When you are managing organization devices and applications, you may have the requirement to deploy registry keys to end user devices to fix an issue or for configuration of an application etc. In this blog post, we will see the steps on how to create registry keys using Intune.
In this blog post, we will use Win32 app deployment method to deploy registry key and registry entries under HKLM node of registry. You can also use Win32 app deployment method to deploy registry keys and registry entries under HKCU node as well by deploying the application under User Context.
HKCU is a short form of HKEY_CURRENT_USER. It contains the configuration information for the user who is currently logged on. The user’s folders, screen colors, and Control Panel settings are stored here. This information is associated with the user’s profile. You can easily deploy a registry key under HKCU node using Intune device remediations as well.
HKLM is a short form of HKEY_LOCAL_MACHINE which contains information about Operating system and application configuration settings. You can also easily deploy HKLM registry key using Intune remediations.
If you have a requirement to backup and delete a registry key then you can check out my other blog post which provides information about how to resolve CVE-2022-30190 vulnerability. It also has the steps on how to backup and delete a registry key using Intune.
There are several use cases fo deployment of registry keys on windows devices using Intune. I will not be able to provide each and every use case here but I can highlight few of them below:
- Post deployment application configuration using windows registry
- Licence configuration or Activation for any Installed Software.
- Operating System configuration settings.
- Using registry keys to Enable / Disable certain application features.
As i said earlier, the use cases are endless and yours may be another unique use case for Windows registry deployment. You can easily create a registry key and registry entries / values by opening regedit
on a device and create registry keys as required.
When you are managing Windows 10 or Windows 11 devices using Intune, it becomes really easy to manage Windows registry from a central place. I will be deploying the registry keys by creating a Win32 app deployment method. Please note my target devices are joined to Azure AD and enrolled into Intune.
Export Registry Key
First step is to Export the registry key from a device which already has that registry keys / registry entries created and configured the way you want on the target devices.
I have created a registry key called ATestKey-Cloudinfra.net under HKEY_LOCAL_MACHINE\SOFTWARE path and created couple of DWORD and String type registry entries.
I want to deploy this registry key along with its registry entries to all Organization devices. Therefore, Export the registry key you want to deploy by right-clicking on the registry key folder and click on Export. Provide a name of the file to Save. The File will be saved with an extension of “.reg“.
Create IntuneWin file
We will be using a Powershell script which imports the registry file on the target devices. Please save below one liner Powershell script file on your computer. I have called it as CloudInfraregImport.ps1.
CloudInfraregImport.ps1
reg import .\AtestkeyCloudInfra.reg
- Create an empty folder anywhere on your device and paste the registry export file (.reg file) and Powershell script file into that folder.
- Download Microsoft Win32 Content Prep Tool. Its a zip file therefore extract its contents into a folder.
- Create an empty folder for example C:\output or anywhere you like.
- Package RegImportv6 folder to .intunewin file using IntuneWinAppUtil.exe which can be located in Microsoft Win32 Content Prep Tool.
You can run one liner command with all the switches specified or you can also run .\IntuneWinApputil.exe to provide you with prompts to specify source folder, setup file and output folder.
.\IntuneWinAppUtil.exe -c "D:\RegImportv6" -s CloudInfraRegImport.ps1 -o C:\output
- Now, check C:\output folder to confirm if .Intunewin file has been created successfully.
Create Win32 App on Intune admin center
Once we have .Intunewin file created successfully. We can use it to create Win32 app deployment. Let’s check the steps:
Please follow below steps to create Intune Windows app (Win32) app using .IntuneWin file.
- Login on Microsoft Intune admin center
- Click on Apps and then click on All Apps
- Click on + Add and Select Windows app (Win32) from the app type
App Information Tab
Click on Select app package file to browse and select CloudInfraRegImport.intunewin file and click on OK. On App information tab, provide Information about the Application. Update the Name, Description and Enter the name of the publisher. Click on Next to proceed.
- Name: CloudInfraReg Import
- Description: Keep Default or to change click Edit Description.
- Publisher: Cloudinfra.net
Program Tab
Provide the Install command, uninstall command, Install behavior, Device restart behavior. Click on Next to proceed.
- Install command: %windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe -Executionpolicy Bypass .\CloudInfraregImport.ps1
- Uninstall command: %windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command “Remove-Item -Path ‘HKLM:\SOFTWARE\ATestKey-Cloudinfra.net’ -Force”
- Installation time required (mins): Specify how much time your application would take to complete the Installation. If it will take longer than specified time, the Installation will fail. Default is 60 minutes and Maximum time you can specify is 1 day (1440 minutes).
- Install behavior: System
- Device restart behavior: No specific Action
Please note if you are creating registry keys and registry entries under HKCU: then toggle the Install behaviour mode from System to User. |
Requirements Tab
Provide Operating System Architecture and Minimum operating system information. Click on Next to proceed.
- Operating System Architecture: 64-bit
- Minimum operating system: Select according to the operating system version being used in your enviornment. For Example: Windows 10 1607.
Detection Rules
Select Manually configure detection rules and click on +Add to add a detection rule.
- Rules Format: Select Manually configure detection rules
- Rule Type: Registry
- Key path: HKEY_LOCAL_MACHINE\SOFTWARE\ATestKey-Cloudinfra.net
- Detection method: Key exists
- Associated with 32-bit app on 64-bit clients: No
Assignments Tab
Create an Azure AD Security group which contains users or devices where this application package needs to be deployed. Please note that if you add users into the list, it will deploy this application on all of the users devices joined to Azure and Enrolled into Intune. If you want to deploy the app to specific devices then you should add devices in the Azure AD security group not users.
Make sure to add it to the Required section which will install the application on users system as soon as possible.
To make sure Win32 app deploys on all end user devices, You can also click on + Add all devices to target all devices which are enrolled into Intune.
Review + Create
Next tab is for Review + Create. Save the application which will start the process of uploading .intunewin file and also will start the deployment process.
Intune Policy Refresh Cycle
The Device will Sync / Check in to start Win32 app deployment. It may take some time for the process to start. Therefore, if you are testing it on a test device, you can force initiate Intune refresh cycle on the device which will speed up the download and installation process. You can also use Powershell to force initiate Intune refresh cycle.
Also, you can restart the device first which also starts the device check-in process. Manual sync is not mandatory on user’s devices as the device check-in process happens automatically. But if you are testing this setting on a test device then this can speed up your testing and can save some time.
Monitoring the Installation Progress
To check the Installation status of the app, You can follow below steps:
- From Intune admin center, Click on Apps on the left hand side.
- Click on All apps.
- Search for the app CloudInfraReg Import and click on it.
From the Overview page of the application, you can check the status of Installation and Failures. To find more details on which devices the app is pushed successfully, you can also click on Device Install status or User Install status.
End User Experience
I have rebooted my device and waited for couple of minutes for the powershell script to download and execute on my device. You can verify to confirm if the registry key along with registry entries are imported successfully by following below steps:
- Press Win Key + R to open Run dialog box.
- Type regedit and press enter.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\ to find the registry key ATestKey-Cloudinfra.net along with registry entries created.
Conclusion
In this blog post, we have see how to create registry keys using Intune Win32 App method. We have deployed a registry key under HKLM (HKEY_LOCAL_MACHINE) node of the registry. You can use the Win32 App method to deploy registry keys under HKCU (HKEY_CURRENT_USER) node as well.
You could also try a different method of registry key deployment which is called as Intune device remediations. I have written blog posts on how to deploy a registry key under HKCU node and HKLM node using Intune device remediations.
There are other different ways to deploy a registry key and registry entries via Intune e.g. Deploy registry keys by creating a powershell script (deploying it via Devices > Scripts method).