Solved Run a Powershell Script Once for New Users


spicedup7

Member
Local time
11:11 PM
Posts
3
OS
Windows10/11
I have this powershell script for Windows which would do a few changes for all new users that log into the computer for the first time, It should only run once, I have tried Taskscheduler, Runonce registry key and even modifying the Default user to run this script once but nothing so far. Would you guys help me or reference a guide to get this done? Please see the script below.

Powershell:
# Define the path to the flag file
$flagFilePath = "C:\path\to\flag.txt"

# Check if the flag file exists
if (-not (Test-Path $flagFilePath)) {
    # Additional check for new user condition
    if (Test-Path "C:\path\to\new_user_setting.txt") {
# Your script logic goes here


# Set start menu to the left
$regPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"

If (!(Test-Path $regPath)) {
    New-Item -Path $regPath -Force
}

$alignment = 0

New-ItemProperty -Path $regPath -Name TaskBarAl -Value $alignment -PropertyType DWORD -Force

# Disable search box
Set-ItemProperty -Path “HKCU:\Software\Microsoft\Windows\CurrentVersion\Search” -Name “SearchboxTaskbarMode” -Value 0

#Turn Off Copilot
reg add HKCU\Software\Policies\Microsoft\Windows\WindowsCopilot /v "TurnOffWindowsCopilot" /t REG_DWORD /f /d 1

#Unpin Microsoft Edge From taskbar or any other app
function Unpin-App([string]$appname) {
        ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() |
        ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt()}
}

Unpin-App("Microsoft Edge")

#Remove task view from taskbar
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Value 0 -Force


# Restart explorer refresh changes
Stop-Process -Name Explorer
Start-Process explorer

Write-Host “Executed”

# The scripts below require elevated permissions, otherwise it throws an error

#Removes personalized News
$AppxRemoval = Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like “WebExperience*”}
    ForEach ($App in $AppxRemoval) {
    Remove-AppxProvisionedPackage -Online -Package $App.PackageName }

# Remove widgets
Get-AppxPackage -AllUsers | Where-Object {$_.Name -like “*WebExperience*”} |
Remove-AppxPackage -AllUsers -ErrorAction SilentlyContinue


        # Create the flag file to indicate the script has been executed
        New-Item -ItemType File -Path $flagFilePath -Force
        Write-Host "Script executed successfully for a new user."
    } else {
        Write-Host "New user condition not met. Script not executed."
    }
} else {
    Write-Host "Script has already been executed once."
}
 
Windows Build/Version
Windows 11 Pro 23H2 Build 22631.3155

My Computer

System One

  • OS
    Windows10/11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell
    CPU
    i9-12900k
    Motherboard
    Asus Z960
    Memory
    32 GB
    Graphics Card(s)
    Nvidia RTX 4070
    Sound Card
    N/A
    Monitor(s) Displays
    Dell
    Screen Resolution
    1920x1080p
    Hard Drives
    Nvme SSD 1TB
    PSU
    850 Watts
    Case
    Y60
    Cooling
    CORSAIR iCUE H150i
    Keyboard
    NuPhy Air96 V2
    Mouse
    Dell Wireless
    Internet Speed
    1 GB
    Browser
    Chrome/Edge
    Antivirus
    Windows Defender
Are these devices on a domain? If so why not just do this from a GPP?
 

My Computer

System One

  • OS
    Windows 11
If there is a GPO yes, but GPP is part of group policy and part of it allows you to set arbitrary registry values
 

My Computer

System One

  • OS
    Windows 11
I have this powershell script for Windows which would do a few changes for all new users that log into the computer for the first time, It should only run once, I have tried Taskscheduler, Runonce registry key and even modifying the Default user to run this script once but nothing so far.
The environment matters. As others have mentioned, group policies are the usual configuration starting point for machines in AD. But, for all we know, your "all new users" are family members running Windows Home with no back-end at all. So, more details about the environment would be helpful.

The RunOnce key is obviously a place where you can set a script to run once per user. The trick is how to populate that RunOnce key. One method is to modify the new user template ("C:\Users\Default\NTUSER.DAT"). That is, load the hive, add the registry entry, and unload the hive. All new user profiles will get the RunOnce entry from that template.

If by "modifying the Default user" you meant "HKEY_USERS\.DEFAULT", then you're barking up the wrong tree. See:


Note: The article is very old, so when you read "C:\Documents and Settings", take that to mean "C:\Users".
 

My Computer

System One

  • OS
    Windows 10/11
    Computer type
    Laptop
    Manufacturer/Model
    Acer
The environment matters. As others have mentioned, group policies are the usual configuration starting point for machines in AD. But, for all we know, your "all new users" are family members running Windows Home with no back-end at all. So, more details about the environment would be helpful.

The RunOnce key is obviously a place where you can set a script to run once per user. The trick is how to populate that RunOnce key. One method is to modify the new user template ("C:\Users\Default\NTUSER.DAT"). That is, load the hive, add the registry entry, and unload the hive. All new user profiles will get the RunOnce entry from that template.

If by "modifying the Default user" you meant "HKEY_USERS\.DEFAULT", then you're barking up the wrong tree. See:


Note: The article is very old, so when you read "C:\Documents and Settings", take that to mean "C:\Users".
Hi LesFerch, I work for a corporation and we have Windows 10 Pro installed on all of our end user computers. I tried the RunOnce key for the current user in the registry and the issue we were having is that it would only run for users with Administrative privileges which defeats the purpose of running the script for Standard users only. I also tried running the script through local GPO at logon and this would not run at all but it would work if I ran the script manually.

I am aware that "HKEY_USERS\.DEFAULT" is NOT the default user, I already tried loading NTUSER.DAT in the registry but the key to "RunOnce" is not in there.

Thank you for your Reply :)
 

My Computer

System One

  • OS
    Windows10/11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell
    CPU
    i9-12900k
    Motherboard
    Asus Z960
    Memory
    32 GB
    Graphics Card(s)
    Nvidia RTX 4070
    Sound Card
    N/A
    Monitor(s) Displays
    Dell
    Screen Resolution
    1920x1080p
    Hard Drives
    Nvme SSD 1TB
    PSU
    850 Watts
    Case
    Y60
    Cooling
    CORSAIR iCUE H150i
    Keyboard
    NuPhy Air96 V2
    Mouse
    Dell Wireless
    Internet Speed
    1 GB
    Browser
    Chrome/Edge
    Antivirus
    Windows Defender
Hi LesFerch, I work for a corporation and we have Windows 10 Pro installed on all of our end user computers. I tried the RunOnce key for the current user in the registry and the issue we were having is that it would only run for users with Administrative privileges which defeats the purpose of running the script for Standard users only. I also tried running the script through local GPO at logon and this would not run at all but it would work if I ran the script manually.

I am aware that "HKEY_USERS\.DEFAULT" is NOT the default user, I already tried loading NTUSER.DAT in the registry but the key to "RunOnce" is not in there.

Thank you for your Reply :)

Where to begin... there's a lot to learn here to do things right and you can't (or at least shouldn't try) to solve it in one blow.

You currently have a mix of settings where some can be applied directly by a user and some require admin rights. You also have different methods going on (e.g. PowerShell commands vs Reg.exe commands). It appears that you may have been cobbling together settings gathered from the Internet, as I see curvy quotes in your script which won't work and are a telltale sign of code that got corrupted by a website that tries to make things "pretty".

The missing RunOnce key in NTUSER.DAT is not an issue. You can just create the key. However, as you've established that these are Pro machine in a AD environment, you should use GPPs instead, wherever possible. The less you script, the easier it will be for you or others in the future to maintain.

Start with only the user settings that do not require admin rights. Get those working by policy and then start your work on the trickier stuff that requires admin rights. The more modular you keep it, again, the easier it will be to maintain.

Please note that sites like this are mainly targeted to home users and very small businesses. What you're asking about is what a Windows specialist in a corporate environment is expected to already know how to do. If you don't currently have the expertise in house, then you should be paying a consultant to come in and help you out.


Edit: Note I originally mistakenly typed "curly brackets" when I meant to say "curvy quotes".
 
Last edited:

My Computer

System One

  • OS
    Windows 10/11
    Computer type
    Laptop
    Manufacturer/Model
    Acer
Where to begin... there's a lot to learn here to do things right and you can't (or at least shouldn't try) to solve it in one blow.

You currently have a mix of settings where some can be applied directly by a user and some require admin rights. You also have different methods going on (e.g. PowerShell commands vs Reg.exe commands). It appears that you may have been cobbling together settings gathered from the Internet, as I see curvy quotes in your script which won't work and are a telltale sign of code that got corrupted by a website that tries to make things "pretty".

The missing RunOnce key in NTUSER.DAT is not an issue. You can just create the key. However, as you've established that these are Pro machine in a AD environment, you should use GPPs instead, wherever possible. The less you script, the easier it will be for you or others in the future to maintain.

Start with only the user settings that do not require admin rights. Get those working by policy and then start your work on the trickier stuff that requires admin rights. The more modular you keep it, again, the easier it will be to maintain.

Please note that sites like this are mainly targeted to home users and very small businesses. What you're asking about is what a Windows specialist in a corporate environment is expected to already know how to do. If you don't currently have the expertise in house, then you should be paying a consultant to come in and help you out.


Edit: Note I originally mistakenly typed "curly brackets" when I meant to say "curvy quotes".
I'm their IT Support for general troubleshooting. I was able to get it to work, thank you.
 

My Computer

System One

  • OS
    Windows10/11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell
    CPU
    i9-12900k
    Motherboard
    Asus Z960
    Memory
    32 GB
    Graphics Card(s)
    Nvidia RTX 4070
    Sound Card
    N/A
    Monitor(s) Displays
    Dell
    Screen Resolution
    1920x1080p
    Hard Drives
    Nvme SSD 1TB
    PSU
    850 Watts
    Case
    Y60
    Cooling
    CORSAIR iCUE H150i
    Keyboard
    NuPhy Air96 V2
    Mouse
    Dell Wireless
    Internet Speed
    1 GB
    Browser
    Chrome/Edge
    Antivirus
    Windows Defender

Latest Support Threads

Back
Top Bottom