Forum Discussion
intune administrator
Good afternoon, It is possible from Intune that without administrator permissions they can modify host and environment variables, some configuration so that they can do so. thank you
I want users who need to modify the computer's environment variables to be able to do so without having to enter the administrator passwords, since each user has to modify different environment variables.
And the option i described wasnt working for you or you couldn't get it working like expected? Because when I deploy this with PowerShell script to my intune device i get a shortcut on my desktop to open the systemvariables as system...
(you could manually deploy this script but you need to run it from system account with psexec)
#################################
#Configure encoded commands here#
#################################
$encodedcommand1 = "cgB1AG4AZABsAGwAMwAyACAAcwB5AHMAZABtAC4AYwBwAGwALABFAGQAaQB0AEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwA="
##############################################################################################
#Download and install ServiceUT#
$path = "C:\program files (x86)\service"
New-Item -ItemType Directory -Force -Path $path
Invoke-WebRequest "https://call4cloud.nl/wp-content/uploads/2021/07/ServiceUI.zip" -OutFile "$path\ZippedFile.zip"
Expand-Archive -LiteralPath "$path\ZippedFile.zip" -DestinationPath "$path" -force
####################################################
####Install the Update task ! #
###################################################
$triggers = New-ScheduledTaskTrigger -Once -At (get-date).AddSeconds(-200); $triggers.EndBoundary = (get-date).AddSeconds(-100).ToString('s')
$Action = New-ScheduledTaskAction -Execute "c:\program files (x86)\service\ServiceUI.exe" -argument "-process:explorer.exe c:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -encodedcommand $encodedcommand1"
$settings = New-ScheduledTaskSettingsSet -StartWhenAvailable
$Null = Register-ScheduledTask -TaskName "RunSystemVariables" -Trigger $triggers -User "SYSTEM" -Action $Action -Settings $Settings -Force
############################################################################
####Change Permissions for the task version 2 (need to test it first ! #
###########################################################################
$scheduler = New-Object -ComObject “Schedule.Service”
$scheduler.Connect()
$task = $scheduler.GetFolder("\").GetTask("RunSystemVariables")
$sec = $task.GetSecurityDescriptor(0xF)
$sec = $sec + ‘(A;;GRGX;;;AU)’
###################################
#PLEASE NOTE GRGX --> 1179817 #
###################################
$task.SetSecurityDescriptor($sec, 0)
####################################################
##### Create Shortcut to task on Desktop ! #
###################################################
if (-not (Test-Path "C:\Users\Public\Desktop\RunSystemVariables.lnk"))
{
$null = $WshShell = New-Object -comObject WScript.Shell
$path = "C:\Users\Public\Desktop\RunSystemVariables.lnk"
$targetpath = "C:\Windows\System32\schtasks.exe"
$Shortcut = $WshShell.CreateShortcut($path)
$Shortcut.TargetPath = $targetpath
$Shortcut.Arguments = '/run /TN "RunSystemVariables"'
$Shortcut.Save()
}