Gathering logs and sending an email when you need to reset Windows Autopilot

Introduction

Windows Autopilot deployment profiles allow you to decide if the user is a local administrator or a standard user. With all the security concerns today, choosing an User account type of Standard as shown below is a logical choice, but it does have some downsides. Certain abilities within Windows are not available to the end user without elevating their status.

standard user autopilot deployment profile.PNG

For example, as a standard user if you need to reset Windows when things take a nosedive (yes, it does happen), you cannot do it without elevating your session using Windows built in reset abilities, you could use the option in Company Portal, devices, but it doesn’t allow you to gather logs, or email the reason for the reset, and it’s troublesome to find.

As an Intune Admin you could of course trigger the reset from within the Endpoint Manager portal, but what if you want your users to be in control of when and where they make that choice. By providing the users with this self service ability means one less call to the help desk.

To give your users the ability to easily self reset Windows, and to do it in a way that your company can benefit from, you can provide an app that runs in SYSTEM context via the Company Portal and that’s what this blog post covers. It shows you how to display a simple UI to your end users which runs in SYSTEM context, yet can interact with the end users and gather important data prior to initiating the reset.

Step 1. Get the scripts

Note: You can only download these files when logged on to windows-noob.com

reset-windows.zip 6.29 kB · 7 downloads

 

Extract the files.

Step 2. Get ServiceUI.exe from MDT

You’ll need the ServiceUI.exe executable file to display user interfaces (UI) to end users when operating in SYSTEM context. To get the file, download and install MDT somewhere and navigate to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64. To download MDT click here.

Copy the ServiceUI.exe file to your extracted win32app_source folder so it looks like this.

serviceui copied.png

Step 3. Get the Win32 content prep tool

Download the Win32 content prep tool from here.

Copy the IntuneWinAppUtil.exe file to your reset-windows source folder, it should look like this.

IntuneWinAppUtil copied.png

Step 4. setup Sendgrid in Azure

In https://portal.azure.com login and add a resource called Sendgrid.

setup sendgrid.png

After creating the resource, click on Manage

manage.png

In the sendgrid web site, choose to Create a sender.

create a sender.png

 

Once that is done and you’ve verified the sender, you can review your sender in the settings node in the sender authentication area.

sender authentication.png

Next you should Create an API key, to create an API keysimply expand Settings in the left pane and choose API Keys followed by Create API Key, I chose full access.

create api key.png

Make sure to copy your API key somewhere safe…

api key created.png

After all that is done, you can test sending your first email, there’s lots of help at sendgrids site. Do not continue until you’ve got confirmation that you can send email successfully.

continue reading this post over @ windows-noob.com here.

This entry was posted in AzureAD, company portal, Intune, PowerShell scripts, sendgrid. Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.