Intune makes a lot of things really easy, but some things are just easier with GPO. Adding or changing registry keys for the current user in the HKEY_CURRENT_USER hive is one of the things that was far easier with GPO than it is in Intune. I’m really going to miss the days of OnPrem AD, OU’s, and GPO’s. Sad times we live in, or maybe I’m just old and frustrated with Microsoft.
Sadly, there are some configurations that we need to do as engineers or admins that require us to dive into the HKCU hive to make modifications.
Never fear, there is a way to deploy registry keys to HKCU using Intune though. You can package this as a Win32 app or you could use a Proactive Remediation. I’ve covered those methods in this post: Deploy PowerShell Scripts in Intune
You will want to create a new PowerShell script similar to the one below. In our example, we are creating a new value in HKCU:\Software called Test and setting the value equal to 1.
New-ItemProperty -LiteralPath 'HKCU:\Software' -Name "Test" -Value 1 -PropertyType "Dword" -Force -ea SilentlyContinue
Simple enough, right? The important part is during the Win32 app creation or Proactive Remediation, whichever you choose. We want to make sure that this runs in the user context, otherwise, it won’t work properly.
Win32 App Config
For a Win32 app, you must make sure to change the Install Behaviour to “User” instead of system.
Proactive Remediation Config
If you choose a Proactive Remediation deployment for this, you want to make sure that the option to Run this script using the logged-on credentials is set to “Yes”.
Another option is to make your script load the registry key for all new users who sign in. This will not impact users who already have profiles on the device, only new users.
To do this, we use PowerShell again to enable access to the HKEY_USERS hive, and then you can create your key there.
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS New-ItemProperty -LiteralPath 'HKU:\.DEFAULT\Software' -Name "Test" -Value 1 -PropertyType "Dword" -Force -ea SilentlyContinue
Oh, the good old days of GPO are quickly going away and Microsoft doesn’t seem to want to make our lives easy. No worries, we found a workaround and now you know how to deploy registry keys using Intune to the current user registry hive.
Have Intune questions? Let me know in the comments.
I’ve been working in the IT field for nearly 15 years, specifically with desktop engineering. I have a degree in Computer Science as well as some industry certifications from Microsoft. Outside of work, I have 21 years of experience in various programming languages and enjoy making toy projects. I’m also an avid Linux user, currently using Manjaro as my main OS. I enjoy writing about my experiences in programming and with Linux as well.