Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations

Introduction

I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).

Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.

So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.

NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming.  🙂

  • Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations 🙂

Read more…

Windows 10 Toast Notification Script Update: Multi-language support and easy switching of images

Introduction

I am back with another update to the Windows 10 Toast Notification Script, now hitting an astonishing and delicious version of 1.7.1. 😀

This version brings multi-language support, everything based on the local culture in Windows 10 of the device running the script, as well as new config options to more easily switch between the used images.

This time a huge thank you goes out to Matt Benninge @matbg, for taking the time to develop code for the multi-language support as well as sending me the pieces for me to incorporate.

Also, the script has finally made its long journey into GitHub. So for future downloads, please go to https://github.com/imabdk/Toast-Notification-Script.

Next update: I’m currently working on incorporating support for feature updates with Configuration Manager, so for those upgrading Windows 10 using this approach, something neat is coming up – I hope. 🙂

Read more…

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v2004 using ConfigMgr and Powershell

Introduction

I’m a little late to the 2004 party this time around, but nevertheless, I just found time to update my Powershell script, which will enable you to install RSAT for Windows 10 v2004 automatically and unattended.

Windows 10 v2004 was released to MSDN users early in May and to VLSC customers 2 weeks later. True to tradition, I’m showing you how you can leverage my script to install the RSAT features with Configuration Manager.

The script received a minor update, and is now also logging its actions into a local log file in C:\Windows\Install-RSATfeatures.log.

The script has now moved away from TechNet Gallery into my GitHub page: https://github.com/imabdk

Read more…

A first look into the new Antivirus Endpoint security policy experience in Microsoft Endpoint Manager

Introduction

Good news everyone!

Last week, a new Endpoint security policy experience in Microsoft Endpoint Manager was released. Among the new policies, you will find a brand new way of managing your Microsoft Defender Antivirus. This new policy type, offers the long-sought for tri-state configurations consisting of No, Yes and Not-configured, which simplifies things greatly.

I do think these new policies will make management a lot easier. Once all of your configurations eventually has transitioned away from regular device configuration profiles, the general view of security measures taken on your devices within Microsoft Intune, will improve by a lot.

This is not a typical A-Z guide, but rather my first and brief look into the new options. All of this of course, based on my own production environment. Curious? Read on. 🙂

Read more…

Windows 10 Toast Notification Script Update: Run ConfigMgr applications directly from the action button

Introduction

Another update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.6.

The feedback and questions related to the Windows 10 Toast Notification Script keeps coming and that’s amazing!

In my last post and update of the script, I added the option to natively and with help of a custom protocol in Windows, to run task sequences directly from the action button.

Since then, I was asked if the script is able to launch application directly from the action button as well, and sure thing. I just added that capability to the script and the details are explained below.

Read more…

My Always On VPN configuration with Microsoft Intune and Configuration Manager explained

Introduction

This is another post, I have wanted to do for some time now. Always On VPN is not something new, but many organizations are moving away from Direct Access, and Always On VPN seems to be the preferred and logical choice for many – including ours.

Also, I don’t think that the current outbreak of COVID-19 has missed anyone’s attention, which is why working from home and remote via VPN has become highly relevant these days.

This post will not go into details on the infrastructure required in order to setup Always On VPN (Remote Access Server, Network Policy Server, PKI etc.), but rather explain the configurations made on the client with Microsoft Intune and Configuration Manager. I will also elaborate on my experiences, again from the perspective of a production environment.

Finally, a big shout out to Michael Mardahl for always being a tremendous help. Go follow this dude. He’s amazing at what he does. 🙂

Read more…

Securing your endpoints with Microsoft Intune, part 1: Exploit Guard Controlled Folder Access

Introduction

This is the first and initial blog post of an upcoming series, all concerning how one can secure their endpoints using Microsoft Intune.

The posts are meant to serve as titbits, quickly giving the reader an understanding of a specific feature.

The posts are not released in any particular order, and the topics discussed are based on what I’m currently looking into, in my own environment.

Therefore and as usual, this is not a typical and standard walk through, but more a look into how I’m initially taking on the discussed topic. Curios? Read on! 🙂

Read more…

Windows 10 Toast Notification Script Update: Run ConfigMgr Task Sequences directly from the action button

Introduction

A new update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.5.

I’m receiving a lot of feedback and questions related to the Windows 10 Toast Notification Script and that makes me really happy. I’m trying my best to get back to each and everyone.

One question I’m receiving often, is how one is able to run a Task Sequence directly from the action/install button in the actual toast notification. Therefore I figured I’d do everyone good and make it a native option in the script itself.

I have previously covered how one can initiate a reboot, also directly from the action button. This post is available from here: https://www.imab.dk/windows-10-toast-notification-script-update-personal-greeting-and-protocol-based-reboot/

Read more…

Windows as a Service: Detecting AlwaysOn VPN and LTE connectivity with Powershell and Powershell App Deployment Toolkit

Introduction

This post is long overdue and something I originally considered doing when I explained my Windows as a Service process.

The story is, that I allow In-Place Upgrades with Configuration Manager to happen over the Internet and over VPN. While I do allow upgrades over VPN, I still prefer them happening on local network and I certainly doesn’t want them to happen over LTE.

I use Powershell App Deployment Toolkit to initiate the Windows 10 In-Place Upgrade Task Sequence, and I wanted to add more user-friendliness to the experience, by notifying the end-user about possible VPN and LTE connections.

Note #1: LTE connectivity can be prevented altogether in the Client Settings, but I’m not doing that for various reasons. 🙂

Note #2: I do precache everything prior to making the upgrade available. Therefore download of binaries should be limited to zero, though the connection to the site server is still needed, as well as connection to the domain (depending on what you are doing throughout your task sequence).

Read more…

Windows 10 Toast Notification Script Update: Retrieve task sequence deadline dynamically from WMI

Introduction

Another neat update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.4.4.

The new version brings a new deadline option, that when enabled, will look in WMI for the specified task sequence package id, and retrieve the deadline of the required deployment dynamically.

This time a thank you goes out to @kevmjohnston for contributing with idea and bits of code. 🙂

What’s new and delicious are mentioned in details below.

Read more…