haserchallenge.blogg.se - Rapid recovery powershell to export

#RAPID RECOVERY POWERSHELL TO EXPORT HOW TO#
#RAPID RECOVERY POWERSHELL TO EXPORT PASSWORD#
#RAPID RECOVERY POWERSHELL TO EXPORT DOWNLOAD#

Select the group of users to which you want to deploy this script.Click on Create and open the assignments section.In this case we want to run the script in the system context so we don’t need to change the values: If you want to run a scrip in a users context you can configure this here. Click on configure to select additional parameters.

Select the PowerShell script from the location where you saved it:.

Give the script a name and a description

#RAPID RECOVERY POWERSHELL TO EXPORT DOWNLOAD#

Download the script from my Github account and save it locally.Go to Device Configuration and then open the PowerShell scripts section.Go to the Azure Portal ( ) and go to the Intune section.

#RAPID RECOVERY POWERSHELL TO EXPORT HOW TO#

Let’s take a look how to configure this scenario within Intune:

#RAPID RECOVERY POWERSHELL TO EXPORT PASSWORD#

If not it will add an Recovery Password Protector to the Bitlocker volume.īecause of my configured Intune Endpoint Protection policy this new key is automatically added to AzureAD.

The script which runs during the user logon checks if a recovery password is already added to the Bitlocker Configuration.

The same script creates a scheduled task which runs at user logon in an elevated user context.

PowerShell script deployed from Intune which creates a script on the local workstation.

Basically the solution consists of the following components:

I used the same idea to create this solution. A couple of months ago Pieter Wigleven has published a great blogpost using a scheduled task to enable and configure Bitlocker, you can find this blogpost here. It’s not possible to run a elevated script through this extension in the user context. When looking to the options we have with the Intune Management Extension we can run a PowerShell script in the system context or in the user context. Some of the cmdlets need to run in a elevated user session. Credits also to my colleague David Omisi since he helped me developing the PowerShell script.Īs I explained in my introduction configuring the Bitlocker part is not easy when doing it with PowerShell. But I accepted the challenge and I got it working. From the past I know that this is not easy because we need to run the scripts in an elevated PowerShell user session. If you’ve applied an Intune Endpoint Protection policy this key is automatically saved into AzureAD. The scenario I wanted to test is to add an additional Bitlocker Recovery key to the Bitlocker configuration. With the ability to run PowerShell on MDM managed devices many scenarios are possible. This new capability is released in the latest Intune release from 2 weeks ago. This weeks blogpost is about the new PowerShell capabilities we get through the Intune Management Extension.