Awesome Intune - Microsoft Intune Tools Directory

Ugur Koc

Windows Media Creation CLI

Windows Media Creation CLI is a PowerShell-based tool that automates building Windows installation media on a USB drive. It supports Windows 11 (22H2-25H2) and Windows 10, with customizable architecture, language, region and edition, enabling fully automated media creation. It also supports OEM driver injection via AUTOUNATTEND or DISM, single or multi-driver packs, and can generate an installwimdrivers.csv catalog to track installed drivers.

Works with

Windows

Created by

Niklas Rast

View on GitHubGitHub Visit Website

Security Analysis

5of 6

1 Issue Found

5 files scanned on Jun 11, 2026

Issues Detected

No Hardcoded Secrets

No API keys or credentials in code

Hardcoded credential in mctcli.ps1 ([lines: 638, 650](https://github.com/niklasrst/windows-mediacreation-cli/blob/main/mctcli.ps1#L638-L650))

Passed Checks

No Obfuscated Code

No Remote Execution

No Credential Theft

No Data Exfiltration

No Malicious Patterns

AI Analysis

Two scripts in Windows Media Creation CLI paths (add-driver.ps1 and add-multi-driver.ps1) download and execute external driver installers from vendor catalogs without verifying digital signatures or download integrity. This constitutes a remote code execution risk. Hardenings recommended: enforce strict source trust, verify signatures/checksums of downloaded artifacts, and consider using signed catalogs or a vetted artifact repository. Other aspects (credential theft, data exfiltration, obfuscation, hardcoded secrets) are not evident in the provided code.

Screenshots

You might also like

PS Script

IntuneFirewallMigration

IntuneFirewallMigration is a public-preview tool that migrates Group Policy and local firewall rules into Intune as Settings Catalog policies. It supports selecting specific firewall profiles (Domain, Private, Public) and importing only inbound or outbound rules, using Microsoft.Graph.Authentication with Invoke-MgGraphRequest. The script disables telemetry, requires Graph permissions (DeviceManagementConfiguration.ReadWrite.All), and works with PowerShell 5 or 7 to modernize firewall management in Intune.

Nick Benton

PS Script

PowerShell ADMX wizard

PowerShell ADMX Wizard creates custom ADMX/ADML templates from a CSV of registry keys, enabling Windows policies via Intune. It generates GUID-based templates, adds registry entries (STRING, DWORD, BINARY), and logs progress. After creation, upload the ADM/ADML to Intune as Imported ADMX to apply through a configuration profile.

Niklas Rast

PS Script

Windows Recovery Partition Editor

Windows Recovery Partition Editor resizes the local Windows Recovery Partition to 984MB and injects CAB files to enable optional features and language support. It deploys via a PowerShell script, placing architecture-specific CABs under tools\amd64 or tools\arm64cpu and matching language packs, with an optional backup of OEM images. Detection uses the registry key HKLM:\SOFTWARE\YourCompanyNameHere\Client-Recovery with value 1.0.0.

Niklas Rast

PS Script

Autopilot Branding

A PowerShell-based customization tool packaged as an Intune Win32 app for configuring Windows 10/11 devices during Autopilot deployment. Customizes start menu layout, background/theme, time zone, removes built-in apps, installs OneDrive, configures language packs, and manages Windows features.

Michael Niehaus