This tool provides users to elevate themselves as admins for 5 minutes through Intune's Company Portal for Windows Devices. You can specify the time in lenght yourself in the script, if you find 5 minutes being too short.
| Date | Change Discription |
|---|---|
| 02.11.2025 | Published final first version of the script. |
| 03.12.2025 | Updated the script to use SID admin group instead of local admin group. This will make use possible for any Windows language. |
-
Uses Intune Win32 app package detection method to flag the status of admin rights been added. Detection file is also removed in 5 minutes together with previleges.
-
Logs activity in Event Viewer Application - node. Two log event will hapen - rights added and rights removed.
-
Scheduled Task is hidden inside the node hierarcy that advanced user will not find the task to make his/her rights permanent
Detection file is
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\AddTempAdminRights.flag
Command line for installation is
%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "AddTempAdminRights_v1.1.ps1"
Add Account Protection Policy or Remediation Script in Intune to remove any local admin rights. Because with this tool, user will be capable to add side-by-side permanent local admin account.
- User will not be additionally prompted when rights are added. Only Company Portal installation status will appear. Make sure you write good instruction to application notes how it supposed to be used.
- Some times Company Portal still shows "installed" status after rights are removed. This is due to Intune mdm policies not being updated yet. Users should still be capable of re-installing the app from CP.
- If user shuts down or reboots computer during 5 min time frame, the admin rights will stay peremanently until next reboot.
