Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Add registry keys

Brass Contributor

Hi All,
I'm deploying Adope pro by Intune, and everything is going well, but I need to use the software as a reader for some users with no pro license and without the need for the user to sign in. So, in this case, I have to deploy to add some registry keys for the user's pc.
I have deployed to add the registry keys by writing a PowerShell script and pushing it by Intune.
I question how to add the registry keys simultaneously when the software is installed on the user's laptop.
Can I add the scripts to the -Install command- for example?

12 Replies
Just create a powershell script with those registry keys in it and as second launching the installer from that same powershell script (adobe pro silent install) . Convert it to a win32app and you are good to go

@Rudy_Ooms_MVP 
Thanks for the comment.
Here is the PowerShell script to add the registry keys:
New-Item -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cIPM'
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cIPM' -Name 'bDontShowMsgWhenViewingDoc' -Value 00000000 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown' -Name 'bIsSCReducedModeEnforcedEx' -Value 00000001 -PropertyType DWord -Force -ea SilentlyContinue;

 

 

And here is how I deployed Adobe pro on Intune:
Deploy Adobe Acrobat Pro DC with Intune — Tim D'Annecy (tdannecy.me)

 

So how to merge the PowerShell script with win32app?
Is that what your suggestion?
Thanks a lot,

after thew new-item... add:

.\setup.exe /sAll

If you add that powershell script to the same folder as that exe file and convert it to an intunewinfile, you could also call up on this powershell script as install command
so instead of that install command in intune, change it to execute the powershell script

@Rudy_Ooms_MVP 
The install command is : msiexec /i AcroPro.msi /q

safcop_0-1675943080905.png

Do you mean to add the script as a file to the folder before I convert it to exe?

safcop_1-1675943135893.png

If yes, How to call the script in the install command?

 

Thanks 



Yep.... thats what I was trying to explain

the install command should look something like this
powershell.exe -executionpolicy Bypass -file .\add-reg-key-adobe.ps1

@Rudy_Ooms_MVP 

Install command: msiexec /i AcroPro.msi /q powershell.exe -executionpolicy Bypass -file .\reg.ps1

Correct?

nope.... powershell.exe -executionpolicy Bypass -file .\reg.ps1 and add that msiexec /i AcroPro.msi to that reg.ps1 one...

@Rudy_Ooms_MVP 

The installation is failed, and  I'm getting this error: The application was not detected after installation completed successfully (0x87D1041C).
 The Powershell script:
New-Item -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe'
New-Item -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat'
New-Item -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC'
New-Item -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown'
New-Item -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cIPM'
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cIPM' -Name 'bDontShowMsgWhenViewingDoc' -Value 00000000 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown' -Name 'bIsSCReducedModeEnforcedEx' -Value 00000001 -PropertyType DWord -Force -ea SilentlyContinue;
msiexec /i AcroPro.msi

 

 

safcop_0-1676241298321.png

Install command: 
powershell.exe -ExecutionPolicy Bypass -file.\reg.ps1
 
Please advise
Thanks

@saf-cop 

 

as you laucnh the msiexex from the powershell script the powershell script would finish after running that msiexec

and so your detection rules would not detect the app as installed. so you need to add something to add to hold the process untill its complete (change the path of course)

 

Start-Process msiexec.exe -Wait -ArgumentList '/I C:\installers\SQLIO.msi /quiet'

 

@saf-cop 

 

You can easily Create registry keys using the Intune remediations method or via a Powershell script.

 

 

@saf-cop 

 

Hi, 

 

I wanted to change the registry key from DWARD=000001 to DWARD=000000 for below registry in Windows OS via Intune so how I can do this via PowerShell? 

 

Can anyone share the script which does this tasks for us? 

 

"PromptOnSecureDesktop"=dword:00000000 

 

 

$PromptOnSecureDesktop = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System).PromptOnSecureDesktop

if ($PromptOnSecureDesktop -ne 0) {
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"
$registryKey = "PromptOnSecureDesktop"
$registryValue = 0

try
{
Set-ItemProperty -Path $registryPath -Name $registryKey -Value $registryValue -ErrorAction Stop
$exitCode = 0
}
catch
{
Write-Error -Message "Could not write regsitry value" -Category OperationStopped
$exitCode = -1
}
}