ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9912b044a36ff61bf2ae19e80f035731a7a300c1
pxe-server/playbook/shopfloor-setup/Shopfloor/sync_intune.bat
cproudlock 9912b044a3 Shopfloor: single autologon, clear Start pins, Intune sync tool, update docs 
- AutoLogonCount reduced from 2 to 1 in Run-ShopfloorSetup.ps1
- Remove default pinned Start Menu tiles and set blank layout for future users
- Add sync_intune.bat: triggers MDM sync and polls for SFLD group policies
- Update README.md and SETUP.md with current project state (boot chain, new
  scripts, samba shares, webapp pages, commit history)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 09:43:00 -04:00

81 lines
2.4 KiB
Batchfile
Raw Blame History

@echo off
title Intune Policy Sync
:: Self-elevate to administrator
net session >nul 2>&1
if %errorlevel% neq 0 (
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)
echo.
echo ========================================
echo Intune Policy Sync
echo ========================================
echo.
:: Check current state
reg query "HKLM\Software\GE\SFLD" >nul 2>&1
if %errorlevel% equ 0 (
echo SFLD policies already applied.
echo.
echo Run sync anyway? (Y/N)
choice /c YN /n
if errorlevel 2 exit /b
)
:: Trigger sync via the MDM enrollment scheduled task
echo Triggering Intune sync...
powershell -ExecutionPolicy Bypass -Command ^
"$enrollPath = 'HKLM:\SOFTWARE\Microsoft\Enrollments'; "^
"$found = $false; "^
"Get-ChildItem $enrollPath -ErrorAction SilentlyContinue | ForEach-Object { "^
" $id = $_.PSChildName; "^
" $provider = (Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).ProviderID; "^
" if ($provider -eq 'MS DM Server') { "^
" $found = $true; "^
" Write-Host \"Enrollment ID: $id\"; "^
" $taskPath = \"\Microsoft\Windows\EnterpriseMgmt\$id\\\"; "^
" Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue | "^
" Where-Object { $_.TaskName -match 'Schedule #3' } | "^
" ForEach-Object { "^
" Start-ScheduledTask -InputObject $_; "^
" Write-Host \"Sync triggered: $($_.TaskName)\"; "^
" }; "^
" } "^
"}; "^
"if (-not $found) { Write-Host 'ERROR: No Intune enrollment found.' -ForegroundColor Red }"
echo.
echo Waiting for SFLD group policies (HKLM\Software\GE\SFLD)...
echo Press Ctrl+C to stop waiting.
echo.
:: Poll every 15 seconds for up to 10 minutes
set /a attempts=0
set /a max=40
:poll
reg query "HKLM\Software\GE\SFLD" >nul 2>&1
if %errorlevel% equ 0 (
echo.
echo ========================================
echo SFLD group policies applied!
echo ========================================
echo.
pause
exit /b
)
set /a attempts+=1
if %attempts% geq %max% (
echo.
echo Timed out after 10 minutes. SFLD policies not yet applied.
echo The device category may not be assigned yet in Intune.
echo Assign the category in the portal, then run this again.
echo.
pause
exit /b
)
echo [%attempts%/%max%] Waiting... checking again in 15s
timeout /t 15 /nobreak >nul
goto poll
Reference in New Issue View Git Blame Copy Permalink