Proactive Remediation: detect devices with recent BSOD and automatically upload log files to SharePoint
In this post I will show you a quick Intune Proactive Remediation script allowing you to detect devices that have a recent BSOD and automatically send dump files to a SharePoint.
Context
- Some of you
devices have BSOD
- You want to
collect minidump file to investigate
- You want an
easy way to upload those files
- You want an
automated way
- You want to
upload files on a SharePoint for help desk
- You want to be informed on Teams
The solution
I created two
script:
-
BSOD_Detection.ps1
-
BSOD_Remediation.ps1
Detection script
The script works as below:
1. Check in C:\Windows\Minidump if there is a .DMP file.
2. If yes, check if the date is < than a specific period. (here I defined it to 15
days)
3. If there are
multiple files, the script check for the latest
4. Check in system event log for last BugCheck mention and compare it with DMP file
5. Set script as
alert is file date if < 30 days
You can set the
delay by changing variable: $Delay_alert
Remediation
script
The remediation script works as below:
1. Create a log folder C:\Windows\Temp\DMP_Logs_folder
2. Copy content
of C:\Windows\Minidump in the logs folder
3. Copy C:\WINDOWS\MEMORY.DMP in the log folder
4. Zip the folder
DMP_Logs_folder
5. Authenticate to SharePoint through the Azure app
6. Upload the ZIP
to SharePoint
7. Publish a new message on Teams
Get the script
Click on the
below GitHub picture to download the script
Prerequisites
To send file to SharePoint you will need to create an Azure app registration and set a specific permission.
You can see in my post here how to proceed.
Teams notification
When logs are uploaded on SharePoint you can choose to publish a message on Teams.
For that create a webhook connector.
To use this in the script proceed as below:
- Set variable $Use_Webhook to True
- Add webhook URL in variable: $Webhook
Once ZIP has been uploaded a new message will displayed on your Teams channel, as below:
Create Proactive
Remediation script
1. Go to the
Microsoft Endpoint Manager admin center
2. Go to Devices
3. Go to Remediations
4. Click on
Create script package
5. Type a name
6. Click on Next
7. Click on
Detection script file
8. Browse the
script BSOD_Detection.ps1
9. Click on
Remediation script file
10. Browse the
script BSOD_Remediation.ps1
11. Click on Next
12. Select a group
13. In the
Schedule part, choose when the package should be run.
14. Click on
Apply
15. Click on Next
16. Click on Create
1 commentaire
I keep getting error when trying to connect to sharepoint: Disconnect-pnponline :
The 'Disconnect-pnponline' command was found in the module 'PnP.PowerShell',
but the module could not be loaded. For more information,
run 'Import-Module PnP.PowerShell'.
import says: Import-Module : Could not load file or assembly 'System.Management.Automation, Version=7.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
so maybe some powershell 7 is missing or?
Enregistrer un commentaire