-
Notifications
You must be signed in to change notification settings - Fork 76
/
Detect-VPNProfile.ps1
55 lines (49 loc) · 2.39 KB
/
Detect-VPNProfile.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<#
.SYNOPSIS
This scripts detects if the user has a relevant VPN profile, as configured with the vpnProfileVersion variable.
This was made as an easy approach to version control.
.DESCRIPTION
Currently when configuring the VPN profile via Intune and assign it to Windows 11 devices, Intune comes back with some random errors.
Event logs comes back with event id 404, error CSP URI: (./User/Vendor/MSFT/VPNv2/W11-VPN-User-Tunnel), Result: (The specified quota list is internally inconsistent with its descriptor.
This serves as an alternative to using Configuration Profiles in Intune and instead leverage Proactive Remediations.
.NOTES
Filename: Detect-VPNProfile.ps1
Version: 1.0
Author: Martin Bengtsson
Blog: www.imab.dk
Twitter: @mwbengtsson
.LINK
https://imab.dk/deploy-your-always-on-vpn-profile-for-windows-11-using-proactive-remediations-in-microsoft-intune
#>
$global:RegistryPath = "HKCU:\SOFTWARE\imab.dk\VPN Profile"
$global:RegistryName = "VPNProfileVersion"
$global:vpnProfileVersion = "1"
function Get-VPNProfileVersion() {
if (Test-Path -Path $global:RegistryPath) {
if (((Get-Item -Path $global:RegistryPath -ErrorAction SilentlyContinue).Property -contains $global:RegistryName) -eq $true) {
$vpnVersion = (Get-ItemProperty -Path $global:RegistryPath -Name $global:RegistryName -ErrorAction SilentlyContinue).VPNProfileVersion
if (-NOT[string]::IsNullOrEmpty($vpnVersion)) {
Write-Output $vpnVersion
}
}
}
}
$getVersion = Get-VPNProfileVersion
if (-NOT[string]::IsNullOrEmpty($getVersion)) {
if ($getVersion -lt $global:vpnProfileVersion) {
Write-Output "VPN profile version in registry is less than the version configured in the script. Needs updating"
exit 1
}
elseif ($getVersion -eq $global:vpnProfileVersion) {
Write-Output "VPN profile version in registry matches the version configured in the script. Doing nothing"
exit 0
}
elseif ($getVersion -gt $global:vpnProfileVersion) {
Write-Output "VPN profile version in registry is greater than the version configured in the script. This is unexpected. Doing nothing"
exit 0
}
}
else {
Write-Output "VPN profile version not found in registry. This usually means, that the profile needs updating"
exit 1
}