Loading...

Block keyboard shortcuts on your devices with Intune

1 A+ A-


In this post I will show you how to block some keyboard shortcuts on your devices with Intune.


Context

See below what do we want:

- Block some keyboards combinations on devices like Windows+R, Windows+E...

- Deploy this through Intune with a script, remediation script


The solution

The solution is pretty easy and not something really new.

Actually in Windows you can find a cool feature called Keyboard filter allowing you to block some keyboard shortcut.

The solution is to enable this feature through a script and block keyboard combinations we want to block.

To get more info about blocking combinations see my post here.


PowerShell and keyboard feature

As mentioned previously, to block some keyboard combinations the feature to use is Keyboard filter.

See below how to enable the feature with PowerShell:

This feature includes two classes:

- WEKF_PredefinedKey: includes existing keyboard combinations

- WEKF_CustomKey: add keyboard combinations not found in the PredefinedKey


To find which class to use, just list existing keyboard combinations using the WEKF_PredefinedKey class.

The PredefinedKey class allows you to list existing combinations that you can block. 

You need to enable the feature first.

See below the code to do this:

If you don't find the combination you want to block in the PredefinedKey, you need to use the WEKF_CustomKey.

The WEKF_CustomKey class does not give the possibility to list existing combinations but only applied combinations.


Get the script

Click on the below picture to get the remediation script

Add keyboard shortcuts you want to block in the $Keyboard_Shortcuts variable.


What does the remediation script ?

The detection script will proceed as below:

- Check if the KeyboardFilter feature is enabled

- Check if keyboard shortcuts are blocked or not

- If not run the remediation script


The remediation script will proceed as below:

- Check if keyboard shortcuts are blocked or not

- If not, it will block them


Creating the Remediation script

To block some keyboard shortcuts, use both Detection and Remediation scripts mentioned above.

1. Go to the Intune portal

2. Go to Devices

3. Go to Remediations

4. Click on Create script package

5. Type a name

6. Click on Next

7. Click on Detection script file

8. Browse to Detection.ps1

9. Click on Remediation script file

10. Browse to Remediation.ps1

11. Click on Next

12. Click on Next

13. Click on Create


slider 2409424837620023414

Enregistrer un commentaire

1 commentaire

Anonyme a dit…

There exist a dependency of "Windows Optional Features"

$FeatureNamePrerequisite1 = "Client-DeviceLockdown" # prerequisite for KeyboardFilter
$Check_DeviceLockdown_Feature = Get-WindowsOptionalFeature -online -FeatureName $FeatureNamePrerequisite1
$Check_DeviceLockdown_Feature
<#
FeatureName : Client-DeviceLockdown
DisplayName : Device Lockdown
Description : Services and tools to provide a controlled and specialized experience for the end user of a device
RestartRequired : Possible
State : Enabled
CustomProperties :
#>


<#
# TAke care about dependency of 'Client-KeyboardFilter'
Error: 50

The operation is complete but Client-KeyboardFilter feature was not enabled.
A required parent feature may not be enabled. You can use the /enable-feature /all option to automatically enable each parent feature from the following list.
If the parent feature(s) are already enabled, refer to the log file for further diagnostics.
Client-DeviceLockdown
#>

$FeatureName = "Client-KeyboardFilter"
$Check_Keyboard_Feature = Get-WindowsOptionalFeature -online -FeatureName $FeatureName
$Check_Keyboard_Feature

<#
FeatureName : Client-KeyboardFilter
DisplayName : Keyboard Filter
Description : Enables controls to suppress undesirable key presses or key combinations
RestartRequired : Possible
State : Disabled
CustomProperties :
#>

Accueil item

Award

Sponsors

Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French


Stats