Since I changed my clients from GPO managed to Intune controlled, not all settings from GPO, but some of them needs to be set through Intune as well. As outlined in my previous blog, I tried to disable the Fast Startup Option on Windows 10 through a CSP. And I did not even found a CSP supporting this setting. Within this blog, I would like to show, how you can configure the fast startup (“Turn on fast startup (recommended)”) setting in Windows 10 through Microsoft Intune:
You may ask, why I want to disable this? My reason: I don’t want to reuse a desktop session which was hibernated. And only a reboot will force the client to create a new desktop session, if fast startup is enabled.
Since I found a GPO setting regarding the fast startup option, I was quite sure that this will be the starting point (Administrative Templates\System\Shutdown):
But: As outlined within the help text of this setting, this does only enable it, disable the GPO setting does not disable the fast startup itself:
If you disable or do not configure this policy setting, the local setting is used.
So we need to set this setting directly into the registry, without using the “Policy” tree. The registry key for disabling fast startup is described on this answers forum of Microsoft (I could not find an official KB article of Microsoft):
answers.microsoft.com – Turn off Fast Startup
Now we have all the Information and just can go on with implementing our solution.
First I go to this registry key (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power) and set the value of HiberbootEnabled as I want to have it (0 is disabled):
Then I have to export this registry key to receive a *.reg file which should look like this:
Go ahead and delete all entries except the HiberbootEnabled, you should end up with a reg-file like this:
Now we need a solution to convert a reg file into a powershell script. Luckily, there is already such a converter available from Roger Zander which we can use for this. Simply navigate to https://reg2ps.azurewebsites.net/ and paste the content of your reg file into the upper section. Afterwards click on “Get remediation script” to receive the PowerShell script which sets the registry value:
Now copy the content of the PowerShell Script and save it into PowerShell script file with .ps1 as extension. Now it is time to navigate to the PowerShell Script Option of Intune Device Management. Open the Azure Portal and Navigate to Intune -> Device Configuration -> PowerShell Scripts:
Click on “Add”, and configure the new PowerShell Script:
You need to provide a name for the Script, I selected “Disable Fast Startup (HiberBoot)”. Then you need to provide the PowerShell script as saved before, and you are done. Leave the options on the default settings.
After a click on “Create”, the PowerShell Script is now added to the Intune blade, and can be assigned to user or device groups:
Afterwards, you should get the registry value set to the designated entry:
If you have troubles with the Intune PowerShell execution, I highly recommend this blog post from Oliver Kieselbach:
Deep dive Microsoft Intune Management Extension – PowerShell Scripts
Every step needs to be taken on a journey, this was one of them 🙂
4 thoughts on “Intune – Configure “Fast startup” (HiberBoot) for Windows 10”
Very useful, thank you!
It’s better if you do this using the Reports > Endpoint Analytics > Proactive remediations
Use both the Detection and Remediation scripts
Run script in 64-bit PowerShell
When I run this from Proactive Remediations, the device I’m testing is shown as no remediation needed.
The HiberBootEnabled key is definitely set to 1 and present in the reg and I have double checked that my detection and remediation scripts work from powershell manually, and are using the correct value of “0”
no sorry, I haven’t used proactive remedations yet.