Sometimes it happens that you need to add something to the registry of a windows device. Not all settings can be done from from Intune yet and probably never will 😉 so sometimes you just need to make your hands dirty and get to it!
I have been struggling to make this happen. I searched just like you are doing now for a way to accomplish this using Intune. I have been creating a Win32 package without luck and i have been playing around with the script option from Intune and finally i have managed to get the job done! I hope this will make your day and helps you on your way.
In my case i wanted to enable the biometrics scanner on Windows 10 devices. Alter the location of the script and value as to your needs. Here is the sample of the PS1 script that you need to create :
New-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio\Credential Provider” -Name ‘Domain Accounts’ -Value ‘1’ -Type DWORD -Force
Then login to endpoint manager and navigate to Devices > Windows > Powershell Scripts.
Click on Add en give it a logical name and press next
Select your created ps1 script and do not forget to set the setting “Run script in 64 bit PowerShell Host” to yes!
Under Assigments add the group that you want the registry edit to take place on. In my case it was a device group called “Intune-Enable-Fingerprint”.
Under Review+Add you can review your settings. Press Add to create the deployment and upload the script to Intune.
Now wait a while, get some coffee or better yet drink some beer 😉 the registry edit should happen shortly.
If for some reason the registry setting does not take then take a look in the following folder for the log files :
Please do not try to read the logs using notepad but use the CMtrace tool.
Download CMtrace from here : Download System Center 2012 R2 Configuration Manager Toolkit from Official Microsoft Download Center
In the tool search for [Powershell] and you should eventually find the script that is run to edit the registry and the output.