Simplify Logon scripts in Intune without Schedules

Intune does not have a native solution for logon scripts. The community has designed some interesting solutions to this problem using the Intune Management Extension, such as Nicola’s Azure storage based method, Michael Mardahl’s IME reset method and my own hidden vbscript scheduled task method.

The problem with all these solutions is that they rely on scheduled tasks. This is not the most reliable method as the user can easily influence it, and it usually does not support uninstalling or unassigning the script unless you write a specific script for that, assign it to the user, etc yada yada.

This solution can run at logon, at set intervals or both and supports ANY script you write in Intune. invoke-asIntuneLogonScript on Git

Upload to Intune as usual, and set the properties as follows and assign to your users:

Edit: doesn’t happen often that people create the same thing on the same day, but Michael wrote the almost exact same thing so he’s not using scheduled tasks anymore either 🙂

Leave a Reply

3 Comment threads
13 Thread replies
Most reacted comment
Hottest comment thread
6 Comment authors
WernerJosBicky BPhilSasaus Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of
Thomas de Roo
Thomas de Roo

Why don’t you just put your commands or logon-script in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?

Bicky B
Bicky B

Hi Jos, Thank you for the I have added following lines of code at the end of your script. Script successfully created the test.txt, a folder with TestOOO. however it failed to add registry entries. If I add a script file with just following (without your code) then all works i.e. registry entries are added as well. Is this known behaviour or it will not support adding registry entries via your code ? ##YOUR CODE HERE ac (Join-Path $Env:temp “test.txt”) “$($Env:USERNAME) at $(Get-Date)” #example code #Test $mydate = Get-Date -Format “ddMMMyyyy_HHmm” $Filename = “TestOOO-$mydate” New-Item -Path $Env:temp -Name $Filename -ItemType… Read more »


Seeing the last code block, I assume this script goes before all your deployed scripts.

Do I set “Run this script using the logged on credentials” to Yes, in case I do have a user targeted script?