Skip to content

Instantly share code, notes, and snippets.

@cgerke
cgerke / winget_detection.ps1
Created Oct 28, 2022
Simple winget detection idea
View winget_detection.ps1
#region Intune detection requirements
<#
Exit code | Data read from Write-Output | Detection state
================================================================
0 | Empty | Not detected
0 | Not empty | Detected
Not zero | Empty | Not detected
Not zero | Not Empty | Not detected
#>
#endregion
View gist:7c1ea7f994bcee0462cb6188c6f9116e
##*===============================================
##* INSTALLATION
##*===============================================
[string]$installPhase = 'Installation'
## Handle Zero-Config MSI Installations
If ($useDefaultMsi) {
[hashtable]$ExecuteDefaultMSISplat = @{ Action = 'Install'; Path = $defaultMsiFile }; If ($defaultMstFile) { $ExecuteDefaultMSISplat.Add('Transform', $defaultMstFile) }
Execute-MSI @ExecuteDefaultMSISplat; If ($defaultMspFiles) { $defaultMspFiles | ForEach-Object { Execute-MSI -Action 'Patch' -Path $_ } }
}
View gist:d17b5f89f3cac3f7307666ed1b28835e
<# winget.ps1
Source this within Install.ps1 to get $Winget as a path to the executable.
Optionally use this file as a Requirement within the Intune win32app.
#>
$Requirement = $null
try {
# Winget Requirement
$Winget = $null
View gist:4c9578fa254404455a3728b4cc34b7df
$Requirement = $null
try {
# Winget Requirement
$Winget = $null
$DesktopAppInstaller = "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe"
$SystemContext = Resolve-Path "$DesktopAppInstaller"
#Resolve latest version (last one)
if ($SystemContext) { $SystemContext = $SystemContext[-1].Path }
$UserContext = Get-Command winget.exe -ErrorAction SilentlyContinue #User context
View gist:c93201675113c16395d32afcfc855cdd
<#
Detect.ps1
https://docs.microsoft.com/en-us/mem/analytics/powershell-scripts
https://learn.microsoft.com/en-us/powershell/module/dism/get-windowsoptionalfeature
#>
[int32]$SkipRemediate = 0
[int32]$Remediate = 1
try
{
View gist:2690c35294f90bf48955e7485ec32bb6
<#
Detect.ps1
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-remotemanagement
https://docs.microsoft.com/en-us/mem/analytics/powershell-scripts
https://learn.microsoft.com/en-us/windows/win32/winrm/portal
https://learn.microsoft.com/en-us/powershell/module/microsoft.wsman.management/?view=powershell-7.2
#>
[int32]$SkipRemediate = 0
[int32]$Remediate = 1
View gist:050fcd31dece800c7447bc6b5588799a
<#
https://learn.microsoft.com/en-us/powershell/module/netsecurity/set-netfirewallprofile
#>
# Enable (no domain for AAD only, perhaps set it anyway?)
# Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Set-NetFirewallProfile -Profile Public,Private -Enabled True
# Defaults
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
View gist:46cc15d16c4cf73921cffb36dfb79938
<#
https://learn.microsoft.com/en-us/powershell/module/storage/get-volume
https://learn.microsoft.com/en-us/powershell/module/bitlocker
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-disk-encryption-profile-settings
#>
# Enable
Enable-Bitlocker -MountPoint "$env:SystemDrive" -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector
# Backup
View gist:d93a7a0a3536ccdf260a4f3bb97e108d
# Don't do this...
Set-Item WSMan:\localhost\Client\TrustedHosts –Value *
# Maybe do this
$Lan = 192.168.*
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "$Lan" -Force
# or this
$Domain = <domain>
Set-Item WSMan:\localhost\Client\TrustedHosts "$Domain"
@cgerke
cgerke / gist:335b7af101277f8c868b4a30698f01b7
Last active Sep 26, 2022
Pro-Active Remediation WinRM
View gist:335b7af101277f8c868b4a30698f01b7
<#
Detect.ps1
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-remotemanagement
https://docs.microsoft.com/en-us/mem/analytics/powershell-scripts
https://learn.microsoft.com/en-us/windows/win32/winrm/portal
https://learn.microsoft.com/en-us/powershell/module/microsoft.wsman.management/?view=powershell-7.2
#>
[int32]$SkipRemediate = 0
[int32]$Remediate = 1