Category Archives: Automation

Automation, EMS, Intune, Powershell, Security

Automatically bitlocker Windows 10 MDM Intune Azure AD Joined devices

13 Comments

Update: in recent builds of Windows the BackupToAAD-BitLockerKeyProtector PowerShell command does most of what this used to do 🙂

I recently ran into an article by Pieter Wigleven, based on an original idea of Jan Van Meirvenne that I simply have to share, and expand upon.

When you go cloud first, and do light MDM management of your Azure AD Joined Windows 10 devices, you will likely enable a Bitlocker policy in Intune. What you’ll quickly discover, is that your policy will not automatically enforce/enable Bitlocker on non-InstantGo capable devices.

So, I expanded upon Jan and Pieter’s script to automatically enable Bitlocker on Windows 10; it has additional error handling, local logging and it will eject removable drives prior to immediately (vs reboot) encrypting your system drive. After this is started, it will register your recovery key in AzureAD. Of course all credit for the original idea goes to Jan van Meirvenne.

Powershell source file

enableBitlockerAndRegisterInAAD_v0.04.ps1 (right click, save as)

MSI file

enableBitlockerAndRegisterInAAd_v0.04.msi (right click, save as)

As Intune won’t let you deploy a Powershell script, I’ve also wrapped the script in an MSI file with Advanced Installer for you. What this will do;

  1. Deploy the PS1 file to the machine
  2. Register a scheduled task to run this PS1 file at logon each time
  3. Kick off the scheduled task once so a first reboot isn’t required

Advanced installer package (.aip)

enableBitlockerAndRegisterInAAD.zip (right click, save as)

Requirements

  1. Windows 10, AzureAD Joined
  2. TPM chip
  3. User should be local admin
Automation, O365GroupSync, Office 365, Powershell

GroupSync v0.56 available!

Leave a comment

Version 0.56 is out, changes since v0.50:

  • prevent running twice (if scheduled task hangs for some reason)
  • send email notification if logfile is locked
  • replace add-adgroupmember and remove-adgroupmember with set-adgroup because of a known bug in these commands
  • multi-delete protection
  • auto reconnect to Exchange Online when the connection times out + longer timeout
  • additional filtering method for groups: extensionAttribute2
    • If you want to use this instead of the displayName prefix filter, read up on how to switch

Get it here

Automation, Powershell

How to start a “Trigger Start” windows service with Powershell without elevation / admin rights

3 Comments

Some Windows services can be triggered to start at certain events. These services have ‘Tigger Start’ in their startup name behind whatever you configured (like Manual).

Powershell does not have a native method to register the type of event that triggers such a service, C++ and C# do…..and Powershell can natively run C#.

To trigger a service, you’ll need its guid first:

run sc triggerinfo <SERVICENAME>

This will give you a GUID, for example for the WebClient service:

22b6d684-fa63-4578-87c9-effcbe6643c7

You can then use this GUID in the following script to trigger your service from Powershell 🙂 Continue reading How to start a “Trigger Start” windows service with Powershell without elevation / admin rights

Automation, O365Migrator, Office 365, OneDrive for Business, Powershell, Sharepoint Online

O365Migrator v0.9 released!

22 Comments

Version 0.9 of O365Migrator is now available as a free download.

What was changed?

  • Differential transfer: upload only changed/new files. (does not process renames, moves and deletes yet!)
  • Subfolder targeting: upload to a specific subfolder instead of the root if specified
  • Better library name detection when admin and user have different language settings

You can find the new version here.