Category Archives: Intune

Setting NTFS permissions on a Folder through Intune

Although I found a good example/article on how to set modify permission through Intune, I wanted to use more of a desired state configuration type remediation where inheritance is removed and all defined ACL’s are exclusively applied to a given folder and all child folders/files. It also includes creating the folder if it isn’t there yet, which can be useful for certain legacy applications 🙂

Without further ado here’s the detection script:

https://github.com/jflieben/assortedFunctionsV2/blob/main/NTFSPermissionRemediation/detect.ps1

And here is the remediation script:

https://github.com/jflieben/assortedFunctionsV2/blob/main/NTFSPermissionRemediation/remediate.ps1

Run in SYSTEM context unless you unwisely made all your users local admins 😉

Remediating secureboot on Lenovo devices through Intune

Sometimes someone forgets to enable SecureBoot, boo!

For Lenovo devices built after 2018, this can be remediated using PowerShell without any dependencies whatsoever.

So here’s a simple remediation solution using Intune that reads the SecureBoot status from the Lenovo_BiosSetting WMI class and then uses the Lenovo_SetBiosSetting and Lenovo_SaveBiosSettings WMI classes to enable SecureBoot as needed.

Source code:

https://github.com/jflieben/assortedFunctionsV2/tree/main/LenovoSecurebootRemediation

Example:

Windows 11 default terminal remediation scripts

For those of you that want the default terminal in windows 11 to be cmd again, I’ve created two simple files that can be used in an Intune Remediation to automatically configure the default terminal.

https://github.com/jflieben/assortedFunctionsV2/tree/main/DefaultTerminalRemediation

Run in user context!

This solves PowerShell windows staying visible even if -WindowStyle Hidden is used, e.g. from Scheduled Tasks.