Share via

Intune Policy to Block Installation of .msi, .exe, and PowerShell Scripts for Standard Users

Ganesh Karki 0 Reputation points
2025-04-11T06:44:38.84+00:00

Dear All,

Greetings!

I am seeking your guidance in creating an Intune policy that restricts the installation of .msi, .exe files, and the execution of PowerShell scripts for standard users, while allowing such actions for users with administrative privileges.

If available, I would appreciate it if you could share the corresponding .xml configuration file or a reference template that can be imported into Intune.

Thank you for your support and cooperation.

Best Regards,

Ganesh Karki

Microsoft Security | Intune | Application management
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Jindal 11,166 Reputation points
    2025-04-11T09:39:54.76+00:00

    Have you looked into UAC settings for standard users? Something like this - https://rahuljindalmyit.blogspot.com/2021/03/intune-uac-elevation-prompt-behavior.html

    0 comments
  2. Prathista Ilango 345 Reputation points Microsoft Employee
    2025-08-05T08:02:49.2766667+00:00

    Hello Ganesh Karki,

    Along with UAC, try exploring Endpoint Privilege Management which could be of help in your particular scenario.

    Refer to: https://learn.microsoft.com/en-us/intune/intune-service/protect/epm-overview

    https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/settings-and-configuration?tabs=intune#user-account-control-behavior-of-the-elevation-prompt-for-standard-users

    Hope this helps!

    If you found the information above helpful, please Accept the answer. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.