This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 88%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGK%3C/text%3E%3C/svg%3E)
Dear All,
Greetings!
I am seeking your guidance in creating an Intune policy that restricts the installation of .msi, .exe files, and the execution of PowerShell scripts for standard users, while allowing such actions for users with administrative privileges.
If available, I would appreciate it if you could share the corresponding .xml configuration file or a reference template that can be imported into Intune.
Thank you for your support and cooperation.
Best Regards,
Ganesh Karki
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 69%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Have you looked into UAC settings for standard users? Something like this - https://rahuljindalmyit.blogspot.com/2021/03/intune-uac-elevation-prompt-behavior.html
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Hello Ganesh Karki,
Along with UAC, try exploring Endpoint Privilege Management which could be of help in your particular scenario.
Refer to: https://learn.microsoft.com/en-us/intune/intune-service/protect/epm-overview
Hope this helps!
If you found the information above helpful, please Accept the answer. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.