-
Notifications
You must be signed in to change notification settings - Fork 0
/
Fix-IntuneEnrollmentSystem.ps1
54 lines (46 loc) · 2.03 KB
/
Fix-IntuneEnrollmentSystem.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
$RegistryKeys = @(
"HKLM:\SOFTWARE\Microsoft\Enrollments",
"HKLM:\SOFTWARE\Microsoft\Enrollments\Status",
"HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked",
"HKLM:\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled",
"HKLM:\SOFTWARE\Microsoft\PolicyManager\Providers",
"HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts",
"HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Logger",
"HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Sessions"
)
# Remove Intune certificates
Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {
$_.Issuer -match "Intune MDM"
} | Remove-Item
# Get EnrollmentID and unregister related scheduled tasks
$EnrollmentID = Get-ScheduledTask |
Where-Object { $_.TaskPath -like "*Microsoft*Windows*EnterpriseMgmt*" } |
Select-Object -ExpandProperty TaskPath -Unique |
Where-Object { $_ -like "*-*-*" } |
Split-Path -Leaf
Get-ScheduledTask |
Where-Object { $_.Taskpath -match $EnrollmentID } |
Unregister-ScheduledTask -Confirm:$false
# Remove registry keys related to EnrollmentID
foreach ($Key in $RegistryKeys) {
if (Test-Path -Path $Key) {
Get-ChildItem -Path $Key |
Where-Object { $_.Name -match $EnrollmentID } |
Remove-Item -Recurse -Force -Confirm:$false -ErrorAction SilentlyContinue
}
}
# Unregister scheduled tasks for each enrollment
foreach ($enrollment in $EnrollmentID) {
Get-ScheduledTask |
Where-Object { $_.Taskpath -match $enrollment } |
Unregister-ScheduledTask -Confirm:$false
}
Start-Sleep -Seconds 5
# Start DeviceEnroller process and handle the result
$EnrollmentProcess = Start-Process -FilePath "C:\Windows\System32\DeviceEnroller.exe" -ArgumentList "/C /AutoenrollMDM" -NoNewWindow -Wait -PassThru
if ($EnrollmentProcess.ExitCode -eq 0) {
Write-Host "DeviceEnroller completed successfully."
} else {
Write-Host "DeviceEnroller failed with exit code: $($EnrollmentProcess.ExitCode)"
# You might want to add more detailed error handling here, such as logging or additional actions
}