, $array, 0, 16)
$sid = "S-1-12-1-$array".Replace(' ', '-')
return $sid
}
try {
$sid = New-Object System.Security.Principal.SecurityIdentifier($InputObject) | foreach {$_.Value}
$index = 'S-1-12-1-'.Length
$length = $sid.length - $index
$text = $sid.Substring($index,$length)
# $text = $sid.Replace('S-1-12-1-', '')
$array = [UInt32[]]$text.Split('-')
$bytes = New-Object 'Byte[]' 16
[Buffer]::BlockCopy($array, 0, $bytes, 0, 16)
[Guid]$guid = $bytes
return $guid
}
catch {
Return "No valid SID or GUID found"
}
}
Not directly an issue with script (which is great), but the GUID from the URL are nothing like the file that gets saved locally, so one need to match these ie by time, to know which file the keys correspond to...
The app does what it is supposed to. The problem i am having is that the app always shows an error after i have typed in my PIN (which is getting prompted for at start-up of the Notebook). The error message states that there is a problem with the installation. I was guessing that it is actually a problem with the detection PS-Script, but i tried a few things tweaking the Script and i am still getting the same error. The status of the app not beeing installed leads to the daily prompt that i should set my PIN (although it is already set and actually working).
Does anyone have an idea what the root of this problem could be? Is there a way i could see a log of whats happening after i set my PIN?
When using the -FileName optional parameter, the following error is displayed:
Out-File : Could not find a part of the path 'C:\temp'.
At line:59 char:113
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It seems that the Intune Management Extension no longer produces the logs necessary to determine the intunewin IV and key.
I suspect this is due to a recent update. If anyone has docs from the start of October or earlier, I'd love to take a look.
Dear okieselbach,
Bitlocker pin ServiceUI.exe only accept up to 10 characters
It's not allow to click OK if the pin go beyond that number.
Do you mind to share the source code ?
Thanks.
When I download intunewin file from azure I cannot extract it.
ERROR: End of Central Directory record could not be found.
For the x86 -> x64 context switch, the IntunePSTemplate.ps1 sample sets the RedirectStandardOutput property for the ProcessStartInfo object to $true
, but does not consume the StandardOutput. This can cause the new x64 child process to hang indefinitely:
>> (..) When the child process writes enough data to fill its redirected stream, it is dependent on the parent. The child process waits for the next write operation until the parent reads from the full stream or closes the stream. (..) <<
Source: ProcessStartInfo.RedirectStandardOutput Property
When the StandardOutput is not consumed by the parent script, the $pinfo.RedirectStandardOutput
should be set to $false
.
There is another issue: $exitCode = $p.ExitCode
gets called without waiting for the child process to exit. Therefore, $exitCode
will come back as $NULL
most of the time. Better code would look like this:
$stderr = $p.StandardError.ReadToEnd()
$p.WaitForExit()
$exitCode = $p.ExitCode
In some cases the Intune certificate is not installed in the local machine store but in the current user store. In this case the Decrypt function will fail.
The following code update to the function will check the user store if no cert is found in the localmachine store:
[System.Reflection.Assembly]::LoadWithPartialName("System.Security") | Out-Null
$content = [Convert]::FromBase64String($base64string)
$envelopedCms = [Security.Cryptography.Pkcs.EnvelopedCms]::new()
$x509Store = [System.Security.Cryptography.X509Certificates.X509Store]::new([System.Security.Cryptography.X509Certificates.StoreName]::My,[System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)
$x509Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
[System.Object]$certExtension = "1.2.840.113556.5.6"
$certCollection = $x509Store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindByExtension,$certExtension,$false)
$x509Store.Close()
if ($certCollection.Count -eq 0)
{
$x509Store = [System.Security.Cryptography.X509Certificates.X509Store]::new([System.Security.Cryptography.X509Certificates.StoreName]::My,[System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser)
$x509Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
$certCollection = $x509Store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindByExtension,$certExtension,$false)
$x509Store.Close()
}
$envelopedCms.Decode($content)
$envelopedCms.Decrypt($certCollection)
$utf8content = [text.encoding]::UTF8.getstring($envelopedCms.ContentInfo.Content)
return $utf8content
Hello,
the Get-WindowsAUtoPilotInfo.ps1 PowerShell scripts returns the error below on computers with latest Windows Updates (May 2022); it seems the KB5013942 is causing it (links: Microsoft Q&A, Reddit).
Get-CimInstance : A general error occurred that is not covered by a more specific error code.
At C:\Program Files\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1:211 char:17
+ ... evDetail = (Get-CimInstance -CimSession $session -Namespace root/cimv ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CimInstance], CimException
+ FullyQualifiedErrorId : MI RESULT 1,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
C:\Program Files\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1 : Unable to retrieve device hardware data (hash) from computer localhost
Removing the KB above resolves the issue, however on some environment it isn't possible (Windows says this is a required security update and cannot be removed).
On a deep investigation (WMI Explorer), it appears there is no Instance for the class MDM_DevDetail_Ext01 under root/cimv2/mdm/dmmap namespace, causing the error above.
Maybe you already know about it, and I also understand it isn't a script issue, but more a WMI related issue.
What are your thoughts ?
Thank you,
Luca
Hello
Can you add to the -online parameter the ability to import multiple devices from csv file ?
For example:
at line : 325
if ($FromCSV) {
$computers = Import-Csv $FromCSV | Select -Unique
}
if ($Online)
{
# Add the devices
$importStart = Get-Date
$imported = @()
etc
$FromCSV is the csv path generated with the parameter $OutputFile
Hi,
is the Set-AutoPilotDeviceAssignedUser function still expected to work? I'm trying to use in but can't make it work.
Set-AutoPilotDeviceAssignedUser : System.Net.Http.HttpRequestException: 400 Bad Request
{"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
105e0390-e8ee-47cf-86c6-cfb576279131 - Url: https://fef.amsub0202.manage.microsoft.com/DeviceEnrollmentFE/StatelessDeviceEnrollmentFEService/deviceManagement/windowsAutopilotDeviceIdentities('d565e906-babd-494e-baab-85ce1a5583
17')/microsoft.management.services.api.assignUserToDevice?api-version=5023-06-28",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders":
"{}"\r\n}","innerError":{"date":"2024-02-07T07:04:41","request-id":"105e0390-e8ee-47cf-86c6-cfb576279131","client-request-id":"105e0390-e8ee-47cf-86c6-cfb576279131"}}}
At C:\Users\D053249\SAP SE\IES EMEA - Intune\Scripts\AssignUserToDevice\AssignUserToDevice.ps1:204 char:1
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-AutoPilotDeviceAssignedUser
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.