Microsoft Intune can not push out Group Policies onto computers, but we can target users or devices with scripts that change that setting in the registry.
Here is how you create a simple script that does just that.
@Echo off echo A Script to set a Registry value using Windows Intune REM registry key reg add HKLM\Software\Policies\Microsoft\PassportForWork /f reg add HKLM\Software\Policies\Microsoft\PassportForWork\ /v Enabled /t REG_DWORD /d 0 /f if errorlevel 1 ( echo Error installing reg key exit /b 1 ) else ( echo Installed regkey ) exit /b 0
Simply copy this script into a notepad file and then save it as PassportForWork.CMD right click and Run as Administrator to input the software policy where we set Passport for Work enabled as = 0 “Turn Off”
You can enter some of these register values:
REG_BINARY
REG_DWORD
REG_EXPAND_SZ
REG_LINK
REG_MULTI_SZ
Read more here: Registry Values (Technet)
- Once you have created the script, here is how you package it : Package Scripts
- Here is how you deploy it: Deploy custom script with Microsoft Intune
Thanks to Richard Harrison at http://www.cableplugger.com/2013/03/adding-windows-registry-entry-with.html
Håvard Siegel Haukeberg 
November 18, 2016 at 12:21 pm
Thank you! This was exactly what I was looking for. I just want to share a tip when creating the registry script; If you’re using unicode values in REG_SZ strings, add “chcp 65001” to change code page before the “reg add” lines.
Sample:
chcp 65001
reg add HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System /f
reg add HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System\ /v dontdisplaylastusername /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System\ /v legalnoticecaption /t REG_SZ /d “VARNING! Endast för behöriga användare.” /f
LikeLike
November 18, 2016 at 5:32 pm
Cool, thanks 😊
LikeLike