Use Proactive Remediations to detect users running out of hard drive space

A component of Endpoint Analytics, Proactive Remediations are an incredibly useful tool in Microsoft Endpoint Manager that help you detect and remediate issues proactively (as the name implies). Provided you are appropriately licensed, Endpoint Analytics and it’s components are incredibly easy to take advantage of. For Proactive Remediations all you really need to do is write the script you want to run on your targeted devices.

The Docs for proactive remediations provide sample scripts, so we have a great starting place. I’ll grab the Detect Stale Group Policies script:

Detect stale group policies

And then in Visual Studio Code, I’ll update that script to detect our remaining hard drive space. This will use the Get-Volume command to check the space, and simply divide size remaining by size. Here’s what our final script will look like:

$percentageUsed = .9

try {
    $windowsDrive = Get-Volume -DriveLetter C
    $actualUse = $windowsDrive.SizeRemaining/$windowsDrive.Size
    if ($actualUse -gt $percentageUsed){
        #Exit 1 for Intune. "Match" to remediate in SCCM
        Write-Host "Match"
        exit 1
    }
    else {
        #Exit 0 for Intune and "No_Match" for SCCM, only remediate "Match"
        Write-Host "No_Match"
        exit 0
    }
}
catch {
    $errMsg = $_.Exception.Message
    return $errMsg
    exit 1
} 

And I went ahead and included some notes as well:

Script in Visual Studio

Now that we have the script completed, we will go to endpoint.microsoft.com > Reports > Endpoint analytics > Proactive remediations > Create script package:

MEM Console

We’ll provide a simple name and notes:

Detect Low Space

And then on the Settings pane, we’ll be prompted to upload the script we just created:

Note the warning that “This script will run in detect-only mode because there is no remediation script.” If you have ideas on how to remediate a low hard drive detection via a PowerShell script, let me know! But that warning makes sense since we are only detecting something.

In my testing, I used 64-bit PowerShell, so I’ll select the prompt to run in 64-bit. But I wouldn’t expect this to be required:

Run script in 64-bit

Then, as per usual, we’ll assign and create it!

After a quick refresh we’ll spot the script as being active in the proactive remediations portal:

And if we click into that script package name, after waiting for it to run on some devices we will find:

Devices without issues

Our device was detected without any issues! Which makes sense considering we were looking for 90% full, and our test device’s disk is barely over half:

That’s all it takes to write a simple script and report on it in Proactive Remediations. If you have any ideas on something you would like to detect and remediate, let me know! Until then, happy scripting 🎨

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *