-
Notifications
You must be signed in to change notification settings - Fork 15
/
Remediate-MachineCertificateEkuFilter.ps1
66 lines (43 loc) · 1.62 KB
/
Remediate-MachineCertificateEkuFilter.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<#
.SYNOPSIS
PowerShell script to update the machine certificate EKU filter setting for Always On VPN device tunnel connections.
.EXAMPLE
.\Remediate-MachineCertificateEkuFilter.ps1
.DESCRIPTION
This PowerShell script is deployed as a remediation script using Proactive Remediations in Microsoft Endpoint Manager/Intune.
.LINK
https://github.com/richardhicks/endpointmanager/blob/main/Remediate-MachineCertificateEkuFilter.ps1
.LINK
https://docs.microsoft.com/en-us/mem/analytics/proactive-remediations
.LINK
https://directaccess.richardhicks.com/2021/12/06/always-on-vpn-and-intune-proactive-remediation/
.LINK
https://directaccess.richardhicks.com/
.NOTES
Version: 1.0.1
Creation Date: July 15, 2022
Last Updated: August 26, 2022
Author: Richard Hicks
Organization: Richard M. Hicks Consulting, Inc.
Contact: rich@richardhicks.com
Web Site: https://www.richardhicks.com/
#>
[CmdletBinding()]
Param (
)
$ConnectionName = 'Enter your Always On VPN device tunnel connection here'
$Oid = 'Enter your application policy OID here'
$Vpn = Get-VpnConnection -Name $ConnectionName -AllUserConnection
Try {
If ($Null -eq $Vpn) {
Write-Warning "VPN connection $VPN not found."
Exit 0
}
Write-Verbose "Updating VPN connection $Vpn with machine certificate filter OID $Oid..."
Set-VpnConnection -Name $ConnectionName -MachineCertificateEKUFilter $Oid -AllUserConnection
}
Catch {
$ErrorMessage = $_.Exception.Message
Write-Warning $ErrorMessage
Exit 1
}