Avatar of Lufaa
Lufaa
Flag for Netherlands asked on

Running PowerShell script via Intune

Hi all,


I need to be using a lot of PS scripts in our Intune environment, because of some native stuff. The issue that I'm running in to know is that it is not exactly clear when to add a group of devices or users to a script and when to run it with User rights or not and when it needs to be in 64bit mode.


For example: when I want to run a PS script removing the standard printers like XPS and Fax, which do I choose.


Or when I want to change desktop font color. 


My guess would be to turn of User right and just to make sure run them in 64bit mode, and every script should always work, but without being able to put my finger on it exactly I seem to run in different behaviour.


Maybe someone can shed some light on it all?


Thanks upfront and best regards!


Powershell* MS Intune

Avatar of undefined
Last Comment
Jian An Lim

8/22/2022 - Mon
Jian An Lim

if your user has admin rights, then you always use with user context instead of system context.


without knowing your scripts, you are in a dark.
For example, change desktop font color, you can change it on the system or just for that user.

64bit or 32 bit issue, I rarely issue, I always run on 64bit and I never get into issues.

https://docs.microsoft.com/en-us/mem/intune/apps/intune-management-extension#create-a-script-policy-and-assign-it
 
 

Lufaa

ASKER
Ok, that sounds helpfull.

So always running a script in 64bit mode is the way to go. In fact, the 32bit default option is obsolete in this day in age or are there certain PS commands which do not work in 64bit mode?
footech

For general cmdlets, 64-bit should always work.  Only once when using a third-party DLL have I had to run PS in 32-bit mode.  There are some modules that will require it, but I can't think of any off the top of my head.  I don't know for certain, but it may be needed to specify 32-bit in Intune when connecting to 32-bit machines (I haven't run any 32-bit machines for years).
Your help has saved me hundreds of hours of internet surfing.
fblack61
Lufaa

ASKER
Crystal clear. One more thing though. I ran into this issue now that I want to change a registry setting with a Powershell script, pushed with Intune. This is not possible, because under the user running script is disabled obviously.

cannot be loaded because running scripts is disabled on this system

Is there a standard way of allowing this, per script or as a whole for a computer. (not preffered securitywise of course)

Best regards
ASKER CERTIFIED SOLUTION
Jian An Lim

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Lufaa

ASKER
Hi,

I tried this option,

option 2
run as system context - this will always run regardless of the settings

But script won't run because they are not allowed the right under the user.

Is there a way to set the computer to bypass the restrictions of running on scripts?
Best regards
Jian An Lim

what is your executionpolicy ?

run get-executionpolicy -list

what you want is toat least have the
localmachine as remotesigned
currentuser (or userpolicy) as disabled


Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Lufaa

ASKER
Hi Jian,

In this case it's

Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\NetworkProvider" | New-ItemProperty -Name "RestoreConnection" -Type "DWORD" -Value "0"

BR
Jian An Lim

no. I mean what is your computer's execution policy?
that is the settings that prevent the computer running powershell scripts