PowerShell script to change registry value RRS feed

  • Question

  • We are looking at making some changes to a W10 registry value via the deployment of a PowerShell script using the Intune Management Extension (IME)

    It's a simple one-liner calling Set-ItemProperty to change a value, but when it runs via the IME it fails stating it cannot find the path. It is targeting a key in HKLM.

    I have another one targeting a key in HKCU and that works fine.

    I have changed the settings in InTune to run the script as the logged on user, and left the signature check as un-enforced, and the script is running on the target machine, (confirmed in the logs and registry). The logged on user is a member of the local admin group.

    What i have found from testing this is that it looks like an elevated permission issue. I have:-

    • Set-ExecutionPolicy to Unrestricted (all unrestricted apart from Process scope which is Undefined)
    • Changed local GPO for Computer and User to allow all scripts to be run.
    • Run the script in PowerhellISE without RunAsAdmin - FAILED
    • Run the script in PowerhellISE with RunAsAdmin - SUCCEEDED

    I have looked all over for any other InTune policy settings that can change the ExecutionPolicy or anything script related, but cannot find any.

    It seems that MS have released a great feature with one hand and stopping you using it with the other.

    Any ideas gratefully received!!

    Tuesday, November 27, 2018 10:26 AM

All replies

  • Hi,

    I dont think its possible to run scripts with logged on user credentials in elevated mode from Intune at this time.

    Just use two scripts, one for machine specific settings (runing in system context) and one for user settings (user context).

    • Edited by jobbin Tuesday, November 27, 2018 11:23 AM
    Tuesday, November 27, 2018 11:22 AM
  • Can you provide more of the path in registry to the value that you would like to update?

    Jason | | @jasonsandys

    Tuesday, November 27, 2018 9:32 PM
  • @jasonsandys

    I am trying to deploy a registry change to enable OneDrive to work in a shared device setup using Intune. The registry to change is HKLM\Software\policies\microsoft\windows\onedrive - DisableFileSyncNGSC - by default set to 1 or disable. I am looking to deploy a powershell script in Intune to devices at system context for all users to have OneDrive enabled.  My script keeps failing:

    (Courtesy of Revesh)

    # Author: Revesh Manbodh
    # This script will enable OneDrive for business.
    # Value 1 is enable | Value 0 is disable

    $registryPath = “HKLM:\Software\Policies\Microsoft\Windows\OneDrive”
    $Name = “DisableFileSyncNGSC”
    $value = “0”
    IF(!(Test-Path $registryPath))
    New-Item -Path $registryPath -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name $name -Value $value `
    -PropertyType DWORD -Force | Out-Null}
    ELSE {
    New-ItemProperty -Path $registryPath -Name $name -Value $value `
    -PropertyType DWORD -Force | Out-Null}

    Any help would be appreciated.


    Wednesday, August 14, 2019 3:47 PM
  • My script keeps failing

    Define "failing"? Are you actually receiving a failure or is the script simply not doing what you want it to do.

    If you are receiving a failure, what is it?

    Jason | | @jasonsandys

    Wednesday, August 14, 2019 4:13 PM