Photo of Jóhannes Geir Kristjánsson

Jóhannes Geir Kristjánsson


Who Is Logged On, From The System Context

Intro Have you ever deployed a script that needs to be executed in the system context, but you also need to work with something that is currently running in the user context? Obviously you could just loop through all the user profiles on the system, but thats not always a good idea. Lo and behold, you can simply see who is the owner of the explorer.exe process and use that, Obviously this will not work if no one is logged on.

Removing The Built-in Teams App in Windows 11 with Intune

Intro So you’ve started rolling out Windows 11 to your endpoints, and your users got confused and upset over the consumer teams apps that is installed? Understandably you wish to do something about this. (╯°□°)╯︵ ┻━┻ No worries mate, Intune Proactive Remediations to the rescue! The Solution The code below fixes two things. It removes the chat by writing the registry key that disables it the TaskbarMn DWORD controls this Then it simply uninstalls the appx package for the consumer teams app, note that this has no effect on the regular teams app.

Installing The Configuration Manager Client During Autopilot

Hey Siri, Write A Blog Post For Me THE CONTENTS IN THIS POST IS EXPIRED, DO NOT USE THIS ANYMORE This method of installing the Configuration Manager Client during Autopilot is no longer needed Please use the new autopilot into co-management feature. Autopilot into Co-Management Overview Installing the SCCM Client During Autopilot EXPIRED CONTENT BELOW Deploying the Configuration manager client is usually pretty simple. the procedure is well documented. However there are issues if you plan on installing the CM client during Autopilot using the officially suggested methods

Setting Environmental Variables with Intune and proactive remediations

As you may have noticed by now, there doesn’t seem to be any nice built in way to set environmental variables in intune 🙁 The Problem Setting a user environmental variable using powershell is an easy task to accomplish, you basically just run the following: 1 Set-ItemProperty -Path HKCU:\Environment -Name temp -Value "c:\temp\" This works just fine, but won’t take effect until the user either reboots or signs into the device again.

Setting A Default Outlook Signature in Outlook using Intune Proactive Remediations

So you have already figured out how to dynamically generated outlook signatures, but now you want to make sure that people actually use them. but without preventing the use of other signatures your users might have. Well it just so happens that I have a solution for you! No default signature has been set To do all this, we create a new Proactive Remediation in Intune. Add the detection and remediations scripts from below, and set it to run as the user.

Downloading a Device Guard Signing Service version 2 Root Certificate for MSIX

Howdy y’all In this post I will show you how to get the Device Guard Signing Service v2 root certificate. Device Guard Signing Services v1 (DGSS) is being deprecated at the end of December 2020, so we need to migrate to DGSSv2, and it just so happens that the means to download the DGSSv2 root cert is a little bit more complex than the DGSSv1. MSIX crash course While MSIX is generally marketed as a replacement for MSI for developers, there are scenarios that can benefit systems administrators.

Allow OneDrive Syncing on AAD joined Devices

The Problem So I was walking on the beach and noticed that OneDrive wasn’t syncing anymore on my AzureAD joined laptop. I later learned that my endpoint administrator, Adam Gross, had enabled Allow syncing only on computers joined to specific domains in the OneDrive admin portal. which effectively blocked my AzureAD device 🙁 Which resulted in this message on my corporate device Our Legacy AD joined devices were fine, but all of our Azure AD joined devices got the above error.

Setting ACL using Intune Endpoint Analytics Proactive Remediations

Namaste y’all! In todays Siri dictated blog post, I will show you how you can configure access control lists (ACL) for a directory using Intune Proactive remediations. The issue I was facing was that regular users do not have modify permissions to the public desktop on their corporate devices, meaning that the user is unable to remove annoying shortcuts that would get placed there by the various apps they install. While this is hardly a high priority task to solve.

Dynamic Outlook Email Signature Using with Intune Endpoint Analytics Proactive Remediations

Howdy y’all! Since you have already read señor Shackelfords blog post on setting up Endpoint Analytics Proactive remediations, we can skip the intro and dive right in. In this blog post we will be get familiar with a somewhat novel idea that proactive remediation’s can be used for. Which, as the title of this post suggests, is the creation of a dynamic email signature in the form of a .html file using Microsoft Graph.