Set a PowerShell script (or other file) as scheduled task with Endpoint Manager

Interesting case today, we had a customer who wanted to map it’s OneDrive and Sharepoint drives as drive letters because they are working with an application located on a RDS farm which doesn’t support clipboard sharing.

To keep it simple for the users the drive letters had to appear in the “Computer” overview as drive letters. I used the OneDrive Mapper tool (full props go to Jos Lieben https://www.lieben.nu/liebensraum/onedrivemapper/) to map those drives.

Although Jos has a great guide on how to publish the application to Endpoint Manager I wanted to do it the PowerShell script way.

Now how do you create a scheduled task which runs the script every time the user logs in and deploy it with Endpoint Manager?

Well, let me show you.

Create a script to create the task and copy the PowerShell file

What we need to do first is create a PowerShell script which copies the PowerShell file to a directory so the scheduled task can start it. Then we will create the task itself and set the schedule to run every time the user logs onto the computer.

Copying the file

Create a directory called Scripts on the C:\ drive

New-Item -path "c:\" -Name "Scripts" -ItemType "Directory"

Copy the PowerShell script OneDriveMapper.ps1 to this directory

Copy-Item -Path ".\OneDriveMapper.ps1" -Destination "C:\Scripts\OneDriveMapper.ps1"
Set the action for the scheduled task

Start the script and bypass the PowerShell execution policy (important!)

$A = New-ScheduledTaskAction -Execute "powershell.exe -executionpolicy bypass -file C:\Scripts\OneDriveMapper.ps1"
Set the trigger

The script should be started when the user logs on to the system

$T = New-ScheduledTaskTrigger -AtLogon
Get the current user’s Username property and set the script to run under this account
$T = $P = New-ScheduledTaskPrincipal "$env:USERNAME"
Place all the settings into an array
$S = New-ScheduledTaskSettingsSet
Create a new task from this array
New-ScheduledTask -Action $A -Principal $P -Trigger $T -Settings $S
Register the task

Create the task and name it OneDriveMapper

Register-ScheduledTask OneDriveMapper -InputObject $D

Compiling the files into a Win32App

I’ve added all the above lines to the script and give it a name. My script will be called Mapper.ps1.

Place the script and the “support files”, in my case the OneDriveMapper.ps1, into one directory.

One directory with all the files

Then download the Microsoft Win32 Content Prep Tool from GitHub:

https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool

Fire up Command Prompt (or PowerShell) and browse to the Content Prep Tool’s directory.

Then you will need to run the IntuneWinAppUtil.exe with the following parameters:

ParameterExplanation
-cThe location of all the files, this is the directory we created above
-sThe “setup” file which is the script we created earlier, in my case the Mapper.ps1
-oThe directory where you want the .intunewin file to be placed. This is to be considered the application from now on

Example:

cd C:\temp\Intune
IntuneWinAppUtil.exe -c "C:\temp\OneDriveMapper" -s "C:\temp\OneDriveMapper\Mapper.ps1" -o "C:\temp\OneDriveMapper\Output"

Adding the application to Endpoint Manager

The last thing we will need to do is adding the application

Log on to https://endpoint.microsoft.com

Go to Apps and add the application as Windows app (Win32)

Enter the application details like the Name, Description and Publisher

Go to the next screen, this is where it gets interesting!

Add the Install Command, this again is the script which creates the task and copies the PowerShell file:

powershell.exe -executionpolicy bypass -command "& '.\Mapper.ps1' 1"

For the Uninstall Command you could add a second script to your “repo” which removes the files and scheduled task with the Remove-Item and the Unregister-ScheduledTask commands.

If you don’t want to create an uninstall command, just copy the install command.

The last piece of information you will need to provide are detection rules.
These rules are the best in terms of checking if your script has run.

I’ve added a detection rule which checks if the file C:\Scripts\OneDriveMapper.ps1 is present on the file system.

Assign the application to the users who need the task to be created.

And that’s it, you’re done!

The end result

The end result is a scheduled task and a file, how surprising is that right?!

As you can see, creating scheduled tasks works perfectly fine from Endpoint Manager and you can even “update” the task and files by re-compiling a new version of the application.

If you have any questions, post them below!

Dit vind je misschien ook leuk...

3 reacties

  1. Andy schreef:

    A fantastic post sir, I salute you! I am wanting to do a similar thing with a script that cleans out the local administrators group once per day at a set time so that if necessary, Service Desk can add a user to the local administrators group to perform certain actions and the next time the schedule runs they are removed again. How would I go about getting this script to run as the SYSTEM account instead of the local user who will not have local admin rights most of the time?

    • Patrick van Bemmelen schreef:

      Hi Andy,
      First of all, thank you for the kind words!
      This is why I love sharing the information and helping people! 🙂
      What you could do is change the user ID of the account. You do this by changing the User ID in the New-ScheduledTaskPrincipal command to:
      -UserId “LOCALSERVICE” -LogonType ServiceAccount

      This will set the scheduled task to run under the SYSTEM account.
      Please let me know how this works for you and of course I’m here to help!

  2. Ammad schreef:

    I was looking soo long for this kind of solution. I try this trick to add and activate/deactivate Proxy based on SSID Name.

    I would really appreciate if you have already made such a attempt.

Geef een reactie

%d bloggers liken dit: