top of page
Search
  • Writer's pictureGareth Oxendine
    • Jun 2
    • 2 min read

Deploying PowerShell Scripts using Intune (Windows)

Updated: Jun 24

One of Intune's powerful features is allowing administrators to deploy scripts to enrolled devices. For Windows devices, you can upload and deploy PowerShell scripts. I wanted to provide some generic, but helpful, tips and tricks about deploying PowerShell scripts. You can also click here if you'd like to read Microsoft's extensive documentation on the subject.


Prerequisite

You may have to use a configuration policy to set your devices' execution policy. The default execution policy for Windows client devices is Restricted, meaning that scripts are NOT allowed to be executed. See the link below to learn how to use a Configuration Profile to set the execution policy.



Some Things to Note

  • If a script fails or errors out, Intune will attempt to try again three more times, one for each next check-in. If the script remains unsuccessful, it will not try again; either a change has to be made to the script or a new script must be uploaded.

  • Once a script succeeds, it will not run again on the device unless there is a change made to the script or policy.

  • If you need a script to run consecutively (ex. once a month), you'll have to delete the script instance and follow the steps listed below to re-add it each month. Note that you cannot just re-upload the script file using the same script instance; you must delete the entire instance (script and settings) and re-create it. Another option would be to use the Remediations tab rather than the Platform Scripts tab. Remediation scripts allow you to run the scripts on a schedule, but your environment must have the required Microsoft licenses. Click here to learn more.


Steps to Upload and Deploy Your Script

Adding a Script using Microsoft Endpoint Manager (Intune)
Steps to Add a Script

  1. Open the Endpoint Manager (Intune) portal.

  2. Select Devices in the left-hand menu blade.

  3. Select Windows > Scripts & Remediations

  4. Select the Platform Scripts tab

  5. Select + Add


Script Settings

You are given some configuration options once you've uploaded the script file. See below:

"Run this script using the logged on credentials" script setting.

Run this script using the logged on credentials

  • Yes: the script will run under the user context (from C:\Users\username); the script will only run with elevated privileges if the user has local admin rights to the computer.

  • No: the script will run under the system context (from C:\System32); the script will always run with elevated privileges.



For example, if your script includes a command to copy a file to the user's directory, you will most likely use an environmental variable in the file path such as %userprofile% or $env:username. If you run the script under the system context, the command won't work as expected.


Enforce script signature check

This setting depends on whether you sign your PowerShell scripts or not.

  • Yes: choose this option if you sign your PowerShell scripts

  • No: choose this option if you do NOT sign your PowerShell scripts

275 views0 comments

Comments

Recent Posts

Like this Article?

If this information was helpful, we want to know!

Leave a like by clicking the heart at the bottom of the page. 

Next Coffee on You?

We hope this article was helpful to you! If so, want to send a donation as a form of thanks? Just click the coffee cup!  :)

bottom of page