Turn on Memory Integrity via Intune
Hi, I want to turn on Memory Integrity via Intune. I used the following script to turn on Memory Integrity, but it didn't. Also, there are no errors or failure statuses on the Intune Scripts Status page. Could someone please suggest This is the script I used: # Registry key path $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" # Desired value for Memory Integrity (1 for enabled with UEFI lock) $desiredValue = 1 # Initialize exit code $exitCode = 0 # 0 indicates success by convention try { # Check if the key exists if (Test-Path -Path $registryPath) { $currentValue = Get-ItemProperty -Path $registryPath | Select-Object -ExpandProperty "Enabled" # Check if the value is already set to the desired value if ($currentValue -eq $desiredValue) { Write-Host "Memory Integrity is already enabled with UEFI lock. No changes made." } else { # If the key exists but the value is not as desired, set it to the desired value Set-ItemProperty -Path $registryPath -Name "Enabled" -Value $desiredValue Write-Host "Memory Integrity enabled with UEFI lock successfully." } } else { # If the key does not exist, create it and set it to the desired value New-Item -Path $registryPath -Force Set-ItemProperty -Path $registryPath -Name "Enabled" -Value $desiredValue Write-Host "Memory Integrity enabled with UEFI lock successfully." } } catch { Write-Host "An error occurred: $_" $exitCode = 1 # 1 indicates failure } # Exit with the specified exit code exit $exitCode Output of the regedit: Enabled : 1 PSPath : Microsoft.PowerShell.Core\Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity PSParentPath : Microsoft.PowerShell.Core\Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios PSChildName : HypervisorEnforcedCodeIntegrity PSProvider : Microsoft.PowerShell.Core\RegistryScript status showing failed however, the desktop Icon is installed. Deployed script via Intune
I have the following script deployed in Intune. The script is working fine- it is deploying the desktop icon that I want. But the issue is even though the desktop icon is there- it is still showing as status failed in Intune status page #Variables creating local folder and download .ico file $LocalIconFolderPath = "C:\Intune\Xxxxxxxxxxxxxxx" $SourceIcon = "https://xxxxxxxx/xxxxxxxxlogo-wo-wb/xxxxxxxxlogo-wo-wb.ico" $DestinationIcon = "C:\Intune\Xxxxxxxxxxxxxxx\xxxxxxxxlogo-wo-wb.ico" #Step 1 - Create a folder to place the URL icon New-Item $LocalIconFolderPath -Type Directory #Step 2 - Download a ICO file from a website into previous created folder curl $SourceIcon -o $DestinationIcon #Step 3 - Add the custom URL shortcut to your Desktop with custom icon $new_object = New-Object -ComObject WScript.Shell $destination = $new_object.SpecialFolders.Item('AllUsersDesktop') $source_path = Join-Path -Path $destination -ChildPath '\\Global Intranet.lnk' $source = $new_object.CreateShortcut($source_path) $source.TargetPath = 'https://xxxxxxxxxxxxx.sharepoint.com/sites/GlobalIntranet?web=1' $source.IconLocation = ”C:\Intune\Xxxxxxxxxxxxxxx\xxxxxxxxlogo-wo-wb.ico” $source.Save()
Powershell Script behaviour - User Context
I have an issue with a specific application that requires each user logon to have registration data for the app in their current user key location. The issue I have is that the system is in KIOSK mode and therefore only applications that are whitelisted are allowed to run. If I whitelist the powershell application I can successfully run the script adding the required values to the registry. In doing this however it presents a tile on the KIOSK setup. Question! How do I allow the use of powershell without presenting a tile? To clarify this doesn't appear to work using the scripts facility on Intune endpoint manager setting the script to user context mode. If I review the AppLocker log following an attempt I can see powershell is blocked. Any assistance with this would be much appreciated. Regards, Jon Mason
