Run as Domain User
A wrapper app that uses ShellRunAs to launch a target executable under a defined Active Directory domain user from non-domain-joined Windows devices. It enables cloud-managed devices to run legacy on-prem tools (RSAT) by prompting for domain credentials and launching the configured app with elevated rights. It relies on simple domain.txt and app.txt configuration and is packaged for Intune with explicit install/uninstall commands and a Start Menu entry.
Security Analysis
3 files scanned on Jun 11, 2026
Two notable security concerns in the Run as Domain User flow: (1) invocation of a PowerShell script with -ExecutionPolicy Bypass, which can weaken defenses if not strictly controlled; (2) unvalidated external inputs used to build command-line arguments for a domain-privileged helper process, which could be exploited to run unintended code. No evidence of remote script download, credential harvesting, data exfiltration, or hardcoded secrets is present. The tooling aligns with Intune/ManagementExtension patterns, but the bypass and input handling should be tightened (code signing, allow-lists, least-privilege execution) to reduce risk in a managed environment.
Swipe to see more
You might also like
Intune Make Enrollment User Admin
This Intune-deployable script elevates the enrollment user to a local administrator on Windows devices. Packaged as an .INTUNEWIN app, it is deployed through Microsoft Intune to targeted users with install and uninstall commands to grant or revoke admin rights after enrollment. It uses a requirements check for detection and can be reconfigured later, providing an Autopilot-like capability fully managed by Intune.
Niklas RastIntuneStatefulDeviceFingerprinting
KuShu-Shimon Intune Stateful Device Fingerprinting (ISDF) provides a tamper-resistant device fingerprint for enrolled Windows devices, enforced via Intune Custom Compliance and DPAPI-encrypted baselines. In Cloud mode it attests fingerprints to Entra ID through APIM and a Logic App to enable trusted device filters, dynamic groups, and stronger Conditional Access policies. The solution collects on-device signals, stores encrypted baselines, self-heals missing keys, and reports ISDF booleans for compliant state.
Graham HildMicrosoft Team Rooms Wallpaper package wrapper
A Microsoft Intune wrapper that enables deploying a custom wallpaper to Microsoft Teams Rooms devices via a PowerShell installer. It packages a wallpaper into an .INTUNEWIN package, supports install and uninstall commands, and uses registry-based detection to verify the deployed version. It also generates logs under the Intune Management Extension folder for troubleshooting, with a configurable company name for branding.
Niklas RastMDEValidator
A PowerShell module for validating Microsoft Defender for Endpoint configurations. Checks service status, real-time protection, cloud protection, ASR rules, network protection, tamper protection, SmartScreen policies, and MDE onboarding status with HTML and console reporting.
Nathan Hutchinson