In part 11 of the Keep it Simple with Intune series, I’ll be showing you how you can deploy a simple PowerShell script via Intune, which opens up a world of possibilities.

For this demo I am adding a registry key into the HKLM\Software location.

In the MEM Admin Center

As noted in Part 8, we’ve now switched over to using the Microsoft Endpoint Manager Admin Center which is available at the URL https://devicemanagement.portal.azure.com.

In the console, navigate to Devices\PowerShell scripts. Click the Add link to begin the process.

DeployPS-001.JPG

We now begin to work through the Add Powershell script wizard. Start by adding in a Name and a optional Description. Click Next.

DeployPS-002.JPG

Next we must upload the ps1 script from your local device, simply click the folder icon next to the Script location field and choose your PowerShell script.

Note the selections available you:

  • Run this script using the logged on credentials – the default is No which runs the script in the system context, however you may wish to switch to run as the currently logged on user.
  • Enforce script signature check – The default is No which means that the script does not need to be signed. If we are to be security conscious then we should be running signed scripts, however for my demo I am leaving this as default.
  • Run script in 64-bit PowerShell Host – The default is No which runs in 32-bit PS host. For my demo I am setting a registry key so I want to run this in 64-bit PS host so I have selected Yes.

Click Next when all selections have been made.

DeployPS-003.JPG

Now we need to choose what devices or users we will assign the PowerShell script to. Click Select groups to include. I have chosen my Intune test devices. Click Select.

DeployPS-005.JPG

Our selected group/s will appear in the Selected groups section. Click Next.

DeployPS-006.JPG

The Review screen will allow us to ensure we have configured as required before clicking Add to finalise the wizard.

DeployPS-007.JPG

The completed configuration will appear in the console and be assigned out to our devices or users.

DeployPS-008.JPG

On the endpoints

The devices need to sync with Intune. This can be forced from the Settings app\Accounts\Access work or school and then choosing Info.

Next, scroll to the Device sync status section and click Sync.

DeployPS-009.JPG

The delivery of the PowerShell script is handled by the Intune Management Extension and the IME creates its own log files in the location C:\ProgramData\Microsoft\IntuneManagementExtension\Logs and you can use CMTrace to view the logs.

I can see the commands in the PowerShell script being executed with the reference to the registry key I want to set.

DeployPS-011.JPG

And in the registry I can see the key is created.

DeployPS-010.JPG

It’s worth noting that you can’t edit the PowerShell script once uploaded to the console. Keep a copy of your script in case you need to upload again. Alternatively, you can take a look at a post by my fellow MVP buddy Oliver Kieselbach  (@okieselb) where he explains how you can recover those scripts take a look here.

With the ability to deploy PowerShell scripts, you can tap into this powerful scripting language to do a plethora of activities on your endpoints.

Be sure to take a look at the other blog posts in the series: