Unfortunately, it is not always possible to quickly access a device with an installation problem.
Wouldn't it be useful to be able to centrally request and view the logs of your own Win32 apps or PowerShell scripts?
You can do exactly that by using the Intune feature "Collect diagnostics" and placing your custom logs in the right directory.
Table of Contents
How does the "Collect diagnostics" function work?
In Intune there is a "Collect diagnostics" button for each device in the overview. devices".
Devices > Windows > device name
Clicking on this button starts the log collection. When the device is online, the process usually takes between 5 and 20 minutes (sometimes unfortunately longer).
Once the process is complete, you will find the logs ready for download under "Device diagnostics":
This button downloads a ZIP that is a few hundred MB in size.
In this you will find collections of registry keys, event logs, various CMD queries and and and...
(i) The download is available for 30 days.
The folder we need in this case is the folder numbered "62". The logs of the Intune Management Extension are stored there. In the next sections I will show you how you can store the logs for PowerShell scripts and Win32 apps there as well.
Save your own logs in the Intune directory
In order for the logs to be collected and appear in the appropriate folder, the following criteria must be met:
- Storage location locally: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\
- No subfolders
- File extension ".log"
- Admin rights
Be careful not to pack too much into this folder so that the Diagnostic Package does not become too large.
Logs/Transcript in PowerShell Scripts
If you're distributing a PowerShell script with Intune, you can do that as before. You just have to add a transcript to your script.
You can do this by wrapping the following two lines around your code:
Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\NameOfYourScript-script.log" -Force
# paste your code here
Stop-Transcript
Code language: PowerShell (powershell)
Enter the name of the log in the first line and that's it.
Logs/Transcript in Win32 Apps
The logic in the Win32 apps is identical to that in the PowerShell scripts. If you are using a PowerShell as the installation file anyway, you can use the same wrapper as for the PowerShell scripts.
Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\ProgramName-installation.log" -Force
# paste your code here
Stop-Transcript
Code language: PowerShell (powershell)
Don't forget to also put the uninstall routines in a transcript and give them a unique name.
If you use a batch file for installation (e.g. install.cmd), you can use the following addition to create the log:
@echo off
set LOGFILE=%ALLUSERSPROFILE%\Microsoft\IntuneManagementExtension\Logs\ProgramName-installation.log
call :LOG > %LOGFILE%
exit /B
:LOG
:: Your code below
Code language: DOS .bat (dos)
Logs with the PSAppDeployToolkit (PSADT)
If you use PSDAT for distributing Win32 applications, you only have to adjust the log path in the configuration. You can find this in the "AppDeployToolkit/AppDeployToolkitConfig.xml" file:
If MSI's are also distributed with the toolkit, you must also adjust the path of the MSI log files. This is in the same file:
Write user logs to the IME directory
Since the end user does not have write permissions in the IME path, logs generated in the user context cannot be stored here.
But here the "Proactive Remediation" Help out function of Intune. With it we can copy or move logs from one or more user directories to the IME directory at a defined interval.
You can download the template and use it directly. In the template I have specified the directory where the PSADT writes to and an example of the user directory in the AppData. However, you can adapt the template to your needs.
To do this, add the paths to the first line in the detection and remediation file:
In the remediation you also have the option to choose between the "copy" or "move" mode.
With the mode "move" the logs are moved and are then no longer available in the user directory. This has the advantage that remediation is only started if new logs are available.
In mode "copy" the logs are copied each time.
You define the mode in the remediation script in the second line:
How to create the Proactive Remediations package in Intune and other examples can be found here: Endpoint Analysis Proactive Remediation Community Repository | scloud
(The package must be uploaded/executed in the system context.)
Summary
With a few small adjustments in your PowerShell scripts, Win32 apps or the settings of the PSAppDeployToolkit, you can save your own logs of your installations so that you can view them centrally and relatively quickly. This is possible regardless of the location and access to the end device. The device only needs to have an active internet connection.
The fact that retrieving the log data usually takes 20 minutes and sometimes even longer is certainly not ideal. But still better than not having access to the logs at all.