Been working with a customer on building out their personas for: Corporate (User Driven deployment) where it is 1 to 1 Kiosk Shared PC Where they have requested to have the 'RDP' shortcuts pinned to the start menu, I remember in Windows 10 we could this but in Windows 11 it doesn't allow it BUT I have managed to find a way. Preparation: Create a folder like C:\RDP Create a Remote Desktop and save it somewhere, call it whatever you want and customise it like RDPTEST.rdp In the

When default browser is enabled, web browsers like Google Chrome, Microsoft Edge and others trigger a notification after successful SAML authentication. Two notifications are presented, one for the portal and one for the gateway. When the notification is presented, it requires the end user's manual attention to complete the GlobalProtect connection. To avoid having the manual selection, the article describes how to modify the Windows Registry to suppress the notification a

A customer reached out to me last night where one of their higher executives were having difficulity connecting to the the mapped drives, and she discovered that ' Network discovery is turned off. Network computers and devices are not visible. Click to change... ' The easiest would to deploy a PowerShell script with the following: Apply to all network profiles: Set-NetFirewallRule -Group '*-32752*' -Enabled 'True' Apply to 'Domain' network profile: Get-NetFirewallRule -Group

A customer that I have been helping build their numerous of personas wanted to block write access to "Desktop", you would think that using the 'Shared PC' setting: Restrict Local Storage would do the job, unfortunately that restricts any access to all disks excepts 'Downloads' which isn't what the customer wanted. Managed to get it working with PowerShell or Proactive remediations which I will cover below: To target just a current user: # Define the Desktop path for the curre

Previous posts I have covered with setting a hostname or prompt for computer name . Manually renaming a single device is simple, but managing a large fleet requires automation for efficiency. While the standard CSP method exists, it can be inconsistent—especially regarding console reporting. To solve this, I’m sharing a PowerShell script that integrates with Microsoft Intune to streamline and automate your device renaming process. This script detects the type of device used f

Customer has kiosk builds as one part of their personas that I did for them, they had this request where "USB selective suspend settings" is showing as "Enabled", but the customer wants it set to 'Disabled' as the USB scanners use it for power. Before it was like this: I attempted using powercfg command, which unfortunately didn't do anything. powercfg /SETACVALUEINDEX SCHEME_CURRENT 2a737441-1930-4402-8d77-b2bebba308a3 48e6b7a6-50f5-4782-a5d4-53bb8f07e226 0 Next I was thinki

Applications like GlobalProtect when installed will deploy Root CA certificates (when setup properly), what if a customer wants to remove the Root CA certificates along with an uninstall of GlobalProtect then re-install with another version of GlobalProtect, this is what can be done to achieve this. What the application will do overall: Kills GlobalProtect process Run fast reference package to uninstall Remove certs based on thumbprints Sleeps for 30 seconds Then installs Glo

Download and run the installer on an HP machine: HP BIOS Configuration Utility | HP Client Management Solutions   Then run HpqPsw64.exe. Then to create a BIOS password - enter twice for the password to be encrypted and save the location. You can save it to whatever you like, in this case I have saved as HPBIOSPassword.bin   Prepare the scripts: Install.ps1 Uninstall.ps1 BiosConfigUtility64.exe HPBIOSPassword.bin Detect.ps1 Prepare the Install.ps1 script: # Script sets the BIO

Standard wallpaper and lock screen customization via Intune is technically restricted to Windows Enterprise editions. If you’re on Microsoft 365 Business Premium, the Settings Catalog won't work for this. However, you can bypass this limitation by deploying a Win32 package . Not only does this solve the licensing hurdle, but it also simplifies deployment since the image file is bundled right into the package rather than hosted online. Prepare the following: wallpaper.jpg is t

This recently happened late last year in December to one of our customers, as well it happened earlier yesterday for another customer. Gathering the logs, my initial thoughts it was an application matter as you know most customers don't give enough detail and simply say "Autopilot is not working since 6/01/206" which honestly doesn't give me much transparency on what is happening. From the logs I gathered from only showed: "[StatusService] Downloading app (id = 5bd17f11-2c60-

Been working on this persona for this customer which is a multi-app kiosk build, the .html is not hosted anywhere on any websites but installed locally as part of the build process. Using assigned access, similar to my previous post: https://soeintunedevice.wixsite.com/home/post/155-microsoft-intune-kiosk-assigned-access In the XML below, you may have noticed that I have added <App DesktopAppPath="C:\Windows\SystemApps\MicrosoftWindows.Client.CBS\_cw5n1h2txyewy\CrossDeviceRes

This issue has been bugging me for awhile, at first I thought it was the 'Phone Link', which was wrong, till I grabbed the logs and eventually found it what was the cause of it. As I was viewing the logs for (52) Events Microsoft-Windows-AppLocker_Packaged_app-Execution Events.evtx, I found the issue. I updated the XML for the Kiosk Assigned Access profile, which I allowed <App DesktopAppPath="C:\Windows\SystemApps\MicrosoftWindows.Client.CBS\_cw5n1h2txyewy\CrossDeviceResume.

My colleague had some issues around this persona build for a customer, my colleauge reached out to me to have a look. I enrolled a physical device and all checked out, when clicking on 'Photos' and 'Paint' on the start menu - it would try to load but never worked. My colleague confirmed that he had whitelisted the XML to: <App AppUserModelId="Microsoft.Paint_8wekyb3d8bbwe!App" /> <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> Which didn't work, till I did

A customer reached out with wanting to set an initial start menu layout for their Windows 11 23H2 fleet, unfortunately for them if they were on Windows 11 24H2, we could use the .json and simply use the settings catalog option. In this case, I attempted with start2.bi n option as a win32 app which didn't give me the best success till I attempted using a remediation script. What you will need to do first is: Customise your start menu what you like to show up Run PowerShell ISE

Microsoft deprecated Wordpad as of 1st Sept 2023 https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#:~:text=WordPad,deprecated%20features which applies to Windows 11 24H2 and above. An education customer who requires Wordpad to be reinstated reach out to me to get it reinstalled as they were on Windows 11 25H2. What I needed to do is setup a VM with Windows 11 23H2, navigated to C:\Program Files\Windows NT\Accessories\ - copied the files over where the p

A customer reached out to me as they wanted to prevent shortcuts (*.lnk) from appearing on their student devices. Easiest I could think of is a detect and remediation script. Detect.ps 1 $Shortcuts2Remove = "Google Chrome.lnk", "VLC media player.lnk", "Audacity.lnk", "Firefox.lnk", "Google Chrome.lnk", "Microsoft Edge.lnk", "Vivi.lnk" $DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public

Late last year I posted about a 'Custom Power Plan (Win32 app)' , I decided to revisit this again. Create a Power Plan: Call whatever name you like, in this I have called it 'Devicie Power Plan' Then customize your power plan as you need. Start Command Prompt as Administrator, and run the following: This will list out your current plans: powercfg /L Then in the same command prompt, run: powercfg -export "C:\Temp\DeviciePowerPlan.pow" 9044f02c-182b-4a85-955c-567522ab795b wher

Last year I posted about using 'User Locale' with remediation scripts , and not too long ago I posted about setting English (Australia) as the default language . Of late I have noticed in Windows 11 25H2 when you have   English (Australia) as the default language in place, it somehow sets English (United Kingdom) showing up. What I did was re-look at my 'User Locale' with remediation scripts , which I know works. It will check to see if "en-GB" is there, if it does then it

I have been helping this customer who want to block all extensions on Firefox to be installed, except allowing 'Lastpass' to be installed. You can view the relevant settings that Mozilla Firefox has https://mozilla.github.io/policy-templates/#extensions , mainly what you are looking for is: https://mozilla.github.io/policy-templates/#extensionsettings . Generally you can use the ADMX/ADML templates to import into Intune, this customer already has an existing policy that ties

One of our customers listed me a detail list of Dell vulernable apps within their tenant. I tried to re-invent the wheel by using my HP Bloatware removal remediation script which did partial removing these bloatware apps. I ended up using Andrew Taylor's script with some modifications in place by removing all the unwanted bloatware lines he has added, and only focusing on Dell bloatware and Dell installed apps. Install.ps 1 #################################################

I have this customer where strangly enough Company Portal and Notepad fail to install properly on their Windows 11 devices, even from the logs I was seeing these: [Win32App][WinGetApp][WinGetAppDetectionExecutor] Starting detection of app with id: 0a74d8d1-42e1-414a-ade0-5cfec8545c94 and context: SystemContext. [Win32App][WinGetApp][WinGetOperation] Starting Detection for app with id: 0a74d8d1-42e1-414a-ade0-5cfec8545c94 and package id: 9WZDNCRFJ3PZ. [Win32App][ReportingManag

As I prepping this yesterday for a customer, which does work https://soeintunedevice.wixsite.com/home/post/181-microsoft-intune-prompt-for-hostname-change if you want to have a read. Install.ps 1 is as follows, to explain what it does is the "Prefix" is generally what you see in Since there is no way to do this via Intune, the only way would be via PowerShell. It will start off with applying WIN11-3D-001 as the hostname $Prefix = 'WIN11-3D-' $regPath = "HKLM:\SOFTWARE\MrBSOE

A customer who wanted a way for end users to get prompted to change hostname for their devices, and I remember I did something like this a few years ago (simple but easy to do). You need to prep for the following: RenameComputer.ps 1 Install.ps 1 Detect.ps 1 ServiceUI.exe (which you can grab easily from any MDT installer) RenameComputer.ps 1 - is a form that will appear to prompt the end user to change their hostname. Add-Type -AssemblyName System.Windows.Forms # Create the

A few months ago before I went on annual leave, a customer wanted to deploy Company Portal as a shortctut on the desktop for end users. The easiest way I could figure out looks like this: Install.ps 1 will do the following: [CmdletBinding()] Param ( [Parameter(Mandatory=$false)] [String]$ShortcutTargetPath, [Parameter(Mandatory=$false)] [String]$ShortcutDisplayName, [Parameter(Mandatory=$false)] [Switch]$PinToStart=$false, [Parameter(Mandatory=$false)] [String]$IconFile=$n