Hi everyone! I'm in the process of deploying software using Intunewin, and I have two scripts to handle the installation. The first script runs as an admin to install the software, but the second script needs to run as the user currently logged into the computer. When deploying the Intunewin package, I can set a command for the installation like this: `powershell script1.ps1`. In turn, in the first script, I want to execute the second script with something like `powershell script2.ps1`. Is this approach going to work?
3 Answers
You might want to consider creating two separate Win32 apps in Intune—one for each script. For the second script's app, you could set it up as a dependency on the first script's app. That way, it ensures proper execution order.
Without getting too technical, I'd recommend using the PowerShell App Deployment Toolkit (PSADT). It has useful cmdlets for user profile management, like copying files into user profiles or executing processes as the logged-in user. It even allows prompting the user for installation when the script runs as SYSTEM.
But if you're looking to avoid PSADT, just keep in mind that you'll need to identify the logged-on user on the console and set a scheduled task for them. However, PSADT simplifies this quite a bit, unless you're worried about its past vulnerabilities.
I'm concerned with the security implications too. Maintaining multiple packages when there's potential for breaking changes or vulnerabilities is a challenge, especially with large-scale deployments.
Using Active Setup could be a great option here, especially if the second script needs to run for not just the current user but for future logins as well. You could have the first script save the second script on disk and create an Active Setup registry key to trigger it when users log in.
Totally agree! This method is simpler and avoids the complications that can come from trying to detect the logged-in user and setting up a scheduled task.