When I run the Deploy-Application.exe from commandline on my machine, the relevant registry keys are created and are removed with the uninstall switch.
When I package this up into an intune win file for intune, The application runs successfully, The detection script exits with code 0
The first thing that springs to mind is how are you targetting the application deployment in Intune User or System?
If you are not specifically choosing user, it will default to System…
As such, as you are applying those registry keys to HKCU, this will likely be applied to the System account, not the logged on user
I guess you could check the registry to see if those keys are set below the System account to confirm my theory
Apologies, I didn’t read your post thorougly enough
It looks like you are doing the correct thing to apply these settings to all Users registry settings.
However, I wonder if the order of the registry key creation here might be the issue - I think the 2nd Set-Registry line should be first, as the 1st Set-Registry line is trying to add a key below the DisallowCPL key that may not exist (until the 2nd line has been run)
As above - you were missing the -SID $UserProfile.SID bit there!
BTW your detection rule is looking at HKCU for the system account, so the original version would not work for new users logging on. A remediation script in pure user context sounds like the better approach.
Hello - I put the below function and code to update HKCU when logged in as System. seems to work
# Function to add or modify registry key for the current user
function AddOrUpdateRegistryKeyForCurrentUser {
param (
[string]$RegistryPath,
[string]$Name,
[string]$Value,
[string]$Type = "String"
)
# Create the HKU drive if it doesn't exist
if (-not (Get-PSDrive -Name HKU -ErrorAction SilentlyContinue)) {
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
}
# Get the SID of the logged-in user
$UserSID = (Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false -and $_.Loaded -eq $true }).SID
# Construct the full registry path
$FullRegistryPath = "HKU:\$UserSID\$RegistryPath"
# Add or update the registry property
New-ItemProperty -Path $FullRegistryPath -Name $Name -Value $Value -PropertyType $Type -Force
}
# Define the registry paths, names, and values for the two keys
$RegistryPath = "PAth"
$Name1 = "Name"
$Value1 = "String"
$Name2 = "Name"
$Value2 = "String"
# Call the function to add or update the first registry key
AddOrUpdateRegistryKeyForCurrentUser -RegistryPath $RegistryPath -Name $Name1 -Value $Value1
# Call the function to add or update the second registry key
AddOrUpdateRegistryKeyForCurrentUser -RegistryPath $RegistryPath -Name $Name2 -Value $Value2