PowerShell Exec MCP Server

This is the RECOMMENDED tool for Intune compliance as it creates both required scripts: - Detection script: Checks current system state and determines compliance - Remediation script: Fixes non-compliant conditions with proper safeguards Both scripts follow Microsoft Intune best practices: - Proper exit codes (Detection: 0=compliant, 1=non-compliant, 2=error; Remediation: 0=success, 1=failure, 2=error) - Event log integration for centralized monitoring - System restore points before changes (remediation only) - Comprehensive error handling and logging - No user interaction (silent execution required) Microsoft References: - Intune Remediation Scripts Overview: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations - Script Deployment Best Practices: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations-script-samples - PowerShell Requirements: https://docs.microsoft.com/en-us/mem/intune/apps/intune-management-extension - Exit Code Standards: https://docs.microsoft.com/en-us/mem/intune/apps/troubleshoot-mam-app-deployment - Monitoring and Reporting: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations-monitor Args: description: Clear description of what the scripts should detect and remediate (e.g., 'Ensure Chrome browser is installed with latest version') detection_logic: PowerShell code that performs the compliance check. Use 'Complete-Detection -Compliant $true/$false -Message "status"' to indicate result remediation_logic: PowerShell code that fixes non-compliant conditions. Use 'Complete-Remediation -Success $true/$false -Message "result"' to indicate completion output_dir: Optional directory to save both scripts. If not provided, returns script content in response timeout: Command timeout in seconds (1-300, default 60) Returns: Dictionary containing both scripts: {"detection_script": "content/path", "remediation_script": "content/path"} Example: Generate scripts to manage Chrome browser installation: ``` result = await generate_intune_script_pair( description="Ensure Chrome browser is installed with version 100.0.0.0 or higher", detection_logic=''' try { $app = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe" -ErrorAction Stop $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion $compliant = [version]$version -ge [version]"100.0.0.0" Complete-Detection -Compliant $compliant -Message "Chrome version: $version (Required: 100.0.0.0+)" } catch { Complete-Detection -Compliant $false -Message "Chrome not found or inaccessible" } ''', remediation_logic=''' try { $installer = "$env:TEMP\ChromeSetup.exe" Write-IntuneLog "Downloading Chrome installer..." Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing Write-IntuneLog "Installing Chrome silently..." Start-Process -FilePath $installer -Args "/silent /install" -Wait Remove-Item $installer -Force Complete-Remediation -Success $true -Message "Chrome installation completed successfully" } catch { Complete-Remediation -Success $false -Message "Chrome installation failed: $($_.Exception.Message)" } ''', output_dir="chrome_intune_scripts" ) ``` Tips: - Always test both scripts in a controlled environment first - Use descriptive logging messages for easier troubleshooting - Consider the impact of remediation actions (e.g., system restarts, user disruption) - Use Write-IntuneLog for detailed progress tracking - Ensure detection logic is fast and efficient (runs frequently) - Make remediation logic idempotent (safe to run multiple times)

{ "properties": { "description": { "title": "Description", "type": "string" }, "detection_logic": { "title": "Detection Logic", "type": "string" }, "output_dir": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Output Dir" }, "remediation_logic": { "title": "Remediation Logic", "type": "string" }, "timeout": { "anyOf": [ { "type": "integer" }, { "type": "null" } ], "default": 60, "title": "Timeout" } }, "required": [ "description", "detection_logic", "remediation_logic" ], "type": "object" }