Master Autopilot endpoint maintenance with Teamviewer
The Autopilot endpoint life-cycle is a fairly functional system. Nevertheless it can happen to deliver manual assistance to an endpoint when the user/device is experiencing issues. And besides of some synchronization tasks, retirement options and security features via the Endpoint Manager portal, the functions are pretty limited. For this reason a Teamviewer Connector can help to deliver remote assistance to all enrolled devices.
Things to know in advance
Troubleshoot User assignments for user targeted policies & apps. This is very helpful if a specific user has negative impacts. Accessible through Endpoint Manager.
Check device status. Go to Intune>all devices>select the affected device, in the menu on the side navigate through the different options.
This will let you know the exact status of every single policy applied. Valid are for example:
- Succeeded - the policy was fully applied.
- not applicable - some settings may not be suitable for the device, this also goes beyond the device to differentiate even between all users that were once logged in to that device.
- conflict - one targeted policy setting may suspend settings from an other policy. (This is quite nice, because you can investigate which policies block each other.)
I will not lose too much information referring to this, since everything how to set up and management is described here. One thing; Teamviewer Corporate license will be needed to create a design & deploy MSI installer file. To receive pricing options contact Teamviewer.
So how do you "master" support or maintenance requests? As soon as you have Teamviewer ready you can import Scripts to execute them on the device within a remote assistance session. This may not sound too powerful at first but I will show you what I've created with it ;) Another advantage is that supported OS are not only Windows Powershell scripts but also with MacOS and Linux. Import scripts here:
Connection with Chocolatey
As you may know, I'm a big fan of Chocolatey. Read more about Chocolatey. Short version: Chocolatey is basically apt for Windows, which means that common applications can be installed through command line (Powershell) from a central internet-hosted repository. This is called a package service.
So what I created is a simple script to reinstall complete Chocolatey with all content/apps. First I copied the normal uninstall Choco script from official Chocolatey website. Then I changed the script to remove all apps and added the part where the exact same apps get (re)installed like they were before uninstallation. The full script is on GitHub.
What have I exactly done, to get this working? Let's break it down to two parts:
(of course between this is the official uninstall command provided by Choco)
Capture currently installed apps by Choco
Before we uninstall Chocolatey, it would be good to know which apps were installed. The solution for this is an array were "choco list -l -r" gets executed and stored into incrementing array positions. Then I have to split or trim the values because I don't want to have the version numbers. Later on this would lead into installation fail. So an example of an array position looks like: googlechrome (instead of googlechrome 78.0). The code to implement that, looks like:
Reinstall Chocolatey & captured apps
Second, reinstall Chocolatey and additionally the apps remembered by the array. (that were installed before removal)
Using the script on a client machine
Don't forget to upload the script then. So now we can use this script, when logged in to Teamviewer with an account associated to the companyaccount where the scripts are located. In the top menu move to actions>scripts, this is were all your scripts should be visible.
The next time a user encounters any influences, just run the script and everything will be renewed. Automation: I love it!
Think of all the great possibilities of this, giving support to users with more scripts like this will save you a ton of time and nerves.