Run as Domain User
A wrapper app that uses ShellRunAs to launch a target executable under a defined Active Directory domain user from non-domain-joined Windows devices. It enables cloud-managed devices to run legacy on-prem tools (RSAT) by prompting for domain credentials and launching the configured app with elevated rights. It relies on simple domain.txt and app.txt configuration and is packaged for Intune with explicit install/uninstall commands and a Start Menu entry.
Security Analysis
3 files scanned on Jun 11, 2026
Overall, the code is a packaged admin utility that installs a component and a Start Menu shortcut to run a domain-credentialed application via ShellRunas.exe. No hardcoded secrets or remote script downloads detected. Not malicious per se, but notable risks include execution policy bypass, persistence via Start Menu shortcut, and credential handling flow via /netonly and external ShellRunas.exe. Recommend code signing, avoid -ExecutionPolicy Bypass, use AppLocker, validate and sanitize app/domain inputs, and ensure uninstall removes all artifacts. Consider using Intune-managed deployment rather than per-machine All Users shortcuts, and add robust logging with secure log retention.
Swipe to see more
You might also like
Intune Make Enrollment User Admin
This Intune-deployable script elevates the enrollment user to a local administrator on Windows devices. Packaged as an .INTUNEWIN app, it is deployed through Microsoft Intune to targeted users with install and uninstall commands to grant or revoke admin rights after enrollment. It uses a requirements check for detection and can be reconfigured later, providing an Autopilot-like capability fully managed by Intune.
IntuneStatefulDeviceFingerprinting
KuShu-Shimon Intune Stateful Device Fingerprinting (ISDF) provides a tamper-resistant device fingerprint for enrolled Windows devices, enforced via Intune Custom Compliance and DPAPI-encrypted baselines. In Cloud mode it attests fingerprints to Entra ID through APIM and a Logic App to enable trusted device filters, dynamic groups, and stronger Conditional Access policies. The solution collects on-device signals, stores encrypted baselines, self-heals missing keys, and reports ISDF booleans for compliant state.
Microsoft Team Rooms Wallpaper package wrapper
A Microsoft Intune wrapper that enables deploying a custom wallpaper to Microsoft Teams Rooms devices via a PowerShell installer. It packages a wallpaper into an .INTUNEWIN package, supports install and uninstall commands, and uses registry-based detection to verify the deployed version. It also generates logs under the Intune Management Extension folder for troubleshooting, with a configurable company name for branding.
MDEValidator
A PowerShell module for validating Microsoft Defender for Endpoint configurations. Checks service status, real-time protection, cloud protection, ASR rules, network protection, tamper protection, SmartScreen policies, and MDE onboarding status with HTML and console reporting.
