Deploy PowerShell Script

Overview

Platform Scripts run PowerShell on devices. Use when a setting isn't available in Settings Catalog.

Key difference:

• Run as System → For system-wide changes (remove apps, set wallpaper)
• Run as User → For user-specific changes (PWA installs, user registry)

Create a Platform Script

Step 1: Navigate

Intune → Devices → Scripts and remediations → Platform scripts

Step 2: Add Script

Click + Add → Windows 10 and later

Step 3: Basics

• Name: Descriptive name (e.g., BCM-Remove-Bloatware)
• Description: What this script does
• Click Next

Step 4: Script Settings

Click Next

Step 5: Assignments

• Select All Devices or a specific group
• Click Next

Step 6: Review + Create

Click Create

When to Use System vs User

Script Runs Once

Platform scripts run once per device at next check-in. If you need it to run repeatedly (e.g., enforce a setting users can change), use Proactive Remediations instead.

Location: Devices → Scripts and remediations → Remediations

Check Script Status

1. Go to Devices → Scripts and remediations → Platform scripts
2. Click your script
3. Check Device status tab
4. Look for Success/Failed/Pending

Force Script to Run Again

Scripts only run once. To re-run:

1. Delete the script from Intune
2. Wait for devices to sync
3. Re-create the script
4. Assign again

Or modify the script slightly (add a comment) and upload as new version.

Troubleshooting

Script shows as "Failed":

• Check the script for syntax errors
• Test locally first: powershell -ExecutionPolicy Bypass -File script.ps1
• Check if it needs System vs User context

Script succeeded but nothing changed:

• Wrong context (System vs User)
• Script ran but user logged in later
• Need reboot/logoff for changes to apply

Script not running at all:

• Device not syncing
• Device not in assigned group
• Script blocked by execution policy (use Bypass in script)

#bcm/procedure/intune/script