The "Intune Win32 Deployer" allows you to transform Windows Package Manager (winget) and Chocolatey installations for Intune into a Win32 application (intunewin) and upload it straight away to your MEM environment. If you want to do without the automatic upload, you can also just generate the intunewin files.
Table of Contents
Overview and Features
With this tool you can easily and automatically deploy programs via Intune. You can do this from software packages from the Windows Package Manager such as Chocolatey choose.
The functions summarized are:
- Build Intunewin for winget applications
- Create Intunewin for Chocolatey applications
- Deploy winget via Intune (as a system)
- Deploy Chocolatey via Intune
- Transform programs from the Windows Package Manager into an intunewin
- Transform programs from Chocolatey into an intunewin
- Create Win32 applications upload to Intune
- Maintaining an inventory list within the application
- Install winget (optional)
- Install Chocolatey (optional)
- Current Microsoft Win32 Content Prep Tool download
Installation
To install, simply download the latest release on my GitHub repository and execute the file "INSTALL_Intune-Win32-Deployer.ps1" with PowerShell in the top level (right-click):
Release 1.2.2 · FlorianSLZ/Intune-Win32-Deployer (github.com) (scroll down to the ZIP)
This installs the tool under "C:\Users\%username%\AppData\Local\Intune-Win32-Deployer" and the two PowerShell modules "MSAL.PS" and "IntuneWin32App" in the user context. In addition, a shortcut to the tool is created in the start menu, with which you can then start it.
For the part up to here you do not need administrator rights.
Because the data information is retrieved from winget and chocolatey during creation, these two tools must also be installed. You need administrator rights for this. However, if you don't want to use either Chocolatey or the Windows Package Manager, you can skip these installation steps.
Demo
In this demo I show the following processes:
- First start of the "Intune Win32 Deployer"
- Add and create a wings application including upload to Intune
- Automatic creation of application "Windows Package Manager" as a dependency
- Add and create a Chocolatey Application (without upload)
What the impact of the error below during installation
Get-Content : Cannot find path 'C:\Users\shisanfa\Documents\WindowsPowerShell\Modules\IntuneWin32App\1.3.3\Public\New-I
ntuneWin32AppDetectionRuleScript.ps1' because it does not exist.
At C:\Users\shisanfa\Downloads\Intune-Win32-Deployer-main\INSTALL_Intune-Win32-Deployer.ps1:65 char:6
+ (Get-Content $File).Replace($oldLine,$newLine) | Set-Content $Fil ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\shisan...nRuleScript.ps1:String) [Get-Content], ItemNotFoundEx
ception
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand
Unable to implement fix for detectionrule.
Hello, this can happen if the module "IntuneWin32App" is already present in the system context.
I have now added a warning about this in the installer. Please try to run the current installer again.
If the warning should come, you must start this as Admin.
Hello I have I similar error to fix it I just switch windows account with local admin account
Hi there. Great application! I've just encountered the following error when adding a Chocolatey App:
Uploading: Google Chrome
Upload completed: Google Chrome
Processing dependency Chocolatey to Google Chrome
Error adding dependency for Google Chrome
The output screen is then frozen, presumably waiting for some input or response. Any advice?
Hi Kym, thanks for bringing that up.
It was a missing line in the published version. I've fixed it. Cloud you try to download and install the latest version from GitHub?
Hi Florian,
great Application. I have the following error when adding a Winget App:
Uploading: NanaZip
Upload completed: NanaZip
Processing dependency Windows Package Manager to NanaZip
WARNUNG: Request to
https://graph.microsoft.com/Beta/deviceAppManagement/mobileApps/b181a633-d2c5-4fb3-a29b-b39cee6ccdde/updateRelationship
s failed with HTTP Status BadRequest and description: Bad Request
Added dependency Windows Package Manager to NanaZip
The output screen is frozen
Hi Bernhard, thx!
Could it be that you're logged in with a standard user or within the wrong tenant?
Hi Florian,
I tried an other tenant. Now the Winget Package works fine, no errors anymore.
If I try an Chocolate Package, the following error is shown:
Uploading: Adobe AIR Runtime
Upload completed: Adobe AIR Runtime
Processing dependency Chocolatey to Adobe AIR Runtime
Error adding dependency for Adobe AIR Runtime
Hi Bernhard, did you create the package via "add Chocolatey App"?
If so, did the log/terminal first shows "Processing Chocolatey as prerequirement"?
Hi,
now it works.
the log first show:
Processing Chocolatey as prerequirement Creat win32 package for Chocolatey (custom, no Package Manager)
then: upload chocolatey Package
then: Uploading: Adobe AIR Runtime
Upload completed: Adobe AIR Runtime
Processing dependency Chocolatey to Adobe AIR Runtime
Added dependency Chocolatey to Adobe AIR Runtime
the terminal windows not close, waiting....
is this ok?
Yes, that's correct. The Terminal window won't close. But the Status within the UI should change to "ready".
When I try to add a Winget package, I get next error message
Exception setting "dependency": "The property 'dependency' cannot be found on this object. Verify that the property exists and can be set."
At C:\Users\jgonzale\AppData\Local\Intune-Win32-Deployer\Intune-Win32-Deployer.ps1:178 char:26
+ if(!$Prg.dependency){$Prg.dependency = "Windows Package Manager"}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
Hi Javi, did you add the app via the button "add winget app"?
Yes I select that option and is when get this message
Creat win32 package for Microsoft.VisualStudioCode (Microsoft Package Manager)
Exception setting "dependency": "The property 'dependency' cannot be found on this object. Verify that the property
exists and can be set."
At C:\Users\jgonzale\AppData\Local\Intune-Win32-Deployer\Intune-Win32-Deployer.ps1:178 char:26
+ if(!$Prg.dependency){$Prg.dependency = "Windows Package Manager"}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
Can you try to delete the file "C:\Users\%username%\AppData\Local\Intune-Win32-Deployer\Applications.csv" and rerun the latest "INSTALL_Intune-Win32-Deployer.ps1"?
Hi Florian! sorry for the delay in my reply, I was busy. I just test it and now work it fine! Thank you so much for your help! And for this amazing app!
Hey,
after i clicking "Yes" on "Winget App >App< added. Do you want to create the intunewin?" i get an error in the powershell window:
WARNING: An error occurred while attempting to retrieve or refresh access token. Error message: The property
'Authority' cannot be found on this object. Verify that the property exists.
WARNING: Authentication token was not found, use Connect-MSIntuneGraph before using this function
And an Microsoft .NET Framework window opens with "Unhandeled exception has occurred in your Application..."
"See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Management.Automation.BreakException: System error......"
Any idea?
MfG Kai
Hi Kai, can you try to update both used modules:
Update-Module "MSAL.PS"
Update-Module "IntuneWin32App"
Hey, its still not working.
Module "IntuneWin32App" installed version: 1.3.3
Module "MSAL.PS" installed version: 4.37.0.0
The path of the modules is under "Users\documents\WindowsPowershell\Modules" and the modules are not shown with "get-modules". May this be the mistake?
Regards Kai
I think this is one of the greatest tools to man since sliced bread lol.... all works as described until the install. Then nothing happens …. which is a problem . I have all three environments (user based, device based, mix of both) and I am seeing the same issue on al three. APPS are loaded per your design....but never gets installed. Says its "installed" in the Company portal , but never makes it to the machine....multiple apps tested. All manually packaged files work fine. Look at the logs now (local machine) ….but I wanted to know if anyone else had reported this?
Thanks for bringing that up.
The problem seems to be with the Module "IntuneWin32App".
If you ever had installed the module before my fix in the installer was not working.
Today I updated the installer and now it should work also on your side.
Just download the latest version and run the installer again.
For the existing (not working) packages you can simply replace the current validation script (manual upload).
I hope this helps and let me know if it works.
So so far no go , same issue. Going to try to delete al and instal again fresh. Once again, apps package and make it to MEM...but... they never install on the machines. Agent log is showing issues with powershell script...but so far can tell which one.
Thanks for publishing the insane tool!!!
I have the same problem like Traei Walker.
Can I change my default installation-path, so that it will always execute the installation localy?
You could try to manually change line 49 under:
"C:\Program Files\WindowsPowerShell\Modules\IntuneWin32App\1.3.3\Public\New-IntuneWin32AppDetectionRuleScript.ps1"
or
"....Document\WindowsPowerShell\Modules\IntuneWin32App\1.3.3\Public\New-IntuneWin32AppDetectionRuleScript.ps1"
OLD Line:
$ScriptContent = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.IO.File]::ReadAllBytes("$($ScriptFile)") -join [Environment]::NewLine))NEW Line:
$ScriptContent = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("$($ScriptFile)"))So first off, thanks for your reply. I looked at the ps1 script and found that I do have the updated lines of new code in the latest release, but I found no created folder under "C:\Program Files\WindowsPowerShell\Modules" at all other than the normal MS folders( ie no "\IntuneWin32App\1.3.3\Public\New-IntuneWin32AppDetectionRuleScript.ps1)"".
This is such a time saver and makes it so easy! But I am getting an error -
.\winget.exe : The term '.\winget.exe' is not recognized as the name of a cmdlet, function, script file or operable program.
Tried reinstall, making sure to be running as admin and multiple apps. Ideas?
Do you get that error when manually running the script?
If so, does the change of directory with "cd $Path_Winget" work?
Hi Florian,
Thanks for sharing your tool, very impressive!
I do seem to have some issues though - I initially had an issue with install but that seemed to fix itself, my issue now is that applications are installing but then not being detected so Intune and Company Portal think the install has failed.
Any ideas on where to start troubleshooting this?
Thanks, Nate
Are you deploying choco or winget apps?
In any case you can check if the detection script works if run manually.
You'll find the detection for each deployed app in "C:\Users\%username%\AppData\Local\Intune-Win32-Deployer\apps-winget\winget.id" or "...\apps-choco\choco.id"
Best is to run the script in system context with PSExec: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Hi Florian,
Thanks for sharing your tool, it saves a lot of time
from what i can see in your demo, det app installer, and the selected app will be deployed.
that don't seems to work from my end, i get the connection to my tenant and my MFA but after that "only" the winget, and script files are present.
the AAD groups are not created or the app is deployed in the endpoint manager portal
got your latest version uploaded a 3 days ago: version 1.2.1
am i missing something?
Hi Tinus, thanks for letting me know. Indeed, there was an issue where the "intunewinOnly" mode was active if never used before.
Just uploaded a fix for that to the repo, just install the newest version and the upload should be triggered again.
Works.
So great a tool.
Hey,
first of all, thanks for all the work.
I'm having mixed results with deployer though. For example, "SketchUp for Schools" and "Foxit PDF Reader" - both with winget - just don't want to deploy.
Can anyone test them, if it's just me or...? Is there any way to actually troubleshoot where the problems is?
Regards, Rok
Hi Rok, unfortunately not all apps work the same.
As I know, the "SketchUp for Schools" only works in the user context. Currently best via Windows Store for Business.
Hello Florion.
First of all, thank you for all your work... You make it easy to be me! ;).
I have an issue when trying to deploy WINGET apps.
WINGET is installed, and if i try to install the application with the commands in PowerShell it works fine.
But when i try using your scripts, i get this error.
C:\Users\USERNAME\AppData\Local\Intune-Win32-Deployer\apps-winget\Adobe.Acrobat.Reader.64-bit\install.ps1 : Winget not installed!
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,install.ps1
Do you have any suggestions to solve this?
Do you run the script manually?
If so, this is not possible, cause even with admin privileges you do not have sufficient permissions to resolve the WindowsApps folder.
To test the installation as system user you could use the tool "PsExec" (https://learn.microsoft.com/en-us/sysinternals/downloads/psexec)
Yes i was running it manually.
The reason i did this was Endpoint manager will not install the app. if i try to start the installation in Company Portal, i just get the message Download pending - so i was trying to do it manually and got the posted error.
Do you have any solution for this message Download Pending?
So after a reinstall of my client, it started to deploy.
But it all fails, i get this message The application was not detected after installation completed successfully (0x87D1041C)
I added multiple apps to our company portal. This all works perfect, but when trying to install an app it remains stuck on status 'Download pending'.
Is this a known bug? Is there a fix for this problem?
Not as of I know. Maybe another app is blocking something?
I’m having the same issue…it will either “install” and then I get get a toast notification a few seconds later saying it failed (and the app page says it was no longer detected) or it hangs on the download pending. Out of 30 devices I’ve tried (deployed through Intune to co-managed and Intune only devices) it successfully installed once on a Windows 11 device and once on a freshly autopiloted Windows 10 device. When I navigate to the WindowsApps folder, I see the Microsoft.DesktopAppInstaller folder. I have tried deploying the package manager with both your deployment instructions and through your deployment tool. I also tried deploying App Installer (Offline) from the Microsoft store in the device context and that failed too though.
I am also getting this error. Have you managed to find the cause? I have tried to debug but not found what is causing it.
It could be a problem with AppInstaller and its dependency.
Could you please upload the latest Intunewin and check.ps1 from my repo:
https://github.com/FlorianSLZ/Intune-Win32-Deployer/tree/main/source/apps-custom/Windows%20Package%20Manager
Or delete all winget packages in your Intune environment including the "Windows Package Manager" app.
Hi Florian!
Great app, just wondering about the minimum role required for this to work with Intune? Intune Admin was not sufficient. Trying to keep things in RBAC and not to keen to give Global admin permissions if not absolutely neccesary.
Hi Stefan, thanks. 🙂
Totally get you, I'm working on a new authentication method and an App based authentication.
Currently you'll need more permissions cause of the group creation/assignment.
Mate, just wanted to thank you for this tool. I can deploy apps in less than a minute, how ridiculous is this?
Happy to hear that mate!
When installing the deployer on my device it is giving me an error of
Copying / updating program files...
Program files completed
Creating / updating startmenu shortcut... Startmenu item completed Checking / installing Modules... Installing Module: IntuneWin32App PackageManagement\Install-Package : Access to the cloud file is denied
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21
+ ... $null = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exce
ption
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.RemoveItemCommand,Mic
rosoft.PowerShell.PackageManagement.Cmdlets.InstallPackage
Any ideas on what this could be. I was able to install this on my home PC and it worked like a charm.
Hi Thomas, this can happen if you have "known folder move" active (OneDrive). An easy solution is to make those libraries always available offline.
Hey there!
Awesome tool, very well thought.
I'd like to ask though, is it possible to select winget app version like below when deploying package to Intune?
winget install -e --id Zoom.Zoom -v 5.11.6602
Thanks and great job,
Dan
Thanks! Theoretically yes, but it's not working with all winget apps.
To do so, you can add -param "-v x.x.x" to the installation command in the Intune portal.
Hallo Florian,
erstmal danke für deine Arbeit! Ich frage mich gerade, wie es mit Standard Usern und über System installierte Apps aussieht, können die dann noch über Winget aktualisiert werden? Oder wäre es bei Standard Usern besser die Apps im User Kontext zu installieren?
Hallo Martin, sehr gerne!
Am besten ist es, wenn immer möglich die Apps im Systemkontext zu installieren/aktualisieren. Dann kann und muss der Standartuser nichts ändern.
Quick question, could we modify the code to allow packaging through a hosted chocolatey repo?
Absolutely, you can place your template / install command here: %LOCALAPPDATA%\Intune-Win32-Deployer\ressources\template\choco\install.ps1
The module will then replace "CHOCOPROGRAMID" in the template with the defined id in the deployer.