Retrieve Powershell Scripts deployed via Intune

My previous blog post outlined the steps for deploying a PowerShell script using Intune. To create a PowerShell script deployment in the Intune admin center, you must upload the script during the deployment creation process. The script is then uploaded to Microsoft-managed servers.

Background

A situation may arise where you have lost access to the script and no longer have it. This could result from permanently deleting the script from your storage or a lack of knowledge regarding the script’s original location.

There is no direct option to download script files uploaded to the Intune admin center. However, this blog post will demonstrate a method for recovering the source script files.

You can retrieve uploaded Powershell script files and MSI and Win32 app setup files. I have provided the steps to retrieve MSI and Win32 app setup files in the blog post Retrieve Uploaded LOB MSI / Win32 App Setup Files From Microsoft Intune.

Where does Intune download PowerShell scripts on the target device?

You can deploy Powershell script to end-user devices using Intune by navigating to Intune admin center > Devices > Scripts and Remediations > Platform scripts. The PowerShell script is downloaded to the following location on the target device: C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts. After the script execution is completed, it is automatically deleted, so it’s common to find this folder empty.

How can I retrieve Powershell script files from this location?

Now that we’ve identified the location where Intune downloads PowerShell scripts on target computers before execution let’s proceed with the steps to retrieve the script files. It’s important to note that this process assumes the PowerShell script deployment still exists in the Intune admin center.

  1. Deploy the Powershell script via Intune to any test device (it is recommended to deploy it on a device where it has never been deployed before)
  2. Monitor the C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts location.
  3. Be quick to copy the script and paste it into another folder before it gets automatically deleted by the Intune Management Extension.

More Information about Powershell Script deployment

Verify PowerShell Script Execution Status via Windows Registry

To confirm the successful execution of a PowerShell script deployment from a target device, you can access the Windows registry editor and verify its status by following these steps.

1. Locate the Policy ID for the PowerShell script deployment

To find the Policy ID of the PowerShell script deployment using the Intune admin center, follow these steps:

  • Sign in to the Intune admin center
  • Go to Devices > Scripts and Remediations > Platform scripts.
  • Click on the script deployment to Copy its Policy Identifier value from the browser’s address bar.
Locate the Policy ID for the PowerShell script deployment
Locate the Policy ID for the PowerShell script deployment

2. Check Powershell script deployment Status in the Registry

  • Go to Start and search for Registry Editor. Click on it to open the registry editor.
  • Navigate to the registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Policies
  • Within the Policies registry key, click on the Policy ID corresponding to your deployment. Examine the Result registry entry on the right-hand side to determine the deployment status. As demonstrated in the screenshot below, the Result shows Success.
Check Powershell script deployment Status in the Registry
Check Powershell script deployment Status in the Registry

Verify PowerShell Script Execution Status via Intune Management Extension logs

You can verify the PowerShell script execution status by inspecting the Intune Management Extension logs. Let’s check the steps:

  • Navigate to C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.
  • Please find the most recent IntuneManagementExtension.log file and open it
  • The best way to open .log files is by using a CMTrace tool.
  • Search for Policy ID and check Policy result. As you can see Policy result is showing as Success for this deployment.
Verify PowerShell Script Execution Status via Intune Management Extension logs
Verify PowerShell Script Execution Status via Intune Management Extension logs

Conclusion

In this blog post, I’ve outlined the process for retrieving the PowerShell scripts you uploaded to the Intune admin center. Additionally, I’ve explored various options for checking the status of PowerShell script deployments, which can be invaluable for troubleshooting any issues related to script deployment.

READ NEXT

Leave a Comment