SOLVED

Intune | Powershell Script

%3CLINGO-SUB%20id%3D%22lingo-sub-2005255%22%20slang%3D%22en-US%22%3EIntune%20%7C%20Powershell%20Script%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2005255%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWhen%20we%20add%20and%20run%20a%20script%20via%20Intune%2C%20so%20does%20it%20run%20with%20an%20administrator%20privilege%20or%20with%20normal%20user%20privilege.%3C%2FP%3E%3CP%3EActually%20I%20need%20to%20uninstall%20an%20application%20from%20few%20of%20the%20endpoints%20for%20which%20the%20script%20needs%20to%20be%20run%20only%20with%20administrator%20privilege.%3C%2FP%3E%3CP%3EAlso%20what%20is%20the%20difference%20when%20we%20set%20the%20parameter%20for%20running%20the%20script%3A%3C%2FP%3E%3CP%3ERun%20this%20script%20using%20the%20logged%20on%20credentials%3A%3C%2FP%3E%3CP%3E%3CSTRONG%3EYes%3A%3C%2FSTRONG%3E%20(run%20the%20script%20with%20the%20user's%20credentials%20on%20the%20device)%3C%2FP%3E%3CP%3E%3CSTRONG%3ENo%3A%20(%3C%2FSTRONG%3Escript%20is%20required%20to%20run%20in%20the%20system%20context)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20running%20the%20script%20here%20in%20system%20context%20will%20make%20the%20script%20run%20with%20admin%20privileges%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2005255%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2005815%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20%7C%20Powershell%20Script%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2005815%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F879527%22%20target%3D%22_blank%22%3E%40AnuragSrivastava%3C%2FA%3E%3B%3CBR%20%2F%3E%3CBR%20%2F%3EYes%2C%20the%26nbsp%3B%3CSPAN%3Esystem%20context%20will%20make%20the%20script%20runs%20with%20admin%20privileges.%20The%20%22Local%20System%22%20account%20is%20used%20and%20this%20account%20has%20always%26nbsp%3Badmin%20privileges%20on%20a%20device.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EBut%20in%20that%20case%2C%20the%20script%20will%20be%20executed%20in%20an%20other%20context%20as%20the%20one%20of%20the%20logged%20on%20user.%20So%2C%20if%20you%20want%2C%20for%20example%2C%20to%20uninstall%20an%20application%20which%20has%20been%20installed%20per-user%20(in%20the%20user%20context)%2C%20you%20have%20to%20adapt%20your%20script%20accordingly.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2024282%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20%7C%20Powershell%20Script%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2024282%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F879527%22%20target%3D%22_blank%22%3E%40AnuragSrivastava%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20can't%20add%20more%20to%20the%20execution%20context%20except%20of%20the%20UAC%20question%2C%20which%20comes%20up%20quite%20often%20here.%20In%20system%20context%20you%20don't%20have%20to%20worry%20about%20UAC.%20You%20are%20system%20and%20can%20do%20whatever%20you%20want%20then.%3C%2FP%3E%0A%3CP%3ELast%20thing%20to%20mention%20is%20the%20different%20context%2C%20as%20already%20described%2C%20results%20also%20in%20different%20resolving%20of%20environment%20variables%20like%20%25username%25%20is%20not%20the%20logged%20on%20user%20it%20is%20the%20user%20SYSTEM%20then.%20Or%20take%20%25userprofile%25%20it%20will%20result%20in%20C%3A%5CWindows%5CSystem32%5CConfig%5Csystemprofile.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3C%2FP%3E%0A%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2027444%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20%7C%20Powershell%20Script%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2027444%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%26nbsp%3BThanks%20Oliver%2C%20this%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hi,

When we add and run a script via Intune, so does it run with an administrator privilege or with normal user privilege.

Actually I need to uninstall an application from few of the endpoints for which the script needs to be run only with administrator privilege.

Also what is the difference when we set the parameter for running the script:

Run this script using the logged on credentials:

Yes: (run the script with the user's credentials on the device)

No: (script is required to run in the system context)

 

Does running the script here in system context will make the script run with admin privileges?

3 Replies

Hi @AnuragSrivastava;

Yes, the system context will make the script runs with admin privileges. The "Local System" account is used and this account has always admin privileges on a device.

But in that case, the script will be executed in an other context as the one of the logged on user. So, if you want, for example, to uninstall an application which has been installed per-user (in the user context), you have to adapt your script accordingly.

best response confirmed by AnuragSrivastava (Frequent Contributor)
Solution

Hi @AnuragSrivastava,

 

I can't add more to the execution context except of the UAC question, which comes up quite often here. In system context you don't have to worry about UAC. You are system and can do whatever you want then.

Last thing to mention is the different context, as already described, results also in different resolving of environment variables like %username% is not the logged on user it is the user SYSTEM then. Or take %userprofile% it will result in C:\Windows\System32\Config\systemprofile.

 

best,

Oliver

@Oliver Kieselbach Thanks Oliver, this helps.