Forum Discussion
intune administrator
Good afternoon, It is possible from Intune that without administrator permissions they can modify host and environment variables, some configuration so that they can do so. thank you
Mmm... but you want to be able to configure system environment variables as standard user, right? If i am getting the question wrong, could you try to explain a bit more what you want to accomplish 🙂
Because as not useful does that mean as in not working or?
I want users who need to modify the computer's environment variables to be able to do so without having to enter the administrator passwords, since each user has to modify different environment variables.
And the option i described wasnt working for you or you couldn't get it working like expected? Because when I deploy this with PowerShell script to my intune device i get a shortcut on my desktop to open the systemvariables as system...
(you could manually deploy this script but you need to run it from system account with psexec)
##################################Configure encoded commands here##################################$encodedcommand1 = "cgB1AG4AZABsAGwAMwAyACAAcwB5AHMAZABtAC4AYwBwAGwALABFAGQAaQB0AEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwA="###############################################################################################Download and install ServiceUT#$path = "C:\program files (x86)\service"New-Item -ItemType Directory -Force -Path $pathInvoke-WebRequest "https://call4cloud.nl/wp-content/uploads/2021/07/ServiceUI.zip" -OutFile "$path\ZippedFile.zip"Expand-Archive -LiteralPath "$path\ZippedFile.zip" -DestinationPath "$path" -force########################################################Install the Update task ! ####################################################$triggers = New-ScheduledTaskTrigger -Once -At (get-date).AddSeconds(-200); $triggers.EndBoundary = (get-date).AddSeconds(-100).ToString('s')$Action = New-ScheduledTaskAction -Execute "c:\program files (x86)\service\ServiceUI.exe" -argument "-process:explorer.exe c:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -encodedcommand $encodedcommand1"$settings = New-ScheduledTaskSettingsSet -StartWhenAvailable$Null = Register-ScheduledTask -TaskName "RunSystemVariables" -Trigger $triggers -User "SYSTEM" -Action $Action -Settings $Settings -Force################################################################################Change Permissions for the task version 2 (need to test it first ! ############################################################################$scheduler = New-Object -ComObject “Schedule.Service”$scheduler.Connect()$task = $scheduler.GetFolder("\").GetTask("RunSystemVariables")$sec = $task.GetSecurityDescriptor(0xF)$sec = $sec + ‘(A;;GRGX;;;AU)’####################################PLEASE NOTE GRGX --> 1179817 ####################################$task.SetSecurityDescriptor($sec, 0)######################################################### Create Shortcut to task on Desktop ! ####################################################if (-not (Test-Path "C:\Users\Public\Desktop\RunSystemVariables.lnk")){$null = $WshShell = New-Object -comObject WScript.Shell$path = "C:\Users\Public\Desktop\RunSystemVariables.lnk"$targetpath = "C:\Windows\System32\schtasks.exe"$Shortcut = $WshShell.CreateShortcut($path)$Shortcut.TargetPath = $targetpath$Shortcut.Arguments = '/run /TN "RunSystemVariables"'$Shortcut.Save()}