Intune - Login script
26 November 2021 - Reading time: 4 minutes
Not having login scripts with fully azure joined device is an issue for a lot of people,
because sometimes its just handy to have a sort of login script for example for mapping network drives or mapping printers
so here I'll explain how I solved my login script issue in order to execute something during start.
what is actually does it creates a scheduled task, that triggers at login of any user that runs a Visual Basic Script file
in order to run each file in a custom folder
Why Visual Basic Script? because I hate popups during login
Requirements:
- Basic PowerShell knowledge
- Basic Visual Basics Script knowledge
- Admin Permissions on local machine*
*still testing
First Steps
Create a PowerShell script (ps1) file with the following content:
<#
.SYNOPSIS
loginScript.ps1 - Script to create an vbs file to run each powershell file in a custom script location
.DESCRIPTION
This script will only create the scheduled task for the vbscript, eventually the VBScript will take over the login part.
.OUTPUTS
vbs file in customscripts
schedule task created
.NOTES
Author : Rutger Hermarij
Version : 1.0 @ 24-02-2020
from : https://scatty.nl/blog
#>
$content = @"
' ******************************************************************************
' loginScript.vbs
' Author : Rutger Hermarij
' from : https://scatty.nl/blog
' Date : 12-02-2020
' Version: 1.0
' This script is generated by the login.ps1 file (from Azure)
' and just runs all the scripts that are located on the CustomScriptLocation
' ******************************************************************************
Set objShell = CreateObject("WScript.Shell") ' possiblility to Shell files from the OS
Set objFSO = CreateObject("Scripting.FileSystemObject") ' possiblility to access the file system from the OS
oProgramData = objShell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%") ' need to know the PorgramData location from the OS
CustomScriptLoc = oProgramData & "\CustomScripts\" ' and the location of the custom scripts
' now lets create a for loop for all the files that are in this folder
For Each oFile in objFSO.GetFolder(CustomScriptLoc).Files
' lets first put the hit counter 1
' Filter out only the ps1 extension
If LCase(objFSO.GetExtensionName(oFile.Name)) = "ps1" Then
' wscript.echo oFile.Name ' debug
' run the script
RunScript(oFile.Name)
End If
Next
' Sub function for running the actual file.
Sub RunScript(file)
' First Check if the file exists
If objFSO.FileExists(CustomScriptLoc & file) Then
objShell.LogEvent 4,"running script: "&CustomScriptLoc & file
objExec = objShell.Run ("powershell.exe -windowstyle hidden -ex bypass -file "&CustomScriptLoc & file,0,1)
End If
End Sub
"@
# create custom folder and write PS script
$path = $(Join-Path $env:ProgramData CustomScripts)
if (!(Test-Path $path)) {
New-Item -Path $path -ItemType Directory -Force -Confirm:$false
}
Out-File -FilePath $(Join-Path $env:ProgramData CustomScripts\loginScript.vbs) -Encoding unicode -Force -InputObject $content -Confirm:$false
# register script as scheduled task
$Time = New-ScheduledTaskTrigger -AtLogon
$User = (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
$action = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$env:ProgramData\CustomScripts\loginScript.vbs`""
Register-ScheduledTask -Description "Login script for Azure joined machines, this script will execute powershell scripts." -User $User -TaskName "loginScript" -Trigger $Time -Action $action -Force
#EOFWhat will actually happen?
By running this script it creates an scheduled task in your scheduled tasks,
that will run every time when a person logs in and starts the following program with Windows Scripting Host
C:\ProgramData\CustomScripts\logonScript.vbs
and the loginscript.vbs in his turn will execute every PowerShell (ps1) file that is in the C:\ProgramData\CustomScripts folder. (in this example I have Printers (another blog item)
Adding the script into Intune
browse to https://endpoint.microsoft.com, select Devices , Scripts and click the Add button, Select Windows 10 and later
You will see a wizzard with 4 steps
Basics
| Name | loginScript |
| Description | General Login Script. this script will create a scheduled task to execute an VBS file to run each file Login located in %programdata%\CustomScript. this prevents the PowerShell popups during startup. |
Script settings
| Script Location | <location of your created ps1 file> |
| Run this script using the logged on credentials | TESTING |
| Enforce Script signiture check | No |
| Run script in 64 bit PowerShell Host | Yes |
Assignments
Select the groups that actually need this script to run, for example All Members
Review + add
overview of your just created script
if its correct you should see your just created script in your overview,
if you click on it you will see your deployment status.
Once successfully synced you should see in Intune in the overview page if its successfull,
and on the client's computer you should see an file under C:\ProgramData\CustomScripts
and you should see it also on your scheduled task
with this script you are able to deploy or configure custom scripts that will run each time you start the computer
for example Adding on-prem printers