In order to install programs via Chocolatey in Intune, Chocolatey itself must be installed as a basis.
I have summarized how it works and what Chocolatey is here.
This post is the first part of a series on managing Chocolatey applications via Intune.
Here I show you how to do the basic installation of Chocolatey with Intune and a Win32 app.
Part 1: This post.
Part 2: chocolatey - Programm Installation - Intune | scloud
Part 3: chocolatey - Programme up to date halten - Intune | scloud
Table of Contents
What is chocolatey?
Chocolatey is a huge package repository with installation packages for Windows. The packages are community maintained, but always go through a strict review process before they are released.
More information: Chocolatey Software Docs | Moderation
How does chocolatey work?
Chocolatey can easily be installed via PowerShell. Once the base is present on a device, applications can be installed with the command "choco install application" installed, or with "choco upgrade application" to be updated.
Distribute Chocolatey as a win32 app
Chocolatey can be installed via PowerShell (Admin) with a one-liner:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))Code language: PowerShell (powershell)In order to improve the distribution via Endpoint Manager and to set some settings, I have expanded the line a little:
$PackageName = "chocolatey"
$Path_local = "$Env:Programfiles\_MEM"
Start-Transcript -Path "$Path_local\Log\$ProgramName-install.log" -Force
try{
if(!(test-path "C:\ProgramData\chocolatey\choco.exe")){
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
}
C:\ProgramData\chocolatey\choco.exe list -lo
choco feature enable -n=useRememberedArgumentsForUpgrades
exit 0
}catch{exit 1618}
Stop-TranscriptCode language: PowerShell (powershell)The whole package including the detection rule can be found here: scloud / chocolatey / chocolatey at main FlorianSLZ / scloud (github.com)
The following parameters are set for distribution:
| Settings | Wert |
|---|---|
| Win32 File | install.intunewin |
| Install command | %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1 |
| Uninstall command | no uninstall |
| Requirements | 64 bit |
| Detection rule | custom script, check.ps1 |
| Dependencies | none |
If you want to change something in the installation routine, you can simply adapt the "install.ps1" file and generate a new intunewin.
Here are instructions for generating Win32 applications: Create Win32 App / .intunewin | scloud
