Endpoint Management - The Lazy Administrator

Allow Non-Admin Users to Manage Their Desktop Icons Using Intune

February 10, 2023 Brad Wyatt Comments 0 Comment

Many IT organizations do not allow their end users to be local administrators on company endpoints, and for good reason. But one issue I have ran across is that some applications install an icon on the public desktop (C:\Users\Public\Desktop) and the end user is unable to delete the icon as it requires administrative rights. Using PowerShell, we can modify the ACL of the public desktop folder and allow our non-admin users to delete these shortcuts.

Copy the PowerShell script below and save it somewhere we can reference it later. This script modifies the permissions for the folder ‘C:\Users\Public\Desktop’ and adds the ‘authenticated users‘ entity to it with the ‘modify’ permission.

$folderPath = "C:\Users\Public\Desktop"
$acl = Get-Acl $folderPath
$user = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-11')
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule ($user,"Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($rule)
Set-ACL $folderPath $acl

Open a web browser and navigate to Intune.Microsoft.com > Devices > Scripts and Add a … Continue...

Set Corporate Wallpaper with Intune for Non Windows 10 Enterprise or Windows 10 Education Machines

July 30, 2019 Brad Wyatt Comments 4 comments

By default, there is an Intune device configuration property that can set a devices wallpaper (Profile Type: Device Restrictions > Personalization) BUT this is only applicable on devices running Windows 10 Enterprise and Windows 10 Education. Luckily, using PowerShell we can download a image from the web, save it locally, and set it as our users wallpapers.

First we need to create our PowerShell script. In PowerShell ISE I created the following script and saved it to my local machine

$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"


$DesktopPath = "DesktopImagePath"
$DesktopStatus = "DesktopImageStatus"
$DesktopUrl = "DesktopImageUrl"

$StatusValue = "1"


$url = "https://www.thelazyadministrator.com/wp-content/uploads/2019/07/nicewall.jpg"
$DesktopImageValue = "C:\MDM\wallpaper_LazyAdmin.jpg"
$directory = "C:\MDM\"


If ((Test-Path -Path $directory) -eq $false)
{
	New-Item -Path $directory -ItemType directory
}

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($url, $DesktopImageValue)



if (!(Test-Path $RegKeyPath))
{
	Write-Host "Creating registry path $($RegKeyPath)."
	New-Item -Path $RegKeyPath -Force | Out-Null
}


New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $StatusValue -PropertyType DWORD -Force |

… Continue...