Skip to content

Intune Hack To Open A URL At Windows Login

Opening a specific URL at Windows login can ensure that users see important announcements, resources, or company intranet pages as soon as they log into their devices. Join me in exploring alternatives to find the best Intune hack to open a URL at Windows login using the default browser.

Table Of Contents

Exploring Alternatives To Open A URL at Windows Login

When I was tasked with ensuring a specific URL opened when logging in using the default browser, I began exploring my options. Configuring browser settings in Intune, such as setting home pages, wouldn’t solve the problem of loading the page immediately upon user login. Additionally, it was challenging to accommodate various browsers that users might choose, including Edge, Google Chrome, Mozilla Firefox, and Opera. The solution should use the default browser defined in Windows.

This led me to directly put the configuration into the operating system. When users log into Windows, the URL should open in their default browser. I considered several alternatives to achieve this:

  1. Add a shortcut to the Windows startup folder to open a URL at Windows login
  2. Add the URL to the Registry to open a URL at Windows login
  3. Create a scheduled task to open a URL at Windows login

Let us explore the different alternatives to open a URL at Windows login.

Alternative 1: Add A Shortcut To The Startup Folder

Windows has a set of startup folders. I decided to test using the common startup folder, which targets all users on the device. This location is easily available by running the “shell:common startup” command.


The command leads to the folder “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.” This is a write-protected location on the device for regular users, meaning they can’t modify what’s in it.

Build Alternative 1 To Open A URL at Windows Login

Let us use Intune to build an implementation to open a URL at Windows login using the startup folder.

The URL File To Open At Windows Login

First, I will create a URL file to add to the common startup folder, which will be loaded at Windows login. This is done using native Windows functionality in Windows Explorer.

The shortcut will launch the website using the default browser on the system.

Save URL File To Azure Storage Account Container

I stored the URL file in an Azure Storage Account container for this project. This makes it available for Intune to push it to my Windows devices.

Ensure you design the security measures around this storage account based on your specific requirements. For the demo, I used a Shared Access Signature (SAS) (1) or simply the URL (2) itself, as the file didn’t contain any sensitive information.

Use Remediation To Push The URL File To Windows Devices

I will now use an Intune remediation script to push the URL file to the Windows Devices.

To use Intune Remediations, devices must be Microsoft Entra joined or Microsoft Entra hybrid joined, be managed by Intune, run an Enterprise, Professional, or Education edition of Windows 10 or later, and users of the devices must have a Windows 10/11 Enterprise E3 or E5 license

Using remediation scripts ensures the consistency of the solution as it will correct any changes made to a device or updates made to the URL file in Azure Storage. The script compares the hash of the downloaded file with the file existing on the device to see if there are drifts in the configuration.

Detection Part For Open A URL At Windows Login

My detection script used in the solution to open a URL at Windows login is available on my GitHub and looks like this:

<#
  .NOTES
   Created on:   	26.06.2024
   Created by:   	Simon Skotheimsvik
   Filename:     	StartURLOnLogon-Detection.ps1
   Info:          https://skotheimsvik.no
   Version:       1.0
  
  .DESCRIPTION
    This script will check if shortcut for URL is present in the startup folder.
    If file not exist or not equal, it will be downloaded from a webserver.
#>

# Define URLs and paths
$remoteFileUrl = "https://YOURPATH.blob.core.windows.net/intuneresources-public/SimonDoes.url"
$localFilePath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SimonDoes.url"
$tempFilePath = "$($env:temp)\SimonDoes.url"

# Download the remote file to a temporary location
Invoke-WebRequest -Uri $remoteFileUrl -OutFile $tempFilePath

# Function to calculate file hash
function Get-FileHash {
  param ([string]$filePath)
  return (Get-FileHash -Algorithm SHA256 -Path $filePath).Hash
}

# Check if the local file exists
if (Test-Path $localFilePath) {
  # Calculate hashes for both files
  $localFileHash = Get-FileHash -Path $localFilePath
  $remoteFileHash = Get-FileHash -Path $tempFilePath
    
  # Compare the hashes
  if ($localFileHash -eq $remoteFileHash) {
    # Files are the same
    exit 0
  }
  else {
    # Files are different
    exit 1
  }
}
else {
  # Local file does not exist
  exit 1
}
PowerShell
Remediation Part For Open A URL At Windows Login

My remediation script used in the solution to open a URL at Windows login is available on my GitHub and looks like this:

<#
  .NOTES
   Created on:   	26.06.2024
   Created by:   	Simon Skotheimsvik
   Filename:     	StartURLOnLogon-Detection.ps1
   Info:          https://skotheimsvik.no
   Version:       1.0
  
  .DESCRIPTION
    This script will check if shortcut for URL is present in the startup folder.
    If file not exist or not equal, it will be downloaded from a webserver.
#>

# Define URLs and paths
$remoteFileUrl = "https://YOURPATH.blob.core.windows.net/intuneresources-public/SimonDoes.url"
$localFilePath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SimonDoes.url"
$tempFilePath = "$($env:temp)\SimonDoes.url"

# Download the remote file to a temporary location
Invoke-WebRequest -Uri $remoteFileUrl -OutFile $tempFilePath

# Function to calculate file hash
function Get-FileHash {
  param ([string]$filePath)
  return (Get-FileHash -Algorithm SHA256 -Path $filePath).Hash
}

# Check if the local file exists
if (Test-Path $localFilePath) {
  # Calculate hashes for both files
  $localFileHash = Get-FileHash -Path $localFilePath
  $remoteFileHash = Get-FileHash -Path $tempFilePath
    
  # Compare the hashes
  if ($localFileHash -ne $remoteFileHash) {
    # Files are different, replace the local file
    Copy-Item -Path $tempFilePath -Destination $localFilePath -Force
  }
}
else {
  # Local file does not exist, download the file
  Copy-Item -Path $tempFilePath -Destination $localFilePath -Force
}

# Clean up the temporary file
Remove-Item -Path $tempFilePath
PowerShell
Add Remediation Package To Open A URL at Windows Login

Let’s add the remediation package to ensure we open a URL at Windows login using the default browser.

Add a new remediation script in the Intune Portal under Devices – Windows – Scripts and Remediations. Give it a name and description according to your standards.

Download the scripts from my GitHub, adjust $remoteFileUrl to your environment in both the detection (1) and remediation (2) script, and upload these to the custom script package in Intune.

Assign the script and add a schedule for your liking.

Open A URL at Windows Login

The scripts will now hit your targeted devices within the scheduled period.

Test Alternative 1 To Open A URL At Windows Login

With the remediation loaded and targeted, your users will suddenly start experiencing the magic of the browser open a URL at Windows login.

Expedite The Remediation To Open A URL At Windows Login

If you’re eagerly awaiting the distribution of the new remediation, remember you can initiate the process on your test device using Intune’s new preview option to force remediation to start.

This will kickstart the remediation outside of the schedule on that particular device.

Verify The Hack To Open A URL At Windows Login

Looking at the device, there are several ways of verifying the solution has been implemented to open a URL at Windows login. Most obvious is the experience of the URL starting at each user login.

Open A URL at Windows Login

As you can see, your end users will love this feature completely😎

Startup Apps On Windows System Settings

Looking in Startup Apps, which is found under Settings, we can see all startup-related apps.

Your hack to open a URL at Windows login using the default browser should be listed here.

This verifies the solution has been applied to your device.

Verify The URL File In Startup Folder

Clicking on the shortcut in the Startup Apps from the window above gives you access to the common startup folder holding the URL file.

Do you remember the shortcut to open this folder from the Run command in Windows? It was listed at the top of this blog post.

Remediation Monitor Device Status

The remediation package provides an overview with information about how the script package is performing.

You will also find remediation statuses per device by looking into the configured remediation in Microsoft Intune.

The example above shows a device where the detection has fired (1), but the remediation has failed (2) to solve the problem. A script problem typically causes this.

After fixing the problem, you will see the failed logs go away.

Modify Alternative 1 URL That Opens At Windows Login

As a bonus, modifying the URL that opens at each Windows login is now simple. You can edit the URL file directly in the Azure Storage blob.

The hash comparison in the remediation will now track this down and update the URL files on all devices according to your remediation schedule.

Alternative 2: Add URL to the Registry to open a URL at Windows login

Alternative 1 worked as expected, but it had some requirements for Azure storage. Let’s explore the next alternative to see how it can perform.

Build Alternative 2 To Open A URL at Windows Login

Intune will, of course, be the main tool used to build this solution. Still, I will relate to remediations with the before-mentioned prerequisites for using that solution.

The solution is based on adding a string to the registry location “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” holding the value to open a URL at windows login.

Detection Part For Open A URL At Windows Login

I am basing my solution on my remediation framework on adding and keeping registry settings current. My detection script is available on my GitHub and looks like this:

<#
  .NOTES
   Created on:    26.06.2024
   Created by:    Simon Skotheimsvik
   Filename:      StartURLonLogon-Detection.ps1
   Info:          https://skotheimsvik.no 
   Version:       1.0
  
  .DESCRIPTION
    This remediation package adds URL to start on logon.
#>

$RegContent = @"
RegKeyPath,Key,Value,Type
"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","SimonDoes","explorer https://skotheimsvik.no","String"
"@

$RegData = $RegContent | ConvertFrom-Csv -delimiter ","

foreach ($Reg in $RegData) {
    $ExistingValue = (Get-Item -Path $($Reg.RegKeyPath)).GetValue($($Reg.Key))
    if ($ExistingValue -ne $($Reg.Value)) {
      Write-Host $($Reg.Key) "Not Equal"
      Exit 1      
    }
    else {
#      Write-Host $($Reg.Key) "Equal"
    }
}
Exit 0
PowerShell

Remediation Part For Open A URL At Windows Login

My remediation script used in the solution using registry to open a URL at Windows login is available on my GitHub and looks like this:

<#
  .NOTES
   Created on:    26.06.2024
   Created by:    Simon Skotheimsvik
   Filename:      StartURLonLogon-Remediation.ps1
   Info:          https://skotheimsvik.no 
   Version:       1.0
  
  .DESCRIPTION
    This remediation package adds URL to start on logon.
#>

$RegContent = @"
RegKeyPath,Key,Value,Type
"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","SimonDoes","explorer https://skotheimsvik.no","String"
"@

$RegData = $RegContent | ConvertFrom-Csv -delimiter ","

foreach ($Reg in $RegData) {

    IF (!(Test-Path ($Reg.RegKeyPath))) {
        Write-Host ($Reg.RegKeyPath) " does not exist. Will be created."
        New-Item -Path $($Reg.RegKeyPath) -Force | Out-Null
    }
    
    IF ((Get-ItemProperty -Path $Reg.RegKeyPath -Name $Reg.Key -ErrorAction SilentlyContinue) -eq $null) {
        Write-Host "$($Reg.Key) does not exist. Will be created."
        New-ItemProperty -Path $($Reg.RegKeyPath) -Name $($Reg.Key) -Value $($Reg.Value) -PropertyType $($Reg.Type) -Force
    }
    
    $ExistingValue = (Get-Item -Path $($Reg.RegKeyPath)).GetValue($($Reg.Key))
    if ($ExistingValue -ne $($Reg.Value)) {
        Write-Host "$($Reg.Key) not correct value. Will be set."
        Set-ItemProperty -Path $($Reg.RegKeyPath) -Name $($Reg.Key) -Value $($Reg.Value) -Force
    }
    else {
        Write-Host "$($Reg.Key) is correct"
    }
}

Exit 0
PowerShell

Add Remediation Package To Open A URL at Windows Login

It’s time to add the remediation package through Intune to ensure we open a URL at Windows login using the default browser. This operation is described in detail above. This time, the assignment is the only difference, except for the obvious detection and remediation script change.

Now, I am assigning the remediation to All Users instead of All Devices. I also configure it to run using the logged-on credentials.

This solution will only target intended users as long as I am using the “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” location in the Registry. I could also target all users using this method by instead addressing the “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” Registry location. This will even apply if signing in to the computer using the LAPS account!

Test Alternative 2 To Open A URL at Windows Login

With the remediation loaded and targeted, your users will suddenly start experiencing the magic of the browser when opening a URL at Windows login, as with alternative 1. Since this also utilizes the power of remediations, you can expedite the remediation just as described above by pushing the remediation to your test devices.

This implementation of the solution to open a URL at Windows login is not visible in Startup Apps found under Settings as we did with alternative 1. The best way to verify the configuration is by looking in the registry. A screenshot of a functional solution from the registry is given above.

Modify Alternative 2 URL That Opens At Windows Login

Modifying the URL that opens at each Windows login is still simple. You can edit the URL value in the detection and remediation scripts and upload these to Intune.

The nature of my remediation script will now ensure the URL is updated as long as the key name is unchanged.

Alternative 3: Create A Scheduled Task To Open A URL At Windows Login

The third option is to create a scheduled task that opens a URL at Windows login. This approach would work, but it is too complex to explore now since I already have two good alternatives. The cost-benefit analysis leads me not to pursue this option further, though it might be considered in future blog posts solving alternate challenges.

Conclusion

Some people might not consider loading a URL at login ideal. They might argue that simply setting a default Startpage in Edge is sufficient. However, after receiving a request for a solution, I took the initiative to figure out the alternatives. I thought it might be helpful to share these. They both have pros and cons. Some variations describe whether you can target this to a limited set of users or all users on the device. For shared devices, it seems like a good idea to target all users on the device since the alternative will not be effective until the user’s second login. Feel free to consider these options or decide it’s not for you—it’s entirely your choice!

Following the steps outlined, you can configure the Windows devices managed by Intune to open a specific URL when logged in using the default browser. This can help ensure that users see important information immediately upon logging in. Remember to test the scripts and routine on a few devices before rolling them out to your organization.

If you encounter any issues or have further questions or comments, please reach out in the comments section below!

Published inAutomationAzureIntunePowershellWindows

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.