If you’re managed Macs and they’ve started to display a “Required Data Notice” popup all the time, a setting in your MDM is upsetting Microsoft AutoUpdate.
When using Windows 10/11, Windows Plug & Play drivers can automatically install applications (unsecured, dangerous or both) on your computer. This is a feature called Co Installers.
This – initially convenient – behaviour can be undesirable for most of us. For example a bug in Razer’s Synapse software allowed standard users to gain admin access to the machines.
At BoucheCousue, we offer managed services to our customers and our therefore looking to reduce any surface of attack on the machines being used by end users.
How to block CoInstallers?
You can manually edit your registry by adding or changing a key in
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionDevice Installer
Modify or create the value DisableCoInstallers as a DWORD-32 with a value of 1
How to block CoInstallers using Intune Remediations
For Intune, you can use Remediation Scripts to change registry settings automatically.
Here is the detection script to upload:
## DetectCoInstallers - BoucheCousue
## Detection script for Intune Remediation
# Parameters
$regkey="HKLM:SOFTWAREMicrosoftWindowsCurrentVersionDevice Installer"
$name="DisableCoInstallers"
$value=1
# Registry Detection Template
If (!(Test-Path $regkey))
{
Write-Output 'RegKey not available - remediate'
Exit 1
}
$check=(Get-ItemProperty -path $regkey -name $name -ErrorAction SilentlyContinue).$name
if ($check -eq $value){
write-output 'setting ok - no remediation required'
Exit 0
} Else {
write-output 'value not ok, no value or could not read - go and remediate'
Exit 1
}And the remediation one:
## DetectCoInstallers - BoucheCousue
## Remediation script for Intune Remediation
# Parameters
$regkey="HKLM:SOFTWAREMicrosoftWindowsCurrentVersionDevice Installer"
$name="DisableCoInstallers"
$value=1
#Registry Template
If (!(Test-Path $regkey))
{
New-Item -Path $regkey -ErrorAction stop
}
if (!(Get-ItemProperty -Path $regkey -Name $name -ErrorAction SilentlyContinue))
{
New-ItemProperty -Path $regkey -Name $name -Value $value -PropertyType DWORD -ErrorAction stop
write-output "remediation complete"
exit 0
}
set-ItemProperty -Path $regkey -Name $name -Value $value -ErrorAction stop
write-output "remediation complete"
exit 0Base script by MikeMDM, customized for the needs of this registry key.
Thanks: Big up to Mattias Melkersen for bringing up this topic on X and to Nathan McNulty for sharing the fix that Will Dormann offered.
Categories
Deploying the Slack token on macOS with JAMF
Slack has a Windows/macOS compatible feature that allows the use of a file called Signin.slacktoken helping the users be redirected to the right workspace to sign in.
If you use Google Drive on Mac OS (formerly named Drive File Stream), you might be having a hard time finding documents and folders in Spotlight. It is quite an easy problem to solve.
You want to update the BIOS of a PCEngines APU2 box from Pfsense? It is rather easy.
Your UniFi Controller is being stubborn and refuses to adopt an access point from Ubiquiti or a switch ? Or doesnt even display it?
You have of course checked the logs and ran the “info” command on the end device and you’re getting either Server Reject or Pending Adoption?
Categories
Linux: Delete empty directories
You have loads of empty directories to delete in Linux? There is a command for that!
Categories
Default password for EpsonNet Config
You’ve just set up a kitchen printer or receipt printer from Epson, have to access the admin panel to adjust some settings? The EpsonNet Config utility sometimes requires a password.
Categories
Run Speedtests from a PfSense router
If you need to check quickly how well the Internet connection of one of your pfSense routers is doing , why not use Speedtest ? And this just requires installing a small package on the machine.