Although I found a good example/article on how to set modify permission through Intune, I wanted to use more of a desired state configuration type remediation where inheritance is removed and all defined ACL’s are exclusively applied to a given folder and all child folders/files. It also includes creating the folder if it isn’t there yet, which can be useful for certain legacy applications 🙂
Sometimes someone forgets to enable SecureBoot, boo!
For Lenovo devices built after 2018, this can be remediated using PowerShell without any dependencies whatsoever.
So here’s a simple remediation solution using Intune that reads the SecureBoot status from the Lenovo_BiosSetting WMI class and then uses the Lenovo_SetBiosSetting and Lenovo_SaveBiosSettings WMI classes to enable SecureBoot as needed.
For those of you that want the default terminal in windows 11 to be cmd again, I’ve created two simple files that can be used in an Intune Remediation to automatically configure the default terminal.
The ‘annoying’ new SSO permission prompt in Windows 11 (or one of the installed apps) can be blocked by editing IntegratedServicesRegionPolicySet.json.
To make this easier for my fellow admins, here’s a script to automate this through e.g. Intune (run in SYSTEM context!)