Proactive Remediation: detect devices with recent BSOD and automatically upload log files to SharePoint
In this post I will show you a quick Intune Proactive Remediation script allowing you to detect devices that have a recent BSOD and automatically send dump files to a SharePoint.
Context
- Some of you
devices have BSOD
- You want to
collect minidump file to investigate
- You want an
easy way to upload those files
- You want an
automated way
- You want to
upload files on a SharePoint for help desk
- You want to be informed on Teams
The solution
I created two
script:
-
BSOD_Detection.ps1
-
BSOD_Remediation.ps1
Detection script
1. This script
will check in C:\Windows\Minidump folder if there is a .DMP file.
2. If yes it will
check if the date is lesser than a specific period. There I defined it to 15
days.
3. If there are
multiple files, the script will check for the latest.
4. Check in the
system event log for lastest BugCheck mention and compare it with DMP file
5. Set script as
alert is file date if < 30 days
You can set the
delay by changing variable: $Delay_alert
Remediation
script
The remediation script works as below:
1. Install module
pnp.powershell if not installed
2. Create a
folder for logs: C:\Windows\Temp\DMP_Logs_folder
3. Copy content
of C:\Windows\Minidump in the DMP_Logs_folder folder
4. Copy file
C:\WINDOWS\MEMORY.DMP in the DMP_Logs_folder folder
5. Zip the folder
DMP_Logs_folder
6. Upload the ZIP
to SharePoint
7. Publish a new message on Teams
Get the script
Click on the
below GitHub picture to download the script
SharePoint
prerequisites
To upload files
on SharePoint you will need to:
- Create a
dedicated SharePoint for logs
- Create a
SharePoint application to authenticate
You can find
prerequisites part on my blog post there.
Notifications on Teams
When logs are uploaded on SharePoint you can choose to publish a message on Teams.
For that create a webhoot connector.
I will soon publish a blog post about how to do that, for now you can find indications as comment in the Remediation script.
To use this proceed as below:
- Set variable $Use_Webhook to True
- Add webhook URL in variable: $Webhook
Once ZIP has been uploaded a new message will displayed on your Teams channel, as below:
Create Proactive
Remediation script
1. Go to the
Microsoft Endpoint Manager admin center
2. Go to Reports
3. Go to Endpoint
Analytics
4. Go to
Proactive Remediations
5. Click on
Create script package
6. Type a name
7. Click on Next
8. Click on
Detection script file
9. Browse the
script BSOD_Detection.ps1
10. Click on
Remediation script file
11. Browse the
script BSOD_Remediation.ps1
12. Click on Next
13. Select the
group
14. In the
Schedule part, choose when the package should be run.
15. Click on
Apply
16. Click on Next
17. Click on
Create
Enregistrer un commentaire