How does it work


The Microsoft Intune Management Extension is a service that runs on the device, just like any other service listed in the Services app (services.msc). After a device reboots, this service may also restart, and check for any assigned PowerShell scripts with the Intune service.

For the shared drive mapping, it copy it to the location: c:\ProgramData\intune-drive-mapping-generator for most of the users.

Then it will create a scheduled task, named IntuneDriveMapping, with below settings:

  • Triggers: At log on, Any User, enabled.
  • Actions: Start a program,
    • Program/Script: c:\windows\system32\wscript.exe
    • Add arguments: c:\ProgramData\intune-drive-mapping-generator\yourfilename.ps1
Create a script from this website:

Don’t tick the remove stale drives, or else it will delete all other drives.

Download the PowerShell script and name it as yourfilename.ps1.


Then go to Microsoft Endpoint manager Admin Center.  Go to Devices, Windows, Powershell Scripts.

Click +Add:

  1. Basic: name, Example Drive mapping. click next
  2. Script settings: Script location, click Select a file, and upload the yourfilename.ps1. Leave the rest as No. Click next
  3. Assignment: under Included Groups, select the group you want to assign to. Click next
  4.  Review + add: click add.

Things you need to know:

  • When scripts are set to user context and the end user has administrator rights, by default, the PowerShell script runs under the administrator privilege.
  • End users aren’t required to sign in to the device to execute PowerShell scripts.
  • The Intune management extension agent checks after every reboot for any new scripts or changes. After you assign the policy to the Azure AD groups, the PowerShell script runs, and the run results are reported. Once the script executes, it doesn’t execute again unless there’s a change in the script or policy. If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-ins.
  • For shared devices, the PowerShell script will run for every new user that signs in.
  • PowerShell scripts are executed before Win32 apps run. In other words, PowerShell scripts execute first. Then, Win32 apps execute.
  • PowerShell scripts time out after 30 minutes.