ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e3f2bbc6a5a2d864698e0039fc5fd54042c0809e
pxe-server/playbook/shopfloor-setup/Shopfloor/sync_intune.bat
cproudlock e3f2bbc6a5 Add QR code display of Intune device ID to sync tool 
Bundles QRCoder.dll (184KB, .NET 4.0) to render the Azure AD device
GUID as a scannable QR code in the console when sync_intune.bat runs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 10:15:20 -04:00

106 lines
3.5 KiB
Batchfile
Raw Blame History

@echo off
title Intune Policy Sync
:: Self-elevate to administrator
net session >nul 2>&1
if %errorlevel% neq 0 (
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)
echo.
echo ========================================
echo Intune Policy Sync - %COMPUTERNAME%
echo ========================================
echo.
:: Show Intune Device ID and QR code
powershell -ExecutionPolicy Bypass -Command ^
"$dsreg = dsregcmd /status 2>&1; "^
"$line = $dsreg | Select-String 'DeviceId'; "^
"if ($line) { "^
" $deviceId = $line.ToString().Split(':')[1].Trim(); "^
" Write-Host \"Intune Device ID: $deviceId\" -ForegroundColor Cyan; "^
" Write-Host ''; "^
" $dllPath = 'C:\Enrollment\shopfloor-setup\Shopfloor\QRCoder.dll'; "^
" if (Test-Path $dllPath) { "^
" Add-Type -Path $dllPath; "^
" $gen = New-Object QRCoder.QRCodeGenerator; "^
" $data = $gen.CreateQrCode($deviceId, [QRCoder.QRCodeGenerator+ECCLevel]::L); "^
" $ascii = New-Object QRCoder.AsciiQRCode($data); "^
" $qr = $ascii.GetGraphic(1, [char]0x2588 + [char]0x2588, ' '); "^
" Write-Host $qr; "^
" } else { "^
" Write-Host 'QRCoder.dll not found - skipping QR code' -ForegroundColor Yellow; "^
" } "^
"} else { "^
" Write-Host 'Device not yet Azure AD joined.' -ForegroundColor Yellow; "^
"}"
echo.
:: Check current state
reg query "HKLM\Software\GE\SFLD" >nul 2>&1
if %errorlevel% equ 0 (
echo SFLD policies already applied.
echo.
echo Run sync anyway? (Y/N)
choice /c YN /n
if errorlevel 2 exit /b
)
:: Trigger sync via the MDM enrollment scheduled task
echo Triggering Intune sync...
powershell -ExecutionPolicy Bypass -Command ^
"$enrollPath = 'HKLM:\SOFTWARE\Microsoft\Enrollments'; "^
"$found = $false; "^
"Get-ChildItem $enrollPath -ErrorAction SilentlyContinue | ForEach-Object { "^
" $id = $_.PSChildName; "^
" $provider = (Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).ProviderID; "^
" if ($provider -eq 'MS DM Server') { "^
" $found = $true; "^
" Write-Host \"Enrollment ID: $id\"; "^
" $taskPath = \"\Microsoft\Windows\EnterpriseMgmt\$id\\\"; "^
" Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue | "^
" Where-Object { $_.TaskName -match 'Schedule #3' } | "^
" ForEach-Object { "^
" Start-ScheduledTask -InputObject $_; "^
" Write-Host \"Sync triggered: $($_.TaskName)\"; "^
" }; "^
" } "^
"}; "^
"if (-not $found) { Write-Host 'ERROR: No Intune enrollment found.' -ForegroundColor Red }"
echo.
echo Waiting for SFLD group policies (HKLM\Software\GE\SFLD)...
echo Press Ctrl+C to stop waiting.
echo.
:: Poll every 15 seconds for up to 10 minutes
set /a attempts=0
set /a max=40
:poll
reg query "HKLM\Software\GE\SFLD" >nul 2>&1
if %errorlevel% equ 0 (
echo.
echo ========================================
echo SFLD group policies applied!
echo ========================================
echo.
pause
exit /b
)
set /a attempts+=1
if %attempts% geq %max% (
echo.
echo Timed out after 10 minutes. SFLD policies not yet applied.
echo The device category may not be assigned yet in Intune.
echo Assign the category in the portal, then run this again.
echo.
pause
exit /b
)
echo [%attempts%/%max%] Waiting... checking again in 15s
timeout /t 15 /nobreak >nul
goto poll
Reference in New Issue View Git Blame Copy Permalink