1

we are trying to create a custom compliance policy for our Intune environment, but we keep getting an error: 65007 (Script returned failure).

When we run the script locally on the clients it works just fine. But every time we try to run it from Intune we get the error message above.

We would appreciate it very much if anyone has any idea of what could be causing the issue.

Powershell script:

# Sets how old the updates are allowed to be
$DayOffset = -8

$AvailableUpdates = @()
$objUpdateSession = New-Object -ComObject Microsoft.Update.Session
$objUpdateSearcher = $objUpdateSession.CreateupdateSearcher()
$arrAvailableUpdates = @($objUpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0").Updates)

$arrAvailableUpdates | ForEach-Object {
    $CategoryID = $_.Categories | Select CategoryID -ExpandProperty CategoryID
    # Application       5c9376ab-8ce6-464a-b136-22113dd69801
    # Connectors        434de588-ed14-48f5-8eed-a15e09a991f6
    # CriticalUpdates   e6cf1350-c01b-414d-a61f-263d14d133b4
    # DefinitionUpdates e0789628-ce08-4437-be74-2495b842f43b
    # DeveloperKits     e140075d-8433-45c3-ad87-e72345b36078
    # FeaturePacks      b54e7d24-7add-428f-8b75-90a396fa584f
    # Guidance          9511d615-35b2-47bb-927f-f73d8e9260bb
    # SecurityUpdates   0fa1201d-4330-4fa8-8ae9-b877473b6441
    # ServicePacks      68c5b0a3-d1a6-4553-ae49-01d3a7827828
    # Tools             b4832bd8-e735-4761-8daf-37f882276dab
    # UpdateRollups     28bc880e-0592-4cbf-8f95-c79b17911d5f
    # Updates           cd5ffd1e-e932-4e3a-bf74-18bf0b1bbd83

    If(($CategoryID -eq 'e6cf1350-c01b-414d-a61f-263d14d133b4' -or $CategoryID -eq '0fa1201d-4330-4fa8-8ae9-b877473b6441' -or $CategoryID -eq '28bc880e-0592-4cbf-8f95-c79b17911d5f') -and $_.LastDeploymentChangeTime -le ([datetime]::NOW).AddDays($DayOffset))
    {
        $AvailableUpdates += $_
    }
}
If($AvailableUpdates.Count -gt 0)
{
    $strUpdateStatus = @{"Update status" = "Not up-to-date"}
}
Else
{
    $strUpdateStatus = @{"Update status" = "Up-to-date"}
}
return $strUpdateStatus | ConvertTo-Json -Compress

The json file:

{

"Rules":[ 

    { 

       "SettingName":"Update status",

       "Operator":"IsEquals",

       "DataType":"String",

       "Operand":"Up-to-date",

       "MoreInfoUrl":"https://testurl.com",

       "RemediationStrings":[ 

          { 

             "Language":"en_US",

             "Title":"Device must be running the latest cumulative update for Windows.",

             "Description": "Please make sure that the latest cumulative update for Windows is installed."

          }

       ]

    }

 ]

}
zyntrax
  • 88
  • 9
  • I have mixed experiences when trying to create COM objects in scripts which run outside of a regular user context (usually it doesn't work) – bluuf Mar 23 '23 at 10:03
  • Did you read following : https://learn.microsoft.com/en-us/mem/intune/protect/compliance-use-custom-settings?force_isolation=true – jdweng Mar 23 '23 at 10:06
  • 1
    I have the same error and I tried to change the script to run in the user context. I will report back if this fixes the issue. My script is using "Get-CimInstance" cmdlet. – swissbuechi Mar 30 '23 at 12:14
  • It also does not work when running in user context. – swissbuechi Mar 30 '23 at 13:58

0 Answers0