Actions

Advanced Autopilot Examples

From Syntaro Help

We will provide as much examples in this section. If you create also a cool example, just contact us, then we will add it to the list.

Enable Bitlocker

	<item buttonText="Enable Bitlocker" buttonTextDone="Already Encrypted" title="Drive Encryption" description="Your Device has to be encrypted. You have to enable Bitlocker." executionMessage="Drive is encrypting...">
		<checkScript>
			$DriveC = Get-BitLockerVolume $env:SystemDrive
			Write-Log "Check Bitlocker Status of Drive ($env:SystemDrive)"
			Write-Log "Bitlocker is $($DriveC.ProtectionStatus)"
			$DriveC.ProtectionStatus -eq "On" -or (Get-WmiObject Win32_Computersystem).Model -eq "Virtual Machine"
		</checkScript>
		<remediationScript topMost="true">
			$DriveC = Get-BitLockerVolume $env:SystemDrive
			Write-Log "Check Bitlocker Status of Drive ($env:SystemDrive)"
			if($DriveC.ProtectionStatus -ne "On"){
				Write-Log "Bitlocker is $($DriveC.ProtectionStatus), try to enable it"
				try{
					if(($DriveC.KeyProtector | Select-Object -ExpandProperty KeyProtectorType) -notcontains "Tpm"){
						Write-Log "Tpm Protector is absent. Try to add it."
						Enable-BitLocker -MountPoint $env:SystemDrive -UsedSpaceOnly -TpmProtector -ErrorAction Stop -SkipHardwareTest -Confirm:$false
					} else {
						Write-Log "Tpm Protector is ok. "
					}
					if(($DriveC.KeyProtector | Select-Object -ExpandProperty KeyProtectorType) -notcontains "RecoveryPassword"){
						Write-Log "RecoveryPassword Protector is absent. Try to add it."
						Enable-BitLocker -MountPoint $env:SystemDrive -UsedSpaceOnly -RecoveryPasswordProtector -ErrorAction Stop -SkipHardwareTest -Confirm:$false 
					} else {
						Write-Log "RecoveryPassword Protector is ok. "
					}
					Write-Log "Enable BitLocker"
					Resume-BitLocker -MountPoint $env:SystemDrive  -ErrorAction Stop -Confirm:$false
				} catch {
					Write-Log "Failed to enable Bitlocker" -Type Error -Exception $_.Exception
				}
			}
		</remediationScript>
	</item>

MDM Enrollment

 
<item buttonText="Start Enrollment" buttonTextDone="Already Enrolled" title="MDM Enrollment" description="Your Device has to be enrolled to the Management System. During enrollment, you have to specify your credentials." executionMessage="Enrollment Wizard started, waiting on user input!">
		<checkScript>
			if((Get-WmiObject -Namespace ROOT\CIMV2\mdm -Class MDM_MgmtAuthority -Filter "ServerList Like '%manage.microsoft.com%'" -ErrorAction SilentlyContinue) -eq $null){
				$false
			} else {
				$true
			}
		</checkScript>
		<remediationScript topMost="false">
			Start-Process "ms-device-enrollment:?mode=mdm"
			while((Get-Process -Name WWAHost -ErrorAction SilentlyContinue)){
				Start-Sleep -Seconds 1
			}
			$StartTime = [DateTime]::Now.AddSeconds(20)
			[TimeSpan]$Countdown = $StartTime - [DateTime]::Now 
			while((Get-WmiObject -Namespace ROOT\CIMV2\mdm -Class MDM_MgmtAuthority -Filter "ServerList Like '%manage.microsoft.com%'" -ErrorAction SilentlyContinue) -eq $null -or (($StartTime - [DateTime]::Now).TotalSeconds) -gt 0){
				Start-Sleep -Seconds 1
				[TimeSpan]$Countdown = $StartTime - [DateTime]::Now
			}
		</remediationScript>
	</item>

Install Company Portal

 <item buttonText="Company Portal" buttonTextDone="Already Installed" title="Company Portal" description="The Company Portal is required to install additional apps on the device. It provides a shop like experience." executionMessage="Windows Store started, waiting on user input!">
		<checkScript>
			if((Get-AppxPackage -User $env:USERNAME -Name Microsoft.CompanyPortal) -ne $null){
                $true
            } else {
                $false
            }
		</checkScript>
		<remediationScript topMost="false">
			Start-Process "ms-windows-store://pdp/?ProductId=9wzdncrfj3pz"
			while((Get-Process -Name WinStore.App -ErrorAction SilentlyContinue)){
				Start-Sleep -Seconds 1
			}
			$StartTime = [DateTime]::Now.AddSeconds(30)
			[TimeSpan]$Countdown = $StartTime - [DateTime]::Now 
            $Message.Content = "Current Status: Waiting until Company Portal is installed ..."
			while(((Get-AppxPackage -User $env:USERNAME -Name Microsoft.CompanyPortal) -eq $null)){
				Start-Sleep -Seconds 1
				[TimeSpan]$Countdown = $StartTime - [DateTime]::Now
			}
		</remediationScript>
	</item>

Set Windows Language

<item buttonText="Set Language" buttonTextDone="Language Selected" title="Windows Language" description="Set your preferred Language. Then most of the apps are changed to this language." executionMessage="Waiting on user input!">
		<checkScript>
			if((Get-WinUILanguageOverride -ErrorAction SilentlyContinue) -eq $null){
				$false
			} else {
				$true
			}
		</checkScript>
		<remediationScript topMost="false">
			$x = $null

			[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
			[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
			$objForm = New-Object System.Windows.Forms.Form
			$objForm.Size = New-Object System.Drawing.Size(300,220)
			$objForm.StartPosition = "CenterScreen"
			$objForm.TopMost = $True
			$objForm.MaximizeBox = $false;
			$objForm.MinimizeBox = $false;

			$objForm.KeyPreview = $True
			$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter") 
			        {
				$name=$objListbox.SelectedItem;
				if($name -eq $null) { $name = "en-US" }
				Set-WinUILanguageOverride $name
				Set-Culture -CultureInfo de-CH
				$objForm.Close()}})

			$objListbox = New-Object System.Windows.Forms.ListBox
			$objListbox.Location = New-Object System.Drawing.Size(70,20)
			$objListbox.Size = New-Object System.Drawing.Size(150,20)
			$objListbox.SelectionMode = "One"
			$OSInfo = Get-WmiObject -Class Win32_OperatingSystem
			$lps = $OSInfo.MUILanguages
			foreach($lp in $lps){
				[void] $objListbox.Items.Add($lp)
			}

			$objListbox.SetSelected(0,$True)
			$objListbox.Height = 100
			$objForm.Controls.Add($objListbox)

			$objButton = New-Object System.Windows.Forms.Button
			$objButton.Location = New-Object System.Drawing.Size(70,100)
			$objButton.Size = New-Object System.Drawing.Size(150,50)
			$objButton.Text = "OK"
			$objButton.TextAlign = "MiddleCenter"
			$objButton.Add_Click({
				$name=$objListbox.SelectedItem;
				if($name -eq $null) { $name = "en-US" }
				Set-WinUILanguageOverride $name
				Set-Culture -CultureInfo de-CH
				$objForm.Close()})
			$objForm.Controls.Add($objButton)

			[void] $objForm.ShowDialog()

			
		</remediationScript>
	</item>


Reboot Computer & Uninstall Enrollment App

<item buttonText="Reboot Computer" title="Reboot System" description="After the above changes, the System has to reboot." executionMessage="Reboot will start soon.">
		<checkScript>
			$false
		</checkScript>
		<remediationScript topMost="true">
			 # Remove Users from local Admins
    $cs = (Get-WmiObject WIN32_ComputerSystem)
    if($cs.Domain -ne "AzureAD" ){
        $localAdminGroupName = (Get-WmiObject win32_group -Filter "LocalAccount=True AND SID = 'S-1-5-32-544'").Name
        net localgroup $localAdminGroupName Everyone /DELETE
    
    }

    # Add Enrollment App to AutoStart 
    try{
        
        Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name "MDMEnrollment" -Force
    } catch {

    }

    # Disable UAC

    New-ItemProperty -Path "REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value 1 -PropertyType DWord -Force -ErrorAction SilentlyContinue
    
			Restart-Computer -Force
		</remediationScript>
	</item>