From time to time it can be useful to execute an action as a "Run once at Startup" script once as a user or system when the computer starts up. Intune does not have a "Run once at Startup" feature. That's why I created two scripts that give me the opportunity to make a change or cleanup before the end user opens a program or runs into an error. I have this for example with the "Clear Microsoft Teams cache once" used.
Because a script doesn't always need to be run with the same permissions, I use two different methods. The first is via Scheduled Task and runs the script as a "system" user. This ensures that tasks with elevated rights or, for example, for all users can be executed at the same time.
The second version uses the "RunOnce registry key" function. This will run the script once as a user. You can easily distribute both scripts with Intune and thus as "Run once at Startup".
Add your code to both scripts after the comment and delete the "Write-Host" part:
Run one at Startup - as User
Windows has one or two simple registry entries that can be used to run a task as a user.
These are the following two:
The first one in the "Current User" only runs the task for the specific user himself.
In the second, which is in the "Local Machine" context, the task is executed once for each user.
In my script I intercepted both cases.
If you distribute the script in Intune as a PowerShell script (Devices > Windows > PowerShell scripts), you can select "Yes" or "No" in the options for "Run this script using the logged on credentials". With "Yes", the script will only be executed on the assigned user (The script should then be assigned to a user group). With "No" the script is executed as system and the registry entry is set in the "Local Machine" content.
The script is not deleted after execution because it can be used by multiple users.
Run one at Startup - as System
To run the script once when the computer starts up as a system, I use a "Scheduled Task". This task is executed when it starts, executing its defined script, which it then deletes. In addition, the "Scheduled Task" itself is also deleted, so that there are no remains on the computer after execution, apart from the log.
Here, the version as a system must be selected for distribution: