Intune - Login script

26 November 2021 - Reading time: 4 minutes

Not having login scripts with fully azure joined device is an issue for a lot of people,
because sometimes its just handy to have a sort of login script for example for mapping network drives or mapping printers
so here I'll explain how I solved my login script issue in order to execute something during start.

what is actually does it creates a scheduled task, that triggers at login of any user that runs a Visual Basic Script file
in order to run each file in a custom folder
Why Visual Basic Script? because I hate popups during login

Requirements:

- Basic PowerShell knowledge
- Basic Visual Basics Script knowledge
- Admin Permissions on local machine*

*still testing

First Steps

Create a PowerShell script (ps1) file with the following content:

<#
.SYNOPSIS
loginScript.ps1 - Script to create an vbs file to run each powershell file in a custom script location

.DESCRIPTION 
This script will only create the scheduled task for the vbscript, eventually the VBScript will take over the login part.

.OUTPUTS
vbs file in customscripts
schedule task created

.NOTES
Author    : Rutger Hermarij
Version   : 1.0 @ 24-02-2020
from      : https://scatty.nl/blog


#>

$content = @"
' ******************************************************************************
' loginScript.vbs
' Author    : Rutger Hermarij
' from      : https://scatty.nl/blog
' Date      : 12-02-2020
' Version:  1.0
' This script is generated by the login.ps1 file (from Azure) 
' and just runs all the scripts that are located on the CustomScriptLocation
' ******************************************************************************

Set objShell    = CreateObject("WScript.Shell")                              ' possiblility to Shell  files from the OS
Set objFSO      = CreateObject("Scripting.FileSystemObject")			     ' possiblility to access the file system from the OS
oProgramData    = objShell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%")     ' need to know the PorgramData location from the OS
CustomScriptLoc = oProgramData & "\CustomScripts\"                           ' and the location of the custom scripts             


' now lets create a for loop for all the files that are in this folder
For Each oFile in objFSO.GetFolder(CustomScriptLoc).Files
  ' lets first put the hit counter 1 
  ' Filter out only the ps1 extension
  If LCase(objFSO.GetExtensionName(oFile.Name)) = "ps1" Then
    ' wscript.echo oFile.Name ' debug
	' run the script
	RunScript(oFile.Name)
   End If
Next

' Sub function for running the actual file.
Sub RunScript(file) 
  ' First Check if the file exists
  If objFSO.FileExists(CustomScriptLoc & file) Then
    objShell.LogEvent 4,"running script: "&CustomScriptLoc & file
    objExec  =  objShell.Run ("powershell.exe -windowstyle hidden -ex bypass -file "&CustomScriptLoc & file,0,1)
  End If
End Sub

"@

# create custom folder and write PS script
$path = $(Join-Path $env:ProgramData CustomScripts)
if (!(Test-Path $path)) {
  New-Item -Path $path -ItemType Directory -Force -Confirm:$false
  }
Out-File -FilePath $(Join-Path $env:ProgramData CustomScripts\loginScript.vbs) -Encoding unicode -Force -InputObject $content -Confirm:$false


# register script as scheduled task
$Time   = New-ScheduledTaskTrigger -AtLogon
$User   = (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
$action = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$env:ProgramData\CustomScripts\loginScript.vbs`""
Register-ScheduledTask -Description "Login script for Azure joined machines, this script will execute powershell scripts." -User $User -TaskName "loginScript" -Trigger $Time -Action $action  -Force
#EOF

What will actually happen?

By running this script it creates an scheduled task in your scheduled tasks,
that will run every time when a person logs in and starts the following program with Windows Scripting Host
C:\ProgramData\CustomScripts\logonScript.vbs


and the loginscript.vbs in his turn will execute every PowerShell (ps1) file that is in the C:\ProgramData\CustomScripts folder. (in this example I have Printers (another blog item)



Adding the script into Intune

browse to https://endpoint.microsoft.com, select Devices , Scripts and click the Add button, Select Windows 10 and later

You will see a wizzard with 4 steps

Basics

Name loginScript
Description General Login Script.
this script will create a scheduled task to execute an VBS file to run each file Login located in %programdata%\CustomScript. this prevents the PowerShell popups during startup.

Script settings

Script Location <location of your created ps1 file>
Run this script using the logged on credentials TESTING
Enforce Script signiture check No
Run script in 64 bit PowerShell Host Yes

Assignments

Select the groups that actually need this script to run, for example All Members

Review + add

overview of your just created script

if its correct you should see your just created script in your overview,
if you click on it you will see your deployment status.

Once successfully synced you should see in Intune in the overview page if its successfull,
and on the client's computer you should see an file under C:\ProgramData\CustomScripts

and you should see it also on your scheduled task


with this script you are able to deploy or configure custom scripts that will run each time you start the computer
for example Adding on-prem printers

Currently there are no comments, so be the first!