Windows Intune is a great option for businesses looking for a low cost computer and mobile inventory and management solution. It is the only program I have found that meets the following criteria:
- 100% cloud based (no on-premises server software to install)
- Low cost (only $6 per user/month for Intune only, $11 per user/month if you
- Doesn’t require pc’s to be joined to an Active Directory domain
- Doesn’t require pc’s to be on the same network or connected with a VPN
- Tracks hardware and software inventory on Windows computers
- Allows for mobile device management (MDM) of iOS, Android, and Windows based mobile devices including remote wipe of corporate email
- Includes anti-malware/virus protection on PC’s
- Can remotely install and uninstall software
- Manages firewall and security settings
But one thing it can’t natively do is deploy scripts such as visual basic or batch files to computers. Desktop administrators know that being able to remotely push out scripts opens up almost infinite remote management capabilities. You can change registry settings, find files on hard drives that shouldn’t be there, etc. The possibilities are endless. I have found a couple of software programs that are free which allow you to “package” your scripts into executables, which is what Intune needs for deployment. Examples are impelLaunch and IExpress, which have their own methods to package and execute scripts using Intune. The easiest way I have found to deploy scripts through Intune is to convert the script into an executable file which can then be uploaded for deployment. You will need a software program which can do this. The two that I have tested are exescript and scriptcryptor. I prefer exescript because it allows you to convert both batch and vbscript to executables, whereas scriptcryptor only converts vbscript. A business license for exescript is $100, but well worth the price.
Once exescript is installed, you can either convert scripts you already have or write new ones within the program. Once you have your script converted to an executable you are ready to upload it to Intune using the Intune software publisher:
1. Find your executable:
2. Fill in the software description:
3. Specify architecture and OS:
4. Specify a detection rule so that Intune will not continually run the script over and over. In this case my script creates a folder on the C: drive called “IT” and also creates a flag file within that folder so my detect rule looks like this:
5. The remainder of the wizard can be left at the default settings. Once the software is loaded into Intune, you can deploy it to any computer groups you have created.
An example of a script I have used with Intune to change the homepage of Internet Explorer does the following:
- Edits a registry setting to set the desired homepage
- Creates a folder on the C: drive called IT
- Creates a flag file within the IT folder for use with Intune’s detection rules
Once loaded into Intune and set to install on computers, Intune will only run the script once so long as it can find the flag file. If an end user deletes the IT folder or the flag file, it will recreate it and reset the IE homepage upon the next software installation cycle.
Using this method will allow you to extend the value of Intune for your organization and perform tasks that you otherwise cannot currently do with the native Intune toolset.
Screenshots in this article taken from newsignature