Enable Windows Features with Proactive Remediations

by ·

I was working on a case where the customer wanted to enable the Windows optional feature “Virtual Machine Platform”. This is something you cannot find in settings catalog. So I needed to develop a custom solution for this case. This is a perfect example where we can use Proactive remediations in Endpoint analytics. We simply detect if the windows optional feature is installed, if not then install it.

Proactive Remediations

This is a feature inside Endpoint Analytics that can be used to solve problems. To explain it in a simple way. It runs a detection script to detect if the problem exist. If the detection script finds the signature of the problem, a remediation script is run to fix the problem. You can run the detection script once or schedule it to run on a daily or hourly interval. Make sure you do simple fast tasks in detection script to not overload the windows endpoints.

Detect Windows Optional Features

The script simply runs the built in command Get-WindowsOptionalFeature. This command will detect if the specified Windows Optional feature is installed or not. If the Windows Optional feature already is installed, it will return an Exit Code of “0”. If the feature is not installed, it will return Exit Code “1” A nice thing to do is also to return a message with the write-host command. This message will be shown in the MEM console.

# Detect if Windows Optional Feature is enabled.
$featureName = "VirtualMachinePlatform" 
if((Get-WindowsOptionalFeature -Online -FeatureName $featureName).State -eq "Enabled")
{
    Write-host "Windows Optional Feature $featureName is enabled" 
    Exit 0
}
else
{
    Write-host "Windows Optional Feature $featureName is not enabled"
    Exit 1
}

Remediate Windows Optional Features

If the detection script return an exit code of 1, the remediation script will run. This script simply enables the Windows Optional Feature and returns the result.

# Remediate and Enable Windows Optional Feature.

$featureName = "VirtualMachinePlatform" 

Try
{
    if((Get-WindowsOptionalFeature -Online -FeatureName $featureName).State -ne "Enabled")
        {
        Try{Enable-WindowsOptionalFeature -Online -FeatureName $featureName -All -NoRestart
            write-host "$featureName successfully enabled"}
        catch{Write-host "$featureName failed to enable: $error"}
       }
    else {Write-host "$featureName already enabled"}  
}
Catch
    {
        Write-host "$error"
    }

Deploy with MEM Intune

The next part is to deploy the Proactive Remediation scripts with Intune.

  1. Open up Intune and select the node Reports and select Endpoint Analytics.
  2. Select Proactive remediations
  3. Select +Create Script Package


  1. Set the basic info
  1. Add the detection and the remediation scripts. I usually also select to run in 64-bit Powershell.
  1. Assign to your targets and do not miss the possibility to customize the schedule!

Monitor the results in MEM portal

Now we can monitor the deployment in the MEM portal. And the monitoring is really nice and useful.

  1. Open up Intune and select the node Reports and select Endpoint Analytics.
  2. Select Proactive remediations
  3. Select the package you deployed.
  4. In the overview, you can see how many devices has been detected with the feature missing. and how many has been “fixed”
  1. In the Device status you can se the state of each endpoint
  1. Here you can also add columns for this view. with this you can see the returned result from the execution. and also if any error was reported when running the scripts.

The columns are a bit short in the table, but if you open up the “review” you can see the complete returned value:

Optimization

As I mentioned before, don´t run to heavy scripts. Make sure you don´t overload your endpoints with detections and remediations that use lots of CPU or memory.

In this small example above, I started to look for additional ways of detecting Windows Optional Features. I found a way that was in fact three times as fast as the above one. By using WMI and the class Win32_optionalfeature, I managed to optimize detection from 0.33 seconds to 0.11 seconds.

So the optimized detection script now look like this instead:

# Detect if Windows Optional Feature is enabled.
$featureName = "VirtualMachinePlatform" 
if((Get-wmiobject -query "select * from win32_optionalfeature where name = 'virtualmachineplatform'").installState -eq "1")
{
    Write-host "Windows Optional Feature $featureName is enabled" 
    Exit 0
}
else
{
    Write-host "Windows Optional Feature $featureName is not enabled"
    Exit 1
}

About The Author

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB.
Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

See author's posts

Tags:

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

You may also like...