User-Context Detection Rules for Intune Win32 Apps

Today I had to create a Win32 app in Intune that sets a registry key in the current user context to toggle a setting in the OS. Somehow I thought I’d have it done in a jiffy, but I stumbled on a couple of unexpected issues along the way….

First, as the app simply runs a PowerShell script that sets the registry key, the install command I was using created the key in the WOW6432node because the IME runs as a 32-bit app. So I had to change the command to use SysNative:

%windir%\SysNative\WindowsPowershell\v1.0\PowerShell.exe -ExecutionPolicy Bypass -File MyInstallScript.ps1

Second, the app is only applicable to Windows 11 yet in the Minimum operating system requirement, Windows 11 is not available, nor even is Windows 10 21H2. I guess that’ll get updated at some point…

So I had to choose a Windows 10 OS and add an additional scripted requirement rule for Windows 11:

[int]$BuildNumber = Get-CimInstance Win32_OperatingSystem -Property BuildNumber | Select -ExpandProperty BuildNumber
If ($BuildNumber -ge 22000)
{
    Write-Output "Pass"
}
else
{
    Write-Output "Fail"
}

Next came a more tricky problem – the detection rule. This had to done using a custom detection script, but the script runs in SYSTEM context so by default it can’t detect changes in the logged-on user registry hive.

I recalled some code I had used elsewhere to detect the current logged on user in SYSTEM context and simply modified the detection script to check the HKEY_Users hive instead of HKEY_CURRENT_USER hive based on the SID of the logged on user. This works as long as only a single user is logged in:

Function Get-LoggedOnUserSID {
    # ref https://www.reddit.com/r/PowerShell/comments/7coamf/query_no_user_exists_for/
    $header=@('SESSIONNAME', 'USERNAME', 'ID', 'STATE', 'TYPE', 'DEVICE')
    $Sessions = query session
    [array]$ActiveSessions = $Sessions | Select -Skip 1 | Where {$_ -match "Active"}
    If ($ActiveSessions.Count -ge 1)
    {
        $LoggedOnUsers = @()
        $indexes = $header | ForEach-Object {($Sessions[0]).IndexOf(" $_")}        
        for($row=0; $row -lt $ActiveSessions.Count; $row++)
        {
            $obj=New-Object psobject
            for($i=0; $i -lt $header.Count; $i++)
            {
                $begin=$indexes[$i]
                $end=if($i -lt $header.Count-1) {$indexes[$i+1]} else {$ActiveSessions[$row].length}
                $obj | Add-Member NoteProperty $header[$i] ($ActiveSessions[$row].substring($begin, $end-$begin)).trim()
            }
            $LoggedOnUsers += $obj
        }

        $LoggedOnUser = $LoggedOnUsers[0]
        $LoggedOnUserSID = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\$($LoggedOnUser.ID)" -Name LoggedOnUserSID -ErrorAction SilentlyContinue |
            Select -ExpandProperty LoggedOnUserSID
        Return $LoggedOnUserSID
    } 
}

$LoggedOnUserSID = Get-LoggedOnUserSID

If ($null -ne $LoggedOnUserSID)
{
    If ($null -eq (Get-PSDrive -Name HKU -ErrorAction SilentlyContinue))
    {
        $null = New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
    }
    $i = Get-Item "HKU:\$LoggedOnUserSID\Software\<regkey>" -ErrorAction SilentlyContinue
    if ($null -eq $i)
    {
        # key doesn't exist, need to set
        "nada"
        Exit 1
    }
    else 
    {
        $r = Get-ItemProperty "HKU:\$LoggedOnUserSID\Software\<regkey>" -Name '(Default)' -ErrorAction SilentlyContinue | 
            Select -ExpandProperty '(default)' 
        If ($r.Length -gt 0)
        {
            # default key is not correct value, need to update    
            "not right value"
            Exit 1
        }
        else 
        {
            # all good
            "all good" 
            Exit 0   
        }
    }
}
Else
{
    # no logged on user detected
    "no logged on user detected"
    Exit 1
}

After that, finally the app installed and detected correctly!

2 thoughts on “User-Context Detection Rules for Intune Win32 Apps

Leave a Reply to Turbomcp Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.