Loading...

Endpoint Analytics Proactive Remediation: Check devices with missing or disabled drivers


In this post I will share how to use Endpoint Analytics Proactive Remediation to check devices that have missing or disabled drivers.


Context

- You want to check device that have disabled drivers in the device manager

- You want to check device tat have missing drivers in the device manager


The script

Click on the picture below to get the script


How works detection script ?

In order to check wrong drivers from the device manager, you have to use the WMI class Win32_pnpnEntity then search the configmanagererrorcode.


The detection script will display error for this code as below:

- Configmanagererrorcode = 22: meaning disabled drivers

- Configmanagererrorcode = 28: meaning missing drivers


See here more informations about this class. You can of course add other code for detection.


How works remediation script ?

The remediation script will just display a warning to the user informing him to contact his help desk, as below:



Endpoint Analytics Proactive Remediation

A really cool feature available in the Endpoint manager portal is Proactive Remediation.

This one allows you to do the below actions:

- Check a specific case, like antivirus definitions, local admin...

- Resolve this case like update antivirus definitions, remove local admin...


You can find it as below:

- Go to the Microsoft Endpoint manager admin center

- Go to Reports

- Go to Endpoint analytics

- Go to Proactive remediations

- Enable the feature


See below some Proactive Remediation examples:

Battery replacement

Last reboot time

Check local admin


Detection and Remediation scripts

The Proactive Remediation is divided in two scripts part:

- Detection script

- Remediation script


The Detection script allows you to check a specific case like missing drivers on the device.

See below the exit code to add:

- If the detection script does not anwser to your recommandation: 1 

- If the detection script does not anwser to your recommandation: 0 


If the exit code is configured to 1, the Remediation script will be executed.

You also need to configure an exit code to the remediation script:

- If remediation is OK, set the exit code to 0

- If remediation is KO, set the exit code to 1


Create the remediation package

1. Click on Create script package


2. Type a name in our case Microsoft Defender last scan and update


3. Click on Next

4. Click on Detection script file

5. Browse the script Drivers_Detection_Script.ps1

6. Click on Remediation script file

7. Browse the script Drivers_Remediation_Script.ps1


8. Click on Next

9. Select your assignment 


10. In the Schedule part, choose when the package should be run.


11. In our case we will run it every 3 hours (for our test)

12. Click on Apply

13. Click on Next

14. Click on Create


Test in action

See below the Endpoint analytics portal report before the package is executed on the device:


See below the report after the package is executed on the device without issue:



See below the report after the package is executed on the device with issue:



Log file
In my detection script, I create a log in ProgramData, as below:




slider 1439265131781387434

Publier un commentaire

Accueil item

Award

Mes articles en français

Author of Books

PowerShell GUI & WPF Group

PowerShell GUI & WPF Group

Join the FPSUGR

Join the FPSUGR

Stats