Beware of Changing Regional Format after Intune Enrolment

Today I discovered an interesting bug with the Microsoft Intune Management Extension that hopefully you never have to come across. It surfaced on devices that were deployed with Windows Autopilot using a US-English base image, but because they were intended for use in the UK not the US, our deployment process installs the UK language pack and switches the display language and regional format from English (United States) to English (United Kingdom).

As you may know, in the US the datetime format is mm/dd/yyyy whereas in the UK – as in many other countries – the format is dd/mm/yyyy.

The problem was that Intune proactive remediation scripts that were set for a daily schedule executed once on the first day, then on subsequent days they didn’t execute at all. The reason was that when the PR script first executed, the OS was still using US regional format because they were triggered before the deployment process had made the language change, and then stamped the execution time in the registry in US format. The next time the IME calculated schedule, the OS was using UK regional format so it incremented the month value rather than the day value in the schedule.

In the example below from the IME log, the first 3 lines are for a script that is using the correct UK date format, but the next 3 lines are using US format. The schedule for the first script got correctly incremented to the next day, whereas the schedule for the second script got incremented to the next month instead!

You can also view the LastExecution dates in the registry:

So clearly changing the regional format to a different format post-install of the IME is gonna cause scheduling issues if the datetime format is different.

The (unsupported) fix was to simply delete certain IME registry keys that contained dates in the US format after the regional format has been changed, then restart the machine or restart the IME service and those scripts will get triggered again and the correct date formats stamped to the registry.

Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\InventorySetting" -Name LastFullSyncTimeUtc -Force -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\Win32AppSettings" -Name LastFullResultReportTimeUTC -Force -ErrorAction SilentlyContinue
$Items = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\SideCarPolicies\Scripts\Execution" -Recurse
foreach ($item in $items)
{
    $Value = $item.GetValue("LastExecution")
    if ($null -ne $Value)
    {
        $Path = $item.PSPath
        Remove-ItemProperty -Path $Path -Name LastExecution -Force -ErrorAction SilentlyContinue
    }
}
$item = Get-Item -Path "HKLM:\SOFTWARE\Microsoft\IntuneManagementExtension\SideCarPolicies\Scripts\Reports"
$subKey = $item.GetSubKeyNames()
Remove-ItemProperty -Path "$($item.PSPath)\$($subKey[0])" -Name LastFullReportTimeUTC -Force -ErrorAction SilentlyContinue

# !! Don't do this during Autopilot !! 
# Restart-Service -Name IntuneManagementExtension -Force

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.