NOTICE: it is easier to use Device Configuration Scripts now that this feature has been released in Intune.
A second case, comparable to EMS case: distributing Office templates and macro’s to your users on Windows 10 mobile managed Azure AD Joined devices.
In this case I will show you how to package and distribute a Powershell script (OnedriveMapper in this case) through Intune to MDM enrolled Windows 10 devices.
- A test user with an EMS licence (or seperate Azure AD Premium and Intune)
- Source file of the script
- Advanced Installer (free license)
First, let’s start a ‘Simple’ project in Advanced Installer, this does not require a license. Navigate to Files and Folders and create a Program Files folder for your script, add your script there. My script also writes a log file, so I also created a folder for the script under Application Data to keep user specific logs:
Now we can set a registry to automatically run this script upon login (the famous ‘Run’ key):
As the screenshot should show, I’ve added a REG_SZ key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run with the name of my script, and execution instructions as the parameter. Advanced Installer has a nice option to insert the final file path upon MSI installation (‘File’ button). Be sure to enclose in quotes, as the path may include spaces:
Powershell.exe -WindowStyle Hidden -ExecutionPolicy ByPass -File “[#OneDriveMapper_v2_41.ps1]”
Now, OnedriveMapper also requires a few additional settings I won’t screenshot but will list here seperately, configuring these will let the script run smoothly:
- HKLM\Software\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize (DWORD, value 1)
- HKCU\Software\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize (DWORD, value 1)
- HKLM\System\CurrentControlSet\Services\Webclient\Start (DWORD, value 2)
- HKLM\System\CurrentControlSet\Services\Webclient\Parameters\FileSizeLimitInBytes (DWORD, value 3221225472)
- HKLM\System\CurrentControlSet\Services\Webclient\Parameters\ServerNotFoundCacheLifetimeInSec (DWORD, value 10)
- HKLM\System\CurrentControlSet\Services\Webclient\Parameters\SupportLocking (DWORD, value 0)
I then also copied the first key that causes the script to run to the HKEY_USERS\.DEFAULT section, this will ensure the script also works for users who have never logged onto the machine.
Now configure the Install Parameters:
Note: if you’re deploying OnedriveMapper to a clean device, I recommend forcing a reboot after install to ensure the WebDav client actually starts.
Now just press the build button in the top left and you’ll end up with a single, clean and working MSI file. Log in to the Intune console, and go to the Apps section.
Click Add Apps and load the on demand configuration tool:
Ensure you have selected “Windows Installer through MDM”, the other methods won’t work.
Accept all other default settings or configure as you please and press Upload.
Once the upload completes, you’ll see the app in the Intune Console, but this won’t distribute the application yet, for that you’ll have to click ‘Manage Deployment” and configure a user based deployment:
And voila, within the hour your devices will have the script and registry keys, and the next time your user logs in the script will execute!