From time to time, it’s required to “do something” in user context on a modern managed cloud only Windows device. Installing apps and pushing policies via Microsoft Intune is easy enough, it’s part of the Intune UI to select either system or user context when creating a new application or selecting specific user policies in the Session Catalog and assigning configuration profiles to a group of users.
Let’s say you want to execute a particular task in the user’s context every time the user logs into Windows, it could be to start an application or maybe execute a script that would cleanup temporary or cached data in the user’s profile, this is not something we currently have as a built in feature in Intune.
We have the Platform Script feature, which is great for at kind of “set it and forget it” solution, where the script is executed once and not executed again unless there are changes in the script or the script policy.
A scripted solution
I decided to create a script that would register a scheduled task to run in user context at logon. This script is based on Powershell and the scheduled task parameters are configured via a JSON file.
I have published the script in my Github, feel free to download it a play around with it:
Microsoft-Intune/Scripts/Create Scheduled Task at master · kaspersmjohansen/Microsoft-Intune
The Powershell script
Let’s have a look at the Powershell script, ScheduledTask.ps1.
The script supports a handful of parameters, where the -ConfigFile and -TaskStatus parameters are mandatory.
With the -ConfigFile parameter the script is instructed to read the contents of a JSON configuration file.
The -Taskstatus instructs the script to either register (create) a scheduled task or unregister (remove) a scheduled task, based on the information in the JSON file.
The command might look like this:
ScheduledTaskUser.ps1 -ConfigFile ScheduledTaskConfig.json -TaskStatus Register
This will register (create) a scheduled task based on the information in the ScheduledTaskConfig.json file. Furthermore, a log file is created in the ScheduledTask folder in the user’s profile.
The JSON file
In this example my JSON file is called ScheduledTaskConfig.json, the name is not important, you can call it what you want. I recommend that you provide a name that would help identify what task JSON file associated with.
In the JSON file configured the TaskName, TaskDescription, TaskPath, TaskAction, TaskActionArguments and TaskActionWorkingDirectory
{
"ScheduledtaskInfo":{
"TaskName": "LaunchEdgeBrowser",
"TaskDescription": "Launch Microsoft Edge at logon",
"TaskPath":"\\CustomScheduledTasks",
"TaskAction": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe",
"TaskActionArguments": "--profile-directory=Default",
"TaskActionWorkingDirectory": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"
}
}
Executing the script with the JSON will register a scheduled task with this configuration:
The scheduled task is registered in the CustomScheduledTasks folder
The scheduled will run in the context of the user at logon, and in this case the Microsoft Edge browser is launched. Upon a successful registration of the scheduled task, the script will create a .tag file in the folder configured as the log folder. By default, the log folder is in the user’s profile folder, this tag file can be used as a detection method in Intune. If the scheduled task registration fails, the .tag file is not created.
Configure Win32 app in Intune
The last thing to do is to convert the script to a win32 app and configure it in Intune.
Here is an example of how to configure the install and uninstall commands:
Make sure to configure the install behavior to run in user context:
This command will register the scheduled task:
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -NoLogo -WindowStyle Hidden -Executionpolicy "Bypass" -File "ScheduledTaskUser.ps1" -ConfigFile "ScheduledTaskConfig.json" -TaskStatus Register
This command will unregister the scheduled task:
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -NoLogo -WindowStyle Hidden -Executionpolicy "Bypass" -File "ScheduledTaskUser.ps1" -ConfigFile "ScheduledTaskConfig.json" -TaskStatus Unregister
This concludes the article. Feel free to reach out to me on X or on LinkedIn if you have any comments or questions.