Adding Software to Intune with PsADT
-
Installing Required Software5 Topics
-
Build a new Intune Package9 Topics
-
Run Post Haste
-
Get Installer Files.
-
Silently Install the Software Manually
-
Fill out PsADT Information in VSCode
-
Compile your package with the pack.ps1 script
-
Test compiled Setup.intunewin inside the sandbox
-
Get the MSI Install Code.
-
Upload the package to Intune.
-
Test the package on a deployed computer.
-
Run Post Haste
-
Conclusion
Participants 1
PSAppDeployToolkit is a versatile solution that streamlines and standardizes the process of software deployment, making it easier than ever to manage your IT environment. It has a comprehensive set of features, such as dynamic logging, user interaction capabilities, and customizable functionality.
1. Lets Add a few new folders namely, Downloads & Output to our Files folder.Â
2. Lets download and copy the Toolkit folder from the PsADT zip to our files folder. You can download the latest release of the Ps App Deploy Toolkit from GitHub here.
3. Copy the Toolkit Folder from the zip into our files folder.Â
4. In the end your files should look like this:
5. Navigate to Toolkit > AppDeployToolkit. You will want to use a photoshop type application to change the logo, and the bannerÂ
- AppDeployToolkitBanner.png
- AppDeployToolkitLogo.icon
- AppDeployToolkitLogo.png
Each of these needs to maintain the exact same name or they will not be picked up by the deploy script. Additionally I keep the original ones by renaming them to original.Â
This will brand your deployments and allow the prompts to show your company information as they do their things.
🚀 Customize PsADT for speed
1. Add a pack.ps1 powershell script to the files folder so that you don’t have to type it out every time you want to compile your intune win file. When you are setting up each project you will want to change Setup.exe to whatever the name of your setup file is.
intwin -c .\Toolkit -s .\Toolkit\Files\Setup.exe -o .\Output -q
2. Add a text file called Start_Commands.txt to the root of the file so that you have an easy copy/paste reference for starting running your .intunewin file.Â
// for testing in the sandbox.
powershell.exe -executionpolicy bypass -command "set-executionpolicy remotesigned -Force"; powershell.exe -file ".\PreLaunch.ps1"
// for running in intune
powershell.exe -executionpolicy bypass -file ".\PreLaunch.ps1"
powershell.exe -executionpolicy bypass -file ".\PreLaunch.ps1" -DeploymentType "Uninstall"
3. While we are inside the Sandbox, after a package has been installed, we want to be able to collect the MSI Installation code. Here’s a small PowerShell script we can use to identify packages that have been installed. This file goes into the Output folder of our package so that it’s not included in our compiled package but we can access it when we open our intune win file inside the sandbox.Â
param($Work)
# restart PowerShell with -noexit, the same script, and 1
if (!$Work) {
powershell -noexit -executionpolicy bypass -file $MyInvocation.MyCommand.Path 1
return
}
echo " Checking MSI Code:"
$Installer = New-Object -ComObject WindowsInstaller.Installer; $InstallerProducts = $Installer.ProductsEx("", "", 7); $InstalledProducts = ForEach($Product in $InstallerProducts){[PSCustomObject]@{ProductCode = $Product.ProductCode(); LocalPackage = $Product.InstallProperty("LocalPackage"); VersionString = $Product.InstallProperty("VersionString"); ProductPath = $Product.InstallProperty("ProductName")}} $InstalledProducts
4. Most of the time you will be launching the installation package using the “System” context so that your installation has administrator permission. But when doing that all of the prompts or notifications will then be displayed to the SYSTEM user and our logged-in user will never see them. We can use the Microsoft-Provided ServiceUI.exe when a user is logged in to have the best of both worlds, Our script will run with administrator permission, and display the notifications to the user.Â
This particular pre-launch script can be found over at GitHub here. to make it easy I have also included it here.Â
Note: I renamed it from `Win32App_PSADT_PreLaunch.ps1` to the simpler `PreLaunch.ps1`and made a few adjustments.Â
[CmdletBinding()]
param (
[Parameter(Mandatory = $false)]
[ValidateSet('Install', 'Uninstall')]
[String]$DeploymentType = 'Install'
)
#This will log the script and how it goes
Start-Transcript -Path "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\Win32App_PSADT_PreLaunch.log"
#Below will get the active user logged in, if no user logged in, it will return variable as null.
$CheckUser = Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -ExpandProperty UserName
if ($env:USERNAME -eq "WDAGUtilityAccount"){
$CheckUser = "WDAGUtilityAccount"
}
If ($CheckUser -eq $null)
{
Write-Host "No User is Logged into Computer, running in Non-Interactive mode"
If ($DeploymentType -eq "Install")
{
Write-Host "INSTALL DEPLOYMENT TYPE: No user logged in so run in Non-Interactive mode"
Start-Process Deploy-Application.exe -Wait -ArgumentList '-DeployMode "NonInteractive"'
}
If ($DeploymentType -eq "Uninstall")
{
Write-Host "UNINSTALL DEPLOYMENT TYPE: No user logged in so run in Non-Interactive mode"
Start-Process Deploy-Application.exe -Wait -ArgumentList '-DeployMode "NonInteractive" -DeploymentType "Uninstall"'
}
}
else
{
Write-Host "USERNAME in Variable is $CheckUser"
If (($CheckUser -match "defaultuser0") -and (((Get-Process -Name 'wwahost' -ErrorAction 'SilentlyContinue').count) -gt 0))
{
Write-Host "DefaultUser0 is logged in and wwahost process running, this means OOBE/ESP/Autopilot is running - Will Run without ServiceUI.exe"
If ($DeploymentType -eq "Install")
{
Write-Host "INSTALL DEPLOYMENT TYPE: DefaultUser0 is logged in so run in Non-Interactive mode"
Start-Process Deploy-Application.exe -Wait -ArgumentList '-DeployMode "NonInteractive"'
}
If ($DeploymentType -eq "Uninstall")
{
Write-Host "UNINSTALL DEPLOYMENT TYPE: DefaultUser0 is logged in so run in Non-Interactive mode"
Start-Process Deploy-Application.exe -Wait -ArgumentList '-DeployMode "NonInteractive" -DeploymentType "Uninstall"'
}
}
else
{
Write-Host "$CheckUser is logged in (NOT DefaultUser0) to the computer, so will run with ServiceUI.exe to give user UI."
If ($DeploymentType -eq "Install")
{
Write-Host "INSTALL DEPLOYMENT TYPE: User is logged in. Will run with ServiceUI.exe, in install mode."
.\ServiceUI.exe -Process:explorer.exe Deploy-Application.exe
}
If ($DeploymentType -eq "Uninstall")
{
Write-Host "UNINSTALL DEPLOYMENT TYPE: User is logged in. Will run with ServiceUI.exe, in uninstall mode."
.\ServiceUI.exe -Process:explorer.exe Deploy-Application.exe -DeploymentType Uninstall
}
}
}
Write-Output "Install Exit Code = $LASTEXITCODE"
Stop-Transcript
Exit $LASTEXITCODE
5. As mentioned above, we must add ServiceUi.exe to our PsADT Toolkit to make the PreLaunch script happy. The same GitHub Repo that we got the script from also has ServiceUI.exe available to download. Let’s download it and put it inside our Toolkit folder.
When we are finished our Toolkit should look something like this:Â
Review: At this point, We have put together our template for new packages using Post Haste & PsADT.Â
Our Template has some nice features. like using the ServiceUI and PreLaunch Script to display everything to the logged-in user and quality-of-life scripts for our testing.Â