[Resolved] Intune compliance policy not applicable, how do I fix it?

Question

Good morning,

I have a custom compliance policy with a powershell script on almost all PCs it has been applied and they are compliant, but 4 PCs says it is not applicable, I connected to one of these PCs to see if manually the script worked, but I had to Do you think giving the command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", can affect this? if so, is there a fix besides running the command on the machine and not just on the current user?

Answer 1

Hello Francesco

Good morning!

The Set-ExecutionPolicy Unrestricted -Scope CurrentUser command can indeed affect the behavior of your PowerShell script, but it's not the primary cause of the "not applicable" issue.

The Set-ExecutionPolicy command sets the execution policy for the current PowerShell session or for the system, depending on the scope specified. The -Scope CurrentUser option sets the policy only for the current user, while the default scope is Machine which sets the policy for all users on the machine.

In your case, if the script is not running on these 4 PCs due to being marked as "not applicable", it's likely because of one of the following reasons:

1. Group Policy: Group Policy might be overriding the compliance policy's settings. Check if there are any conflicting Group Policy settings that might be preventing the script from running.
2. Windows Defender Application Control (WDAC): WDAC might be blocking the script execution. Check if WDAC is enabled and configured to block specific files or scripts.
3. Firewall rules: Firewall rules might be blocking the script's communication with Intune or other services. Check your firewall rules and ensure they allow communication with the required ports and services.
4. Script dependencies: The script might rely on specific dependencies that are not present on these 4 PCs. Check if there are any missing dependencies, such as .NET Framework versions or other software components.

To resolve this issue, I recommend:

1. Verify Group Policy settings and WDAC configurations.
2. Check firewall rules and ensure they allow communication with Intune and other required services.
3. Review the script dependencies and ensure they are present on all PCs.
4. Try running a troubleshooting script on one of these PCs to gather more information about the issue.

As for making the changes persist across all users on the machine, you can use Set-ExecutionPolicy Unrestricted -Scope Machine instead of -Scope CurrentUser. This will set the execution policy for all users on the machine.Good morning!

The Set-ExecutionPolicy Unrestricted -Scope CurrentUser command can indeed affect the behavior of your PowerShell script, but it's not the primary cause of the "not applicable" issue.

The Set-ExecutionPolicy command sets the execution policy for the current PowerShell session or for the system, depending on the scope specified. The -Scope CurrentUser option sets the policy only for the current user, while the default scope is Machine which sets the policy for all users on the machine.

In your case, if the script is not running on these 4 PCs due to being marked as "not applicable", it's likely because of one of the following reasons:

1. Group Policy: Group Policy might be overriding the compliance policy's settings. Check if there are any conflicting Group Policy settings that might be preventing the script from running.
2. Windows Defender Application Control (WDAC): WDAC might be blocking the script execution. Check if WDAC is enabled and configured to block specific files or scripts.
3. Firewall rules: Firewall rules might be blocking the script's communication with Intune or other services. Check your firewall rules and ensure they allow communication with the required ports and services.
4. Script dependencies: The script might rely on specific dependencies that are not present on these 4 PCs. Check if there are any missing dependencies, such as .NET Framework versions or other software components.

To resolve this issue, I recommend:

1. Verify Group Policy settings and WDAC configurations.
2. Check firewall rules and ensure they allow communication with Intune and other required services.
3. Review the script dependencies and ensure they are present on all PCs.
4. Try running a troubleshooting script on one of these PCs to gather more information about the issue.

As for making the changes persist across all users on the machine, you can use Set-ExecutionPolicy Unrestricted -Scope Machine instead of -Scope CurrentUser. This will set the execution policy for all users on the machine.

Answer 2

@Francesco Russo, I notice your issue is resolved. To help others quickly find the solution. Please let me write a brief summary:Issue:

I have a custom compliance policy with a PowerShell script on almost all PCs it has been applied and they are compliant, but 4 PCs says it is not applicable

Resolution:

Thanks for your time and have a nice day!

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.