Simplify Logon scripts in Intune without Schedules

Intune does not have a native solution for logon scripts. The community has designed some interesting solutions to this problem using the Intune Management Extension, such as Nicola’s Azure storage based method, Michael Mardahl’s IME reset method and my own hidden vbscript scheduled task method.

The problem with all these solutions is that they rely on scheduled tasks. This is not the most reliable method as the user can easily influence it, and it usually does not support uninstalling or unassigning the script unless you write a specific script for that, assign it to the user, etc yada yada.

This solution can run at logon, at set intervals or both and supports ANY script you write in Intune. invoke-asIntuneLogonScript on Git

Upload to Intune as usual, and set the properties as follows and assign to your users:

Edit: doesn’t happen often that people create the same thing on the same day, but Michael wrote the almost exact same thing so he’s not using scheduled tasks anymore either 🙂

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

66 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sasaus
Sasaus
1 year ago

Seeing the last code block, I assume this script goes before all your deployed scripts.

Do I set “Run this script using the logged on credentials” to Yes, in case I do have a user targeted script?

Dennis Maurits
Dennis Maurits
5 months ago

How do i remove the script with intune from a computer?

Mark
Mark
10 months ago

How do you remove it so it no longer runs?

Thomas de Roo
Thomas de Roo
1 year ago

Why don’t you just put your commands or logon-script in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?

Senior Feet
Senior Feet
1 month ago

Hi,
Quick question, there is an Exit statement just before the closing of the } by the ##YOUR CODE HERE section for and is it meant to be there.

When I leave this is in none of my code runs?

Thanks

aucyris
aucyris
1 month ago

Awesome. I tested it. I put my powershell code into your script and it fired on logon as promised! Nicely done.

Amer
Amer
1 month ago

Thanks Jos. I have tested this script and it looks awesome. However, I noticed some generated values with same value data (looks like every 60 min) in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Is that normal?

Chris
Chris
1 month ago

You sir are a genius and a life saver.

Ash
Ash
1 month ago

Hi Jos,
I have few PowerShell one line script that creates log files in C:\Program Files\MyCompanyApp and modifies registry in HKLM hive. These scripts needs system/admin privilege and has to be run every time system is started.
Where in your script shall I add my scripts ?
And will it run every-time system is started ?

Michel
Michel
2 months ago

Hi Jos,

I used your script so call subst K: to point to local folder.
When i Create policy the K: drive is created,
but after reboot the drive letter is gone,
I noticed that the script is not working after a reboot

I targeted the Policy to a group with only systems in it

Michel

Andy
3 months ago

Phil is right. Reg add delete did not work when a colon present in the variable. Don´t change it to Remove-Item command, because it doesn´t run in user context, so the “no script run” on logon still occurs.

Replace the script Part against this and everything goes fine:

#set removal key in case computer crashes or something like that
$regpath2 = $regpath.Replace(“:”,””) # must be done because “reg add / delete” did not work when variable contains a colon.
New-ItemProperty -Path “HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce” -Name $(Get-Random) -Value “reg delete $regpath2 /f” -PropertyType String -Force -ErrorAction SilentlyContinue

Jorge Suarez
4 months ago

Hi Jos,

Sorry if this was asked already before but does the script assume the user has no local administrative privileges?

I am testing it on my device but I have local admin rights and the text file does not show up in my test directory. Logging is enabled but no sign of the file being created.

sam
sam
5 months ago

In what context does this script run? I need to make a regersty change to the HKCU when they log in but if it’s in a system context I don’t think it will work?

Christian
Christian
6 months ago

So, after some testing I can confirm this script doesn’t work unfortunately.
I tested with the testfile + append. But the file is only created once, and will not be updated later on.
Tested on Windows 10 1909 and Windows 10 1903

Mark
Mark
10 months ago

I set it up with $autoRerunMinutes = 0. It ran for one login and hasn’t run since. Win10 1903.
No other script modifications made other than replacing ac (Join-Path “c:\temp” “test.txt”) “$($Env:USERNAME) at $(Get-Date)” #example code with my code.

Bicky B
Bicky B
1 year ago

Hi Jos, Thank you for the I have added following lines of code at the end of your script. Script successfully created the test.txt, a folder with TestOOO. however it failed to add registry entries. If I add a script file with just following (without your code) then all works i.e. registry entries are added as well. Is this known behaviour or it will not support adding registry entries via your code ? ##YOUR CODE HERE ac (Join-Path $Env:temp “test.txt”) “$($Env:USERNAME) at $(Get-Date)” #example code #Test $mydate = Get-Date -Format “ddMMMyyyy_HHmm” $Filename = “TestOOO-$mydate” New-Item -Path $Env:temp -Name $Filename -ItemType… Read more »