问题
I am so confused and actually also not so familiar with PS and bat after my troubles with them.
I want to set the Lockscreen in Windows 10 with Intune through an IntuneWin file (WIN32 application).
I have a folder with the image, which I want to set, a copy.bat which should copy the image in the directory and also execute the PS file for setting the login image and a del.bat for deleting the image.
copy.bat
md %AllUsersProfile%\sz
copy /Y Wallpaper.jpg %AllUsersProfile%\sz
powershell -ExecutionPolicy Bypass -File Set-Lockscreen.ps1 -verb RunAs
del.bat
del /Y %AllUsersProfile%\sz\Wallpaper.jpg
Set-Lockscreen.ps1
$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationLS"
$LockScreenPath = "LockScreenImagePath"
$LockScreenStatus = "LockScreenImageStatus"
$LockScreenUrl = "LockScreenImageUrl"
$StatusValue = "1"
$path = "C:\ProgramData\Elinvar"
$LockScreenImageValue = "C:\ProgramData\sz\Wallpaper.jpg"
sIf ((Test-Path -Path $path) -eq $false)
{
New-Item -Path $path -ItemType directory
}
if (!(Test-Path $RegKeyPath))
{
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
}
New-ItemProperty -Path $RegKeyPath -Name $LockScreenStatus -Value $StatusValue -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenPath -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenUrl -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
RUNDLL32.EXE USER32.DLL, UpdatePerUserSystemParameters 1, True
I pack all these files with Microsoft Win32 Content Prep Tool and upload this in Intune as Win32 file. Upload works, assigning to a group works, installation is successful. All good so far, I thought.
If I check the directory, the image is in %AllUsersProfile%\sz. But when I check the reg, the entry is not set.
When I run the copy.bat file manually, It doesn't work. Only when I run it as administrator. When I run the last line in cmd as administrator, so
powershell -ExecutionPolicy Bypass -File Set-Lockscreen.ps1 -verb RunAs
It works as well.
I think Intune is not running the script as administrator. In Intune there is no configuration to say, run this command as administrator. Maybe with a syntax? Does anyone know this? Something like
copy.bat RunAs
I also export the reg file and import this with
reg import PersonalizationLS.reg
It didn't work.
I think there must be a way to execute the installation command in intune to run the script as admin. It needs just for the last line the administrator privilege , md and copy work without administrator privileges. (same also for important reg file).
回答1:
The Windows PowerShell CLI (powershell.exe) has no -Verb parameter, only the
Start-Process cmdlet does.
Since it is only the powershell.exe call that requires elevation (running ad admin), try the following in your batch file:
powershell -ExecutionPolicy Bypass -c Start-Process -Verb RunAs -Wait powershell.exe '-c Set-Location "\"\\\"%CD%\\\"\""; .\Set-Lockscreen.ps1'
However, this would only work for interactive execution, because a user must manually confirm the UAC security dialog for privilege elevation (running as admin) to occur - if they are not admins themselves, they would have to provide an admin's credentials.
If the problem is related to running from a 32-bit process while needing the PowerShell script to run in a 64-bit process (given that 32-bit and 64-bit process have separate registry hives), substituteC:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe for (the first only) powershell in the command above.
来源:https://stackoverflow.com/questions/63567935/execute-ps-from-bat-for-intune-win32