Part 16 – Configure Microsoft Intune – PowerShell Scripts

Basically, Microsoft Intune can deploy only the mobile apps for iOS, Windows and Android platform and MSI installers for Windows 10. Some legacy applications got only an EXE installer. Which means that you cannot deploy this specific legacy application via Microsoft Intune. Fortunately, Microsoft Intune has something awesome! You can use PowerShell scripts for configuring, deploying or removing on Windows 10 devices. This means that you can use a PowerShell script to deploy the legacy application on the Windows 10 devices. Do you want to know how this work? Then you have to read further. Because this time, it is all about PowerShell in Microsoft Intune!

What does this PowerShell option do in Microsoft Intune?

Within Device Configuration, you have the option to use a configuration profile or PowerShell script. With a script, you can do everything on the client, like renaming the computer name, configuring the IP address, install an applications based on EXE installation and so on. It is so powerful.

Microsoft Intune use an extension that lets you to upload PowerShell scripts in Intune to run on Windows 10 devices. Intune installs the Intune Management Extension first before running the scripts on the Windows 10 device.

For more information: https://docs.microsoft.com/en-us/intune/intune-management-extension

Preparation

Before we implementing the script into Intune, you have to make a script first. I already have one, like this. I got his from Oliver Kieselbach (Thanks! and this is his blogsite: https://oliverkieselbach.com/about/) and modified a bit.

Code:

<#
 Version: 1.2
 Author: Albert Neef
 Script: Intune_PSScript_test.ps1
 Description:
 Intune Management Extension - PowerShell script template with logging,
 error codes, standard error output handling and x64 PowerShell execution.
 Release notes:
 Version 1.0: Original published version.
 Version 1.1: Added standard error output handling.
 Version 1.2: modified for Adobe Reader and errorhandling
 The script is provided "AS IS" with no warranties.
 #>

$exitCode = 0

if (![System.Environment]::Is64BitProcess)
 {
 # start new PowerShell as x64 bit process, wait for it and gather exit code and standard error output
 $sysNativePowerShell = "$($PSHOME.ToLower().Replace("syswow64", "sysnative"))\powershell.exe"

$pinfo = New-Object System.Diagnostics.ProcessStartInfo
 $pinfo.FileName = $sysNativePowerShell
 $pinfo.Arguments = "-ex bypass -file `"$PSCommandPath`""
 $pinfo.RedirectStandardError = $true
 $pinfo.RedirectStandardOutput = $true
 $pinfo.CreateNoWindow = $true
 $pinfo.UseShellExecute = $false
 $p = New-Object System.Diagnostics.Process
 $p.StartInfo = $pinfo
 $p.Start() | Out-Null

$exitCode = $p.ExitCode

$stderr = $p.StandardError.ReadToEnd()

if ($stderr) { Write-Error -Message $stderr }
 }
 else
 {
 # start logging to TEMP in file "scriptname".log
 Start-Transcript -Path "$env:TEMP\$($(Split-Path $PSCommandPath -Leaf).ToLower().Replace(".ps1",".log"))" | Out-Null

# Check if Software is installed already in registry.
 $CheckADCReg = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | where {$_.DisplayName -like "Adobe Acrobat Reader DC*"}
 # If Adobe Reader is not installed continue with script. If it's istalled already script will exit.
 If ($CheckADCReg -eq $null)
 {
 # Path for the temporary downloadfolder. Script will run as system so no issues here
 $Installdir = "c:\temp\install_adobe"
 New-Item -Path $Installdir -ItemType directory

# Download the installer from the Adobe website. Always check for new versions!!
 $source = "ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/1800920044/AcroRdrDC1800920044_en_US.exe"
 $destination = "$Installdir\AcroRdrDC1800920044_en_US.exe"
 try
 {
 Invoke-WebRequest $source -OutFile $destination
 }
 catch
 {
 Write-Error -Message "Could not download the installer from the Adobe website" -Category OperationStopped
 $exitCode = -1
 }

# Start the installation when download is finished
 try
 {
 Start-Process -FilePath "$Installdir\AcroRdrDC1800920044_en_US.exe" -ArgumentList "/sAll /rs /rps /msi /norestart /quiet EULA_ACCEPT=YES"
 }
 catch
 {
 Write-Error -Message "Could not install Adobe Reader" -Category OperationStopped
 $exitCode = -1
 }
 # Wait for the installation to finish. Test the installation and time it yourself. I've set it to 240 seconds.
 Start-Sleep -s 240

# Finish by cleaning up the download. I choose to leave c:\temp\ for future installations.
 rm -Force $Installdir\AcroRdrDC*
 }
 Stop-Transcript | Out-Null
 }

exit $exitCode

What does the script do? This script will download Adobe Reader from Adobe.com and install Adobe Reader on the client. There is some logging and error handling in the script. For example, if the download is not succeeded, then you will find this back in the log. The error will reported to Microsoft Intune. You can see the status back under Device Status of the script but for more information, you have to check the log on the client. Maybe you can build an option to upload the log to a central point.

Copy this script to PowerShell ISE and save this script. We have to upload the .ps1 file to Microsoft Intune later in this blog.

Let’s begin:

Go to the Intune portal -> Device Configurations -> PowerShell scripts

Click on Add.

Enter a name and browse to your PowerShell script file. Click on Configure.

Leave the settings. The script must run under system context and no check on trusted signature. Click on the Ok button and on the create button.

The script is added to Intune. Now you have to assign the script to a group. Go to assignments.

Click on the Select group button and add the group. Click on the select button. Click on the Save button.

The deployment will begin in few minutes. To check the installation, check the Device status or on the client self.

Intune will install an extension first before running the scripts.

On the client in Program and Features, you see that Intune Management Extension is installed. Intune will continue with the script. If you have enabled logging in the script, you should see some logging on the client. You can also check the Task Manager for running process; maybe you will find the installation process.

This is it. Adobe Reader installation has finished, based on a script.

Final:

You have installed an application, based on an EXE installer, on a Windows 10 device. Not with SCCM but with Microsoft Intune only. Because of supporting PowerShell, it makes Intune more flexible for Windows 10. PowerShell is powerful and you can use it for almost everything. This make it for the IT guy or girl very easy to deploy legacy applications or do some remotely configurations on the client.

I am ending this blog. I hope you liked the post. If you have any questions or comments, please do not hesitate to send an email of leave a comment.

Good luck and greetings..

Advertisements

3 thoughts on “Part 16 – Configure Microsoft Intune – PowerShell Scripts

  1. Thank you for this post. We are trying to do the same to install Java on our PCs and copy over the java sites exception files to a specific user folder that java creates after install. It seems when we run the script, it tries to copy the exceptions.sites file before the install is complete. Any suggestion on what we can do to try again?

    Is there a way to tell Intune to run PS script in chronological order instead of random?

    Thanks

    1. Hi Daniel, thanks for your comment. No, that is not possible at the moment, maybe in future based on priority. The deployment of PowerShell scripts will deploy at random order to your machines. The only thing you could do is to integrate all the scripts in 1 script. I think this is the only solution for your Java scenario.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.