none
PowerShell script in Intune Device Configuration Proile RRS feed

  • Question

  • Hi all,

    I am trying to run a PowerShell scripts under the Device configuration-PowerShell scripts.

    What the PowerShell script do is it will autoscan a USB device for malware, viruses once it is plugged to a laptop.

    The script works when I run it locally.

    Then I put it in the PowerShell scripts profile under the Device configuration in Microsoft Azure Intune.

    It seem like it is not working at all as I have tested it on a laptop used for testing. 

    This is the script command:

    function UsbMountWatcher {
        $alarm = New-Object System.Management.EventQuery
        $alarm.QueryString = "SELECT * FROM Win32_VolumeChangeEvent WHERE EventType = 2"
        New-Object System.Management.ManagementEventWatcher $alarm
    }
    $pathtompcmdrun = $env:PROGRAMFILES + "\Windows Defender\MpCmdRun.exe"
    $watcher = UsbMountWatcher
    while ($true) {
        $event = $watcher.WaitForNextEvent()
        $driveletter = $event.Properties["DriveName"].Value.ToString() + "\"
        &$pathtompcmdrun "-Scan" "-File" $driveletter "-DisableRemediation"
        Write-Output $LASTEXITCODE
    }
    $watcher.Stop()

    Please take a look and perhaps help me to amend it so that when I run it in the Intune Device Configuration profile, it will

    autoscan  the USB thumbdrive when it is plug into a laptop.

    By the way, the script is downloaded from the web.

    Tuesday, October 15, 2019 2:04 AM

All replies

  • Besides noting it just not working, what troubleshooting have you done?

    Have you reviewed the information at https://oliverkieselbach.com/2017/11/29/deep-dive-microsoft-intune-management-extension-powershell-scripts/?

    Have you checked IntuneManagementExtension.log?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, October 15, 2019 1:59 PM
  • Hello,

    Please view the IntuneManagementExtension.log and AgentExecutor.log files, which are normally located at: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.

    In the IntuneManagementExtension.log file, you can search for the "Policy body" keyword, which can help you locate the log message about the policy.

    In the AgentExecutor.log file, if the script is executed successfully, you can view the following log message.

    Powershell script is successfully executed.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 16, 2019 5:54 AM
  • Hello,

    I would like to check if there is any update about this issue?

    Have you checked the log files?

    Best regards,
    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 21, 2019 2:34 AM
  • Noted. am checking it.
    Tuesday, October 22, 2019 9:18 AM
  • am checking it.
    Tuesday, October 22, 2019 9:19 AM
  • Thanks. Am checking the log file
    Tuesday, October 22, 2019 9:20 AM
  • Upon checking the log...I couldn't find the "Policy body" keyword or 

    Powershell script successfully executed. I extracted a few lines from the log file and this is what it is ...

    <![LOG[error from script =File C:\Program Files (x86)\Microsoft Intune Management 
    Extension\Policies\Scripts\9ef28c1a-5929-4bde-8908-fde53f7e4389_d785fa1f-b260-42e8-978c-2ca755e7b9dd.ps1 cannot be 
    loaded. The file C:\Program Files (x86)\Microsoft Intune Management 
    Extension\Policies\Scripts\9ef28c1a-5929-4bde-8908-fde53f7e4389_d785fa1f-b260-42e8-978c-2ca755e7b9dd.ps1 is not 
    digitally signed. You cannot run this script on the current system. For more information about running scripts and 
    setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
        + CategoryInfo          : SecurityError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : UnauthorizedAccess

    there is error ..need to check out more..

    Tuesday, October 22, 2019 9:37 AM
  • extract from part of the log file....

    <![LOG[error from script =File C:\Program Files (x86)\Microsoft Intune Management 
    Extension\Policies\Scripts\9ef28c1a-5929-4bde-8908-fde53f7e4389_d785fa1f-b260-42e8-978c-2ca755e7b9dd.ps1 cannot be 
    loaded. The file C:\Program Files (x86)\Microsoft Intune Management 
    Extension\Policies\Scripts\9ef28c1a-5929-4bde-8908-fde53f7e4389_d785fa1f-b260-42e8-978c-2ca755e7b9dd.ps1 is not 
    digitally signed. You cannot run this script on the current system. For more information about running scripts and 
    setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
        + CategoryInfo          : SecurityError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : UnauthorizedAccess

    Tuesday, October 22, 2019 9:39 AM
  • From the error it is clear that the script is checked for signature but there is no signature found. 

    Make sure you have set:

    Enforce script signature check -> No

    but beside this, I don't think your script will do what you want. It runs in a busy wait loop and never ends. Something like this can't be deployed as a script which is normally run by Intune. Intune script are meant to do some operations and then end and returns a result code. This script will run endless. I think you should solve this differently as this is not the way Intune handles PS scripts.

    best,
    Oliver

    Friday, October 25, 2019 5:48 PM
  • Hello,

    To make the thread clear to read, I write a summary here:

    Issue Symptom:

    The script doesn't work if it's deployed by using Intune. However, it works running locally.
    What the PowerShell script do is it will autoscan a USB device for malware, viruses once it is plugged to a laptop. Below is the error messages from the log file.

    <![LOG[error from script =File C:\Program Files (x86)\Microsoft Intune Management 
    Extension\Policies\Scripts\9ef28c1a-5929-4bde-8908-fde53f7e4389_d785fa1f-b260-42e8-978c-2ca755e7b9dd.ps1 cannot be 
    loaded. The file C:\Program Files (x86)\Microsoft Intune Management 
    Extension\Policies\Scripts\9ef28c1a-5929-4bde-8908-fde53f7e4389_d785fa1f-b260-42e8-978c-2ca755e7b9dd.ps1 is not 
    digitally signed. You cannot run this script on the current system. For more information about running scripts and 
    setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
        + CategoryInfo          : SecurityError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : UnauthorizedAccess

    (Possible) Cause:

    From the error it is clear that the script is checked for signature but there is no signature found. 

    Resolution:

    Make sure you have set:

    Enforce script signature check -> No

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 8, 2019 8:43 AM