Why is my PowerShell detection script failing to show issues in Intune?

By
Dan
-
0
41
Asked By CuriousMonkey32 On

I'm trying to set up some trusted sites using Proactive Remediations in Intune, but I'm running into a problem. My detection and remediation script runs perfectly on my local machine, but when I add the same detection script to Intune, it doesn't identify any issues. For testing, I even deleted the registry keys, and it shows the expected output when I run it locally. However, in the Intune interface, it claims there are no issues at all.

Here's the detection script I'm using:

```powershell
$websites = @(
"abc.com",
"abc.xyz",
"abc.org",
"abc.xx.abc.com",
"abc.xx.abc.com",
"abc.xx.abc.com",
"abc.xx.abc.com"
)

$missingSites = @()

foreach ($site in $websites) {
$regPath = "HKCU:SoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains$site"
if (!(Test-Path $regPath)) {
$missingSites += $site
} else {
$value = Get-ItemProperty -Path $regPath -Name "*" -ErrorAction SilentlyContinue
if ($value."*" -ne 2) {
$missingSites += $site
}
}
}

if ($missingSites.Count -eq 0) {
Write-Output "All Good"
exit 0
} else {
Write-Output "Error: Missing the following sites $($missingSites -join ', ')"
exit 1
}
```

When it runs locally, I get output like this:
`Error: Missing the following sites for abc.com, etc.` but on Intune, there's nothing.

Here's what I have set in Intune:
- Run this script using the logged-on credentials: No (setting it to Yes causes a failure)
- Enforce script signature check: No
- Run script in 64-bit PowerShell: Yes

The groups selected for deployment are 'Testing Devices' with an hourly schedule.

3 Answers

Answered By TechieDood On

Your hunch about the HKCU registry key is spot on. If the detection script is executing as SYSTEM, it won't find user-specific keys in HKCU. You could also try using configuration policies as an alternative, as they might offer a more straightforward solution without the need for remediation scripts.

Answered By PowershellWhiz On

If you're definitely running under the SYSTEM context, consider mounting HKEY_USERS with New-PSDrive. This way, you can access user-specific registry keys. It also could be that the keys are being managed by a Group Policy, which can sometimes lead to conflicts with remediation scripts.

Answered By RegistryNinja77 On

Have you checked if the detection script is running under the SYSTEM context? Since you set 'Run this script using the logged-on credentials' to No, the script might not have access to the HKCU registry key, which belongs to the user. The SYSTEM account wouldn’t see that user's registry entries, hence showing no issues in Intune. You should try setting it to Yes and see if that resolves the issue.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.