Query about Intune Proactive Remediation Script Output in Device Status

Question

Query about Intune Proactive Remediation Script Output in Device Status

Swahela Mulla 95

Hello Everyone,

I've been working with Intune's Proactive Remediation and noticed a discrepancy in the device status display. Specifically, I would like to showcase the output of my remediation script in the post-remediation detection output.

I've successfully created a detection script and a remediation script. The remediation script is performing as per my requirement and also, I have added the output message. However, when checking the device status in Intune, I only see the output from detection script in both the places (pre and post remediation output).

e.g.: I have removed the temp files with the help of remediation script and want to showcase the removed files size.

Does anyone have sample script that reflecting the post-remediation detection output from remediation script?

Is there a way to ensure that the output from my remediation script is visible in the post-remediation detection output in Intune device status? Any insights or guidance on this would be greatly appreciated.

Thanks,

Swahela Mulla

Accepted answer

1 additional answer

Your answer

Answer 1

Nick Eckermann 606

When needing to get multiple outputs into the reporting we use something like this.

Create as much data and keep adding it to $RemediationResults

You will have to make up the logic to get a failure or not failure state we just use a variable flag to tag and exit accordingly.


# Get each adapter we want to modify
$NetworkAdapters = Get-NetAdapter | Where-Object {($_.InterfaceDescription -like "*Intel(R) Wi-Fi 6 AX201 160MHz*") -or ($_.InterfaceDescription -like "*Realtek USB GbE Family Controller*")}

# Remediation results collection
$RemediationResults = @()

#Reset $FlagFailure
$FlagFailure = $false

#Loop through adapters to see if they have their DNS server address set correctly
foreach($NetworkAdapter in $NetworkAdapters){
    # Get current DNS name servers
    $CurrentDNSNameServers = (Get-DnsClientServerAddress -InterfaceIndex $NetworkAdapter.InterfaceIndex -ErrorAction SilentlyContinue).ServerAddresses
    if($CurrentDNSNameServers){
        # Check for correct DNS name servers
        if(($CurrentDNSNameServers[0] -eq "1.1.1.1") -and ($CurrentDNSNameServers[1] -eq "149.112.112.112")){
            $RemediationResults += "DNS name servers set correctly on adapter $($NetworkAdapter.InterfaceDescription)"
            Write-Log -Message "DNS name servers set correctly on adapter $($NetworkAdapter.InterfaceDescription)" -Type Informational
        }else{
            # Set DNS name servers if not correct
            $RemediationResults += "DNS name servers not set correctly on adapter $($NetworkAdapter.InterfaceDescription)"
            Write-Log -Message "DNS name servers not set correctly on adapter $($NetworkAdapter.InterfaceDescription)" -Type Warning
            $RemediationResults += "Changing DNS name servers to 1.1.1.1 and 149.112.112.112 on adapter $($NetworkAdapter.InterfaceDescription)"
            Write-Log -Message "Changing DNS name servers to 1.1.1.1 and 149.112.112.112 on adapter $($NetworkAdapter.InterfaceDescription)" -Type Informational
            Set-DnsClientServerAddress -InterfaceIndex $NetworkAdapter.InterfaceIndex -ServerAddresses ("1.1.1.1", "149.112.112.112")
            
            # Check for correct DNS name servers
            $CurrentDNSNameServers = (Get-DnsClientServerAddress -InterfaceIndex $NetworkAdapter.InterfaceIndex -ErrorAction SilentlyContinue).ServerAddresses
            if(($CurrentDNSNameServers[0] -eq "1.1.1.1") -and ($CurrentDNSNameServers[1] -eq "149.112.112.112")){
            $RemediationResults += "DNS name servers set correctly on adapter $($NetworkAdapter.InterfaceDescription)"
            Write-Log -Message "DNS name servers set correctly on adapter $($NetworkAdapter.InterfaceDescription)" -Type Informational
            }else{
                $RemediationResults += "Failed to set DNS name servers correctly on adapter $($NetworkAdapter.InterfaceDescription)"
                Write-Log -Message "Failed to set DNS name servers correctly on adapter $($NetworkAdapter.InterfaceDescription)" -Type Error 
                $FlagFailure = $true
            }
        }
    }
    $CurrentDNSNameServers = $null
}

# Proactive remediation reporting and exit
if($FlagFailure -eq $true){
    # One or more settings have failed
    # Write output for PAR reporting
    Write-Output -InputObject ($RemediationResults -join ', ')
    Exit 1
}else{
    # Setting are correct
    # Write output for PAR reporting
    Write-Output -InputObject ($RemediationResults -join ', ')
    Exit 0
}

Swahela Mulla 95 Reputation points

2024-01-10T13:37:37.97+00:00

Hi @Nick Eckermann ,

I tried with above script as well but still I'm not getting the output from remediation script.
Nick Eckermann 606 Reputation points

2024-01-11T21:32:19.1833333+00:00

Can you share your sample script?
Swahela Mulla 95 Reputation points

2024-02-07T09:36:03.5766667+00:00

Hi @Nick Eckermann ,
Actually, I want output from remediation script and not from detection script this is my main requirement, output from detection script I already have.
Nick Eckermann 606 Reputation points

2024-02-07T14:35:47.7933333+00:00

@Swahela Mulla It is the same concept for either. The write-output or write-host command will be captured and sent back for reporting. If you are having problems, verify your output isn't more that 2048 characters and the encoding is UTF-8. Should it be running in x64 vs x86?

Do you have a sample of the script for review?
Swahela Mulla 95 Reputation points

2024-02-07T15:09:59.5266667+00:00

Hi @Nick Eckermann ,
If I'm not wrong Intune is running detection script 2 times before remediation and after remediation and showing the output only from detection script as pre-remediation detection output and post-remediation detection output in Intune's device status columns. I'm aware about UTF 8 and 2048 characters. Can you please check once again you're getting output from remediation script as well??
If yes, then please give me sample scripts with output message screenshot from remediation script. BTW I have tested multiple times some sample scripts. Sample script eg. folder creation detection script will check the folder is present at specific directory or not and as per exit value it will run and create new folder.
Swahela Mulla 95 Reputation points

2024-02-09T06:00:22.36+00:00

Hi @Nick Eckermann ,
Are you getting output from the remediation script??

Nick Eckermann 606

@Swahela Mulla Yes we are getting outputs from our scripts.

Are you sure your detection is exiting with 1 so that it will kick off the remediation? Check the C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\agentexecutor.log to see if it is working correctly. Here is an example of creating folders like you mentioned.


#START Detection Script
$DetectionResults = @()
$FlagFailure = $false
if (-not (Test-Path -Path "$env:SystemDrive\MyTestFolder")) {
    $DetectionResults += "MyTestFolder does not exist"
    $FlagFailure = $true
}
else {
    $DetectionResults += "MyTestFolder does exist"
}


# Proactive detection reporting and exit
if($FlagFailure -eq $true){
    # One or more settings have failed
    # Write output for PAR reporting
    Write-Output -InputObject ($DetectionResults -join ', ')
    Exit 1
}else{
    # Setting are correct
    # Write output for PAR reporting
    Write-Output -InputObject ($DetectionResults -join ', ')
    Exit 0
}
#END Detection Script

#START Remedation Script
$RemedationResults = @()
$FlagFailure = $false
if (-not (Test-Path -Path "$env:SystemDrive\MyTestFolder")) {
    $RemedationResults += "MyTestFolder does not exist"
    $RemedationResults += "Creating folder $env:SystemDrive\MyTestFolder"
    New-Item -Path "$env:SystemDrive\MyTestFolder" -ItemType Directory | Out-Null
}
else {
    $RemedationResults += "MyTestFolder does exist"
}

if (-not (Test-Path -Path "$env:SystemDrive\MyTestFolder")) {
    $RemedationResults += "Was not created"
    $FlagFailure = $true
}
else {
    $RemedationResults += "MyTestFolder was created"
}

# Proactive Remedation reporting and exit
if($FlagFailure -eq $true){
    # One or more settings have failed
    # Write output for PAR reporting
    Write-Output -InputObject ($RemedationResults -join ', ')
    Exit 1
}else{
    # Setting are correct
    # Write output for PAR reporting
    Write-Output -InputObject ($RemedationResults -join ', ')
    Exit 0
}
#END Remedation Script

Here are the agentexecutor logs Detection part failing to find folder exiting with 1 User's image

Remediation part running creating folder and writing outputs exit 0 User's image

Swahela Mulla 95 Reputation points

2024-02-09T15:40:13.2033333+00:00

Thanks @Nick Eckermann ,
My detection script is exiting with 1 so that is triggering the remediation script and I'm able to perform my remediation actions as well.
but the issue is I'm unable to see the output from remediation script In Intune device status.
(Write-Output -InputObject ($RemedationResults -join ', '))
Nick Eckermann 606 Reputation points

2024-02-09T17:26:38.0133333+00:00

When you export the details using the export, you are not getting data you are looking for?
When looking in the GUI there is data missing like RemediationScriptOutputDetails and RemediationStatus. I think the naming just doesn't align with what you think it would in the GUI.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Swahela Mulla 95 Reputation points

2024-02-19T08:37:59.4333333+00:00

Hi @Nick Eckermann ,
Can you please check once again about this column "RemediationScriptOutputDetails" I'm not getting the output with remediation script, after export that column is null only. if I run same script as detection then I'm getting the output but with remediation it is not working only one time it is worked for me.
Nick Eckermann 606 Reputation points

2024-02-20T14:21:13.5766667+00:00

@Swahela Mulla can you post the scripts you are running and I can review them.

Swahela Mulla 95

Hi @Nick Eckermann ,
I have provided my detection and remediation script, so you can review it.

#Start Detection Script 
Function Config_fn_WriteLog {
    
    param(
        [Parameter(Mandatory = $true)][string]$ReportModule = "General",
        [Parameter(Mandatory = $true)][string] $LogMessage, 
        [Parameter(Mandatory = $true)]
        [ValidateSet('Debug', 'Info', 'Warning', 'Error')]
        [string]$Severity = 'Info'
    )
    if (!($IsDebugLogRequired) -and ($Severity -eq "Debug")) {
        return
    }
    Try {
        #Format Log Message
        $FormattedDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 
        $LevelText = ""
        switch ($Severity) { 
            'Error' { 
                Write-Error $LogMessage 
                $LevelText = 'ERROR:' 
            } 
            'Warning' { 
                Write-Warning $LogMessage 
                $LevelText = 'WARNING:' 
            } 
            'Info' { 
                Write-Host $LogMessage 
                $LevelText = 'INFO:' 
            } 
            'Debug' { 
                Write-Host $LogMessage -ForegroundColor Gray
                $LevelText = 'DEBUG:' 
            }
        }         
        $FormattedMsg = $FormattedDate + " " + $LevelText + " " + $ReportModule + " `t" + $LogMessage
        #Check Log File
        if (Test-Path "$env:SystemRoot\Logs") {
            # Format Log File Name - Generate new file Perday            
            $FileNameDateFormat = Get-Date -Format "yyyyMMdd"
            $LogFileName = "DiskOptimizerDetection_" + $FileNameDateFormat + ".log"
            $LogFilePath = "$env:SystemRoot\Logs" + "\" + $LogFileName
            if (!(Test-Path $LogFilePath)) {
                $NewLogFile = New-Item $LogFilePath -Force -ItemType File 
            }
            #Write to log file
            $FormattedMsg | Out-File -FilePath $LogFilePath -Append 
        }
        # Add log message to the RemediationResults array
        $RemediationResults += $FormattedMsg
    }
    Catch {
        # Do Nothing
        Write-Host "Error while writing Log"
    }
}
try {
    $ReportModuleName = "Disk Optimizer [Detection]"
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Started Executing - ($ReportModuleName)"
    
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Checking C: drive's disk space"
    $drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DeviceID -eq "C:" }
    if ($drive -eq $null) {
        Write-Output "Error: C: drive not found."
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity Error -LogMessage "Error: C: drive not found."
        exit 0
    }
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Calculating space information..."
    $sizeGB = "{0:N1}" -f ($drive.Size / 1GB)
    $freeSpaceGB = "{0:N1}" -f ($drive.FreeSpace / 1GB)
    $percentFree = "{0:P1}" -f ($drive.FreeSpace / $drive.Size)
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "C: Drive Size: $sizeGB GB"
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Free Space: $freeSpaceGB GB"
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Free Space Percentage: $percentFree"
    $percentFreeValue = [double]::Parse($percentFree.TrimEnd('%')) / 100
    if ($percentFreeValue -lt 0.65) {
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "AvailableSpace:$percentFree"
        Write-Output "AvailableSpace:$percentFree"
        exit 1
    }
    else {
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "AvailableSpace:$percentFree"
        Write-Output "AvailableSpace:$percentFree"
        exit 0
    }
}
catch {
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity Error -LogMessage "Error: $_"
    Write-Output "Error: $_"
    exit 0
}

#Start Remediation Script
try {
    $ReportModuleName = "Disk Optimizer"
    $FormattedDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    $RemedationResults = @()
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Started Executing Script - ($ReportModuleName)"
    $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:Started,Remark:Started Executing Script - ($ReportModuleName)"
    
    # Function to remove cache files
    Function Remove-CacheFiles {
        param([Parameter(Mandatory = $true)][string]$path)
    
        try {
            if (Test-Path $path) {
                if (Get-Item -Path $path -ErrorAction SilentlyContinue) {
                    # Clearing a directory
                    
                    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Removing cache files from directory: $path"
                    Remove-Item -Path "$path\*" -Recurse -Force -Confirm:$false -ErrorAction SilentlyContinue
                }
                else {
                    # Clearing a file
                    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Removing cache file: $path"
                    Remove-Item -Path $path -Recurse -Force -Confirm:$false -ErrorAction SilentlyContinue
                }
            }
        }
        catch {
            Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "An error occurred while removing cache files from $path : $_"
        }
    }
    # Function to clear global Windows cache
    Function Clear-GlobalWindowsCache {
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing global Windows cache..."
        Remove-CacheFiles 'C:\Windows\Temp' 
        Remove-CacheFiles 'C:\$Recycle.Bin'
        #Remove-CacheFiles 'C:\Windows\Prefetch'
        Remove-CacheFiles 'C:\Windows\Temp\*' # Additional cache path
        # Additional cache paths can be added here
    }
    # Function to clear cache files for each user
    Function Clear-UserCacheFiles {
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing cache files for each user..."
        # Stop-BrowserSessions
        $userFolders = Get-ChildItem 'C:\users' -Directory
        foreach ($userFolder in $userFolders) {
            $localUser = $userFolder.Name
            Clear-ChromeCache -User $localUser
            Clear-EdgeCache -User $localUser
            Clear-FirefoxCacheFiles -User $localUser
            Clear-WindowsUserCacheFiles -User $localUser
            Clear-TeamsCacheFiles -User $localUser
        }
    }
    # Function to clear cache files for a specific Windows user
    Function Clear-WindowsUserCacheFiles {
        param([string]$user = $env:USERNAME)
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing cache files for Windows user: $user"
        $cachePaths = @(
            "C:\Users\$user\AppData\Local\Temp",
            #"C:\Users\$user\AppData\Local\Microsoft\Windows\WER",
            "C:\Users\$user\AppData\Local\Microsoft\Windows\INetCache",
            "C:\Users\$user\AppData\Local\Microsoft\Windows\INetCookies",
            "C:\Users\$user\AppData\Local\Microsoft\Windows\IECompatCache",
            "C:\Users\$user\AppData\Local\Microsoft\Windows\IECompatUaCache",
            "C:\Users\$user\AppData\Local\Microsoft\Windows\IEDownloadHistory",
            "C:\Users\$user\AppData\Local\Microsoft\Windows\Temporary Internet Files"
        )
        foreach ($cachePath in $cachePaths) {
            Remove-CacheFiles $cachePath
        }
    }
    # Function to stop browser sessions
    Function Stop-BrowserSessions {
        $browsers = @('Firefox', 'Chrome', 'Waterfox', 'Edge')
        foreach ($browser in $browsers) {
            $processes = Get-Process -Name "$browser*" -ErrorAction SilentlyContinue
            foreach ($process in $processes) {
                try {
                    $process.CloseMainWindow() | Out-Null 
                }
                catch { }
            }
        }
    }
    # Function to get storage size in GB
    Function Get-StorageSize {
        $drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DeviceID -eq "C:" }
        return [math]::Round(($drive.FreeSpace / 1GB), 2)
    }
    # Function to clear Chrome cache
    Function Clear-ChromeCache {
        param([string]$user = $env:USERNAME)
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing Chrome cache for user: $user"
        $chromeCachePath = "C:\Users\$user\AppData\Local\Google\Chrome\User Data\Default"
        $chromeCachePaths = @(
            'Cache',
            'Cache2\entries',
            'Cookies',
            'History',
            'Top Sites',
            'VisitedLinks',
            'Web Data',
            'Media Cache',
            'Cookies-Journal',
            'ChromeDWriteFontCache'
        )
        foreach ($path in $chromeCachePaths) {
            Remove-CacheFiles "$chromeCachePath\$path"
        }
    }
    # Function to clear Microsoft Edge cache
    Function Clear-EdgeCache {
        param([string]$user = $env:USERNAME)
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing Microsoft Edge cache for user: $user"
        $edgeCachePath = "C:\Users\$user\AppData\Local\Microsoft\Edge\User Data\Default"
        $edgeCachePaths = @(
            'Cache',
            'Cache2\entries',
            'Cookies',
            'History',
            'Top Sites',
            'Visited Links',
            'Web Data',
            'Media History',
            'Cookies-Journal'
        )
        foreach ($path in $edgeCachePaths) {
            Remove-CacheFiles "$edgeCachePath\$path"
        }
    }
    # Function to clear Firefox cache files
    Function Clear-FirefoxCacheFiles {
        param([string]$user = $env:USERNAME)
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing Firefox cache files for user: $user"
        $firefoxProfilesPath = "C:\users\$user\AppData\Local\Mozilla\Firefox\Profiles"
        
        if (Test-Path $firefoxProfilesPath) {
            $firefoxProfile = Get-ChildItem $firefoxProfilesPath | Where-Object { $_.Name -eq 'Default' } | Select-Object -First 1 -ErrorAction SilentlyContinue
        }
        if ($firefoxProfile) {
            $firefoxCachePaths = @(
                'cache',
                'cache2\entries',
                'thumbnails',
                'cookies.sqlite',
                'webappsstore.sqlite',
                'chromeappstore.sqlite'
            )
            $firefoxAppDataPath = $firefoxProfile.FullName
            foreach ($path in $firefoxCachePaths) {
                Remove-CacheFiles "$firefoxAppDataPath\$path"
            }
        }
    }
    # Function to clear Microsoft Teams cache files
    Function Clear-TeamsCacheFiles {
        param([string]$user = $env:USERNAME)
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Clearing Microsoft Teams cache files for user: $user"
        $teamsCachePath = "C:\users\$user\AppData\Roaming\Microsoft\Teams"
        $teamsCachePaths = @(
            'cache',
            'blob_storage',
            'databases',
            'gpucache',
            'Indexeddb',
            'Local Storage',
            'application cache\cache'
        )
        foreach ($path in $teamsCachePaths) {
            Remove-CacheFiles "$teamsCachePath\$path"
        }
    }
    # Main script execution
    $StartTime = Get-Date
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Script execution started at: $StartTime"
    $SizeBefore = Get-StorageSize
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Storage size before cleanup: $SizeBefore GB"
    Clear-UserCacheFiles
    Clear-GlobalWindowsCache
    $SizeAfter = Get-StorageSize
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Storage size after cleanup: $SizeAfter GB"
    $EndTime = Get-Date
    $ElapsedTime = ($EndTime - $StartTime).TotalMinutes
    #Write-Output "Elapsed Time: $ElapsedTime minutes"
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "Script execution completed in: $ElapsedTime minutes"
    $FreedSpaceInGB = $SizeAfter - $SizeBefore
    $FreedSpaceInMB = $FreedSpaceInGB * 1024
    if ($FreedSpaceInGB -lt 1) {
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "FreedSpace:$FreedSpaceInMB MB,SizeBeforeCleanup:$SizeBefore GB,SizeAfterCleanup:$SizeAfter GB"
        #Write-Output "FreedSpace:$FreedSpaceInMB MB,SizeBeforeCleanup:$SizeBefore GB,SizeAfterCleanup:$SizeAfter GB"
        # Exit with a success code
        $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:InProgress,Remark:FreedSpace-$FreedSpaceInMB MB,SizeBeforeCleanup-$SizeBefore GB,SizeAfterCleanup-$SizeAfter GB"
        $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:Completed,Remark:Successfully Completed Executing Script - ($ReportModuleName)"
        Write-Output -InputObject ($RemedationResults -join ';')
        #exit 0
    }
    else {
        Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "FreedSpace:$FreedSpaceInGB GB,SizeBeforeCleanup:$SizeBefore GB,SizeAfterCleanup:$SizeAfter GB"
        #Write-Output "FreedSpace:$FreedSpaceInGB GB,SizeBeforeCleanup:$SizeBefore GB,SizeAfterCleanup:$SizeAfter GB"
        # Exit with a success code
        $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:InProgress,Remark:$FreedSpaceInGB GB,SizeBeforeCleanup-$SizeBefore GB,SizeAfterCleanup-$SizeAfter GB"
        $RemedationResults += $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:Completed,Remark:Successfully Completed Executing Script - ($ReportModuleName)"
        Write-Output -InputObject ($RemedationResults -join ';')
        #exit 0
    }
    
}
catch {
    # Output the error message
    Config_fn_WriteLog -ReportModule $ReportModuleName -Severity INFO -LogMessage "An error occurred: $_"
    #Write-Output "An error occurred: $_"
    $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:Error,Remark:Error Occured while Executing Script - ($ReportModuleName)"
    $RemedationResults += $RemedationResults += "DateTime:$FormattedDate,RemoteAction:$ReportModuleName,ScriptStatus:Error,Remark:Error Occured while Executing Script - ($ReportModuleName)"
    Write-Output -InputObject ($RemedationResults -join ';')
    # Exit with a failure code
    #exit 1
}

Swahela Mulla 95 Reputation points

2024-02-21T15:23:37.6666667+00:00

Hi @Nick Eckermann ,
Please let me know once you review my scripts.
Nick Eckermann 606 Reputation points

2024-02-22T14:08:04.1866667+00:00

@Swahela Mulla I just tested your script and it seems to be working as far as getting the output in the agent executor outputs. I think in my case due to it never "fixing" enough drive space to pass the detection the remediation data is thrown away? This might be a ticket and question from Microsoft.

I also created a test remediation that only posted 1 line output in detection and continue to fail no matter what. In the remediation there was just a 1 line output with exit 0 every time and because it was always reoccurring it never posted any data from the remediation.

You might want to consider trying some other detection method for this if they will never clean up enough space?

I did modify the following in testing your script while troubleshooting.

Detection

Change the -lt value so it would exit 1 on the free size. Maybe confirm the logic here is what you would expect. It will only exit 1 when that logic validates as true. Commented out the writes in the log function for the log type, this seems to be adding extra outputs to the reporting back to intune.

Went back to your original write outputs but modified them a little

Remediation

Added the log function at the start of the script before the first try, it was missing in the one you sent over.

Commented out the writes in the log function for the log type, this seems to be adding extra outputs to the reporting back to intune. Remove the comments from the exits

Went back to your original write outputs but modified them a little Detection AgentExecutor log

Failed detection due to the space requirements

Remedition AgentExecutor log

The outputs look good not sure why they are not posting to Intune or being posted and removed because it fails detection again after.

2nd Detection to see if it fixed it in the AgentExecutor log

Failed detection again because enough space wasn't cleaned up

From the portal. Since I set the -lt value so high it will keep recurring in my case and I think that may be the actual problem.
Swahela Mulla 95 Reputation points

2024-02-23T13:06:51.13+00:00
Hi @Nick Eckermann ,
Thanks for checking my scripts.

I have 60% free disk space on my test machine.

Upon running my detection script, it returns an exit code of 1 (criteria is for 65%), prompting the execution of the remediation script.

The remediation script effectively removes cache, temp files, and recycle bin data, and updates the Intune device output accordingly.

However, I'm encountering a null result for "remediationScriptOutputDetails" column.

While the log function in the remediation script is present, I haven't shared it with you.

I've commented out the exit codes within the script.

Additionally, following previous suggestions, I've commented the writes operations within the log function.

I'm not facing a recurring status issue since I'm monitoring the disk size and adjusting testing accordingly.

Despite the setback with "remediationScriptOutputDetails," the remediation action is executing correctly.

I'm seeking assistance in understanding why I'm still not receiving output from the remediation script.

If you made modifications to my script that align with our expectations, kindly share them with me.

Is it possible that this issue originates from Intune itself?
Nick Eckermann 606 Reputation points

2024-02-23T13:53:07.03+00:00

@Swahela Mulla I would confirm that your agentexecutor log has the output you expect to send to intune for reporting shown when it runs the remediation. I think you mentioned it does but I want to confirm.

My theory on the recurring doesn't seem valid after reviewing today. Yesterday both your script and the quick one I wrote to make sure it wasn't something in the content was not posting any data for the remediation. Today when I did the export both had content in the remediation outputs. So, it looks to be working, but there was a delay in the reporting for the remediation part. Maybe I wasn't waiting long enough before exporting the data.
Swahela Mulla 95 Reputation points

2024-02-23T14:21:59.24+00:00

Hi @Nick Eckermann ,

Yes, I am also encountering delays with receiving response (Now I saw the remediation result is there) from proactive remediation scripts triggered via PowerShell in our Intune environment. Essentially, once the script is executed, I need to capture the response and populate it somewhere, but due to the delays, it's challenging to verify if the latest record has been updated. I am wondering if you have any suggestion on how to verify the latest record updated by Intune with the last run activity or any other method to ensure that script execution and updates are captured accurately. looking forward to your insights on this matter.

Answer 2

Nick Eckermann 606

This was a duplicate post

Share via

Query about Intune Proactive Remediation Script Output in Device Status

1 additional answer

Your answer