Endpoint Manager – MattiasVdl

Package and Upload Intune Win32 app using .ps1 script

GitHub

mattiasvdlbe/MS Endpoint Manager/Apps/PackageAndUploadIntuneWin32AppUsingPs1Script

Why?

A couple of months ago, I needed to create a lot of Win32 apps.
As I knew these apps would have to be updated and repackaged quite a few times in the future, I decided it would be worth the effort to automate this process using a script.

The purpose of these apps was to create a shortcut under the Start Menu of the end user which points to a script placed under %PROGRAMDATA%.
When executing this script, a check was done to see if the end user is working in the office or remote.
If the end user works remotely, then the application is started in an RDS environment. Otherwise, the app gets started locally on his device.

This post is focussed on the deployment of Intune Win32 apps through the use of a Powershell script, and as such doesn’t contain the code I mentioned above.

What?

PackageAndUploadIntuneWin32App.ps1
This Powershell script contains all of the code to generate the 3 needed Powershell scripts, package the application and upload it to Intune.

The 3 Powershell scripts which need to be generated:
– App_MattiasVdl_Setup.ps1
This script is used to create the shortcut under the start menu, and copy the script, which is executed by the shortcut, to the correct location.
– App_MattiasVdl.ps1
This is the script which gets executed when a user clicks on the shortcut which was created under the Start Menu.
All logic which was in this script has been removed, and all it does now is display a message box.
– App_MattiasVdl_Detection.ps1
This script is used by Intune to detect whether or not the application has been correctly installed on the device.

To start off with, a lot of variables are declared which are later used in the application.

We specify an array which contains the different types of scripts which need to be created.

The script makes use of “template” scripts, in which there are strings of text that get replace by the correct values.
The location of these template scripts is defined in the variables.

We also specify in these variables what the name of the application needs to be, what icon to use and the log which should be used in Intune.

We use a foreach loop to generate the necessary scripts.

First we load the script into a variable, and save the output URL to a variable so we can use it later.

Next we modify the script which we loaded into a variable.
We replace all instanced of the variables we placed in the template (using the “{}” as a way to easily be able to replace the strings without replacing things which shouldn’t be replaced.

Then the modified script gets saved to the output URL which we saved to a variable earlier.

The script copies the icon over from the original location to the folder which will be be packaged and uploaded to InTune.

All necessary preparations have now been done and we’re ready to package the application.
This is done using the IntuneWinAppUtil.exe, which is also available on my Repository, but I recommend you download the latest version of this app from the original creator (microsoft/Microsoft-Win32-Content-Prep-Tool).

Now it’s time to upload the application to InTune.
First we set some of the variables which will be used.
Change the TenantID in line 106 “Connect-MSIntuneGraph” to your own TenantID.

In my example script I’m not setting any dependencies, supersedence or assignments.
These can all be added automatically, but in my case, I prefer to manually check up on the applications which are uploaded and assign them to the relevant groups manually.

App_Link_Application_Setup.ps1

This script contains the base code, which is edited by the main script, and is used to install the application script and shortcuts on the end-user device.

Note:
There are multiple ways of adding folders and files to your Start Menu.
Only for 1 user: %APPDATA%\Microsoft\Windows\Start Menu\Programs
For all users: %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs

Also keep in mind that the name of the shortcut can’t be the same of the name of the folder. If the name of the folder is identical to the name of the shortcut, then the folder will not be shown!

App_Link_Application.ps1

This is the script which will get executed when the end-user presses the shortcut which has been added in there Start Menu.

App_Link_Application_Detection.ps1

This is the detection script which reports back to Intune whether or not the applications has been installed correctly.

Note:
In order for a detection script to work properly, it needs to both exit with code 0 AND write something to STDOUT

Sources

Enable PrtScr Snipping Tool

GitHub

mattiasvdlbe/MS Endpoint Manager/Proactive Remediations/PR_U_EnablePrtScrSnippingTool

Why?

The Windows Snipping tool is a very useful tool to quickly make print screen of specific parts of your screen.

The ability to start the application by clicking on the print screen button on your keyboard instead of having to open the program manually can save you time and is just a big convenience.

In the windows settings, you can manually enable this setting, but I’ve created a script so this functionality can be pushed to the devices of the end users without manual action.
This saves me or the end user having to remember to turn this setting on after they start using a newly rolled out device.

What?

This script checks if this function is enabled.
In the settings of Windows, you can find this setting here:

Set Print screen button to open Screen Snipping Tool

In case this option isn’t enabled yet, the remediation is triggered which will enable this function.

It also creates a log with some text outputs which are specified in the script.
For this, it uses an implemented function called “Write-Log()”
If you want to use this script, don’t forget to change the log output path.

Time And Date Correction

GitHub

mattiasvdlbe/MS Endpoint Manager/Proactive Remediations/PR_S_TimeAndDateCorrection

Why?

Some time ago, we had some devices which were no longer running on the correct time.
On the devices in question the users didn’t have administrator permissions, so they couldn’t change the time and date themselves.

As the end users needed to be able to continue their work as soon as possible, and the issue wasn’t widespread, we decided to just create a small script to fix the issue.
The script shared in this post, is more advanced, and has more options.

If you want to use it, check if all things checked and set in this script are relevant in your case.

What?

This script does some checks to make sure the end user device is using the correct date and time.

Things the proactive remediation checks:

StartupType of the Windows Time Service is set to “Manual” (which is the default setting)
Windows Time Service is running
“Set the time automatically” is activated
Location use is allowed (Privacy setting).
Location use needs to be allowed if you want to allow the system to automatically detect what time zone your currently in.
“Set the time zone automatically” is enabled
Compare NtpServer time and the local computer time.
If there’s a difference of more than 15 seconds either way (ahead or behind)

In case any of these checks fails, the remediation gets triggered, which then puts the system back to our desired configuration.

Other functions which are implemented:

Get-CurrentNtpServer()
Get-NtpTime()
All credits to Tim Curwick for this function.
https://madwithpowershell.blogspot.com/2016/06/getting-current-time-from-ntp-service.html

I’ve only added a While loop to retry retrieving the NtpTime in case it fails the first time around. In case of failure, it retries again after 30 seconds. It can retry at most 2 times.