Intune Registry Management

Description

The only PowerShell script you need to manage registry on Windows devices using Microsoft Intune Remediations.

Download from GitHub: https://github.com/imabdk/Intune-Registry-Management

What it does

  • Runs as SYSTEM – handles both HKCU (all user profiles) and HKLM from one script
  • Works on Entra ID and traditional AD joined devices
  • Supports all registry types: String, DWord, QWord, Binary, ExpandString, MultiString
  • Three actions: Set, Delete, DeleteKey
  • Logs to both Intune portal output and a local log file
  • Writes a version stamp to registry so you can track what’s running across your devices

How to use it

  1. Open Detect-Remediate-Registry-Template.ps1
  2. Add your registry settings in the configuration section
  3. Save two copies – one with $runRemediation = $false, one with $runRemediation = $true
  4. Upload both to Intune > Devices > Scripts and remediations > Remediations

In the remediation properties, set Run this script using the logged-on credentials to No and Run script in 64-bit PowerShell to Yes.

Quick example

$UserConfigs = @(
    @{
        Name        = "Hide New Outlook Toggle"
        Description = "Hide the Try the new Outlook toggle in classic Outlook"
        BasePath    = "SOFTWARE\Microsoft\Office\16.0\Outlook\Options\General"
        Settings    = @(
            @{
                Name  = "HideNewOutlookToggle"
                Type  = "DWord"
                Value = 1
            }
        )
    }
)

For a real-world example, check out Detect-Remediate-Registry-Outlook-Fonts.ps1 in the repo – it sets Verdana 10pt as the default font in Outlook using binary registry values.

Logging

Log files are written to C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\<LogFileName>.log

Set the log file name in the configuration section:

$LogFileName = "Intune-Registry-Management-MyScript"

Full walkthrough: The only PowerShell script you need to manage registry on Windows devices using Microsoft Intune

Version History

Version Changes
3.6 Fixed -ErrorAction Stop not propagating into Set-RegistryValue. General code cleanup.
3.5 Version stamp written to registry. Performance fix for large config sets.
3.4 Fixed binary comparison being case-sensitive. Log rotation now keeps 3 dated backups. Logging errors show a warning instead of failing silently.
3.3 Added local log file for complete audit trail. Dual output to Intune portal and log file.
3.2 Removed broken HKCU fallback. Script now skips HKCU when no users are logged on.
3.1 Added Set, Delete, and DeleteKey actions. Clean multi-line formatting.