If you read this post, it’s because we are the same. You cannot find where you stored your script.
You succeeded to run a script from Intune either for proactive remediations or MacOS Custom Attributes. Sadly, you can’t find the script you wrote and you would like to have it back from Intune.
Using the Intune console, you cannot download the script you uploaded.
However, there is a way to get it back using Graph API. It works for bash scripts and powershell scripts you lost.
Use Graph Explorer (one of my best friends)
Let’s begin the research in the node where the PS scripts are : https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts
Then, let’s dig a bit further using the id of the script you want to get back. You can find this id either in the Graph Explorer or directly in the web console URL
You will observe an base-64 encoded content in the « scriptcontent » field.
Let’s decrypt that to text then. Copy it and paste it either in an online decoder or using your favorite editor : Visual Studio Code
I use an extension to do it and i get this result :
And here you are, with your script back !
Additionnal kind of scripts
You can get your proactive remediations using this API : https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/idofyourscript
You can get your bash script for Custom Attributes MacOS using this API : https://graph.microsoft.com/beta/deviceManagement/deviceCustomAttributeShellScripts/idofyourscript
Same song again. You copy the base-64 encoded content and decode it with your editor.
3 commentaires sur « Get Powershell and Bash Scripts back from Intune using MS Graph »
Hi, is there a way to retrieve your Win32App ps1 install scripts?
If your install script is wrapped in your .intunewin file, i’m affraid there is no easy way to get your source back.
You can either grab your script in an enrolled device in the local folders C:\Program Files (x86)\Microsoft Intune Management Extension\Content or C:\Windows\IMECache. This is where the content of your intunewin is decompressed, with your ps1 script in it.
Or there is a great post about grabbing and decoding the .intunewinfile from Intune directly using an AADJ device : https://msendpointmgr.com/2019/01/18/how-to-decode-intune-win32-app-packages/
In both cases, you need an enrolled device next to you.