intune administrator

Rudy_Ooms_MVP
MVP
Dec 13, 2023
Mmm... but you want to be able to configure system environment variables as standard user, right? If i am getting the question wrong, could you try to explain a bit more what you want to accomplish 🙂

Because as not useful does that mean as in not working or?
- hugo566788
  Copper Contributor
  Dec 13, 2023
  I want users who need to modify the computer's environment variables to be able to do so without having to enter the administrator passwords, since each user has to modify different environment variables.
  - Rudy_Ooms_MVP
    MVP
    Dec 14, 2023
    And the option i described wasnt working for you or you couldn't get it working like expected? Because when I deploy this with PowerShell script to my intune device i get a shortcut on my desktop to open the systemvariables as system...
    
    (you could manually deploy this script but you need to run it from system account with psexec)
    
    #################################
    
    #Configure encoded commands here#
    
    #################################
    
    $encodedcommand1 = "cgB1AG4AZABsAGwAMwAyACAAcwB5AHMAZABtAC4AYwBwAGwALABFAGQAaQB0AEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwA="
    
    ##############################################################################################
    
    #Download and install ServiceUT#
    
    $path = "C:\program files (x86)\service"
    
    New-Item -ItemType Directory -Force -Path $path
    
    Invoke-WebRequest "https://call4cloud.nl/wp-content/uploads/2021/07/ServiceUI.zip" -OutFile "$path\ZippedFile.zip"
    
    Expand-Archive -LiteralPath "$path\ZippedFile.zip" -DestinationPath "$path" -force
    
    ####################################################
    
    ####Install the Update task ! #
    
    ###################################################
    
    $triggers = New-ScheduledTaskTrigger -Once -At (get-date).AddSeconds(-200); $triggers.EndBoundary = (get-date).AddSeconds(-100).ToString('s')
    
    $Action = New-ScheduledTaskAction -Execute "c:\program files (x86)\service\ServiceUI.exe" -argument "-process:explorer.exe c:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -encodedcommand $encodedcommand1"
    
    $settings = New-ScheduledTaskSettingsSet -StartWhenAvailable
    
    $Null = Register-ScheduledTask -TaskName "RunSystemVariables" -Trigger $triggers -User "SYSTEM" -Action $Action -Settings $Settings -Force
    
    ############################################################################
    
    ####Change Permissions for the task version 2 (need to test it first ! #
    
    ###########################################################################
    
    $scheduler = New-Object -ComObject “Schedule.Service”
    
    $scheduler.Connect()
    
    $task = $scheduler.GetFolder("\").GetTask("RunSystemVariables")
    
    $sec = $task.GetSecurityDescriptor(0xF)
    
    $sec = $sec + ‘(A;;GRGX;;;AU)’
    
    ###################################
    
    #PLEASE NOTE GRGX --> 1179817 #
    
    ###################################
    
    $task.SetSecurityDescriptor($sec, 0)
    
    ####################################################
    
    ##### Create Shortcut to task on Desktop ! #
    
    ###################################################
    
    if (-not (Test-Path "C:\Users\Public\Desktop\RunSystemVariables.lnk"))
    
    {
    
    $null = $WshShell = New-Object -comObject WScript.Shell
    
    $path = "C:\Users\Public\Desktop\RunSystemVariables.lnk"
    
    $targetpath = "C:\Windows\System32\schtasks.exe"
    
    $Shortcut = $WshShell.CreateShortcut($path)
    
    $Shortcut.TargetPath = $targetpath
    
    $Shortcut.Arguments = '/run /TN "RunSystemVariables"'
    
    $Shortcut.Save()
    
    }

Forum Discussion

Resources