Thanks, I'm a huge fan of Remediation scripts myself, it is one of my top 5 Intune features, Autopilot, Win32 App, Policies and then on 4th place I think it is Remediation Scripts, so powerful!
Thanks! happy you say so, I'm also 'disappointed' when follow videos and they skip or don't explain all the steps, I try to do my best, also thinking that those who know the step normally doesn't have to watch it or get a reminder :)
Very nice videos John! These are all noteworthy! Thanks again for making these videos! This kind of contents helps learn more and improve our crafts. 👍
This looks very interesting I will definitely try this on my own tenant and hopefully can make use at it at work . Once again great video content . Can I ask what else your working on for future videos John ?
Thanks - yeah Proactive Remediation is so powerful and can do so much that a video cannot show all. Future videos will be about Update Rings, a longer serie about configure Oracle Java for those who are unfortunate and need that in their organization but there are great ways to make that work, also later looking into manage Mac devices and a Android devices... I think next video be a short one about updates and possible different ways to sync clients also, will see but there will be more stuff for sure :) time is the limit :) thanks for the support
@@clarkeyi721 I took some Udemy courses in PowerShell and those were good, but no need to pay to learn PowerShell. I decided some years ago that I would write 15 minutes of PowerShell every morning, and it was there I notice a huge difference after a few months. I setup goals like 1. write a registry key named John under HKLM\Software, did that a few days until I understood and got the parameters, then create a folder and an emtpy file, pipe in data to the file, create a an array, fill, do for loops, if statements and of course I fdid mistake and failed a lot in the begning, and had to "Google" the answers, but after a few weeks I started to learn and little by little grow into it and I still do this every morning.. I believe in routines and make it small parts of every day to get your brain nearly dream about it during the night :)
Hi John, thank you so much for your support in learning new things. I have one scenario just need your guidance on how to achieve it. We implemented bitlocker from Intune and its working fine now some machines have Bitlocker service not running, how can i create a detection and remediation script to see if the service is not running then start the service. Appreciate your early response 😊
Thanks, if things goes as planned I'll do a video response to this question today, then you get a full solution you can just copy and paste but I will explain in the video also, hope to get it done today :)
Hey John, Any chance you can do some Proactive Remediation Videos, say cleaning up old versions of applications that stick around like in my environment, we have like 7 older versions of zoom (have been working a script for that) google chrome, and so forth? I'd be interested in that. ...............onto your update ring videos...
Great suggestion! and I love Remediation scripts (even then I cannot pronounce it correctly LOL) I use it mostly to uninstall software I don't want in my organization more than update older versions, but with WinGet that could be done also. Next two videos I have already recorded but not edited is to update Zoom, but with Win32 app using WinGet, it could also be done with Remediation script so I would like to follow up those two videos with that.
Hi Lynette, I now have one more video published today about Remediation Script, hope you will like it. If you really want to remove software instead of update it you can use todays video and just change "upgrade" to "uninstall" to remove it
Sorry, Microsoft has changed location since I recorded this, it is under Devices/Scripts and Remediation, the direct link is: intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/scripts
thanks for trying, we will make it work. Your scripts are under Proactive Remediations right? can you please go there and edit your entry and verify this value is set to NO (I suspect it is set to YES since a user can see it) Run this script using the logged-on credentials (=NO) If it is set to "no" it runs as SYSTEM and then there is no ExecutionPolicy needed since SYSTEM bypass all restriction, but good thinking! because the yes/no is related to the permission issue.
@@IntuneVitaDoctrina It looks like it was set to "No" but strange thing is that I have a computer running version 99 yet the detection status goes without issues. It doesn't seem to detect the older version to push that uninstall script.
@@supersonicazn you are right! it is because it is so stupid it only compare one digit at a time so when it looks if 108 is bigger than 99 it compares first the 1 (in 108) with 9 (in 99) and see that 9 is bigger and think the version is larger... sorry that was a bad example, but you can look for versions lower than 99.9 and remove them or what I prefer now is to look at my Proactive Remediation Script + Winget = love video and use that to update Mozilla Firefox, that works better.
Hi Sam, sorry for late reply. Yes you are so right, it is because it compare one number against another number, so 9 is larger than 1, meaning 99 becomes smaller than 113 because it doesn't compare the whole number. I will do another video to correct this using RegEx and screenshot your comment, thanks a lot for letting me know
Hello sir. I've started to use proactive remediation and it's just amazing. But I found an issue and want to see what are you doing in this case. Example I have an app which we Force install from SCCM to all devices. I did set remediation and works great until SCCM client does refresh the app policy and detect the version from SCCM is not installed anymore and for downgrade the app again. I can't use MSI product ID and version, or reg key, as the app upgrade from Intune side will change the product code or registry key ID. I know I can use a detection script instead (which will be a pain to maintain, as we use signed scripts only). My question is do you know if in the feature those product codes or reg key ID can change? or I just can add two detection key to my SCCM app? Thanks.
Thanks Oleg, I was going to suggest Detection Script in PowerShell until I read your commend about signed them... I would us Detection Rule, FILE, specify the exe file and then chose File version is the version you SCCM package OR greater (the greater is going to save you when Remediation update or not) Similiar to this one: social.technet.microsoft.com/Forums/getfile/121582 but change Operator to equal OR greater. In SCCM you got another option, you scope this to a collection right? di a SCCM collection that looks for the file and if it got your version or better, purge them by rule from collection, use that Collection to target your app... and they will fall of your deployment if they got a good version... if not good version they fall back into the collection. I miss SCCM sometimes when working too much with Intune, the Task Sequences and Collections are so beautiful.. what do we got in Intune? Dynamic Groups that without MSGraph are close to worthless :)
@@IntuneVitaDoctrina Ha ha... yeah good old days :). And since I didn't bother you too much still have a bonus question if you don't mind? :) I'm trying to migrate our Adobe Reader updates to proactive remediation with winget. Works fine, but the problem is that it will reset Reader settings to default. When pushing the upgrade from SCCM side we have option to add an MST Transform file, so just wonder if there is a solution so we can apply those MST file settings during proactive remediation? Most probably not and I may need to look into some reg settings I can set during remediation script.
For Adobe Reader I don't user winget.exe but instead calling, RemoteUpdateManager.exe Part of the script: Start-Process -FilePath "C:\Program Files (x86)\Common Files\Adobe\OOBE_Enterprise\RemoteUpdateManager\RemoteUpdateManager.exe" -ArgumentList "--productVersions=APRO" -Wait
Good question, Proactive Remediation can only run on Windows, so for iOS/Android will have to either do a policy to block it or send an uninstall. However for Android depends how you manage it, if work profile you can remove it from there fairly easy.
again PowerShell is only for Windows, and there I would call a file from PowerShell so maybe Start-Process and the file I would call is winget.exe since you can easily uninstall Adobe with winget.exe uninstall --id (and ID of program) if not winget.exe a wmi uninstall command works fine, I got pretty many videos showing uninstall commands
This video has proven incredibly useful to me personally. I wish I'd discovered it weeks ago! Thank you.
Thanks, I'm a huge fan of Remediation scripts myself, it is one of my top 5 Intune features, Autopilot, Win32 App, Policies and then on 4th place I think it is Remediation Scripts, so powerful!
Thank you! This is one of the few videos / series where the presenter doesn't rush through the scripting part. Great for beginners!
Thanks! happy you say so, I'm also 'disappointed' when follow videos and they skip or don't explain all the steps, I try to do my best, also thinking that those who know the step normally doesn't have to watch it or get a reminder :)
Very nice videos John! These are all noteworthy! Thanks again for making these videos! This kind of contents helps learn more and improve our crafts.
👍
Thanks a lot for your support Mike, means a lot to me, thanks
great video! thanks for share ! huge fan of your channel
I appreciate that! thank you so much for all the great support, happy you like it :) more videos are coming :)
Great tutorial and detailed description of the processes !
Thank you so much for this comment, happy it was of value :)
So informative! Thanks so much ❤
This was excellent. Thank you for your efforts! 👍🏽
Thanks a lot, love to read comments like yours :)
This looks very interesting I will definitely try this on my own tenant and hopefully can make use at it at work . Once again great video content . Can I ask what else your working on for future videos John ?
Thanks - yeah Proactive Remediation is so powerful and can do so much that a video cannot show all. Future videos will be about Update Rings, a longer serie about configure Oracle Java for those who are unfortunate and need that in their organization but there are great ways to make that work, also later looking into manage Mac devices and a Android devices... I think next video be a short one about updates and possible different ways to sync clients also, will see but there will be more stuff for sure :) time is the limit :) thanks for the support
@@IntuneVitaDoctrina that’s great can’t wait to see them and follow along :)
Very usefull, thank you again 🙂
Mange tak :)
@@IntuneVitaDoctrina Det er mig som takker for de gode og informative videoer du laver
Great video
Thanks @Ian Clarke ! happy to hear
@@IntuneVitaDoctrina if you have any good links for learning powershell that would be great. I know the basics but need to earn more 👍🏻
@@clarkeyi721 I took some Udemy courses in PowerShell and those were good, but no need to pay to learn PowerShell. I decided some years ago that I would write 15 minutes of PowerShell every morning, and it was there I notice a huge difference after a few months. I setup goals like 1. write a registry key named John under HKLM\Software, did that a few days until I understood and got the parameters, then create a folder and an emtpy file, pipe in data to the file, create a an array, fill, do for loops, if statements and of course I fdid mistake and failed a lot in the begning, and had to "Google" the answers, but after a few weeks I started to learn and little by little grow into it and I still do this every morning.. I believe in routines and make it small parts of every day to get your brain nearly dream about it during the night :)
@@clarkeyi721 Get the book "PowerShell in a Month of Lunches" by Written by: Donald W. Jones, Jeffrey Hicks is the best you can start with.
Excellent !!
Hi John, thank you so much for your support in learning new things. I have one scenario just need your guidance on how to achieve it. We implemented bitlocker from Intune and its working fine now some machines have Bitlocker service not running, how can i create a detection and remediation script to see if the service is not running then start the service. Appreciate your early response 😊
Thanks, if things goes as planned I'll do a video response to this question today, then you get a full solution you can just copy and paste but I will explain in the video also, hope to get it done today :)
Done a video that explains this today :)
th-cam.com/video/Owc56Zu2ONI/w-d-xo.html&ab_channel=Intune%26VitaDoctrina
@@IntuneVitaDoctrina thanks a lot John, really appreciate your effort. Big thank you once again 😊
Ah happy to hear! thanks for taking time to comment.
Hey John, Any chance you can do some Proactive Remediation Videos, say cleaning up old versions of applications that stick around like in my environment, we have like 7 older versions of zoom (have been working a script for that) google chrome, and so forth? I'd be interested in that. ...............onto your update ring videos...
Great suggestion! and I love Remediation scripts (even then I cannot pronounce it correctly LOL)
I use it mostly to uninstall software I don't want in my organization more than update older versions, but with WinGet that could be done also.
Next two videos I have already recorded but not edited is to update Zoom, but with Win32 app using WinGet, it could also be done with Remediation script so I would like to follow up those two videos with that.
Hi Lynette, I now have one more video published today about Remediation Script, hope you will like it.
If you really want to remove software instead of update it you can use todays video and just change "upgrade" to "uninstall" to remove it
@@IntuneVitaDoctrina I appreciate that. I'm super happy you were able to help me here.
For me I don't see proactive remediation in Endpoint analytics - is there something else that needs to be done to enable this?
Sorry, Microsoft has changed location since I recorded this, it is under Devices/Scripts and Remediation, the direct link is: intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/scripts
I've tried this but get the "Yes, No" User account control window. Is there a way to bypass that? maybe an -executionpolicy bypass?
thanks for trying, we will make it work. Your scripts are under Proactive Remediations right? can you please go there and edit your entry and verify this value is set to NO (I suspect it is set to YES since a user can see it)
Run this script using the logged-on credentials (=NO)
If it is set to "no" it runs as SYSTEM and then there is no ExecutionPolicy needed since SYSTEM bypass all restriction, but good thinking! because the yes/no is related to the permission issue.
@@IntuneVitaDoctrina It looks like it was set to "No" but strange thing is that I have a computer running version 99 yet the detection status goes without issues. It doesn't seem to detect the older version to push that uninstall script.
@@supersonicazn you are right! it is because it is so stupid it only compare one digit at a time so when it looks if 108 is bigger than 99 it compares first the 1 (in 108) with 9 (in 99) and see that 9 is bigger and think the version is larger... sorry that was a bad example, but you can look for versions lower than 99.9 and remove them or what I prefer now is to look at my Proactive Remediation Script + Winget = love video and use that to update Mozilla Firefox, that works better.
@@IntuneVitaDoctrina sorry but coming back to this. so this example only works for versions 99.9 and below?
Hi Sam, sorry for late reply.
Yes you are so right, it is because it compare one number against another number, so 9 is larger than 1, meaning 99 becomes smaller than 113 because it doesn't compare the whole number. I will do another video to correct this using RegEx and screenshot your comment, thanks a lot for letting me know
Hello sir. I've started to use proactive remediation and it's just amazing. But I found an issue and want to see what are you doing in this case. Example I have an app which we Force install from SCCM to all devices. I did set remediation and works great until SCCM client does refresh the app policy and detect the version from SCCM is not installed anymore and for downgrade the app again. I can't use MSI product ID and version, or reg key, as the app upgrade from Intune side will change the product code or registry key ID. I know I can use a detection script instead (which will be a pain to maintain, as we use signed scripts only). My question is do you know if in the feature those product codes or reg key ID can change? or I just can add two detection key to my SCCM app? Thanks.
Thanks Oleg, I was going to suggest Detection Script in PowerShell until I read your commend about signed them...
I would us Detection Rule, FILE, specify the exe file and then chose File version is the version you SCCM package OR greater (the greater is going to save you when Remediation update or not)
Similiar to this one: social.technet.microsoft.com/Forums/getfile/121582 but change Operator to equal OR greater.
In SCCM you got another option, you scope this to a collection right? di a SCCM collection that looks for the file and if it got your version or better, purge them by rule from collection, use that Collection to target your app... and they will fall of your deployment if they got a good version... if not good version they fall back into the collection.
I miss SCCM sometimes when working too much with Intune, the Task Sequences and Collections are so beautiful.. what do we got in Intune? Dynamic Groups that without MSGraph are close to worthless :)
@@IntuneVitaDoctrina Ha ha... yeah good old days :). And since I didn't bother you too much still have a bonus question if you don't mind? :) I'm trying to migrate our Adobe Reader updates to proactive remediation with winget.
Works fine, but the problem is that it will reset Reader settings to default.
When pushing the upgrade from SCCM side we have option to add an MST Transform file, so just wonder if there is a solution so we can apply those MST file settings during proactive remediation?
Most probably not and I may need to look into some reg settings I can set during remediation script.
For Adobe Reader I don't user winget.exe but instead calling, RemoteUpdateManager.exe
Part of the script:
Start-Process -FilePath "C:\Program Files (x86)\Common Files\Adobe\OOBE_Enterprise\RemoteUpdateManager\RemoteUpdateManager.exe" -ArgumentList "--productVersions=APRO" -Wait
I was wondering we can use the same way to remove Adobe Reader from Windows, android and IOS?
Good question, Proactive Remediation can only run on Windows, so for iOS/Android will have to either do a policy to block it or send an uninstall. However for Android depends how you manage it, if work profile you can remove it from there fairly easy.
@@IntuneVitaDoctrina
Thank you :).
It is possible to do it with PowerShell?
which cmdlet we need to use?
again PowerShell is only for Windows, and there I would call a file from PowerShell so maybe Start-Process and the file I would call is winget.exe since you can easily uninstall Adobe with winget.exe uninstall --id (and ID of program) if not winget.exe a wmi uninstall command works fine, I got pretty many videos showing uninstall commands