Compile to EXE, add the EXE you just created to SCCM as a package: Create Package > Environment > Program can run: Only when user is logged on > Run with administrator rights.
on error resume next Set objShell = CreateObject("Wscript.Shell") Const HKEY_LOCAL_MACHINE = &H80000002 Const OverwriteExisting = TRUE strCurrentDirectory = objShell.CurrentDirectory strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set objRegistry=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList" objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys For Each objSubkey In arrSubkeys on error resume next strValueName = "ProfileImagePath" strSubPath = strKeyPath & "\" & objSubkey objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set objAccount = objWMIService.Get("Win32_SID.SID='" & objSubkey & "'") strUser = objAccount.AccountName objSubkey = trim(objSubkey)'trims whitespace strUser = trim(strUser)'trims whitespace 'LOGIC TO DETERMINE IF REGISTRY ACCOUNT IS TO BE LOADED if strUser = "SYSTEM" then strUser="" if strUser = "LOCAL SERVICE" then strUser="" if strUser = "NETWORK SERVICE" then strUser="" if strUser = "ADMINISTRATOR" then strUser="" if strUser = "Administrator" then strUser="" if strUser = "Media" then strUser="" if strUser = "Default" then strUser="" if strUser = "IntuneAdmin" then strUser="" if strUser <> "" then on error resume next objShell.Run "REG ADD " & chr(34) & "HKEY_Users\" & objSubkey & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" & chr(34) & " /v NoDesktop /t REG_DWORD /d 1 /f",0,false end if Next