How we can we force the PS script on Intune to rerun

Question

How we can we force the PS script on Intune to rerun

Ashish Kumar Arya 41

Hi Team,

Please help here ---

I am pushing a PS script to Intune machines on my tenant to change the Ethernet network adapter's network category from Public to private. This is to turn off the VPN automatically when the machine is on an Ethernet network.

For some reason, the script is getting failed for scenarios when the machines are not on LAN and connected to Wifi and when the machines gets to LAN, so the VPN does not turned off automatically.

Is there a way to resolve this issue?

David Foreman 1 Reputation point

2022-06-22T13:07:31.967+00:00

I have prepared scripts for a client with the intent that each time a staff member logs in to a new device the script would kick off. I have found this is not the case. Seems the only way is to create a new script (or edit an existing one). This defeats the purpose of the script.

Accepted answer

3 additional answers

Your answer

David Foreman 1 Reputation point

2022-06-22T13:07:31.967+00:00

I have prepared scripts for a client with the intent that each time a staff member logs in to a new device the script would kick off. I have found this is not the case. Seems the only way is to create a new script (or edit an existing one). This defeats the purpose of the script.

Answer 1

Cici Wu-MSFT 1,191

Please understand that the Intune management extension agent checks with Intune once every hour and after every reboot for any new scripts or changes. After you assign the policy to the Azure AD groups, the PowerShell script runs, and the run results are reported. Once the script executes, it doesn't execute again unless there's a change in the script or policy. If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-ins.

If you want to force run the script, you can restart the IntuneManagementExtension service in task manager and and the script will rerun again on this device. Also, a restart on the device or restart service triggers the script. Here is a good sample:
https://oliverkieselbach.com/2018/02/12/part-2-deep-dive-microsoft-intune-management-extension-powershell-scripts/

If you want scripts to run multiple times for a user, you'll need to deploy a method of removing the key, reassigning the script or scheduling it as a task.
Reference: https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

João Vieira 1 Reputation point

2022-03-02T12:02:36.577+00:00

Is there any justification for this change?

Before:
"The Intune management extension agent checks with Intune once every hour and after every reboot for any new scripts or
changes."

Now:
"The Intune management extension agent checks after every reboot for any new scripts or changes."

https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension#before-you-begin
Piotr Domanski 0 Reputation points

2023-02-23T09:43:23.5333333+00:00

That's really counterproductive.
Why Microsoft makes things so complicated?
There should be a simple way as it is in SCCM to run the script again.
Currently, even if you change the script or re-deploy it to the collection, you have to wait some random time or reboot the computer. What if you correct your script a few times? It may take a few days to test it this way.
...And the solution seems to be ...to create a second script, which deletes some registry keys or restarts the service, and to wait a random time or reboot the computer, so this script runs and then to wait for the first script to re-run?
Brilliant idea! :)
Severin Kempf 0 Reputation points

2025-01-14T09:07:56.14+00:00

Also, if there are no changes made to the script, you can force it to re-run by removing the GUID related to the script under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Policies\

in regedit.

Since the scripts are saved as GUIDs, it's a bit difficult to identify which registry is related to which script. If you open the GUIDs and check "ResultDetails", you may be able to glean some information from that. Luckily for me there was only one GUID.

Answer 2

Paul Austin 31

Intune could be improved dramatically with one simple change.

If you go into Microsoft Company Portal and click the Sync button in settings it would go off, check in and run any updates that need to be run.

The current cycle of wait a random amount of time to see if the changes you made to a script, setting or new app to be installed isn't very productive for Administrators doing new things.

Wade Rencsok 6 Reputation points

2022-02-14T23:17:32.207+00:00

Indeed. This really slows down development and end to end testing before deploying to a production environment. An "Immediate" push option for individual devices would really help.

This is a major complaint I have about syncing devices and changes in Endpoint. The wait can be quite painful, I have seen it take many hours to push a change to a device.
Mikkel Lund Knudsen 116 Reputation points

2022-03-09T06:48:11.633+00:00

Agree!
Matt Fletcher 6 Reputation points

2022-03-29T21:29:47.603+00:00

Completely agree with this sentiment
Andy Parsons 21 Reputation points

2022-05-11T00:26:05.147+00:00

I totally agree. Given that nearly all of the AD Group Policy Preferences functionality has moved to PowerShell scripts in InTune, having the equivalent functionality and immediacy as AD would also be an attractive feature to both hybrid and cloud native users who manage their Endpoints with InTune.
AdminJoe 1 Reputation point

2022-06-03T22:13:34.527+00:00

I have to agree ENTIRELY. This is such a basic function, and one that should be as easy to implement as it is common-sensical.
Thomas Salvisberg 0 Reputation points

2023-03-07T09:46:53.4233333+00:00

Good to see that i am not the only one, who is totally annoyed by the lack of a real push option. Sure you can sync on client using the endpoint portal, or if you're really click-happy, do it there for all clients (whoever designed the bulk-actions feature should be forced to sync 10'000 clients this way, this could keep him busy for hours. Or you can use the graph API and do it by script, but in the end, nothing really happens. The script will run, whenever some random cycle is up, and all the sync functions in the portal, on the client or in the graph API does not really speed up things, it just wastes your time in another fashion while you wait for the script to run on all clients. It's a shame, that the intune program manager is ignoring this over years and years

Answer 3

Pavel yannara Mirochnitchenko 13,341 MVP

It is enough to re-add the script file into the script policy and it will re-execute it (for all devices).

James Wall 0 Reputation points

2023-02-21T20:03:47.71+00:00

I've found in testing that you will need to have some sort of change to the script itself. I've gotten around this by changing the 'Description' by adding or removing a period at the end.

Answer 4

U2 Pas 0

to rerun, either have to cleanup in registry so intune does not remember it already did run.
Here is a good start for more details
https://www.deploymentresearch.com/force-application-reinstall-in-microsoft-intune-win32-apps/

Maybe even better is to use remediation scripts and set them to run once or schedule, and in single devices can also rerun manually

David Brasser 6 Reputation points

2023-10-13T19:26:38.4433333+00:00

Don't remediation scripts require a special additional license to make use of?

Share via

How we can we force the PS script on Intune to rerun

3 additional answers

Your answer