Endpoint Analytics Proactive Remediation: Check devices with drivers issues
In this post I will share how to use Endpoint Analytics Proactive Remediation to check devices that have missing or disabled drivers.
Context
- You want to check device that have disabled drivers in the device manager
- You want to check device tat have missing drivers in the device manager
The script
Click on the picture below to get the script
How works detection script ?
In order to check wrong drivers from the device manager, you have to use the WMI class Win32_pnpnEntity then search the configmanagererrorcode.
The detection script will display error for this code as below:
- Configmanagererrorcode = 22: meaning disabled drivers
- Configmanagererrorcode = 28: meaning missing drivers
See here more informations about this class. You can of course add other code for detection.
How works remediation script ?
The remediation script will just display a warning to the user informing him to contact his help desk, as below:
Endpoint Analytics Proactive Remediation
A really cool feature available in the Endpoint manager portal is Proactive Remediation.
This one allows you to do the below actions:
- Check a specific case, like antivirus definitions, local admin...
- Resolve this case like update antivirus definitions, remove local admin...
You can find it as below:
- Go to the Microsoft Endpoint manager admin center
- Go to Reports
- Go to Endpoint analytics
- Go to Proactive remediations
- Enable the feature
See below some Proactive Remediation examples:
Detection and Remediation scripts
The Proactive Remediation is divided in two scripts part:
- Detection script
- Remediation script
The Detection script allows you to check a specific case like missing drivers on the device.
See below the exit code to add:
- If the detection script does not anwser to your recommandation: 1
- If the detection script does not anwser to your recommandation: 0
If the exit code is configured to 1, the Remediation script will be executed.
You also need to configure an exit code to the remediation script:
- If remediation is OK, set the exit code to 0
- If remediation is KO, set the exit code to 1
Create the remediation package
1. Click on Create script package
2. Type a name in our case Microsoft Defender last scan and update
3. Click on Next
4. Click on Detection script file
5. Select the detection script
6. Click on Remediation script file
7. Select the remediation script
8. Choose run the script as user
9. Click on Next
10. Select your assignment
11. In the Schedule part, choose when the package should be run.
12. In our case we will run it every 3 hours (for our test)
13. Click on Apply
14. Click on Next
15. Click on Create
Enregistrer un commentaire