cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

intune administrator

hugo566788
Copper Contributor

‎Dec 10 2023 09:17 AM - edited ‎Dec 10 2023 09:20 AM

‎Dec 10 2023 09:17 AM - edited ‎Dec 10 2023 09:20 AM

intune administrator

 

Good afternoon,

It is possible from Intune that without administrator permissions they can modify host and environment variables, some configuration so that they can do so.

thank you

Labels:
1,209 Views
0 Likes
9 Replies
Reply
9 Replies
Harm_Veenstra

‎Dec 10 2023 10:25 AM

‎Dec 10 2023 10:25 AM

Re: intune administrator

Is your question asking if you can allow users on Intune enrolled devices to change computer and user environment variables? Users should be able to change the user environment variables. For the computer/system variables, you need administrator permissions.

Could you explain your use case?
0 Likes
Reply
hugo566788

‎Dec 10 2023 11:47 AM

‎Dec 10 2023 11:47 AM

Re: intune administrator

I need a program or something that can be managed from Intune so that users can modify the computer's environment variables without having administrator permissions. I understand that, for example, it could be possible to create a rule with the endpoint manager privilege, but is there any other alternative?
0 Likes
Reply
Harm_Veenstra

‎Dec 10 2023 12:06 PM

‎Dec 10 2023 12:06 PM

Re: intune administrator

Perhaps Endpoint Privilege Management (https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview) is an option? It does require additional licensing, however.
0 Likes
Reply
Harm_Veenstra

‎Dec 12 2023 02:19 PM

‎Dec 12 2023 02:19 PM

Re: intune administrator

Is that a viable option?
0 Likes
Reply
Rudy_Ooms_MVP

‎Dec 12 2023 10:55 PM

‎Dec 12 2023 10:55 PM

Re: intune administrator

I have an idea... but maybe a stupid one :)

Step 1:
If you could create a powershell script with this content in it
rundll32 sysdm.cpl,EditEnvironmentVariables
Step 2: Create a scheduled task that will use the serviceui to bring the prompt to the user and make sure that scheduled task is launched as system. Give the user permissions to that task and create a shortcut to the desktop...

https://call4cloud.nl/2022/01/how-i-fell-in-love-with-app-updates/

I guess it should work something like this and its free :) ... If you need help with it ... i am here
1 Like
Reply
hugo566788

‎Dec 13 2023 08:00 AM

‎Dec 13 2023 08:00 AM

Re: intune administrator

Hello, thanks for the help but after performing the actions mentioned they are not useful for the action I want to perform :(
0 Likes
Reply
Rudy_Ooms_MVP

‎Dec 13 2023 09:34 AM - edited ‎Dec 13 2023 09:35 AM

‎Dec 13 2023 09:34 AM - edited ‎Dec 13 2023 09:35 AM

Re: intune administrator

Mmm... but you want to be able to configure system environment variables as standard user, right? If i am getting the question wrong, could you try to explain a bit more what you want to accomplish :)

 

Because as not useful does that mean as in not working or?

0 Likes
Reply
hugo566788

‎Dec 13 2023 10:49 AM

‎Dec 13 2023 10:49 AM

Re: intune administrator

I want users who need to modify the computer's environment variables to be able to do so without having to enter the administrator passwords, since each user has to modify different environment variables.
0 Likes
Reply
Rudy_Ooms_MVP

‎Dec 13 2023 10:52 PM - edited ‎Dec 13 2023 11:29 PM

‎Dec 13 2023 10:52 PM - edited ‎Dec 13 2023 11:29 PM

Re: intune administrator

And the option i described wasnt working for you or you couldn't get it working like expected? Because when I deploy this with PowerShell script to my intune device i get a shortcut on my desktop to open the systemvariables as system... 

 

(you could manually deploy this script but you need to run it from system account with psexec)

 

#################################
#Configure encoded commands here#
#################################
 
$encodedcommand1 = "cgB1AG4AZABsAGwAMwAyACAAcwB5AHMAZABtAC4AYwBwAGwALABFAGQAaQB0AEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwA="
 
 
##############################################################################################
#Download and install ServiceUT#
$path = "C:\program files (x86)\service"
New-Item -ItemType Directory -Force -Path $path
Invoke-WebRequest "https://call4cloud.nl/wp-content/uploads/2021/07/ServiceUI.zip" -OutFile "$path\ZippedFile.zip"
Expand-Archive -LiteralPath "$path\ZippedFile.zip" -DestinationPath "$path" -force
 
 
####################################################
####Install the Update task ! #
###################################################
 
$triggers = New-ScheduledTaskTrigger -Once -At (get-date).AddSeconds(-200); $triggers.EndBoundary = (get-date).AddSeconds(-100).ToString('s')
$Action = New-ScheduledTaskAction -Execute "c:\program files (x86)\service\ServiceUI.exe" -argument "-process:explorer.exe c:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -encodedcommand $encodedcommand1"
$settings = New-ScheduledTaskSettingsSet -StartWhenAvailable
$Null = Register-ScheduledTask -TaskName "RunSystemVariables" -Trigger $triggers -User "SYSTEM" -Action $Action -Settings $Settings -Force
 
 
 
############################################################################
####Change Permissions for the task version 2 (need to test it first  ! #
###########################################################################
 
$scheduler = New-Object -ComObject “Schedule.Service”
$scheduler.Connect()
$task = $scheduler.GetFolder("\").GetTask("RunSystemVariables")
$sec = $task.GetSecurityDescriptor(0xF)
$sec = $sec + ‘(A;;GRGX;;;AU)’
###################################
#PLEASE NOTE GRGX --> 1179817     # 
###################################
$task.SetSecurityDescriptor($sec, 0)
 
 
####################################################
##### Create Shortcut to task on Desktop ! #
###################################################
 
if (-not (Test-Path "C:\Users\Public\Desktop\RunSystemVariables.lnk"))
{
$null = $WshShell = New-Object -comObject WScript.Shell
$path = "C:\Users\Public\Desktop\RunSystemVariables.lnk"
$targetpath = "C:\Windows\System32\schtasks.exe"
 
$Shortcut = $WshShell.CreateShortcut($path)
$Shortcut.TargetPath = $targetpath
$Shortcut.Arguments = '/run /TN "RunSystemVariables"'
$Shortcut.Save()
}
0 Likes
Reply