Zum Inhalt
font installation intune
Home » Schriftarten mit Intune installieren

Schriftarten mit Intune installieren

In Windows 10 und 11 sind viele Schriftarten bereits vorhanden. Oft hat eine Firma aber eine eigene Schriftart, welche für die Einhaltung von CI/CD auf allen Geräten benötigt wird. Dies kann z.B. "Open Sans" die "Deutschschweizer Basisschrift" oder eine andere Schriftart sein. In solchen Fällen nutze ich zum Installieren / Verteilen der Schriftarten via Intune ein PowerShell Script innerhalb eines Win32 Paketes.

Table of Contents

Win32 für Schriftarten

Das Win32 Packet baue ich wie die meisten meiner Pakete nach derselben Logik auf. Dies habe ich zuvor im Beitrag "my take on win32 apps - Intune" beschrieben.
In diesem Beispiel installiere ich die Schriftart Open Sans von Google, welche in vielen Webseiten zum Einsatz kommt. Zum Installieren weiterer Schriftarten via Intune musst du diese übrigens nur in den Ordner "Fonts" im Paket legen und das intunewin neu generieren.

Installation von Schriftarten

Um die Schriftart auf einem Endgerät zu installieren, müssen wir diese einerseits ins Verzeichnis "C:\Windows\Fonts" kopieren und zusätzlich in der Windows Registry unter "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" registrieren.

Da die meisten Schriftarten aus mehreren TTF oder OTF Dateien bestehen, habe ich das Paket so aufgebaut, dass du diese im Unterverzeichnis Fonts ablegen kannst. Pro TTF und/oder OTF Datei innerhalb dieses Ordners wird dann automatisch der Kopiervorgang inklusive Registry Key Erstellung durchgeführt.

Um das gleiche Paket mit allenfalls einem erweiterten Schriftsatz erneut installieren zu können, hinterlege ich im Validierungsfile übrigens eine Version.

$PackageName = "Company-Fonts" $Version = "1" $Path_4netIntune = "$Env:Programfiles\4net\EndpointManager" Start-Transcript -Path "$Path_4netIntune\Log\$PackageName-install.log" -Force $WorkingPath = "$Path_4netIntune\Data\Fonts" New-Item -ItemType "directory" -Path $WorkingPath -Force Copy-Item -Path ".\Fonts\*" -Destination $WorkingPath -Recurse $AllFonts = Get-ChildItem -Path "$WorkingPath\*.ttf" $AllFonts += Get-ChildItem -Path "$WorkingPath\*.otf" foreach($FontFile in $AllFonts){ try{ Copy-Item -Path "$WorkingPath\$($FontFile.Name)" -Destination "$env:windir\Fonts" -Force -PassThru -ErrorAction Stop New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" -Name $FontFile.Name -PropertyType String -Value $FontFile.Name -Force }catch{ Write-Host $_ } } Remove-Item $WorkingPath -Force -Recurse New-Item -Path "$Path_4netIntune\Validation\$PackageName" -ItemType "file" -Force -Value $Version Stop-Transcript
Codesprache: Power Shell (powershell)

Deinstallation von Schriftarten

Bei der Deinstallation verwende ich im Grunde dieselbe Logik wie bei der Installation, einfach, dass hier im Gegensatz zu einem Kopiervorgang und der Registry Erstellung ein Löschvorgang ausgeführt wird. Ebenfalls lösche ich das Validierungsfile.

$PackageName = "Company-Fonts" $Path_4netIntune = "$Env:Programfiles\4net\EndpointManager" Start-Transcript -Path "$Path_4netIntune\Log\uninstall\$PackageName-install.log" -Force $WorkingPath = "$Path_4netIntune\Data\Fonts" New-Item -ItemType "directory" -Path $WorkingPath -Force Copy-Item -Path ".\Fonts\*" -Destination $WorkingPath -Recurse $AllFonts = Get-ChildItem -Path "$WorkingPath\*.ttf" $AllFonts += Get-ChildItem -Path "$WorkingPath\*.otf" foreach($FontFile in $AllFonts){ try{ Remove-Item -Path "$WorkingPath\$($FontFile.Name)" -Force Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" -Name $FontFile.Name -Force }catch{ Write-Host $_ } } Remove-Item $WorkingPath -Force -Recurse Remove-Item -Path "$Path_4netIntune\Validation\$PackageName" -ItemType "file" -Force -Value $Version Stop-Transcript
Codesprache: Power Shell (powershell)

Erkennungsregel

Die Erkennungsregel ist sehr simpel und überprüft, ob das Validierungsfile mit der entsprechenden Zielversion als Inhalt vorhanden ist. Ist dies der Fall, wird "Found it!" ausgegeben und der Endpoint Manager beziehungsweise Intune weiss, dass da Paket auf dem Endgerät vorhanden ist.

$PackageName = "Company-Fonts" $Version = "1" $ProgramVersion_current = Get-Content -Path "$Env:Programfiles\4net\EndpointManager\Validation\$PackageName" if($ProgramVersion_current -eq $Version){ Write-Host "Found it!" }
Codesprache: Power Shell (powershell)

Win32 Packet erstellen und verteilen

Mit dem Intune Win32 Prep Tool wird das Paket, nachdem das CSV und oder der Desktop Ordner abgefüllt ist erstellt:

intunewin creation fonts

Anschliessend erstellen wir ein "Windows app (Win32)" und laden die erstellte Datei «install.intunewin» im MEM/Intune mit den entsprechenden Parametern hoch. (rot zwingend, orange optional, aber hilfreich, wenn das Unternehmensportal genutzt wird.)

create win32 app intune
Intune win32 app fonts
win32 Intune fonts program
win32 Intune fonts requirements
NameFonts oder individueller Name
BeschreibungHinweis zu den Schriftarten
Herausgeberindividuell
Iconfrei wählbar, erscheint im Unternehmensportal
Installations-Befehl%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1
Deinstallations-Befehl%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\uninstall.ps1
Anforderungenx64 und 2004 (Windows Version nicht relevant)
Erkennungsregelcustom script, check.ps1
Abhängigkeitkeine
Zuweisungje nach Anforderung

Nun hast du das Paket erstellt im Endpoint Manager hochgeladen und kannst es an die gewünschten Geräte verteilen. Vergiss bei einer Anpassung am Paket nicht, die Version sowohl im "install.ps1" als auch im "check.ps1" anzupassen.

Video Walkthrough

27 Gedanken zu „Schriftarten mit Intune installieren“

  1. Pingback: Normal.dotm mit Intune (Word Vorlage) | scloud

  2. Keep up the good work! Looks like a perfect solution for my needs, but keep running in to a problem.

    I have 18 fonts in the subfolder but only 1 gets installed and I get the following log error:
    Method invocation failed because [System.IO.FileInfo] does not contain a method named 'op_Addition'.
    At C:\WINDOWS\IMECache\698de435-f476-4e88-9b8a-485b822faa63_1\install.ps1:12 char:1
    + $AllFonts += Get-ChildItem -Path "$WorkingPath\*.otf"

    Not a coder so can't decipher how I should correct the install.ps1 to correct this, any chance you know of a fix to fix this error?

    1. Thanks!
      Could be because of the Array "$AllFonts". Did you have only one ".tff" file and multiple ".oft"?
      Anyway, I've made a small update thanks to your feedback.
      Could you test it again with the newest install.ps1 from my repo?

      1. Hi,

        Yes, I have mutiple .otf files and one .tff.

        Yes, I have tried the updated install.ps1 and now i works correctly! Thank you so much for quick response and fix! Works wonderfull!

  3. Hi Florian,

    Thanks for sharing this. I have deployed this as per your demonstration and within EPM I can see successful install status. I checked that the fonts were within C:\Windows\Fonts and have also checked within office. The fonts have not installed. Any ideas?

    Thanks.

    1. Hi Daniel, can you send me the log and your package in a link via the contact form?
      Log location: "C:\Program Files\4net\EndpointManager\Log\Company-Fonts-install.log"

      1. Hi Florian,
        I have found a resolution. I decided to create a ps1 and ran it from my machine and found that the ttf fonts applied, but the otf hadn't. On the back of this, I converted the otf fonts to ttf, recreated as per your demo and then re-deployed. Success 🙂

        Thanks very much for this, it's been really helpful and thanks for replying 🙂

        Side note- (Kind of cheeky) Do you have a similar routine for deploying fonts into Outlook 365 - using mailsettings in reg?
        I have created a ps script using a combo of notepad++ and taking the binary from the mailsettings (in regedit) which works if I run locally, but it fails miserabley- when deployed in InTune using Scripts.

        1. Haven't had the problem with OFT's before. But thanks for the hint, may this help someone else 🙂

          Regarding Outlook 365, no haven't had this challenge so far.

  4. Note that if the 'try' fails, your script still adds the validation showing it installed.
    On my script I changed the catch to the following so that if the try section fails, it will not create the validation file:
    }catch{
    Write-Host $_
    Stop-Transcript
    Exit 1618
    }

  5. I used your example with the Open-Sans font and it's working and I can see the font in the C:\Windows\Fonts folder. I have 2 other fonts that I would like to install via Endpoint Manager/Intune. In Intune they are installed, but I can't find them in the C:\Windows\Fonts folder.

    Do you have any idea?

    Many thanks.

    Great and helpfull script! 🙂

        1. It's still not working properly. The application is installed, but the font is still missing in the Fonts folder (C:\Windows\Fonts).

  6. I followed your directions and on two machines everything was successful, however on a few other machines I see the install failed. Within Intune I see "Access is denied. (0x80070005)". Upon investigating further it looks like Cylance blocked the Install.ps1 script.
    Any thoughts why I might be receiving this error?

      1. Florian, Thank you for your response. Cylance is our Ant-virus, mal-ware, and script protection. No I have never had an Intune script blocked before. I'm wondering if the script is getting blocked because it's calling powershell from a specific location? I do have "\Program Files (x86)\Microsoft Intune Management Extension" whitelisted, thus never have had this issue. I tried to use .\install.ps1 for the install command, but it never installed. I assume this all needs to be done via powershell and no way to install via batch file?
        Thank you for any help you can give me.

        1. Florian,
          Great news I've figured out the issue. The first issue is that Cylance has script control block except when powershell is run from within a particular folder. Since the install path called powershell in a folder which isn't whitelisted it was blocked. The second issue I ran into was the install script for some reason install the 4net folder to program files (x86). So when the check ran, it said the installation failed since it couldn't find the 4net folder. To overcome this, I generated a registry key, which I can use for detection.
          If interested, here's the install command I used. powershell -executionpolicy bypass -file install.ps1.
          I do want to thank you for sharing the scripts and your knowledge with installing font. Without the scripts you wrote, I would have never gottn this far.

          Thank you,
          David

          1. Hi David, thanks for your feedback and the clarification. Happy it works now!
            FYI: your command and the provided from my side do the same, except that mine calls PowerShell in x64 context. It's not necessary in this scenario, but I do it in all my packages, just in case.

  7. Florian,

    Thank you for your script. It does work with new fonts, but i need to overwrite existing fonts as well, such as the Segoe fonts. Most of them fail with the following error below:

    PS>TerminatingError(Copy-Item): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Access to the path 'C:\Windows\Fonts\segoepr.ttf' is denied."
    Access to the path 'C:\Windows\Fonts\segoepr.ttf' is denied.
    PS>TerminatingError(Copy-Item): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Access to the path 'C:\Windows\Fonts\segoeprb.ttf' is denied."

    Any way we can get past this? I have an application that when installed via intune, has issues displaying text. The fix is to overwrite the segoe fonts from a working pc. Works fine if i do it manually, but would like to script it and push out via intune.

    All help is much appreciated!

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.