Simplify Logon scripts in Intune without Scheduled tasks

Intune does not have a native solution for logon scripts. The community has designed some interesting solutions to this problem using the Intune Management Extension, such as Nicola’s Azure storage based method, Michael Mardahl’s IME reset method and my own hidden vbscript scheduled task method.

The problem with all these solutions is that they rely on scheduled tasks. This is not the most reliable method as the user can easily influence it, and it usually does not support uninstalling or unassigning the script unless you write a specific script for that, assign it to the user, etc yada yada.

So i wrote a script template that can run at logon, at set intervals or both and supports ANY script you write in Intune. invoke-asIntuneLogonScript on Git

Insert your code, upload to Intune as usual, and set the properties as follows and assign to your users:

User rights

Note that, due to the nature of registry permissions, your users have to be local admin for this solution to work. A workaround has been posted by Jaytronic

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

127 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Kurt Sutula
Kurt Sutula
3 years ago

It would nice if Microsoft would just provide basic functionality for their MDM, instead of forcing all of us to be mad scientist!!!

Thomas de Roo
Thomas de Roo
5 years ago

Why don’t you just put your commands or logon-script in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?

Sasaus
Sasaus
5 years ago

Seeing the last code block, I assume this script goes before all your deployed scripts.

Do I set “Run this script using the logged on credentials” to Yes, in case I do have a user targeted script?

Gabriele
Gabriele
3 years ago

First of all thank you for this great post. I just have to point out that I’ve found 2 little bugs which prevents your script to re-run. The first is also pointed out by others here and is reguarding the $regPath variable when used with cmd The second is the .Count in the if, I suppose the array casting is the problem. To solve both I found enough to make these 2 little changes: if( ([Array]@($runOnceEntries.PSObject.Properties.Name | % {if($runOnceEntries.$_ -eq "reg delete $($regPath.Replace(":","")) /f"){$_}})).Count -le 0){         New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce" -Name $(Get-Random) -Value "reg delete $($regPath.Replace(":","")) /f"… Read more »

Last edited 3 years ago by Gabriele
Dorian
Dorian
3 years ago

Hi Jos,

How about for scripts that require admin privileges to run? Trying to edit a registry value on login and getting access denied in logs.

Senior Feet
Senior Feet
4 years ago

Hi,
Quick question, there is an Exit statement just before the closing of the } by the ##YOUR CODE HERE section for and is it meant to be there.

When I leave this is in none of my code runs?

Thanks

Dennis Maurits
Dennis Maurits
4 years ago

How do i remove the script with intune from a computer?

Mark
Mark
5 years ago

How do you remove it so it no longer runs?

Benny Stephan
Benny Stephan
2 years ago

Thank you Jos and Gabriele
I have used the script to change the searchbox to searchicon in the taskbar. I am planning to also further disable startup programs and optimize the system performance. Thank you once again

aucyris
aucyris
4 years ago

Awesome. I tested it. I put my powershell code into your script and it fired on logon as promised! Nicely done.

Kev
Kev
1 year ago

I am using this script to automatically down some folders from SharePoint, the problem that I am having is that if I delete the folder that was downloaded from Sharepoint of my desktop the script does not redownload the folder when I sign out and sign back in.

Stefan Jagger
Stefan Jagger
2 years ago

Nice, thanks for sharing. How do I remove / stop the script from running at intervals in future?

H. Huibers
H. Huibers
2 years ago

is this still the way to run logon scripts?

Joe
Joe
3 years ago

Hi Jos,

I’ve tested your script and it works, but when I restarted my PC, it doesn’t run at logon automatically. Does the script need to detect a logoff event or can it work if a user restarted the PC, or the PC restarted unexpectedly?

Jose Rodriguez
Jose Rodriguez
3 years ago

Hi Jos, I would like to thank you for this script it is running flawlessly I just have a quick question as for any troubleshooting that I could do to ensure it is running correctly. I tried to read your code but I do not know any programming, I am trying to understand the concept you call “Template” and what it actually does, if I have this script run every 60 minutes or at logon, where can I find a registry or something (I will assume this doesn’t create a task scheduled) to confirm that it is running at those… Read more »

John Savidge
John Savidge
3 years ago

Thank you. This worked first time for me and will be very useful in our deployment scenarios!

David
David
4 years ago

The script works great on the first run but always comes up with a “succeeded” status in Intune so it does not run again. When I test it manually it ends with the error as expected.

MTooki
MTooki
4 years ago

Hey Jos, Great script. I seem to be having an issue getting it to run consistently when a user logs on and after certain amount of time. I was reading previous comments and you stated that the script status should show as “failed” so that it continues to try. If that is the case mine shows as succeeded for the entry with the user name listed and “Unknown” for the entry without a username. I have this applied to a Beta group with my test user and PC in it. Should I only be applying this to a user? What… Read more »

K J
K J
4 years ago

Hi Jos. How could I modify so it would run on scheduled minutes instead of logon ?

BHappy
BHappy
4 years ago

Hi Jos,

Your scripts work great. I have a question if you know what to do when a User Profile has been deleted. On a new PC everything works fine, but e.g. when the disc is almost full and a user profile has been deleted (a lot of people work on the same PC) to get more free space the scripts aren’t executed anymore at logon for that user. Any idea how to fix this?

Olly Lennox
4 years ago

Hi Jos,

Thanks so much for this script. I’ve been using it together with OneDriveMapperv4 and it’s working well for my test users. The only problem is that it can take several minutes after boot (5-10 minutes) before the drive is fully mapped. Do you know why this could be? The PC is on a wired connection to a fibre internet so I don’t think it’s a connection issue. The PC is Azure/Intune linked and logged in with an Azure account. Thanks!

BryanColey
4 years ago

Hi Jos,
Many thanks for this. I have managed to get this working to run an Edge popup to display a website at login. I am however having a problem that this does not only run at logon, but runs multiple times during the day.
I have set the time 0 and this continues to run.

The line of code that I have added as an example is this
& “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” “–app=https://lieben.nu/”
I tend to think that this runs everytime the user unlocks his machine and not only at login.
Has anyone else had a similar issue?

Rob
Rob
4 years ago

Just wondering if anyone has the script executing based on the variable after login. I can have it run at login fine, but it does not seem to execute after this.

Joeyv
Joeyv
4 years ago

Hmm.. somehow the result of this script is always “failed” but the action i configure in the script field works. Is that normal?

Amer
Amer
4 years ago

Thanks Jos. I have tested this script and it looks awesome. However, I noticed some generated values with same value data (looks like every 60 min) in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Is that normal?

Chris
Chris
4 years ago

You sir are a genius and a life saver.

Ash
Ash
4 years ago

Hi Jos,
I have few PowerShell one line script that creates log files in C:\Program Files\MyCompanyApp and modifies registry in HKLM hive. These scripts needs system/admin privilege and has to be run every time system is started.
Where in your script shall I add my scripts ?
And will it run every-time system is started ?

Michel
Michel
4 years ago

Hi Jos,

I used your script so call subst K: to point to local folder.
When i Create policy the K: drive is created,
but after reboot the drive letter is gone,
I noticed that the script is not working after a reboot

I targeted the Policy to a group with only systems in it

Michel

Andy
4 years ago

Phil is right. Reg add delete did not work when a colon present in the variable. Don´t change it to Remove-Item command, because it doesn´t run in user context, so the “no script run” on logon still occurs.

Replace the script Part against this and everything goes fine:

#set removal key in case computer crashes or something like that
$regpath2 = $regpath.Replace(“:”,””) # must be done because “reg add / delete” did not work when variable contains a colon.
New-ItemProperty -Path “HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce” -Name $(Get-Random) -Value “reg delete $regpath2 /f” -PropertyType String -Force -ErrorAction SilentlyContinue

Jorge Suarez
4 years ago

Hi Jos,

Sorry if this was asked already before but does the script assume the user has no local administrative privileges?

I am testing it on my device but I have local admin rights and the text file does not show up in my test directory. Logging is enabled but no sign of the file being created.

sam
sam
4 years ago

In what context does this script run? I need to make a regersty change to the HKCU when they log in but if it’s in a system context I don’t think it will work?

Christian
Christian
4 years ago

So, after some testing I can confirm this script doesn’t work unfortunately.
I tested with the testfile + append. But the file is only created once, and will not be updated later on.
Tested on Windows 10 1909 and Windows 10 1903

Mark
Mark
5 years ago

I set it up with $autoRerunMinutes = 0. It ran for one login and hasn’t run since. Win10 1903.
No other script modifications made other than replacing ac (Join-Path “c:\temp” “test.txt”) “$($Env:USERNAME) at $(Get-Date)” #example code with my code.

Bicky B
Bicky B
5 years ago

Hi Jos, Thank you for the I have added following lines of code at the end of your script. Script successfully created the test.txt, a folder with TestOOO. however it failed to add registry entries. If I add a script file with just following (without your code) then all works i.e. registry entries are added as well. Is this known behaviour or it will not support adding registry entries via your code ? ##YOUR CODE HERE ac (Join-Path $Env:temp “test.txt”) “$($Env:USERNAME) at $(Get-Date)” #example code #Test $mydate = Get-Date -Format “ddMMMyyyy_HHmm” $Filename = “TestOOO-$mydate” New-Item -Path $Env:temp -Name $Filename -ItemType… Read more »

Denis McApple
2 years ago

Hey there, So I’ve been using your script and it’s really nice – thank you for it! I had a question – and im not sure which is the best way forward. I have multiple things i’d like to do via a logon script – would I be better to combine them all into 1x Deployment of this script, or should it work equally as well running in multiple scripts (say 3, to 5 of them) I had 3 of them running, and experienced odd behaviour, but I cannot be sure it was because of this, or something else. I… Read more »

Chad
Chad
4 years ago

Any chance you could write a little how to so that those us who have literally no idea… at all what to do with the script… also have a chance to try it.