Intune run powershell script at logon
Some legacy applications got only an EXE the blood sisters ntv. Which means that you cannot deploy this specific legacy application via Microsoft Intune. Fortunately, Microsoft Intune has something awesome! You can use PowerShell scripts for configuring, deploying or removing on Windows 10 devices.
This means that you can use a PowerShell script to deploy the legacy application on the Windows 10 devices. Do you want to know how this works? Then you have to read further. Because this time, it is all about PowerShell in Microsoft Intune! Within Device Configuration, you have the option to use a configuration profile or PowerShell script. With a script, you can do everything on the client, like renaming the computer name, configuring the IP address, install an application based on EXE installation and so on.
It is so powerful. Microsoft Intune uses an extension that lets you upload PowerShell scripts in Intune to run on Windows 10 devices. Intune installs the Intune Management Extension first before running the scripts on the Windows 10 device. Before we implement the script into Intune, you have to make a script first.
I already have one, like this. I got his from Oliver Kieselbach Thanks! What does the script do? This script will download Adobe Reader from Adobe.
There are some logging and error handling in the script. For example, if the download is not succeeded, then you will find this back in the log. The error will report to Microsoft Intune.
You can see the status back under Device Status of the script but for more information, you have to check the log on the client.Recently a customer needed a drive mapping solution to access his on premise file shares during his transition phase to a cloud-only workplace. The following solution can also be extended or modified for a printer mapping or other PowerShell scripts which need to run on each user logon. Updated See: next-level-network-drive-mapping-with-intune. Direct link to the final scripts.
With my colleague Alain Schneiter I designed the following solution:. We wanted to store the script within Azure because the customer was already using Azure blob storage. Create a new Azure storage account. Standard performance and locally-redundant sotrage LRS is sufficient for our requirements. Please find the script on my GitHub.
In Intune we deploy the client side script which can be found also on my GitHub. The only thing we have to change here is the URL to your main script on the Azure blob storage. After adjusting the script deploy it with Intune to an Azure AD group containing your users. Remember to run the script using the logged on credentials. The main script is not stored locally which makes it easy to customize no updates oder changes needed on client side Deployment is user targeted via Azure AD group and Intune Azure blob storage configuration We wanted to store the script within Azure because the customer was already using Azure blob storage.
Create an Azure blob container to store the script. Set the public access level to anonymous. Upload the PowerShell drive mapping script and copy its access url we need the url later : Please find the script on my GitHub.
The client side script consists of: Create a registry run entry for the currentuser HKCU hive to execute the main script from the azure blob storage on each user logon Invoke the main script initially otherwise we would have to wait until the next user logon until the network drives become available After adjusting the script deploy it with Intune to an Azure AD group containing your users.
Executing the main script looks like this - just to show you a cool gif: Additional information We decided to use the HKCU registry because scheduled tasks cannot be deployed in the user context local admin rights are required Instead of Azure blob storage you can also make a webrequest to a GitHub "raw" script - e.Navigate to Files and Folders and create a Program Files folder for your script, add your script there.
My script also writes a log file, so I also created a folder for the script under Application Data to keep user specific logs:. Be sure to enclose in quotes, as the path may include spaces:. Log in to the Intune consoleand go to the Apps section.
Intune map network drives and execute PowerShell script on each user logon
And voila, within the hour your devices will have the script and registry keys, and the next time your user logs in the script will execute! This site uses Akismet to reduce spam. Learn how your comment data is processed. One last error we need some guidance on please. Bedankt voor het delen Jos, heeft me op de goede richting geholpen bij doorvoeren van wat IE instellingen.
Schedule a powershell scheduledJob with Intune
Nieuwe accounts krijgen bij mij in ieder geval de settings niet me en als ik diverse artikelen lees via Google zou dat dus komen doordat het van het system account is. Groet, Peter. Be sure to enclose in quotes, as the path may include spaces: Powershell. Accept all other default settings or configure as you please and press Upload. Share on Twitter Tweet. Share on LinkedIn Share.
Previous Post OGroupSync v0. Most reacted comment. Hottest comment thread. Recent comment authors. Notify of. View Replies 1. Kind Regards Darren. View Replies 3. View Replies 4.
OnedriveMapper v2.PowerShell based login script deployed through Intune. During a modern desktop design and implementation I decided to push the client down the full Azure AD Joined Windows 10 and Intune route. There is no AD Group Policy available. I decided the best approach was to maintain a cloud based login script which would map the drives based on the existing AD user groups using direct calls to AD based on the. GroupPrincipal and the GetGroups method.
Grab a copy of the login script and the invoke-login script. Like the drive mappings section for example:. Some mappings may use a Group property which is the corresponding Active Directory security group containing users.
How to Deploy PowerShell Script Using Intune |MEM
The way the AD group membership enumeration is working is recursively. It larger environments it may cause undesired load on the Domain Controllers so please test it carefully in your environment. Setup, or use an existing storage account to host the login script in blob storage.
V2, LRS, Hot:. Create a new container in blob storage with public access level:. Upload the login script and copy its URL. Deploy your amended invoke-login script using Intune. I went with a simple PowerShell Script item, but you could use a Win32 app with a detection method to increase compliance. Oh, and it also maps to on-prem print queues, but this works natively without any additional.
Toggle navigation All things modern and cloudy.The management extension enhances Windows 10 mobile device management MDMand makes it easier to move to modern management. Once the Intune management extension prerequisites are met, the Intune management extension is installed automatically when a PowerShell script or Win32 app is assigned to the user or device.
For more information, see Intune Management Extensions prerequisites. End-user computing is going through a digital transformation.
Classic, traditional IT focuses on a single device platform, business-owned devices, users that work from the office, and different manual, reactive IT processes. The modern workplace uses many platforms that are user and business owned, allows users to work from anywhere, and provides automated and proactive IT processes. The built-in Windows 10 management client communicates with Intune to run enterprise management tasks.
There are some tasks that you might need, such as advanced device configuration and troubleshooting. For Win32 app management, you can use the Win32 app management feature on your Windows 10 devices. You can create PowerShell scripts to run on Windows 10 devices. For example, create a PowerShell script that does advanced device configurations. You can then monitor the run status of the script from start to finish.
The Intune management extension has the following prerequisites. Once the prerequisites are met, the Intune management extension installs automatically when a PowerShell script or Win32 app is assigned to the user or device.
Devices running Windows 10 version or later. If the device is enrolled using bulk auto-enrollmentdevices must run Windows 10 version or later. The Intune management extension isn't supported on Windows 10 in S mode, as S mode doesn't allow running non-store apps.
Be sure devices are joined to Azure AD. Devices that are only registered in Azure AD won't receive your scripts. Devices enrolled in a group policy GPO. See Enroll a Windows 10 device automatically using Group Policy for guidance.
Co-managed devices that use Configuration Manager and Intune. Be sure the Apps workload is set to Pilot Intune or Intune. See the following articles for guidance:. Sign in to the Microsoft Endpoint Manager admin center.
In Script settingsenter the following properties, and select Next :. Script location : Browse to the PowerShell script. Run this script using the logged on credentials : Select Yes to run the script with the user's credentials on the device.
Choose No default to run the script in the system context. Many administrators choose Yes. If the script is required to run in the system context, choose No. Enforce script signature check : Select Yes if the script must be signed by a trusted publisher. Select No default if there isn't a requirement for the script to be signed.
Select No default runs the script in a bit PowerShell host. When setting to Yes or Nouse the following table for new and existing policy behavior:. Select Scope tags. Scope tags are optional. An existing list of Azure AD groups is shown. Select one or more groups that include the users whose devices receive the script.
Choose Select.Intune does not have a native solution for logon scripts. The problem with all these solutions is that they rely on scheduled tasks. This is not the most reliable method as the user can easily influence it, and it usually does not support uninstalling or unassigning the script unless you write a specific script for that, assign it to the user, etc yada yada.
This solution can run at logon, at set intervals or both and supports ANY script you write in Intune. This site uses Akismet to reduce spam. Learn how your comment data is processed. Phil is right. Reg add delete did not work when a colon present in the variable.
Sorry if this was asked already before but does the script assume the user has no local administrative privileges? I am testing it on my device but I have local admin rights and the text file does not show up in my test directory. Logging is enabled but no sign of the file being created. In what context does this script run?
But the file is only created once, and will not be updated later on. Tested on Windows 10 and Windows 10 Win10 Hi Jos, Thank you for the I have added following lines of code at the end of your script. Script successfully created the test. If I add a script file with just following without your code then all works i.
Is this known behaviour or it will not support adding registry entries via your code? Share on LinkedIn Share. Most reacted comment. Hottest comment thread. Recent comment authors. Notify of. Seeing the last code block, I assume this script goes before all your deployed scripts. View Replies View Replies 1.
Thomas de Roo.
Dennis Maurits. Jorge Suarez.You can use GPOs not only to run classic batch files on a domain computers.
PowerShell Scripts now available via Intune
Run the domain policy management console — GPMC. Switch to policy Edit mode. Suppose, we have to run the PowerShell script at a computer startup. Select the Startup policy, and go to the PowerShell Scripts tab in the next window.
Now you need to copy the file with your PowerShell script to the domain controller. Now click Add and add the copied. PS1 script file to the list of scripts to be run by the PowerShell policy. It is usually enough to set up here for minutes.
By default, Windows security settings do not allow running PowerShell scripts. The current value of the PowerShell script execution policy setting can be obtained using the Get-ExecutionPolicy cmdlet. If the policy is not configured, the command will return Restricted any scripts are blocked.
Possible policy values:. If not one of the setting of the PowerShell scripts execution policy is suitable for you, you can run PowerShell scripts in the Bypass mode scripts are not blocked, warnings do not appear.
In this section, you can configure ps1 script to run by creating the usual Startup batch file that runs the powershell. Full error message below: Set-ItemProperty : Requested registry access is not allowed. You want the the network stack to fully load before attempt to run the startup scripts. Notify me of followup comments via e-mail. You can also subscribe without commenting. Leave this field empty. Home About. Related Reading. March 25, March 5, Leave a Comment Cancel Reply Notify me of followup comments via e-mail.