Compliance Script too big for Intune...

[peterc2609]

Hi All

Intune has a max size limit of 200kb for shell scripts - how are people getting around this? The standard size for the CIS Level 1 compliance script is close to 400kb.

[jamierrichardson]

Many who use InTune probably read this:

https://www.intuneirl.com/secure-contain-protect-your-data-deploy-mscp-with-intune/

Unfortunately, as written, the instructions do not work as intended, and I'm a bit surprised how little testing the author performed. The only baseline you can deploy is cislvl1, but the script will not run in the background as expected without flags, and the rest of the baselines in the project are outside your grasp entirely.

However, all is not lost. There are workarounds, but they require some additional legwork to pull it off-

Use an installer package to install the script in a known secured location on the client, with appropriate permissions (root owned and executable). Then use InTune to run a script at that location (full path) with one line: the path to the script and the appropriate flag for check, fix, or check fix check.

The next issue you will face is that InTune is not good at preserving order of operations of the scripts you have sent- for example, they run in during a SLA window, and may run out of order. This might be a problem if you want run a check BEFORE a fix if you run them independently.

If you need more fine grained control over when to check and or fix, consider using a launchdaemon running --cfc (or two launchdaemons- one to check and one to fix) to run the script without mdm intervention at defined times as a preferred alternative. These can be added to the installer package, and a post install script can activate them. Make sure to include PPPC settings in order to allow the running of the script.

If this is too burdensome, please open support tickets with Microsoft support to remove the arbitrary 200K script limitation in InTune and to respect order of operation for sent shell scripts. It is up to them to provide a solution.