Update 28/06/23 – Version 4.0 now lets you use a command line parameter to specify install and uninstall group names
There are some incredible community tools out there for app deployment via Winget and Intune, but as I’m sure you’ve noticed, I prefer a more hands-off script so decided to make my own.
I also stumbled across these PowerShell tools from a previous Microsoft Hackathon which opened up a world of possibilities!
As always, my script can be found on Github here or on PowerShell Gallery:
Install-Script -Name deploy-winget-win32-multipleWhen launching the script you will be presented with a credentials box which will authenticate against both Azure AD and Microsoft Graph (you may get a second password prompt for AzureAD).
At this point it will also download the latest copy of the intunewin utility and install Winget if it’s not already installed (you’ll need this for the app list)
Once authenticated, the script will sit there for a minute while it grabs all of the apps available on Winget and then bring a GridView from PowerShell with a list of everything available:
As it uses the native GridView, you can do advanced filtering and select multiple apps via Ctrl or Shift select.
When you click ok, the magic happens!
The script churns away to create:
- Directory in C:\Temp to store files
- AzureAD Install and Uninstall Groups
- Install and Uninstall PowerShell scripts
- Custom Detection Script
- Proactive Remediation (to update the app daily)
- The intunewin file itself
Once created it will:
- Upload the Intunewin file to Intune
- Assign Install and Uninstall groups to it
- Assign the Proactive Remediation to the install group
It’s all at the command line so fully silent, once you’ve selected your apps, leave it running, sit back and have a drink. All scripts use the exact app ID so no worries of it grabbing the wrong one either.
It’s all fully logged in the Windows Temp directory as well.
Remember to launch as an administrator or the Intunewinapputil will get very upset
Any comments, feedback or suggestions most welcome in the comments.
Thanks Andrew. This could be very useful. I’ve tested using different PowerShell versions but haven’t been able to get working. I think with PS5 ISE, it flashes open and closes instantly, but cant confirm. I have left the
——————————————
With PS5 ISE i get message: (it doenst go passed this screen after leaving for 30 mins. I do get both AD prompts.)
Transcript started, output file is C:\Users\J~1.NEW\AppData\Local\Temp\intune-12102022.log
Installing Intune modules if required (current user scope)
AZ Ad Preview Module Already Installed
Directory already existed
Directory: C:\temp
Mode LastWriteTime Length Name
d—– 12/10/2022 10:22 361-2210122234
winget already installed
Checking for AzureAD module…
Account : [email protected]
Environment : AzureCloud
Tenant : 16a4dc93-e50d-
TenantId : 16a4dc93-e50d-
TenantDomain : tenant.onmicrosoft.com
——————————————
With PS7 via Win Terminal i get message: (it doenst go passed this screen after leaving for 30 mins. I do get both AD prompts.)
Directory: C:\temp
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 12/10/2022 10:18 258-2210121844
winget already installed
Checking for AzureAD module…
Account : [email protected]
Environment : AzureCloud
Tenant : 16a4dc93-e50d-xxx
TenantId : 16a4dc93-e50d-xxxx
TenantDomain : tenant.onmicrosoft.com
——————————————
With PS7 i get message:
Checking for AzureAD module…
Authorization Access Token is null, please re-run authentication…
Hi Jan, do you get the popup initially prompting for credentials?
Hi Andrew,
Super cool idea….
Just tried your script.
Content is created in C:\temp\random_number but it creates for example a directory called “7-zip space, space, space, space, space…. 7-zip.7zip” with a detection7-Zip, install7-Zip and uninstall7-Zip with many spaces… and then it fails…
How can we fix this?
Hi, I have a trim() command on the application name which should remove the whitespace. Any chance you can send me the transcript output so I can have a look?
Which apps did you test with? I’ll do some testing my end as well
Hi Andrew, yes i get prompted to login. Powershell then m365 popup.
Hi Jan, it should popup with a grid-view at that point, can you check it hasn’t appeared in a minimized window?
Your script Doesn’t seem to support Azure MFA so companies that Force MFA it doesn’t to function as needed
You can do the following to get your tokens with MFA Clams on them:
# Get token for MS Graph by prompting for MFA
$MsResponse = Get-MSALToken -Scopes @(“https://graph.microsoft.com/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common” -Interactive -ExtraQueryParameters @{claims='{“access_token” : {“amr”: { “values”: [“mfa”] }}}’}
# Get token for AAD Graph
$AadResponse = Get-MSALToken -Scopes @(“https://graph.windows.net/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common”
#Connect to Azure AD
Connect-AzureAD -AadAccessToken $AadResponse.AccessToken -MsAccessToken $MsResponse.AccessToken -AccountId: $AccountID -tenantId: $TenantID
Thanks for pointing it out, did it fail on both Graph and AzureAD or just on AAD? If it’s just AAD, I might switch the group creation to the Graph function instead
It seems it does upload and does some graph functions but it does die out due to it being unable to connect to Azure AD modules I selected a Random Application to upload to test out the script
Creating AAD Groups for BatteryMon
New-AzureADMSGroup : You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2545 char:12
+ $grp = New-AzureADMSGroup -DisplayName $groupname -Description $g …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADMSGroup], AadNeedAuthenticationException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException,Microsoft.Open.MSGr
aphBeta.PowerShell.NewMSGroup
New-AzureADMSGroup : You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2545 char:12
+ $grp = New-AzureADMSGroup -DisplayName $groupname -Description $g …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADMSGroup], AadNeedAuthenticationException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException,Microsoft.Open.MSGr
aphBeta.PowerShell.NewMSGroup
another Error here form a graph call
Creation Proactive Remediation for BatteryMon
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2670 char:29
+ … ssign = Invoke-RestMethod -Uri $uri -Headers $authToken -Method P …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Then at the end
Assigning Groups
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2796 char:5
+ Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Bod …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
It did however upload the Application
I was able to fix the script by changing the connect-AzureAD -credential $user line to the following
##Get Credentials
# Get token for MS Graph by prompting for MFA
$MsResponse = Get-MSALToken -Scopes @(“https://graph.microsoft.com/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common” -Interactive -ExtraQueryParameters @{claims='{“access_token” : {“amr”: { “values”: [“mfa”] }}}’}
# Get token for AAD Graph
$AadResponse = Get-MSALToken -Scopes @(“https://graph.windows.net/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common”
$userUpn = New-Object “System.Net.Mail.MailAddress” -ArgumentList $User
$TenantID = $userUpn.Host
#Connect to Azure AD
Connect-AzureAD -AadAccessToken $AadResponse.AccessToken -MsAccessToken $MsResponse.AccessToken -AccountId: $cred.UserName -tenantId: $TenantID
This allowed it to function with MFA Clams with no issues. You might be able to drop that entire user entry box and pull the data using the above token info that you are prompting for just didnt have time to work it out.
Any chance you can test this Graph only one and see if it works any better?
https://github.com/andrew-s-taylor/public/blob/main/Powershell%20Scripts/Intune/deploy-winget-win32-multiple-graphonly.ps1
I’m having issues with intune failing to detect the apps correctly when they are installed using the app and dection script. Any suggestions?
My fault, I had two functions with the same name. Have just uploaded a new version which should fix it
Thank you for the quick reply.
I will try again using the new version. I am also having issues with the script successfully uploading the application to intune. I am receiving an error when the scipt get to the “uploading files to intune” and “Assigning Groups”. I have tried deploy-winget-win32-multiple-graphonly and deploy-winget-win32-multiple-multiple. and they both error at the same spot. Any suggestions on that? Can share error via email if that would help.
Thanks for your hard work on this module.
Yes please, if you drop me an email with the errors I will see what’s causing them.
Thank you
Hello, I wasn’t able to locate your email so I will post it here. I am having issues with the detection script as mentioned above and also having the below error. Any help would be appreciated.
UploadAzureStorageChunk : PUT https://mmcswda01.blob.core.windows.net/c66ccf2c-dc7e-4486-a9fe-7938db6d1679/8aded0a0-fe7 c-45fa-a740-25db6bc75d8d/754af1ea-b3c2-4d7a-b858-c292dd58b205.intunewin.bin?sv=2016-05-31&sr=b&si=-2056882926&sig=mihso R0kk8IwpQsG5wcrlUTVW%2B99OjXdZmbL%2B58%2FP%2F8%3D&comp=block&blockid=MDAwMA== At C:\deploy-winget-win32-multiple.ps1:453 char:13 + UploadAzureStorageChunk $sasUri $id $bytes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UploadAzureStorageChunk UploadAzureStorageChunk : The remote server returned an error: (403) Forbidden. At C:\deploy-winget-win32-multiple.ps1:453 char:13 + UploadAzureStorageChunk $sasUri $id $bytes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UploadAzureStorageChunk Invoke-UploadWin32Lob : Aborting with exception: System.Net.WebException: The remote server returned an error: (403) Forbidden. at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request) at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord() At C:\deploy-winget-win32-multiple.ps1:2439 char:18 + … appupload = Invoke-UploadWin32Lob -SourceFile “$appfile” -DisplayName … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-UploadWin32Lob 0 Grammarly for Microsoft┬« Office Suite Created and uploaded VERBOSE: Assigning Groups VERBOSE: POST https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0/assign with 670-byte payload VERBOSE: received 797-byte response of content type application/json Invoke-MgGraphRequest : POST https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0/assign HTTP/1.1 400 Bad Request Transfer-Encoding: chunked Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 request-id: dfb38651-04b3-495d-a869-abdb95147ca6 client-request-id: dfb38651-04b3-495d-a869-abdb95147ca6
x-ms-ags-diagnostic: {“ServerInfo”:{“DataCenter”:”Canada
East”,”Slice”:”E”,”Ring”:”2″,”ScaleUnit”:”002″,”RoleInstance”:”QB1PEPF00002F9E”}}
Date: Tue, 22 Nov 2022 16:46:50 GMT
Content-Encoding: gzip
Content-Type: application/json
{“error”:{“code”:”BadRequest”,”message”:”{\r\n \”_version\”: 3,\r\n \”Message\”: \”Invalid operation: app’s
PublishingState is not ‘Published’. – Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 –
Activity ID: dfb38651-04b3-495d-a869-abdb95147ca6 – Url: https://fef.msua01.manage.microsoft.com/AppLifecycle_2211/Stat
elessAppMetadataFEService/deviceAppManagement/mobileApps(‘6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0’)/microsoft.management.s
ervices.api.assign?api-version=5022-09-01\”,\r\n \”CustomApiErrorPhrase\”: \”\”,\r\n \”RetryAfter\”: null,\r\n
\”ErrorSourceService\”: \”\”,\r\n \”HttpHeaders\”: \”{}\”\r\n}”,”innerError”:{“date”:”2022-11-22T16:46:51″,”request-id
“:”dfb38651-04b3-495d-a869-abdb95147ca6″,”client-request-id”:”dfb38651-04b3-495d-a869-abdb95147ca6″}}}
At C:\deploy-winget-win32-multiple.ps1:2413 char:5
+ Invoke-MgGraphRequest -Uri “https://graph.microsoft.com/beta/devi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Method: POST, R…ication/json
}:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
+ FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.Invok
eMgGraphRequest
That looks permissions related, I’ll drop you an email to have a better look
Hi Andrew,
I replied to your email. It might have gone to spam.
Ill answer here as well. I am a global admin.
Hi Andrew
Im getting the following error. Any ideas, im not much of a powershell person!
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 28/11/2022 08:40 249-2211284049
winget already installed
Connect-MgGraph : User canceled authentication.
At C:\temp\scripts\DeployWinGetMultiple.ps1:2457 char:1
+ Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceMan …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-MgGraph], MsalClientException
+ FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph
Connect-MgGraph : User canceled authentication.
At C:\temp\scripts\DeployWinGetMultiple.ps1:2457 char:1
+ Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceMan …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-MgGraph], MsalClientException
+ FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph
Hi Simon,
That error looks like the authentication didn’t work, you should get a popup box with a browser window to authenticate and approve the Graph connection. It might be worth looking for Applocker settings for both this and your Winget issue
I can’t even run Winget manually so I’m guessing something blocked in our build.
Hello Andrew,
it looks that the output in gridview is not formatted the right way. The values for Name and ID are in the same column, the column ID is empty. Therefor the variables are not filled.
Hi, any chance you can send me a screenshot and your PS and Winget versions? It’s working ok for me, but it could be a Winget update has changed something
Hello,
Winget is v1.4.2011-preview
PS is 5.1.19041.1682
Screenshot is not possible here. Can you give me a mail address?
I’ve sent you an email 🙂
I have the same problem as randy!
Hi, can I check which version you are using and also which app you are trying to add? I made some fixes which worked for Randy, but it may be something with the app itself.
Thanks!
Great script.
Is it possible to choose apps also from msstore (winget + msstore) ?
Regards
Jonas
Hi Jonas,
Not with this script because you can’t wildcard search on msstore apps so I can’t get the grid-view output.
I have a new post going live tomorrow with some PowerShell functions you can use for msstore apps though
Great
Thanks! 🙂
Hi Andrew
I’m facing an error with this script. I think script failed to get winget packages.
OS: Windows 11 22H2 (22623.1037)
PowerShell: 7.3.1
winget: v1.4.3132-preview
Log
Microsoft Graph Already Installed
Directory already existed
Directory: C:\temp
Mode LastWriteTime Length Name
—- ————- —— —-
d—- 2022-12-22 오전 9:28 65-2212222808
winget already installed
Welcome To Microsoft Graph!
Write-Error: C:\Users\rubik\Documents\PowerShell\Scripts\deploy-winget-win32-multiple.ps1:1345
Line |
1345 | … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| No results were found.
Write-Error: C:\Users\rubik\Documents\PowerShell\Scripts\deploy-winget-win32-multiple.ps1:1345
Line |
1345 | … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| No results were found.
ClientId : (DELETED)
TenantId : (DELETED)
CertificateThumbprint :
Scopes : {DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, email, Group.
ReadWrite.All…}
AuthType : Delegated
AuthProviderType : InteractiveAuthenticationProvider
CertificateName :
Account : (DELETED)
AppName : Microsoft Graph PowerShell
ContextScope : CurrentUser
Certificate :
PSHostVersion : 7.3.1
Hi Sanghyeon, thanks for your message. I’ve just installed that version of Winget on my 22H2 machine and can’t seem to replicate the issue. Any chance you can confirm if you have any language packs installed? I’ve seen that cause problems before
Thanks
I am not able to get the packages to load. When I launch the script, it just sits at Loading Winget Packages and does not do anything else.
Hi, can you try loading Winget in a command prompt and just type “winget list”, you may need to accept a license or similar on the first run
Hi Andrew,
I have used the Script and replaced all my Store Apps with this Script now. I have had no issues in over 2 weeks. Everything is the way it should be. I just replaced Group names and added “Test” in the Group names for my Testing initially as I already have App groups created.
Thank you for the hard work.
Hi Zahin,
Glad you are finding it useful, I’m a big fan of automation where possible 🙂
Yes, Andrew. I am a very big fan of Automation too. I am working towards Automating Intune standard config for any new client in 30 minutes. Done enough testing. Your Script made life easier for Apps. For Config Profiles and Admin Templates etc, I use Micke Karlsson Tool. Configure Demo Tenant. Export it without Assignment. Import it to new Tenant. Do the assignment. Make any Modification (Tenant ID etc if needed), now Add apps using Andrew’s Script. Do Customised Modifications if needed on the Tenant and done.
Have you checked out my backup and restore script, it’s what I use in my tenant automation tool (I use a Devops pipeline, it takes 7-8 minutes in total)
You can also use the code in this tool to handle the assignments:
https://andrewstaylor.com/2022/04/11/bulk-assigning-apps-and-policies-in-intune/
So, I have replaced your old script with the new one Github. Getting this error on any App I try to install. Any Ideas?
Directory: C:\temp\186-2301314527
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 31/01/2023 14:45 Microsoft.DotNet.Framework.Developâ
Directory c:\temp\186-2301314527\\Microsoft.DotNet.Framework.Developâ Created
VERBOSE: Creating AAD Groups for .NET Framework
New-MgGroup : One or more errors occurred.
At line:2205 char:5
+ $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-MgGroup_CreateExpanded1], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1
Can you try and app with a shorter name? I’ve seen this before with some MS apps where it truncates the name and adds random special characters.
If it works with shorter apps, I’ll see if I can add some logic in
Tried Miro.Miro as well. None working for some reason.
I’ve just tried on mine and it’s working ok for miro.miro, check your graph permissions are ok for creating AAD groups
Permissions seems fine. No changes were made. Not sure what happened suddenly?
It seems to be failing on the group creation stage, might be worth trying a basic “new-mggroup” in powershell and see what happens?
Andrew,
Firstly, thank you for putting this together, it is absolutely amazing!
I have tried a few apps into a demo tenant and they are working as expected. I then apply additional descriptions, app icons and rename the groups to meet a convention (which is minimal compared to the time you are saving me)
I am having an issue in deploying the apps to an Autopilot enrolled AAD only device – basically no apps deploy. I still need to troubleshoot it mire, authenticating as admin to read C:\Windows\Temp\
Reading your comment that the user or an admin might need to run “winget list –accept-package-agreements” – I have tried deploying a Script to these devices with no luck. has anyone else needed to do this to managed devices that have never used winget before? It really is a prerequisite for all this to work, from what I am seeing
Hi Shane,
Glad you’re finding it useful.
The install command for the apps include –accept-package-agreements and –accept-source-agreements so that shouldn’t be a blocker any more.
Are these Windows 10 or Windows 11 machines and do they have Winget pre-installed?
If you let me know which OS version and which app, I’ll try to replicate your setup and see what I can find
Hi Andrew,
Thank you so much for creating this script. its fantastic and seems to work most of the time really well.
I will say though, i am having problems with it creating groups and assigning it to apps if the app has a space in its name.
For example, ‘Jabra Direct’. the app will upload create everything correctly apart from the install and uninstall groups. im guessing this is because graph doesnt like spaces?
anyway to fix this? try replicating this for yourself and you will see.
here is the error i received…
“VERBOSE: Creating AAD Groups for Jabra Direct
New-MgGroup : Invalid value specified for property ‘mailNickname’ of resource ‘Group’.
At C:\Users\RDavies\Downloads\public-main\public-main\Powershell Scripts\Intune\deploy-winget-win32-multiple.ps1:2205 char:5
+ $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ body = Micros…ftGraphGroup1 }:f__AnonymousType1`1) [New-MgGroup_CreateExpanded1], RestException`1
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1
New-MgGroup : Invalid value specified for property ‘mailNickname’ of resource ‘Group’.
At C:\Users\RDavies\Downloads\public-main\public-main\Powershell Scripts\Intune\deploy-winget-win32-multiple.ps1:2205 char:5
+ $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ body = Micros…ftGraphGroup1 }:f__AnonymousType1`1) [New-MgGroup_CreateExpanded1], RestException`1
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1”
Hi again Andrew.
I just want to say i have actually managed to resove this myself by adding a very simple work around in your script.
Just posting so others can see if they have issues:
during the function ‘new-aadgroups’ in the script, I add the following after the ‘switch ($grouptype)’
$appname = $appname -replace ‘ ‘,’_’
so instead of your code which is:
switch ($grouptype) {
“install” {
$groupname = “LFFUK-Apps-Install-” + $appname
$nickname = “LFFUK-Apps-Install-” + $appname
$groupdescription = “Group for installation and updating of $appname application”
}
“uninstall” {
$groupname = “LFFUK-Apps-Uninstall-” + $appname
$nickname = “LFFUK-Apps-Uninstall-” + $appname
$groupdescription = “Group for uninstallation of $appname application”
}
}
i add the following in **
switch ($grouptype) {
“install” {
**$appname = $appname -replace ‘ ‘,’_’**
$groupname = “LFFUK-Apps-Install-” + $appname
$nickname = “LFFUK-Apps-Install-” + $appname
$groupdescription = “Group for installation and updating of $appname application”
}
“uninstall” {
**$appname = $appname -replace ‘ ‘,’_’**
$groupname = “LFFUK-Apps-Uninstall-” + $appname
$nickname = “LFFUK-Apps-Uninstall-” + $appname
$groupdescription = “Group for uninstallation of $appname application”
}
}
not sure if its worth adding into your code?
Hi Ryan,
Thanks for pointing this out (and glad you’re finding it useful).
It’s failing on the MailNicknam which should be set to the $appid rather than the $appname (if you’re using v2.0.7)
When you made the changes to add a prefix, could it be you copy and pasted the name rather than the ID for that one?
Ahh yes, you are right, I may have done this. any affects if i leave it like this? or do you recommend I change it back to $appid?
You’ll be fine leaving it like that, I only used the appID to avoid the spacing issue with the nickname anyway 🙂
Hi Andrew
first of all thank you for your work. you help us sys admins a lot!
Some how when i run you script every thing works fine, until it gets stuck in “Loading Winget Packages” from there it is not Processing any dot.
could you maybe help me out with a hint?
regards
Hi,
Glad you’re finding it useful! First thing is to load up PowerShell/Command prompt and type “Winget List”, it might be you need to accept the license agreement.
Make sure you don’t have anything which would block the gridview popup window as well
So Simple 😀
Thank you men! Keep up with the good Work!
We all love a simple fix. Let me know if you have any other issues, always happy to hear of any other issues which could be scripted as well
Hi,
i found two syntax errors in the script, so that the install and uninstall ps1 did not work.
It should read correctly.
function new-installscript:
&`$winget install –id `$appid –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
function new-uninstallscript
&`$winget uninstall –id `$appid –silent –force –accept-package-agreements –accept-source-agreements
The ` missed before the variable $appid.
As always.
Variables won’t. Constants aren’t.
Kind Regards,
LEM
Hi,
We need those two variables to resolve inside the script which is why they don’t have the backtick before them
Hi,
with me the script didn’t work without the backtick before them.
After I added them, it functions perfectly.
Different behaviour on two systems? Any ideas?
Can you share the install script it created? This one is used quite extensively and works ok for others without the backtick
Here you are.
without backtick – Name: install.ps1
—-
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
—-
backtick – Name: install7zip.7zip.ps1
—-
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id $appid –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
—-
As you can see, contrary behaviour.
Neither of those will work, both are missing the AppID, has anything else changed in the script?
This is what I get:
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id 7zip.7zip –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
Are you using the German language pack? I’ve seen that cause issues before
That must be the cause.
Indeed, am I using the german language pack.
Do you know a workaround for the issue?
Many thanks in advance.
Hi,
I have tested and quotation marks do the trick.
&`$winget install –id “$appid” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
and you get in install.ps1
&$winget install –id “7zip.7zip” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
in install7zip.7zip.ps1
Is that a solution in your opinion?
Kind regards
Yes, if that’s working your end, I’ll push out an update now.
Thanks for testing!
The interesting fact was, that the install and uninstall schripts were affected und the detection script wasn’t affected.
Thanks for helping!
hi , i am getting this error when it was load the graph and winget, any idea what could be wrong? thanks in advance
Invoke-WinGetCommand : No results were found.
At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1379 char:17
+ … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand
Hi, Which app did you select to install? I’ll test my side
Actually it was not display the gridview for me select anything and just throw that error. was that someting that my environment that is not allow or blocking the graph to display the gradview ?
Do you have ISE installed on your machine? If that has been removed the gridview may fail
power shell ISE is there in the machine, everything was loading till to “welcome to MS graph”-there is not gridview, then it went to the command to invoke-winget….
Welcome To Microsoft Graph!
Invoke-WinGetCommand : No results were found.
At C:\Temp\deploy-winget-win32-multiple.ps1:1379 char:17
+ … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand
ClientId : 1xxxxx
TenantId : exxxxxxxxxx
CertificateThumbprint :
Scopes : {DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, Directory.AccessAsUser.All, email…}
AuthType : Delegated
AuthProviderType : InteractiveAuthenticationProvider
CertificateName :
Account : [email protected]
AppName : Microsoft Graph PowerShell
ContextScope : CurrentUser
Certificate :
PSHostVersion : 5.1.19041.2673
👍 Selected apps have been deployed to Intune
A couple of things to test:
1) Load commandprompt and type Winget List to see if you need to accept a license agreement
2) Type get-process | out-gridview and see if that pops up
hi
1)license already accepted already
2)it did show the gridview
You might need to add the functions and then try running just the gridview bit and see what happens.
At that point it’s just searching for all winget apps and returning a list
Hi, this should be where the loading is started
so it seem that it cannot do the search all function
$packs = find-wingetpackage ‘””‘
Invoke-WinGetCommand : No results were found.
At line:116 char:17
+ … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand
If i do it with single item, it was ok
find-wingetpackage ‘”git”‘ | out-gridview
i found that it was issue when i run it using my admin account , but it was now working fine if i used my normal account . it seem tha winget is not doing well when it was using the admin account
Ah, yes, the winget environment variable won’t populate as admin. It can be done, but you would need to specify the path to the executable
Hi Andrew
The automation really cool. thanks for the great work!
Btw, do you know why uninstall will be failing? as i can see , all the apps is install with system context , it was installing nicely , but when i try to add the devcie to the uninstall, it was failing
Example , Notepad++
i wonder do you face any issue when assigned the uninstall using intune?
Thank you
ok, the uninstall does not take this 🙂
argument name was not recognized for the current command: ‘–accept-package-agreements’
Ah, well spotted. That’s removed and the script has been updated now
Hello Andrew,
Great work on this script. I don’t have full permissions to Azure but I was able to grab the apps that I needed and I’m going to manually add them to endpoint.
In my testing I was able to create the apps but I’m getting this issue in company portal.
Download Pending….
Your device is syncing and will begin your download shortly.
My install line has powershell.exe -ExecutionPolicy Bypass -File .\filename.ps1
My uninstall line has this as well.
Any ideas how I could troubleshoot this?
Hi Peter,
That’s normally a network issue of some sort which is blocking the file from downloading. It lives in an Azure blob, downloads to the machine and then extracts itself (and installs). Are you behind any firewalls or VPNs?
Hello Andrew,
Yes we are behind a firewall. Our manually created apps work. I can manually install that software via a powershell prompt but when I try to install it via Company Portal it just hangs there. I will check with the firewall guys to see if they can monitor what is going on.
Thank you for the response.
Peter
Absolutely amazing script Andrew. Worked first time for me. Been meaning to have a play deploying via Winget.
Any ideas if this would work at pre-provisioning stage, I might need to do some testing as unsure if winget is available till after the user logs in for the first time?
Thanks for this!
Hi Matt,
You could package Winget as a Win32 app and then set it as a pre-requisite for any apps you want deployed during ESP. If you deploy any new store apps, they will push Winget to the device as well, but we wouldn’t be able to control at what stage for those
Cool, might do some testing then. I’m sure we’re all waiting for the day when we cant control app install order especially during ESP. It’s like the only thing really missing at the moment!
Hi Andrew,
Thank you very much for your script. It’s really helpful.
But I’m having some issues,
your script runs and shows me all the apps in winget and I can choose the app and it makes the intunewin and all other files.
but it is not asking me to login to intune and it’s not uploading the file.
Do you have any idea, what I’m doing wrong?
Regards,
Rony
Hi Rony,
That’s strange, it should connect before creating anything.
Can you try running this in a new console window and see what happens?
Select-MgProfile -Name Beta
Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, Group.ReadWrite.All, GroupMember.ReadWrite.All, openid, profile, email, offline_access
Thanks
Andrew
Hi Andrew
Thank you for your great work.
I have deployed the apps successfully to Intune with detectionscripts.
My issue is that when i assign the app to a group (UserGroup) it show successfull in intune but the app is not installed.
Before a big effort i wanted to ask you first.
Regards,
snn
Hi,
On a machine, can you type “winget list” at the command line and see if the app shows up there?
The detection script looks for the app ID in the returned output
If it’s showing, the app says it’s installed so we then need to look at why you can’t see it in the UI
Hi Andrew
I don’t see the app in winget list.. I also tried to make sure that i install it trough the company Portal to make sure it installs.
What i have is the output of the install.ps1 for Mozilla Firefox:
———————————————————————————
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id “” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
———————————————————————————
This Path is for every app the same: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe
But when i look in this path it doesn’t exist.
regards,
It seems like the $appid is empty.. i don’t see it anywhere.
the deployment to intune is from a windows 11 (english) OS
Can I check with version of the script you are running and which version of Winget on the machine you are creating the packages on? I’ve just tested Firefox on my machine and it has populated ok
Hi Andrew
Here is the version of your Script:
Deploying Computer winget Version: v1.4.10173
Receiving Computer winget Version: v1.4.10173
.VERSION 2.0.10 this is the Version of you Script
Does the appid show up in the gridview output?
Yes it shows up but the column looks like is not in line. App ID shows in Name and when i try to filter with id it shows empty
Is there a different machine you can try it on? That part uses a function direct from the Winget GitHub repository
Same behavior on an other machine
Do you have any language packs or anything installed? I’m struggling to replicate this one and don’t want to mess with the script because it’s widely used
I have changed my keyboard language to English and it seeams to sort it right now.
Thanks for that and happy easter
Hi Andrew
we are facing the issue that the packages which we install only works with the Admin Credentials…
Our deployment:
– Apps are deployed with the script
– Detection and Scripts are correct
– We deploy the apps to a user Group which are non admins on the devices -> Fails
Test:
– everything same -> Admin User enrollment and it works
can you help me out please?
Regards
Hi,
Is it all apps which are failing? Are there any errors in the event viewer?
“C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
This path can’t be find…
When i check winget from the current user -> it is there
When i check winget from elevated -> it is not available
Can you see if that folder exists in WindowsApps? It’s a hidden, protected folder so you’ll need an elevated command prompt
Yes it is.. but it doesn’t recognize the winget command.
Is the executable in the folder and does it launch?
No it is not… but the winget command works when i open cmd -> winget *
You’ll need to find out where the executable is running from and then change the script to match
Hi! This is great thank you!
So does these apps update automatically within intune or do we need to redeploy new version every time?
Whilst I am here what is the best way to update apps Supersedence or just deploy new version of app
As long as you are licensed for them, the apps will update using remediations and Winget.
For your second question, it largely depends on the app, I prefer supersedence as it gives a bit more control over whether it updates, or removes and re-installs
Hi,
Any app I try to download I am getting “The application was not detected after installation completed successfully” message and app doesnt install
Any ideas?
Hi, Which app was it? Do the install and detection scripts look ok?
Hi Andrew,
The apps are team viewer and LEGO® MINDSTORMS® Education EV3 Classroom
Regarding install / detection I havent made any changes just used the ones provided. Is there anything in particular I need to look for in the install and detection scripts?
Try running the install script manually on an elevated shell and see if it errors
This is the error:
& : The term ‘\winget.exe’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\temp\866-2306284920\TeamViewer.TeamViewer\installTeamViewer.TeamViewer.ps1:7 char:6
+ &$winget install –id “TeamViewer.TeamViewer” –silent –force — …
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (\winget.exe:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Was that running as admin? Does the machine have Winget installed?
Hi,
Yes run as admin and winget is installed and works on the machine
It looks like it isn’t finding the winget path on the device, do the commands look ok?
Yes the command looks okay, however I havent had a working install yet. Only tired team viewer and the lego mindstorm app
Here is the command:
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Winget = $WingetPath + “\winget.exe”
&$winget install –id “TeamViewer.TeamViewer” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
within the installteamviewer.teamviewer.ps1
I figured it out, it seems all these apps have a “\” in front of winget when its meant to be simply “winget” within the install script, could this be fixed?
No, that is there because your winget path isn’t resolving
Hi Andrew,
How do I troubleshoot to get this to work? Is it the device I am using for the script -(https://github.com/andrew-s-taylor/public/blob/main/Powershell%20Scripts/Intune/deploy-winget-win32-multiple.ps1)
Could we discuss over email?
Hi Andrew,
I’ve just grabbed the latest version of your script. I am getting an error “The Win32LobApp must have at least one detection rule specified”
It creates folders for the selected apps in C:\temp with all PS1 scripts and intunewin, but looks like it’s having troubles creating an app and groups.
The full dump of the error is below:
New-MgDeviceAppMgtMobileApp : { “_version”: 3, “Message”: “The Win32LobApp must have at least one detection rule specified. – Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 – Activity ID: 03e31d9d-ddd8-49d2-8b33-68643970603e – Url: https://fef.msua01.mana ge.microsoft.com/AppLifecycle_2307/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=2023-05-18″ , “CustomApiErrorPhrase”: “”, “RetryAfter”: null, “ErrorSourceService”: “”, “HttpHeaders”: “{}” } Status: 400 (BadRequest) ErrorCode: BadRequest Date: 2023-07-21T17:34:48 Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 41cdfa54-77a3-4702-9130-bf48477e29ec client-request-id : 03e31d9d-ddd8-49d2-8b33-68643970603e x-ms-ags-diagnostic : {“ServerInfo”:{“DataCenter”:”South Central US”,”Slice”:”E”,”Ring”:”5″,”ScaleUnit”:”001″,”RoleInstance”:”SA2PEPF000010F6″}} Date : Fri, 21 Jul 2023 17:34:47 GMT At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1254 char:9 + $mobileApp = New-MgDeviceAppMgtMobileApp -BodyParameter ($mob … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ body = Micros…raphMobileApp }:f__AnonymousType72`1) [New-MgDevi ceApp…obileApp_Create], Exception + FullyQualifiedErrorId : BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgDeviceAppManagementMobileApp_Create
Hi,
Which app did that happen on? I’ll do some testing
This should be sorted now with the latest version
I’m getting the same “The Win32LobApp must have at least one detection rule specified.” message with Zoom, Notepad++, Slack.
Also, I think Function Get-ScriptVersion is pointing to a different script?
Are you using v1 or v2 of the Graph modules? It’s working for me on v1 so I’m wondering if it’s a change in the update. I’ll do some testing now
I’ve just updated it which should fix the issue
Thanks Andrew! Perfect, fixed the issues and the scriptversion message. If its helpful I can share the logs, but I think you have it.
It’s fixed! Works like a charm!
Im having a terrible time with winget inside proactive remediation scripts.
Our users cant run cmd or powershell and we run all installs in the sytem Contect.
All users are on Windows 11 22h2
I have half a dozen working which I thought was as a rsult of installing APP installer into the system context, but it doesnt seem to have made a difference to the larger number of users.
I simply get a failed and if I investigate the intune logs I see a powershell script execution timed out. timeout = 3600 seconds.
I see mixed results accross different tenancies. Somewhere the same script works and others where they all fail.
I know Im missing something but I can figure out what. Any ideas happly accepted
Can you share the script you are using? Do you have any logging in the script itself?
Heres the script
$ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe”
if ($ResolveWingetPath){
$WingetPath = $ResolveWingetPath[-1].Path
}
$Wingetpath = Split-Path -Path $WingetPath -Parent
cd $wingetpath
$updates =.\winget.exe upgrade
If ($Updates[-1] -match ‘No installed package’) {
Write-host “No packages availble for updating”
exit 0
}else {
Write-host “The following packages need upgrading:” $Updates[-5..-1]
exit 1
}
Try this instead:
https://github.com/JayRHa/EndpointAnalyticsRemediationScripts/tree/main/Winget-Update-All
Unfortunately this ended without reolving winget
The expression after ‘&’ in a pipeline element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo object. At C:\WINDOWS\IMECache\HealthScripts\59f76783-f7c0-4ae6-94a5-6b055d7930db_1\remediate.ps1:13 char:2 + &$winget upgrade –all –force –silent + ~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : BadExpression
I suspect my issue is all tied around running winget in the system conetxt (though I havent worked out why it works for some but not all)
Im currently running it on a new Laptop inthe system context (via Psexec -s powershell.exe) to test and the original script seems to work OK.
Ill see how it goes when its put in the proactve script group
It might be worth using your psexec with the interactive flag and see if you can resolve the path on these machines
Whats the chances is the acceptance line. and because that failes it dosent run the remdiation part?
Can you by-pass the acceptance?
The source requires the current machine’s 2-letter geographic region to be sent to the backend service to function properly (ex. “US”).
Can you email me a screenshot of the error? I’ll have a look at the command line parameters
Hey,
Can Winget proactive remediations be used to update existing apps that were not deployed using Winget?
Thanks!
Yes, as long as they are in the catalogue it will update them
Hi Andrew
It turns out the issue was that I needed to be running winget with the —-accept-source-agreements switch in the proactive scripts
eg: winget upgrade –accept-source-agreements
otherwise it wasnt running (The prompt “The source requires the current machine’s 2-letter geographic region to be sent to the backend service to function properly (ex. “US”).” was appearing when running in the system context.
Its a little weird because I have some tenancies which weren’t having a problem and others that all failed to run.
Thanks again for your assistance and for the good work that you do!
Glad you managed to sort it, sometimes error messages can be more troublesome than they need to be!
Hi Andrew,
Great script!
Currently have it running to some extent.
It does the remediation and the group creation but no intunewin file in the temp directory or imported to intune. Just wondering if im missing anything
Directory c:\temp\348-2311031314\\Docker.DockerDesktop Created
VERBOSE: Creating AAD Groups for Docker Desktop
Created 63146980-780d-4754-8ddc-49dfd1e60f70 for installing Docker Desktop
Created 145d1ce8-3fc2-49b9-957a-1c0848e69d4e for uninstalling Docker Desktop
VERBOSE: Creating Install Script for Docker Desktop
Script created at c:\temp\348-2311031314\\Docker.DockerDesktop\installDocker.DockerDesktop.ps1
VERBOSE: Creating Uninstall Script for Docker Desktop
Script created at c:\temp\348-2311031314\\Docker.DockerDesktop\uninstallDocker.DockerDesktop.ps1
VERBOSE: Creating Detection Script for Docker Desktop
Script created at c:\temp\348-2311031314\\Docker.DockerDesktop\detectionDocker.DockerDesktop.ps1
VERBOSE: Creation Proactive Remediation for Docker Desktop
VERBOSE: POST https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts with 1557-byte payload
VERBOSE: received 1826-byte response of content type application/json
VERBOSE: POST https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/ea4b973c-38e6-44f9-92a4-25a969bb8fc1/assign with 958-byte payload
VERBOSE: received 0-byte response of content type
Success
Proactive Remediation Created and Assigned for Docker Desktop
VERBOSE: Creating Intunewin File for Docker Desktop
INFO Validating parameters
INFO Validated parameters within 2 milliseconds
INFO Removing temporary files
ERROR System.IO.IOException: The handle is invalid.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.Console.GetBufferInfo(Boolean throwOnNoConsole, Boolean& succeeded)
at Microsoft.Management.Service.IntuneWinAppUtil.LogUtil.PrintProgress(AppContext context)
at Microsoft.Management.Service.IntuneWinAppUtil.PackageUtil.CreatePackage(String folder, String setupFile, String outputFolder, String catalogFolder)
at Microsoft.Management.Service.IntuneWinAppUtil.Program.Main(String[] args)
Intunewin c:\temp\348-2311031314\\Docker.DockerDesktop\installDocker.DockerDesktop.intunewin Created
VERBOSE: Uploading Docker Desktop to Intune
VERBOSE: Testing if SourceFile ‘c:\temp\348-2311031314\\Docker.DockerDesktop\installDocker.DockerDesktop.intunewin’ Path is valid…
Test-SourceFile : Source File ‘c:\temp\348-2311031314\\Docker.DockerDesktop\installDocker.DockerDesktop.intunewin’
doesn’t exist…
At C:\Program Files (x86)\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1106 char:9
+ Test-SourceFile “$SourceFile”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SourceFile
Test-SourceFile : Source File
‘c:\temp\348-2311031314\\Docker.DockerDesktop\installDocker.DockerDesktop.intunewin’ doesn’t exist…
At C:\Program Files (x86)\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1106 char:9
+ Test-SourceFile “$SourceFile”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SourceFile
Test-SourceFile : ScriptHalted
At C:\Program Files (x86)\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1106 char:9
+ Test-SourceFile “$SourceFile”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SourceFile
Test-SourceFile : ScriptHalted
At C:\Program Files (x86)\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1106 char:9
+ Test-SourceFile “$SourceFile”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SourceFile
PS>TerminatingError(): “System error.”
>> TerminatingError(): “System error.”
>> TerminatingError(): “System error.”
ClientId : 14d8*******
TenantId : 57f**********
Scopes : {Calendars.Read, CloudPC.ReadWrite.All, DeviceManagementApps.ReadWrite.All,
DeviceManagementConfiguration.ReadWrite.All…}
AuthType : Delegated
TokenCredentialType : InteractiveBrowser
CertificateThumbprint :
CertificateSubjectName :
Account : ***************
AppName : Microsoft Graph Command Line Tools
ContextScope : CurrentUser
Certificate :
PSHostVersion : 5.1.22621.2506
ManagedIdentityId :
ClientSecret :
Environment : Global
👠Selected apps have been deployed to Intune
Hi Michael,
Are you running PowerShell in an elevated session?
A super tool.
But for some reason it has stopped working.
It worked fine 2 weeks ago. But now it only creates the powershell scripts and the groups.
I’m running the tool as administrator
I get this from the powershell command:
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 13/11/2023 10.33 Fortinet.FortiClientVPN
Directory c:\temp\932-2311133321\\Fortinet.FortiClientVPN Created
Created 3ab46b34-5ee9-4260-b7a7-42085ec67a0f for installing FortiClient VPN
Created eb602f91-fdb1-4ea4-9359-563cc29671e2 for uninstalling FortiClient VPN
Script created at c:\temp\932-2311133321\\Fortinet.FortiClientVPN\installFortinet.FortiClientVPN.ps1
Script created at c:\temp\932-2311133321\\Fortinet.FortiClientVPN\uninstallFortinet.FortiClientVPN.ps1
Script created at c:\temp\932-2311133321\\Fortinet.FortiClientVPN\detectionFortinet.FortiClientVPN.ps1
Success
Proactive Remediation Created and Assigned for FortiClient VPN
INFO Validating parameters
INFO Validated parameters within 2 milliseconds
INFO Removing temporary files
ERROR System.IO.IOException: The handle is invalid.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.Console.GetBufferInfo(Boolean throwOnNoConsole, Boolean& succeeded)
at Microsoft.Management.Service.IntuneWinAppUtil.LogUtil.PrintProgress(AppContext context)
at Microsoft.Management.Service.IntuneWinAppUtil.PackageUtil.CreatePackage(String folder, String setupFile, String outputFolder, String catalogFolder)
at Microsoft.Management.Service.IntuneWinAppUtil.Program.Main(String[] args)
Intunewin c:\temp\932-2311133321\\Fortinet.FortiClientVPN\installFortinet.FortiClientVPN.intunewin Created
Test-SourceFile : Source File ‘c:\temp\932-2311133321\\Fortinet.FortiClientVPN\installFortinet.FortiClientVPN.intunewin’ doesn’t exist…
At C:\intune\Winget_package_maker.ps1:1106 char:9
+ Test-SourceFile “$SourceFile”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SourceFile
Test-SourceFile : ScriptHalted
At C:\intune\Winget_package_maker.ps1:1106 char:9
+ Test-SourceFile “$SourceFile”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SourceFile
Can you try loading a command prompt and type “winget list” for me? Sometimes Winget has an update which needs the licensing approving, but that blocks the script from completing.
I would also try deleting the intunewinapputil.exe and let it download the latest version. I know there have been some issues that that app recently
Seems that it is only when run in the Powershell ISE it does not work