Posted in Outras

Powershell Scripts For Intune

 Published Date: 15 de junho de 2023

endpoint.microsoft.com –> Devices –> scripts –>

Run this script using the logged on credentials
Yes (some can be no)
Enforce script signature check
No
Run script in 64 bit PowerShell Host
Yes (some can be 32)

Here I will rename a local admin to another admin changing the password:
renameadm.ps1

$oldUsername =  "usertoremove"
$newUsername = "newadministrator"
$oldPassword = ConvertTo-SecureString "passwordforusertoremove" -AsPlainText -Force
$newPassword = ConvertTo-SecureString "newpasswordfornewadm" -AsPlainText -Force
$user = Get-LocalUser -Name $oldUsername
Rename-LocalUser -Name $oldUsername -NewName $newUsername
Set-LocalUser -Name $newUsername -Password $newPassword

Here I will remove all local admin and also azure admins/users and leave just the local admin that I created:
removing_all_adms_less_one.ps1

$group = [ADSI]"WinNT://$env:COMPUTERNAME/Administrators"
$admins = $group.Invoke('Members') | ForEach-Object {
$path = ([adsi]$_).path
[PSCustomObject]@{
User = $(Split-Path $path -Leaf) }}
foreach ($user in $admins) {
$test = $user.User # Assign the user value to $test variable for comparison
if ($test -eq "keep-this-username-adm") {
} else {
Remove-LocalGroupMember -Group Administrators -Member $test }}

Here I’m removing the PIN
removepin.ps1

$path = "HKLM:\SOFTWARE\Policies\Microsoft"
$key = "PassportForWork"
$name = "Enabled"
$value = "0"
New-Item -Path $path -Name $key –Force
New-ItemProperty -Path $path\$key -Name $name -Value $value -PropertyType DWORD -Force
#Delete existing pins
$passportFolder = "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc"
if(Test-Path -Path $passportFolder)
{
Takeown /f $passportFolder /r /d "Y"
ICACLS $passportFolder /reset /T /C /L /Q
Remove-Item –path $passportFolder –recurse -force
}

Here I will set a background image:
setbackground.ps1

$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
$LockScreenPath = "LockScreenImagePath"
$LockScreenStatus = "LockScreenImageStatus"
$LockScreenUrl = "LockScreenImageUrl"
$StatusValue = "1"
$url = "https://www.meusite.com/wp-content/uploads/2023/04/wallpaper.png"
$LockScreenImageValue = "C:\MDM\wallpaper.png"
$directory = "C:\MDM\"
If ((Test-Path -Path $directory) -eq $false)
{
New-Item -Path $directory -ItemType directory
}
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($url, $LockScreenImageValue)
if (!(Test-Path $RegKeyPath))
{
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
}
New-ItemProperty -Path $RegKeyPath -Name $LockScreenStatus -Value $StatusValue -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenPath -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenUrl -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
RUNDLL32.EXE USER32.DLL, UpdatePerUserSystemParameters 1, True

Deixe um comentário