Registry settings with remediation

Sometimes we want to have a registry applied to a Windows device. That can be required since there are no settings in the Intune UI settings nor the settings catalog. Specially when we have apps that needs some registry tweaking.

There are a few ways to do it, package a script as a Win32 app, setup a PowerShell script in the Script area or what I prefer: remediation scripts.

In this example I want to set a registry setting that allows the user to set the time zone manually on a device that is locked down in other settings

Detection

This script will detect the settings on the device and of course trigger the remediation if needed. The magic here is the exit codes. Exit 0; All is good, do nothing. Exit 1; Detection checks do not fulfil the things we want, Remediate!

PowerShell
$regkey = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate"
$Name = "Start" 
$Value = "4"

If (!(Test-Path $regkey))
{
Write-Output 'RegKey not available, triggering remediation.'
Exit 1
}


$check=(Get-ItemProperty -path $regkey -name $name -ErrorAction SilentlyContinue).$name
if ($check -eq $value){
write-output 'Settings is in place.'
Exit 0
}

else {
write-output 'Cant read value or error, triggering remediation.'
Exit 1
}

Remediation

Once the detection script trigger the need for action the remediation sript will run and try to fix the missing registry value.

PowerShell
$Path = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate"
$Key = "Start" 
$KeyFormat = "dword"
$Value = "4"

if(!(Test-Path $Path)){New-Item -Path $Path -Force}
if(!$Key){Set-Item -Path $Path -Value $Value
}else{Set-ItemProperty -Path $Path -Name $Key -Value $Value -Type $KeyFormat
Write-Output 'Registry value is set.'
}

Copy the script and adjust to whatever setting you need and save them locally.

Setup a new remediation in Intune under devices/scripts and remediations.
Upload the scripts in the configuration and for Local machine settings do not run under user context. For current user should of course be run under user context

Assign it to a group and choose how often it should be run. Important stuff maybe a few times per day and other once a week, maybe.

Happy remediation!

Leave a Reply

Your email address will not be published. Required fields are marked *