There are some incredible community tools out there for app deployment via Winget and Intune, but as I’m sure you’ve noticed, I prefer a more hands-off script so decided to make my own.
I also stumbled across these PowerShell tools from a previous Microsoft Hackathon which opened up a world of possibilities!
As always, my script can be found on Github here or on PowerShell Gallery:
Install-Script -Name deploy-winget-win32-multipleWhen launching the script you will be presented with a credentials box which will authenticate against both Azure AD and Microsoft Graph (you may get a second password prompt for AzureAD).
At this point it will also download the latest copy of the intunewin utility and install Winget if it’s not already installed (you’ll need this for the app list)
Once authenticated, the script will sit there for a minute while it grabs all of the apps available on Winget and then bring a GridView from PowerShell with a list of everything available:
As it uses the native GridView, you can do advanced filtering and select multiple apps via Ctrl or Shift select.
When you click ok, the magic happens!
The script churns away to create:
- Directory in C:\Temp to store files
- AzureAD Install and Uninstall Groups
- Install and Uninstall PowerShell scripts
- Custom Detection Script
- Proactive Remediation (to update the app daily)
- The intunewin file itself
Once created it will:
- Upload the Intunewin file to Intune
- Assign Install and Uninstall groups to it
- Assign the Proactive Remediation to the install group
It’s all at the command line so fully silent, once you’ve selected your apps, leave it running, sit back and have a drink. All scripts use the exact app ID so no worries of it grabbing the wrong one either.
It’s all fully logged in the Windows Temp directory as well.
Remember to launch as an administrator or the Intunewinapputil will get very upset
Any comments, feedback or suggestions most welcome in the comments.
Thanks Andrew. This could be very useful. I’ve tested using different PowerShell versions but haven’t been able to get working. I think with PS5 ISE, it flashes open and closes instantly, but cant confirm. I have left the
——————————————
With PS5 ISE i get message: (it doenst go passed this screen after leaving for 30 mins. I do get both AD prompts.)
Transcript started, output file is C:\Users\J~1.NEW\AppData\Local\Temp\intune-12102022.log
Installing Intune modules if required (current user scope)
AZ Ad Preview Module Already Installed
Directory already existed
Directory: C:\temp
Mode LastWriteTime Length Name
d—– 12/10/2022 10:22 361-2210122234
winget already installed
Checking for AzureAD module…
Account : [email protected]
Environment : AzureCloud
Tenant : 16a4dc93-e50d-
TenantId : 16a4dc93-e50d-
TenantDomain : tenant.onmicrosoft.com
——————————————
With PS7 via Win Terminal i get message: (it doenst go passed this screen after leaving for 30 mins. I do get both AD prompts.)
Directory: C:\temp
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 12/10/2022 10:18 258-2210121844
winget already installed
Checking for AzureAD module…
Account : [email protected]
Environment : AzureCloud
Tenant : 16a4dc93-e50d-xxx
TenantId : 16a4dc93-e50d-xxxx
TenantDomain : tenant.onmicrosoft.com
——————————————
With PS7 i get message:
Checking for AzureAD module…
Authorization Access Token is null, please re-run authentication…
Hi Jan, do you get the popup initially prompting for credentials?
Hi Andrew,
Super cool idea….
Just tried your script.
Content is created in C:\temp\random_number but it creates for example a directory called “7-zip space, space, space, space, space…. 7-zip.7zip” with a detection7-Zip, install7-Zip and uninstall7-Zip with many spaces… and then it fails…
How can we fix this?
Hi, I have a trim() command on the application name which should remove the whitespace. Any chance you can send me the transcript output so I can have a look?
Which apps did you test with? I’ll do some testing my end as well
Hi Andrew, yes i get prompted to login. Powershell then m365 popup.
Hi Jan, it should popup with a grid-view at that point, can you check it hasn’t appeared in a minimized window?
Your script Doesn’t seem to support Azure MFA so companies that Force MFA it doesn’t to function as needed
You can do the following to get your tokens with MFA Clams on them:
# Get token for MS Graph by prompting for MFA
$MsResponse = Get-MSALToken -Scopes @(“https://graph.microsoft.com/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common” -Interactive -ExtraQueryParameters @{claims='{“access_token” : {“amr”: { “values”: [“mfa”] }}}’}
# Get token for AAD Graph
$AadResponse = Get-MSALToken -Scopes @(“https://graph.windows.net/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common”
#Connect to Azure AD
Connect-AzureAD -AadAccessToken $AadResponse.AccessToken -MsAccessToken $MsResponse.AccessToken -AccountId: $AccountID -tenantId: $TenantID
Thanks for pointing it out, did it fail on both Graph and AzureAD or just on AAD? If it’s just AAD, I might switch the group creation to the Graph function instead
It seems it does upload and does some graph functions but it does die out due to it being unable to connect to Azure AD modules I selected a Random Application to upload to test out the script
Creating AAD Groups for BatteryMon
New-AzureADMSGroup : You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2545 char:12
+ $grp = New-AzureADMSGroup -DisplayName $groupname -Description $g …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADMSGroup], AadNeedAuthenticationException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException,Microsoft.Open.MSGr
aphBeta.PowerShell.NewMSGroup
New-AzureADMSGroup : You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2545 char:12
+ $grp = New-AzureADMSGroup -DisplayName $groupname -Description $g …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADMSGroup], AadNeedAuthenticationException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException,Microsoft.Open.MSGr
aphBeta.PowerShell.NewMSGroup
another Error here form a graph call
Creation Proactive Remediation for BatteryMon
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2670 char:29
+ … ssign = Invoke-RestMethod -Uri $uri -Headers $authToken -Method P …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Then at the end
Assigning Groups
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2796 char:5
+ Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Bod …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
It did however upload the Application
I was able to fix the script by changing the connect-AzureAD -credential $user line to the following
##Get Credentials
# Get token for MS Graph by prompting for MFA
$MsResponse = Get-MSALToken -Scopes @(“https://graph.microsoft.com/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common” -Interactive -ExtraQueryParameters @{claims='{“access_token” : {“amr”: { “values”: [“mfa”] }}}’}
# Get token for AAD Graph
$AadResponse = Get-MSALToken -Scopes @(“https://graph.windows.net/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common”
$userUpn = New-Object “System.Net.Mail.MailAddress” -ArgumentList $User
$TenantID = $userUpn.Host
#Connect to Azure AD
Connect-AzureAD -AadAccessToken $AadResponse.AccessToken -MsAccessToken $MsResponse.AccessToken -AccountId: $cred.UserName -tenantId: $TenantID
This allowed it to function with MFA Clams with no issues. You might be able to drop that entire user entry box and pull the data using the above token info that you are prompting for just didnt have time to work it out.
Any chance you can test this Graph only one and see if it works any better?
https://github.com/andrew-s-taylor/public/blob/main/Powershell%20Scripts/Intune/deploy-winget-win32-multiple-graphonly.ps1
I’m having issues with intune failing to detect the apps correctly when they are installed using the app and dection script. Any suggestions?
My fault, I had two functions with the same name. Have just uploaded a new version which should fix it
Thank you for the quick reply.
I will try again using the new version. I am also having issues with the script successfully uploading the application to intune. I am receiving an error when the scipt get to the “uploading files to intune” and “Assigning Groups”. I have tried deploy-winget-win32-multiple-graphonly and deploy-winget-win32-multiple-multiple. and they both error at the same spot. Any suggestions on that? Can share error via email if that would help.
Thanks for your hard work on this module.
Yes please, if you drop me an email with the errors I will see what’s causing them.
Thank you
Hello, I wasn’t able to locate your email so I will post it here. I am having issues with the detection script as mentioned above and also having the below error. Any help would be appreciated.
UploadAzureStorageChunk : PUT https://mmcswda01.blob.core.windows.net/c66ccf2c-dc7e-4486-a9fe-7938db6d1679/8aded0a0-fe7 c-45fa-a740-25db6bc75d8d/754af1ea-b3c2-4d7a-b858-c292dd58b205.intunewin.bin?sv=2016-05-31&sr=b&si=-2056882926&sig=mihso R0kk8IwpQsG5wcrlUTVW%2B99OjXdZmbL%2B58%2FP%2F8%3D&comp=block&blockid=MDAwMA== At C:\deploy-winget-win32-multiple.ps1:453 char:13 + UploadAzureStorageChunk $sasUri $id $bytes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UploadAzureStorageChunk UploadAzureStorageChunk : The remote server returned an error: (403) Forbidden. At C:\deploy-winget-win32-multiple.ps1:453 char:13 + UploadAzureStorageChunk $sasUri $id $bytes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UploadAzureStorageChunk Invoke-UploadWin32Lob : Aborting with exception: System.Net.WebException: The remote server returned an error: (403) Forbidden. at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request) at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord() At C:\deploy-winget-win32-multiple.ps1:2439 char:18 + … appupload = Invoke-UploadWin32Lob -SourceFile “$appfile” -DisplayName … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-UploadWin32Lob 0 Grammarly for Microsoftโฌยซ Office Suite Created and uploaded VERBOSE: Assigning Groups VERBOSE: POST https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0/assign with 670-byte payload VERBOSE: received 797-byte response of content type application/json Invoke-MgGraphRequest : POST https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0/assign HTTP/1.1 400 Bad Request Transfer-Encoding: chunked Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 request-id: dfb38651-04b3-495d-a869-abdb95147ca6 client-request-id: dfb38651-04b3-495d-a869-abdb95147ca6
x-ms-ags-diagnostic: {“ServerInfo”:{“DataCenter”:”Canada
East”,”Slice”:”E”,”Ring”:”2″,”ScaleUnit”:”002″,”RoleInstance”:”QB1PEPF00002F9E”}}
Date: Tue, 22 Nov 2022 16:46:50 GMT
Content-Encoding: gzip
Content-Type: application/json
{“error”:{“code”:”BadRequest”,”message”:”{\r\n \”_version\”: 3,\r\n \”Message\”: \”Invalid operation: app’s
PublishingState is not ‘Published’. – Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 –
Activity ID: dfb38651-04b3-495d-a869-abdb95147ca6 – Url: https://fef.msua01.manage.microsoft.com/AppLifecycle_2211/Stat
elessAppMetadataFEService/deviceAppManagement/mobileApps(‘6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0’)/microsoft.management.s
ervices.api.assign?api-version=5022-09-01\”,\r\n \”CustomApiErrorPhrase\”: \”\”,\r\n \”RetryAfter\”: null,\r\n
\”ErrorSourceService\”: \”\”,\r\n \”HttpHeaders\”: \”{}\”\r\n}”,”innerError”:{“date”:”2022-11-22T16:46:51″,”request-id
“:”dfb38651-04b3-495d-a869-abdb95147ca6″,”client-request-id”:”dfb38651-04b3-495d-a869-abdb95147ca6″}}}
At C:\deploy-winget-win32-multiple.ps1:2413 char:5
+ Invoke-MgGraphRequest -Uri “https://graph.microsoft.com/beta/devi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Method: POST, R…ication/json
}:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
+ FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.Invok
eMgGraphRequest
That looks permissions related, I’ll drop you an email to have a better look
Hi Andrew,
I replied to your email. It might have gone to spam.
Ill answer here as well. I am a global admin.
Hi Andrew
Im getting the following error. Any ideas, im not much of a powershell person!
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 28/11/2022 08:40 249-2211284049
winget already installed
Connect-MgGraph : User canceled authentication.
At C:\temp\scripts\DeployWinGetMultiple.ps1:2457 char:1
+ Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceMan …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-MgGraph], MsalClientException
+ FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph
Connect-MgGraph : User canceled authentication.
At C:\temp\scripts\DeployWinGetMultiple.ps1:2457 char:1
+ Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceMan …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-MgGraph], MsalClientException
+ FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph
Hi Simon,
That error looks like the authentication didn’t work, you should get a popup box with a browser window to authenticate and approve the Graph connection. It might be worth looking for Applocker settings for both this and your Winget issue
I can’t even run Winget manually so I’m guessing something blocked in our build.
Hello Andrew,
it looks that the output in gridview is not formatted the right way. The values for Name and ID are in the same column, the column ID is empty. Therefor the variables are not filled.
Hi, any chance you can send me a screenshot and your PS and Winget versions? It’s working ok for me, but it could be a Winget update has changed something
Hello,
Winget is v1.4.2011-preview
PS is 5.1.19041.1682
Screenshot is not possible here. Can you give me a mail address?
I’ve sent you an email ๐
I have the same problem as randy!
Hi, can I check which version you are using and also which app you are trying to add? I made some fixes which worked for Randy, but it may be something with the app itself.
Thanks!
Great script.
Is it possible to choose apps also from msstore (winget + msstore) ?
Regards
Jonas
Hi Jonas,
Not with this script because you can’t wildcard search on msstore apps so I can’t get the grid-view output.
I have a new post going live tomorrow with some PowerShell functions you can use for msstore apps though
Great
Thanks! ๐
Hi Andrew
I’m facing an error with this script. I think script failed to get winget packages.
OS: Windows 11 22H2 (22623.1037)
PowerShell: 7.3.1
winget: v1.4.3132-preview
Log
Microsoft Graph Already Installed
Directory already existed
Directory: C:\temp
Mode LastWriteTime Length Name
—- ————- —— —-
d—- 2022-12-22 ์ค์ 9:28 65-2212222808
winget already installed
Welcome To Microsoft Graph!
Write-Error: C:\Users\rubik\Documents\PowerShell\Scripts\deploy-winget-win32-multiple.ps1:1345
Line |
1345 | โฆ $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles โฆ
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| No results were found.
Write-Error: C:\Users\rubik\Documents\PowerShell\Scripts\deploy-winget-win32-multiple.ps1:1345
Line |
1345 | โฆ $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles โฆ
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| No results were found.
ClientId : (DELETED)
TenantId : (DELETED)
CertificateThumbprint :
Scopes : {DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, email, Group.
ReadWrite.Allโฆ}
AuthType : Delegated
AuthProviderType : InteractiveAuthenticationProvider
CertificateName :
Account : (DELETED)
AppName : Microsoft Graph PowerShell
ContextScope : CurrentUser
Certificate :
PSHostVersion : 7.3.1
Hi Sanghyeon, thanks for your message. I’ve just installed that version of Winget on my 22H2 machine and can’t seem to replicate the issue. Any chance you can confirm if you have any language packs installed? I’ve seen that cause problems before
Thanks
I am not able to get the packages to load. When I launch the script, it just sits at Loading Winget Packages and does not do anything else.
Hi, can you try loading Winget in a command prompt and just type “winget list”, you may need to accept a license or similar on the first run
Hi Andrew,
I have used the Script and replaced all my Store Apps with this Script now. I have had no issues in over 2 weeks. Everything is the way it should be. I just replaced Group names and added “Test” in the Group names for my Testing initially as I already have App groups created.
Thank you for the hard work.
Hi Zahin,
Glad you are finding it useful, I’m a big fan of automation where possible ๐
Yes, Andrew. I am a very big fan of Automation too. I am working towards Automating Intune standard config for any new client in 30 minutes. Done enough testing. Your Script made life easier for Apps. For Config Profiles and Admin Templates etc, I use Micke Karlsson Tool. Configure Demo Tenant. Export it without Assignment. Import it to new Tenant. Do the assignment. Make any Modification (Tenant ID etc if needed), now Add apps using Andrew’s Script. Do Customised Modifications if needed on the Tenant and done.
Have you checked out my backup and restore script, it’s what I use in my tenant automation tool (I use a Devops pipeline, it takes 7-8 minutes in total)
You can also use the code in this tool to handle the assignments:
https://andrewstaylor.com/2022/04/11/bulk-assigning-apps-and-policies-in-intune/
So, I have replaced your old script with the new one Github. Getting this error on any App I try to install. Any Ideas?
Directory: C:\temp\186-2301314527
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 31/01/2023 14:45 Microsoft.DotNet.Framework.Developรข
Directory c:\temp\186-2301314527\\Microsoft.DotNet.Framework.Developรข Created
VERBOSE: Creating AAD Groups for .NET Framework
New-MgGroup : One or more errors occurred.
At line:2205 char:5
+ $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-MgGroup_CreateExpanded1], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1
Can you try and app with a shorter name? I’ve seen this before with some MS apps where it truncates the name and adds random special characters.
If it works with shorter apps, I’ll see if I can add some logic in
Tried Miro.Miro as well. None working for some reason.
I’ve just tried on mine and it’s working ok for miro.miro, check your graph permissions are ok for creating AAD groups
Permissions seems fine. No changes were made. Not sure what happened suddenly?
It seems to be failing on the group creation stage, might be worth trying a basic “new-mggroup” in powershell and see what happens?
Andrew,
Firstly, thank you for putting this together, it is absolutely amazing!
I have tried a few apps into a demo tenant and they are working as expected. I then apply additional descriptions, app icons and rename the groups to meet a convention (which is minimal compared to the time you are saving me)
I am having an issue in deploying the apps to an Autopilot enrolled AAD only device – basically no apps deploy. I still need to troubleshoot it mire, authenticating as admin to read C:\Windows\Temp\
Reading your comment that the user or an admin might need to run “winget list –accept-package-agreements” – I have tried deploying a Script to these devices with no luck. has anyone else needed to do this to managed devices that have never used winget before? It really is a prerequisite for all this to work, from what I am seeing
Hi Shane,
Glad you’re finding it useful.
The install command for the apps include –accept-package-agreements and –accept-source-agreements so that shouldn’t be a blocker any more.
Are these Windows 10 or Windows 11 machines and do they have Winget pre-installed?
If you let me know which OS version and which app, I’ll try to replicate your setup and see what I can find
Hi Andrew,
Thank you so much for creating this script. its fantastic and seems to work most of the time really well.
I will say though, i am having problems with it creating groups and assigning it to apps if the app has a space in its name.
For example, ‘Jabra Direct’. the app will upload create everything correctly apart from the install and uninstall groups. im guessing this is because graph doesnt like spaces?
anyway to fix this? try replicating this for yourself and you will see.
here is the error i received…
“VERBOSE: Creating AAD Groups for Jabra Direct
New-MgGroup : Invalid value specified for property ‘mailNickname’ of resource ‘Group’.
At C:\Users\RDavies\Downloads\public-main\public-main\Powershell Scripts\Intune\deploy-winget-win32-multiple.ps1:2205 char:5
+ $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ body = Micros…ftGraphGroup1 }:f__AnonymousType1`1) [New-MgGroup_CreateExpanded1], RestException`1
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1
New-MgGroup : Invalid value specified for property ‘mailNickname’ of resource ‘Group’.
At C:\Users\RDavies\Downloads\public-main\public-main\Powershell Scripts\Intune\deploy-winget-win32-multiple.ps1:2205 char:5
+ $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ body = Micros…ftGraphGroup1 }:f__AnonymousType1`1) [New-MgGroup_CreateExpanded1], RestException`1
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1”
Hi again Andrew.
I just want to say i have actually managed to resove this myself by adding a very simple work around in your script.
Just posting so others can see if they have issues:
during the function ‘new-aadgroups’ in the script, I add the following after the ‘switch ($grouptype)’
$appname = $appname -replace ‘ ‘,’_’
so instead of your code which is:
switch ($grouptype) {
“install” {
$groupname = “LFFUK-Apps-Install-” + $appname
$nickname = “LFFUK-Apps-Install-” + $appname
$groupdescription = “Group for installation and updating of $appname application”
}
“uninstall” {
$groupname = “LFFUK-Apps-Uninstall-” + $appname
$nickname = “LFFUK-Apps-Uninstall-” + $appname
$groupdescription = “Group for uninstallation of $appname application”
}
}
i add the following in **
switch ($grouptype) {
“install” {
**$appname = $appname -replace ‘ ‘,’_’**
$groupname = “LFFUK-Apps-Install-” + $appname
$nickname = “LFFUK-Apps-Install-” + $appname
$groupdescription = “Group for installation and updating of $appname application”
}
“uninstall” {
**$appname = $appname -replace ‘ ‘,’_’**
$groupname = “LFFUK-Apps-Uninstall-” + $appname
$nickname = “LFFUK-Apps-Uninstall-” + $appname
$groupdescription = “Group for uninstallation of $appname application”
}
}
not sure if its worth adding into your code?
Hi Ryan,
Thanks for pointing this out (and glad you’re finding it useful).
It’s failing on the MailNicknam which should be set to the $appid rather than the $appname (if you’re using v2.0.7)
When you made the changes to add a prefix, could it be you copy and pasted the name rather than the ID for that one?
Ahh yes, you are right, I may have done this. any affects if i leave it like this? or do you recommend I change it back to $appid?
You’ll be fine leaving it like that, I only used the appID to avoid the spacing issue with the nickname anyway ๐
Hi Andrew
first of all thank you for your work. you help us sys admins a lot!
Some how when i run you script every thing works fine, until it gets stuck in “Loading Winget Packages” from there it is not Processing any dot.
could you maybe help me out with a hint?
regards
Hi,
Glad you’re finding it useful! First thing is to load up PowerShell/Command prompt and type “Winget List”, it might be you need to accept the license agreement.
Make sure you don’t have anything which would block the gridview popup window as well
So Simple ๐
Thank you men! Keep up with the good Work!
We all love a simple fix. Let me know if you have any other issues, always happy to hear of any other issues which could be scripted as well
Hi,
i found two syntax errors in the script, so that the install and uninstall ps1 did not work.
It should read correctly.
function new-installscript:
&`$winget install –id `$appid –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
function new-uninstallscript
&`$winget uninstall –id `$appid –silent –force –accept-package-agreements –accept-source-agreements
The ` missed before the variable $appid.
As always.
Variables won’t. Constants aren’t.
Kind Regards,
LEM
Hi,
We need those two variables to resolve inside the script which is why they don’t have the backtick before them
Hi,
with me the script didn’t work without the backtick before them.
After I added them, it functions perfectly.
Different behaviour on two systems? Any ideas?
Can you share the install script it created? This one is used quite extensively and works ok for others without the backtick
Here you are.
without backtick – Name: install.ps1
—-
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
—-
backtick – Name: install7zip.7zip.ps1
—-
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id $appid –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
—-
As you can see, contrary behaviour.
Neither of those will work, both are missing the AppID, has anything else changed in the script?
This is what I get:
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id 7zip.7zip –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
Are you using the German language pack? I’ve seen that cause issues before
That must be the cause.
Indeed, am I using the german language pack.
Do you know a workaround for the issue?
Many thanks in advance.
Hi,
I have tested and quotation marks do the trick.
&`$winget install –id “$appid” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
and you get in install.ps1
&$winget install –id “7zip.7zip” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
in install7zip.7zip.ps1
Is that a solution in your opinion?
Kind regards
Yes, if that’s working your end, I’ll push out an update now.
Thanks for testing!
The interesting fact was, that the install and uninstall schripts were affected und the detection script wasn’t affected.
Thanks for helping!
hi , i am getting this error when it was load the graph and winget, any idea what could be wrong? thanks in advance
Invoke-WinGetCommand : No results were found.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1379 char:17
+ … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand
Hi, Which app did you select to install? I’ll test my side
Actually it was not display the gridview for me select anything and just throw that error. was that someting that my environment that is not allow or blocking the graph to display the gradview ?
Do you have ISE installed on your machine? If that has been removed the gridview may fail
power shell ISE is there in the machine, everything was loading till to “welcome to MS graph”-there is not gridview, then it went to the command to invoke-winget….
Welcome To Microsoft Graph!
Invoke-WinGetCommand : No results were found.
At C:\Temp\deploy-winget-win32-multiple.ps1:1379 char:17
+ … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand
ClientId : 1xxxxx
TenantId : exxxxxxxxxx
CertificateThumbprint :
Scopes : {DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, Directory.AccessAsUser.All, email…}
AuthType : Delegated
AuthProviderType : InteractiveAuthenticationProvider
CertificateName :
Account : [email protected]
AppName : Microsoft Graph PowerShell
ContextScope : CurrentUser
Certificate :
PSHostVersion : 5.1.19041.2673
๐ Selected apps have been deployed to Intune
A couple of things to test:
1) Load commandprompt and type Winget List to see if you need to accept a license agreement
2) Type get-process | out-gridview and see if that pops up
hi
1)license already accepted already
2)it did show the gridview
You might need to add the functions and then try running just the gridview bit and see what happens.
At that point it’s just searching for all winget apps and returning a list
Hi, this should be where the loading is started
so it seem that it cannot do the search all function
$packs = find-wingetpackage ‘””‘
Invoke-WinGetCommand : No results were found.
At line:116 char:17
+ … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand
If i do it with single item, it was ok
find-wingetpackage ‘”git”‘ | out-gridview
i found that it was issue when i run it using my admin account , but it was now working fine if i used my normal account . it seem tha winget is not doing well when it was using the admin account
Ah, yes, the winget environment variable won’t populate as admin. It can be done, but you would need to specify the path to the executable
Hi Andrew
The automation really cool. thanks for the great work!
Btw, do you know why uninstall will be failing? as i can see , all the apps is install with system context , it was installing nicely , but when i try to add the devcie to the uninstall, it was failing
Example , Notepad++
i wonder do you face any issue when assigned the uninstall using intune?
Thank you
ok, the uninstall does not take this ๐
argument name was not recognized for the current command: ‘–accept-package-agreements’
Ah, well spotted. That’s removed and the script has been updated now