No video
Intune Proactive Remediations + Winget.exe = Love
Рет қаралды 11,416
Күн бұрынIntune Proactive Remediation together with winget.exe you can do fantastic things. I use this a lot at my work with great success.
Showing here how to look for all VLC installations if they are the latest versions out there and then update if not. We create a template of scripts that can in a few seconds be changed to any software that you want (the software must be found at winget.run but most are there).
We create two scripts, one detection script that looks if locally installed VLC is the latest, if it is not it calls the second script, the Remediation script.
Both scripts use winget.exe which already exists on newer Windows OS, so we do this with code only, no download of files or anything.
Links:
Find winget apps ID: winget.run
Scripts:
You can copy the two scripts below here, be careful to not but all in one script, it is two. To update another software than VLC just find the AppID of your app on the link above (winget.run)
####### Detection script ########
Software Detection Script to see if software needs an update
Author: John Bryntze
Date: 6th January 2023
Help System to find winget.exe
$JBNWinGetResolve = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
$JBNWinGetPathExe = $JBNWinGetResolve[-1].Path
$JBNWinGetPath = Split-Path -Path $JBNWinGetPathExe -Parent
set-location $JBNWinGetPath
Variables
$JBNAppID = "VideoLAN.VLC"
$JBNAppFriendlyName = "VideoLAN VLC"
Check locally installed software version
$JBNLocalInstalledSoftware = .\winget.exe list -e --id $JBNAppID --accept-source-agreements
$JBNAvailable = (-split $JBNLocalInstalledSoftware[-3])[-2]
Check if needs update
if ($JBNAvailable -eq 'Available')
{
write-host $JBNAppFriendlyName "is installed but not the latest version, needs an update"
exit 1
}
if ($JBNAvailable -eq 'Version')
{
write-host $JBNAppFriendlyName "is installed and is the latest version"
exit 0
}
if (!$JBNAvailable)
{
write-host $JBNAppFriendlyName "VLC is not installed"
exit 0
}
##### Do not copy this line, below is another script #####
######## Remediation script #########
Software Remediation Script to update the software
Author: John Bryntze
Date: 6th January 2023
Help System to find winget.exe
$JBNWinGetResolve = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
$JBNWinGetPathExe = $JBNWinGetResolve[-1].Path
$JBNWinGetPath = Split-Path -Path $JBNWinGetPathExe -Parent
set-location $JBNWinGetPath
Variables
$JBNAppID = "VideoLAN.VLC"
Run upgrade of the software
.\winget.exe upgrade -e --id $JBNAppID --silent --accept-package-agreements --accept-source-agreements
@lynetteberg4807 Жыл бұрын
John is superb. I look amazing at work because he spells things out in a way that helps folks who have the capacity to learn, just maybe without all the hoopla. I wingetted my weekend away and most of my apps can be updated by winget (sweet), however I like controlling what is out there, so no --all for me. Its an easy tool.
@IntuneVitaDoctrina Жыл бұрын
well done! I have been ill for a week and slow on replies, slowly getting better now. Thanks for the commend and yeah I would not recommend -all switch either, better to mange them one and one as you do. But if you help a none technical person you could teach them the -all switch for their home system as a good update advice
@3143iamsam Жыл бұрын
Merci John! Another great Intune videos and all working well on my test lab. Looking forward to your next videos!
@IntuneVitaDoctrina Жыл бұрын
Thank you so much! recording a video howto enroll a Linux device in next video coming soon
@texddiaz Жыл бұрын
my new IT Hero :D
@ptmohammad2886 9 ай бұрын
Man - You have helped me tremendously. I also integrated Chocolatey with Remediation scripts but Infosec has issues with this. lol - You should do one with Chocolatey!
@IntuneVitaDoctrina 9 ай бұрын
Thanks, that is a good idea also, Chocolatey (love the name) - big fan of Winget and hope in Windows 12 it be even better and more integrated.
@gertbleus7276 Жыл бұрын
Great video once again!
@IntuneVitaDoctrina Жыл бұрын
Thanks again! this is one of my favorite videos, since it used Proactive Remediation that I use for so much stuff and also one of my new friends winget.exe that I have started to use a lot
@ibrahimabdeltawab6418 11 ай бұрын
Great 👍! Thanks so much ❤
@IntuneVitaDoctrina 11 ай бұрын
Thanks a lot for taking tile to coment Ibrahim!
@XwolfBane18 Жыл бұрын
Another great video John it was a 40 minutes video but felt like it was only 10 minutes very clear and easy to follow along also appreciate when you have little pop ups of information to explain things which is much appreciated as a beginner I can make sense of what your saying and follow along . Can’t wait for the next video and congratulations on 700 subscribers
@IntuneVitaDoctrina Жыл бұрын
Thank you so much for this comment, wow yes 700 :) thanks again, next video should come within two weeks if not sooner
@XwolfBane18 Жыл бұрын
@@IntuneVitaDoctrina keep up the great content. Will patiently wait to see the next video :)
@kirtivijaysingh3164 11 ай бұрын
Amazing tutorial !!! I implemented this and this is working like a charm. Thank you 😊
@IntuneVitaDoctrina 11 ай бұрын
Well done! and thanks for comment, that made my day, thanks a lot
@nagarajbhat6606 Жыл бұрын
Good session brother ☺️👏👍
@IntuneVitaDoctrina Жыл бұрын
Thanks ✌
@vicko78 Жыл бұрын
Excellent example John, thank you very much!
@IntuneVitaDoctrina Жыл бұрын
Thanks Victor so happy to hear that!
@yulaw3289 20 күн бұрын
super useful, thank you!
@IntuneVitaDoctrina 20 күн бұрын
Thank you so much, it is one of my own favorite videos also, I love Winget, crazy about it, and also love Remediation Scripts, so those two together are so powerful for a lot of things :)
@yulaw3289 19 күн бұрын
@@IntuneVitaDoctrina what if the application has "unknown" version such as visual studio code? Does the logic in the script still work?
@IntuneVitaDoctrina 19 күн бұрын
Good question, I checked on my own device and I don't have any saying "unknown" but know that can happen, when you run the 'winget list' for that software, and it shows unknown does it still have the header available ? if so it will work, else there is an easy way to expand the script to pick up the unknown value and action that also
@yulaw3289 19 күн бұрын
@@IntuneVitaDoctrina I just tried installing one app (visual studio code) that has "unknown" value in Version column when running (winget search "Visual Studio Code") But after installing, it shows up with "Microsoft Visual Studio Code (User)" and has a specific version when running "winget.exe list". So the script would work fine with it. Thank you very much! May I have your idea on how to use winget to upgrade apps silently if the app is installed with user context, meaning that the app does not show up when running "winget list" but it is located in user profile (e.g: AppData\Local\Programs)?
@yulaw3289 19 күн бұрын
@@IntuneVitaDoctrina I tried installing one app (visual studio code) that has version of "unknown" when running winget search "visual studio code". But after installed, it shows up as "Microsoft Visual Studio Code (User)" with "known" version when running winget list. In this case, I suppose the script would work fine with it. Thank you. May I have your idea on how to use winget to upgrade apps that are installed with user context, meaning it could not be found when running winget list, but it is located in user profile, e.g: AppData\Local\Programs\Microsoft VS Code\Code.exe
@eduhazard 7 ай бұрын
Awesome content!I think finally MS moved the remediation to "Devices" a year later 🤣🤣 so fast hey
@IntuneVitaDoctrina 7 ай бұрын
yes! too lazy to update all videos with that, but true, and I prefer the new place :) Thanks for the comment
@eduhazard 7 ай бұрын
@@IntuneVitaDoctrina haha I can't judge as I'm lazy too!
@marvnl Жыл бұрын
I love this guy! You are helping me in many ways around intune my friend ;). But regarding the Winget auto update, you created update remediation + winget for VLC, but does this mean you have to do this for all applications that we have? I mean, those will be alot of remedation reports as we have a lot of applications installed on some systems. It would be cool that it detects the installed applications and then update them all as much as possible and accept all source agreements. Yes, we have a few mendatory apps, but also a lot of apps that users need and are installed via Company portal. These also need to be updated of course, but there has to be a way to make just one remediation + winget scripting right?
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot for your comment, you can do one-liner and update all, it is: winget.exe upgrade --all --silent I read the there is a bug that if you got 10 software to update only the first is silent and the other 9 are none but they get installed. Not all works, if you installed TeamViewer with MSI package and Winget takes down a EXE file it will complain but for home users the 'winget upgrade -all' is a pro-tip to update software I do scripts for each software at my work, for several reasons, I like to control what I update, I like to see the stats per app to report to my manager how many got updated and also we got software that we want to control the version because if it introduce new features I don't want the end users to be the first to tell us "Hey why does Outlook now show the icons on the right side instead of before left" or "since the upgrade this add-in stopped to work" etc... For an enterprise I would recommend not to run the '--all' switch and do them one by one, the template provided in this video makes it go fast, you just change the ID and you are good to go :) for home users or small businesses, sure use the --all switch and check what does not get updated and investigate why.
@marvnl Жыл бұрын
I think you are making a very valid point there. Thank you that. I can maybe do a setup for the top 10 important / command applications for on, lets say the Tuesday and a update all version set for on the Thursday. The Thursday will then see that the important apps are already up to date.
@IntuneVitaDoctrina Жыл бұрын
Good idea, however don't use Intune's own Software Inventory as a base for success since it can take up to a week before you see changes there (that one is slow) but if you see in ProActive Remediation the stats you can trust them.
@marvnl Жыл бұрын
@@IntuneVitaDoctrina check, thanks. I am going to play with the scripts then. Write at least for the most important apps that we always use.
@lynetteberg4807 Жыл бұрын
@@marvnl Great Idea
@ETWITHSANDEEP Жыл бұрын
I am waiting for new videos. Good explanation, really i am interested in your videos
@IntuneVitaDoctrina Жыл бұрын
Thank you so much, got a series of videos under production, unfortunately the next coming are specific for Oracle Java 8 users that needs to load Java in browser, it will not apply to everyone but those who need it will like those videos. For none Java 8 users it still be some videos in that is useful for everyone, like IE mode and some package/winget stuff. My goal is to release one video per month but lately it has been two or more, see if I can keep up with that :) it is fun! thanks again!
@mlsivanovic Жыл бұрын
Great tutorial, thank you! Keep up the good work!
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot, this is one of my favorite that I use a lot at work, I got over 50 scripts updating software's and I love it
@raptechy 8 ай бұрын
great video! Been looking to run winget as system profile and this should fix it.
@IntuneVitaDoctrina 8 ай бұрын
thanks a lot, a huge fan myself of winget.exe and uses it also to update existing installations with remediation scripts (got a few videos on that also)
@lookidraw Жыл бұрын
This is great, thank you!
@IntuneVitaDoctrina Жыл бұрын
Thank you so much Justin
@ctxshekhar7979 11 ай бұрын
can you pls create videos on how to get the settings related to compliance policies and configuration profiles in Intune ?
@IntuneVitaDoctrina 11 ай бұрын
I got a few videos of that: Compliance Videos: kzbin.info/www/bejne/mJvTZ5eYaKmHZ7M&ab_channel=Intune%26VitaDoctrina kzbin.info/www/bejne/aqmucp-vqr6BoMk&ab_channel=Intune%26VitaDoctrina kzbin.info/www/bejne/pKvTnGiGppmHopY&ab_channel=Intune%26VitaDoctrina Configuration Profiles: kzbin.info/www/bejne/pWmphHudm799iMk&ab_channel=Intune%26VitaDoctrina kzbin.info/www/bejne/jYWce5WJpamcgNk&ab_channel=Intune%26VitaDoctrina kzbin.info/www/bejne/eGKzoZmvaLeVhtE&ab_channel=Intune%26VitaDoctrina kzbin.info/www/bejne/eZm3epShr7ygj5I&ab_channel=Intune%26VitaDoctrina
@ecuasteelo Жыл бұрын
Great video. Another one! I was under the impression that Winget apps would update automatically regardless of being installed as a Win32 app?
@IntuneVitaDoctrina Жыл бұрын
Thanks, It will install the latest version if not using the -v switch and then it will show success and not run again. Once installed you can just do a Proactive Remediation Script that run same command but you change "install" to "upgrade" and have it run every week or alike. I might do a video about that, I use it a lot at my work
@ETWITHSANDEEP Жыл бұрын
Good session
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot Sandeep, it is actually one of my own favorites of my own videos this one :)
@shabbirkhan1986 Жыл бұрын
Thanks for a great video… i wanted to update .Net on few machines which were not having the latest version of it… tried other detection scripts in Intune but din’t work. I will try your scipt and check if it work.
@IntuneVitaDoctrina Жыл бұрын
Thanks for comment, I update .NET Framework with Windows Update, I wonder if this could be used to have winget.exe update it? winget.run/pkg/Microsoft/DotNet.Framework.DeveloperPack_4 winget upgrade -e --id Microsoft.DotNet.Framework.DeveloperPack_4
@yuni1401 Жыл бұрын
John you are the Microsoft Intune master. I am learning so many things from your channel. I just had one doubt, can I upgrade Chrome or other applications using this method? I deployed these apps using LOB and Win32 app installation and not with Winget. Do you think this script will work for LOB and Win32 apps upgrade?
@IntuneVitaDoctrina Жыл бұрын
Happy to hear Yunus, you can skip the last Oracle Java videos they are very specific for a few people and in general not things you need to know. Thanks for message. If you always want the latest Google Chrome I would use winget.exe, a lot of Organizations use Google Chrome as their app for finance, or sales tools and want to be sure not a new update break their tool and control the version. If that is the case I would Win32 app package it and control the version. My next video is going to be more about Autopilot but the one after that is going to be howto manage a lot of Google Chrome settings (not with Intune but with a free Google tool)
@adambarnard562 Жыл бұрын
Have you built a remediation script yet that upgrades apps that are not available on WinGet?
@IntuneVitaDoctrina Жыл бұрын
Some yes, before winget, some MSI resides always at the same URL, like on a cloud url, like cloudfront (AWS) and then do logic to see if the latest is installed, if not download that and run. Some scripts scrape web pages download sites but those often stop to work after awhile when they rediesign the web page so don't like those so much. I hope more and more will put their software on winget. Also hoping Windows 12 when released will integrate winget even more.
@miked6461 Жыл бұрын
Great post.. I getting the same null error with 22h2. It seems Winget desktop app installer is not installed on my tablets. is there a way to run the install previously in your script? Thank you and your video was great.
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot Mike, if you run as a user winget.exe does it like say doesn't exist or you get an output? A pretty common issue is this one, you have winget.exe but it fails running under SYSTEM to get any output, is that what you mean with "null error"? if so solution is in this thread: github.com/microsoft/winget-cli/issues/2748 But maybe you issue is that winget isn't at all at the system?
@sharaqafzaal1546 2 ай бұрын
I am struggling with one issue at the user level App prompt for the admin password to upgrade for standard user.Thanks for the detailed video.
@IntuneVitaDoctrina 2 ай бұрын
Hi, interesting. Is the app itself installed under c:\progam files? or under user profile or elsewhere? If you let me know which app it is the wingetID, I'll take a look. You could do the upgrades for them, by running a remediation script every day, and have SYSTEM update it, unless like you say it is a user app, but user apps normally doesn't require local admin as it is installed in the users own space. please give me more info and I'll do my best to help you
@sharaqafzaal1546 2 ай бұрын
@@IntuneVitaDoctrina I am pushing through MDM Jump Cloud with all use able switches it downloaded the required updates at the installation ask for non admin users to provide password like I update Adobe Acrobat Reader
@IntuneVitaDoctrina 2 ай бұрын
MDM Jump Cloud? not using Microsoft Intune? Don't know that product, but can the software be pushed at System level that would be better
@sharaqafzaal1546 2 ай бұрын
@@IntuneVitaDoctrina not using InTune however using Winget command to upgrade all app. It's ask for the password at user end.
@sharaqafzaal1546 2 ай бұрын
# Upgrade all packages silently, forcing updates, and accepting license agreements cmd.exe /c "winget upgrade --all --recurse --silent --force --disable-interactivity --accept-package-agreements --skip-dependencies --accept-source-agreements -a x64"
@danzirulez Жыл бұрын
Do you need a check if the app is running when the remediation script runs? Maybe do the whole packaging with PSADT around the winget command and you can show popup for the user that there is an update and the app needs to close and timeout the popup?
@IntuneVitaDoctrina Жыл бұрын
Hi DanZi, great idea. You don't want to update Zoom or Teams in the middle of a conference LOL :) I have avoided this by schedule the Remediation Scripts to run in the morning hours, I often put it at 4:00am or alike. I do like your idea and would recommend that for apps that are critical for users to not update in the middle while using it. Thanks for sharing this idea
@TechNerd202 7 ай бұрын
Hi John, thanks a lot for your video, it helped us a lot. I already tried your scripts and its working fine. Now i want to update Office Apps and i tried your script by just changing the App ID it gives error "Installer failed with exit code: 17006" when i searched i found that the error means the apps is open and need to closed. What i need to add in script so that it gives users warning to close the apps which are open or automatically close the apps so that upgrade can happen. Your help is really appreciate.
@IntuneVitaDoctrina 7 ай бұрын
Hi, happy to hear, I have taken another approach on 365 Apps, I send out a normal PowerShell script that runs only once and create a scheduled task that runs on all devices to update Office regularly, so it prompts user to close apps etc.. Let me know if you want I do a video about it, else the script is here that you can use: ### Create ScheduledTask to run Microsoft 365 Apps update ### John Bryntze ### 18th April 2023 if(Get-ScheduledTask -TaskPath "\JBN\*" -TaskName "Microsoft 365 Apps Update*") { Unregister-ScheduledTask -TaskName "Microsoft 365 Apps Update*" -Confirm:$False } ### Create Scheduled Task if doesn't already exists if(!(Get-ScheduledTask -TaskPath "\JBN\*" -TaskName "Microsoft 365 Apps Update*")) { $JBNAction = New-ScheduledTaskAction -Execute "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" -Argument "/update USER Displaylevel=true" $JBNTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 5am $JBNSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries $JBNTask = New-ScheduledTask -Action $JBNAction -Trigger $JBNTrigger -Setting $JBNSettings Register-ScheduledTask -TaskPath "\JBN Images\" -Taskname "Microsoft 365 Apps Update" -InputObject $JBNTask ### Win8 actually sets Windows 10, and StartWhenAvailable make it to run directly after 5am if device is down $JBNTaskSettings = New-ScheduledTaskSettingsSet -StartWhenAvailable -Compatibility Win8 Set-ScheduledTask -TaskPath "JBN\" -TaskName "Microsoft 365 Apps Update" -Settings $JBNTaskSettings }
@TechNerd202 7 ай бұрын
@@IntuneVitaDoctrina thank you so much, i will try the above script, video is always better😀 and useful for others also. I have seen a task scheduler already exist and it is running daily at 3:00 am but still the Office Apps are on older version.
@TechNerd202 6 ай бұрын
@@IntuneVitaDoctrina is the video on the way🤔 ...just asking out of curiosity 😉, anyways thank you so much for your help
@IntuneVitaDoctrina 6 ай бұрын
@@TechNerd202 thanks for reminder, - next video be about LAPS and already recorded and after windows 365 but then this one should happen
@TechNerd202 6 ай бұрын
@@IntuneVitaDoctrina Appreciate your support👍
@SigertErzeel Жыл бұрын
When you deploy a software update using Proactive Remediations and Winget, the original app uninstall location in the registry is removed. How can you uninstall software, using Intune, that was updated using winget? What is the uninstall command? Or would you have to create another Proactive Remediation to uninstall the software?
@IntuneVitaDoctrina Жыл бұрын
Good question, so Winget.Exe got uninstall, if you installed with Winget it will always work to uninstall, if not installed with Winget you might need to add a line like (Get-WmiObject -Classname Win32_Product | Where-Object Name -like 'NameOfSoftWareToRemove*').Uninstall() But if installed with Winget you can run winget uninstall, got an example for 7-Zip down here: ### Software Remediation Remove 7-Zip ### Author: John Bryntze ### Date: 4th July 2023 ## Variables $JBNAppID = "7zip.7zip" ## Help System to find winget.exe Set-Location -Path ("$env:ProgramW6432\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe") ## Run upgrade of the software .\winget.exe uninstall -e --id $JBNAppID --silent --accept-source-agreements
@slundy 9 ай бұрын
Was just testing the winget commands and for whatever reason vlc does not want to run silently. Anyone else run into that issue?
@IntuneVitaDoctrina 9 ай бұрын
much possible it doesn't honor the --silent switch, which it should, can send arguments, forgot if it is an EXE or MSI. I will check next time I run it
@adambarnard562 Жыл бұрын
Is there a way to "Safely" upgrade ALL Apps that has an update available? Using the same Remediation Script approach? I tried the Winget upgrade all and it doesn't always work. It seems like it depends on wether or not the APP is available via MSstore or Winget and also the source agreements doesn't automatically accept all the time
@IntuneVitaDoctrina Жыл бұрын
Safely upgrade all, is not possible. You can add silent switch and hope for the best. If everything was ORGINIALLY installed by Winget you can upgrade them with Winget but if you for example installed TeamViewer with MSI and then run Winget to upgrade it will download an EXE and fail.
@scobin85 6 ай бұрын
Sadly only works with E3 or above licenses
@IntuneVitaDoctrina 6 ай бұрын
agree, too bad, it is a really nice feature
@adambarnard562 Жыл бұрын
Thanks for this! I have been looking for something that will make it easier to use WinGet. I however have a challenge that I have not been able to remediate. Running the script, it complains about scripts being disabled on the system. No matter how I add the line to bypass the Execution policy, it just won't work, unless I first bypass /disable the Execution policy and then run the script after that. This will be a problem when deploying via Intune, since it will block the script from running. Any ideas?
@IntuneVitaDoctrina Жыл бұрын
I would like to see that script and what you set, but sounds like you do all correct. What about first line of the script is: Set-ExecutionPolicy Unrestricted -Force Then run your lines and at the end set back the ExecutionPolicy that you want? The script run under SYSTEM right and not User?
@adambarnard562 Жыл бұрын
@@IntuneVitaDoctrina So I am testing locally with the logged in user, so I am assuming (and yes it's not good to assume, haha), that it's running under user context by default. I have not deployed the Script via Intune to a Test-VM and will check back with the results. Inserting "Set-ExecutionPolicy Unrestricted -Force" as the first line does work if that line is run first. And then secondly the other part of the script. But I would like it to set the execution policy and then run the rest of the script automatically. But let me see. If it works via Intune Remediation scripting, then I won't be bothered by that line then.
@IntuneVitaDoctrina Жыл бұрын
ah cool, yeah if you deploy it under SYSTEM with Remediation script you should be good
@Pilami_ Жыл бұрын
How can we use Proactive remediations to update a CSV on a Storage account, that we can use for PBI reporting? :)
@IntuneVitaDoctrina Жыл бұрын
PBI = Power BI? This sound complicated, but maybe still possible. The Storage account, is that in Azure? either way the script must have permission there, and if you put credentials or an API token or alike in the script, it will be in clear text for a short while on the client itself. First the script needs to create the data, that is easy, then connect to the storage with credentials (risky)... yeah could work but hmmm doesn't sound optimal for this user case
@Pilami_ Жыл бұрын
@@IntuneVitaDoctrina This guy has done something similar to what we need, but to difficult for me to follow without some script examples: kzbin.info/www/bejne/gIC8lIKjf7SebM0
@Pilami_ Жыл бұрын
I am also not sure how multiple clients can update the same csv.
@IntuneVitaDoctrina Жыл бұрын
if the process lock the file then no, but you can write to a Database that handles it or a queue system, but now we are way out of Intune and Remediation scripts, so maybe we are complicating things too much :) Do you got any other system that can pick up data? like Splunk?
@Pilami_ Жыл бұрын
My problem is that the company is very decentralised and not all clients are configured using intune, they are however all enrolled in intune now, but the reporting is rather difficult to get out. At Group level, this is what we are trying to get hold of and visualise using Power BI. I don't have Splunk, but can setup most other common and easily managed Azure services.We would like to see Firewall status (this one you can actually export fine, would like it automatic though), OS Patch status and Bitlocker. The last 2 are problematic.
@olegproscurchin8200 Жыл бұрын
Hi John, and maybe someone else did have and fix this issue. I'm pushing your detection/remediation scripts to my machines (Zoom app) and around 70% are upgrade ok. The rest of them I see in the logs that detection fails (Powershell exit code is 1), which mean it should proceed to remediation and upgrade, but it never happens (I don't see remediation to run) or sometimes the AgentExecutor log say it did run and with exit code 0, but I'm pretty sure it didn't, as I have my custom logs in the script, and I don't see them being generated. So I'm just wondering of someone else got a similar issue and second question will remediation script actually execute if for example Zoom app/process is actually running or it will drop it and attempt to upgrade next time? Thanks all.
@IntuneVitaDoctrina Жыл бұрын
Great job Oleg, I would remote to one of those device failing and run the both scripts manually or from SYSTEM with help of psexec -i -s to see what output you get from the variables.
@olegproscurchin8200 Жыл бұрын
@@IntuneVitaDoctrina on most of them running it manually will just work fine, but what's interesting on some of them when I run .\winget.exe list or upgrade it doesn't give me any output, instead I can install or uninstall using --id. Looks like winget issue. Do you know if there is a way to re-install/uninstall Winget? Initially I've tried to push it using new store app, but did run into some issues and pushing it now as Win32 app. Some of the machines has it under to location. So just wondering that initial install does cause some issue and if I can clean them up and reinstall? Thanks again for your patience about my stupid questions :)
@IntuneVitaDoctrina Жыл бұрын
Yes I have had some older devices not giving any output, annoying, fixed it from this link: github.com/microsoft/winget-cli/issues/2748 basically needed a newer version of Visual C++ Redistributables was needed, read in the comments of the link above the post from "rozmansi commented on Jan 30" that fixed it for me, hope it does for you and I strongly believe so
@edd1e316 Жыл бұрын
I was wondering, is it possible to modify the script so that if it doesn't find the specified application installed, it then installs it?
@IntuneVitaDoctrina Жыл бұрын
Hi Edward, yes, since Remediation Script installs, you don't have to modify there, but the Detection Script you have to change it to always exit with 1 EXCEPT if the latest is already installed. I can post a full scrip here if needed, but in general you should just change the part where it says it doesn't find the software and change exit from 0 to 1
@edd1e316 Жыл бұрын
@@IntuneVitaDoctrina Gotcha makes sense, I guess the only other hurdle I have is, what if the software version installed is 32 bit and I'd like to remove that and upgrade to 64?
@ah7020 Жыл бұрын
z Hi John, My proactive remediation doesn't apply at all. no error message or complete. devices are not showing in overview.
@IntuneVitaDoctrina Жыл бұрын
No idea who is Tim :) but yes a few got this, the fix is in this link github.com/microsoft/winget-cli/issues/2748
@ah7020 Жыл бұрын
@@IntuneVitaDoctrina My bad! I will check that. Thank you John!
@ah7020 Жыл бұрын
@@IntuneVitaDoctrina I am running it as a logged in user and still see the problem
@IntuneVitaDoctrina Жыл бұрын
the fix is to install VC++ think there is a link in the thread
@ah7020 Жыл бұрын
@@IntuneVitaDoctrina Do you have a different method to update zoom rooms from intune or with powershell remotely?
@supersonicazn Жыл бұрын
Having trouble with that "resolve-path". The script always fails for me when I run it with that.
@IntuneVitaDoctrina Жыл бұрын
Hi Sam, could you please post your first line? and you save it as a .ps1 file or running from PowerShell ISE? What exactly message do you get?
@supersonicazn Жыл бұрын
@@IntuneVitaDoctrina It was the section under finding winget.exe. "Cannot index into a null aray". I also get Unexpected token '.Path' in expression or statement.
@IntuneVitaDoctrina Жыл бұрын
That could mean that the device you run it on is missing that path and winget.exe, what OS is it? Windows 11 Professional, Enterprise? or is it Windows 10? is it 22H2?
@supersonicazn Жыл бұрын
@@IntuneVitaDoctrina Enterprise 21H2. It's odd because some machines find the winget.exe but some do not.
@IntuneVitaDoctrina Жыл бұрын
21H2 is a bit old now, you can install winget.exe (Windows Package Manager), either install it or why not update to 22H2 at least and it should come with it
@TonyCai 11 ай бұрын
I hate that Intune is not instant lol
@IntuneVitaDoctrina 11 ай бұрын
"hate" is too strong word for me, but yes I agree it is too slow. It is because Intune is an Enterprise tool and you deploy to 10000 devices etc... but when you deploy to only one... it is sooo long to get feedback unless you check the local logs of course :) For macOS the tool Jamf, it is soo fast! it report quickly success/failures in console.
@veledulmaraz Жыл бұрын
#As an alternative way to find path to winget.exe Set-Location -Path ('{0}\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe' -f $env:ProgramW6432)
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot, FANTASTIC it not only shorter a one-liner it is also easier to to understand :) I will start to use this one from now on.
@ah7020 Жыл бұрын
what path is that? on my kiosk device, it is located in the appdata\local\microsoft folder. How is Intune run that. Running as system is disabled.
@IntuneVitaDoctrina Жыл бұрын
I missed this question, sorry, running as System is disabled, if it runs as the logged in user they should already have a path to it so you should just need to call winget.exe, no need for full path
@ah7020 Жыл бұрын
@@IntuneVitaDoctrina winget doesnt have the latest version of zoom room. 😢
@IntuneVitaDoctrina Жыл бұрын
thanks, I noticed the same, it got the 6th of March version and not the 20th. Zoom Zoom.Zoom 5.13.11835 winget I'm going to speak my Zoom rep and ask why they are so late to update version on Winget. Until then you can download the installer and Win32 App package it but I know it is not so fun: zoom.us/client/5.14.0.13888/ZoomInstallerFull.exe?archType=x64 Alternative I'll look into do a PowerShell Script that scrape the download site on the latest version, download and install, that could be another video for my channel also
@ajax2126 Жыл бұрын
Hi John, I would like suggest you this code to find winget folder, it's shorter $path = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe" Set-Location $(Get-ItemProperty $path).DirectoryName
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot Ajax, yours is a lot shorter, better, easier to understand than my code that takes more lines, nice one! I have now started to use a one-liner from another comment on another video that I slightly modified: Set-Location -Path ("$env:ProgramW6432\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe") also the below would work on all systems that install on C: and got default English names for Program Files Set-Location -Path ("C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe")
@ibrahimabdeltawab6418 11 ай бұрын
Great 👍! Thanks so much ❤
Intune & Vita Doctrina
Рет қаралды 6 М.
Harley Quinn with the Joker
Рет қаралды 39 МЛН
Фани Хани
Рет қаралды 2,5 МЛН
Intune Training
Рет қаралды 11 М.
Enterprises Software Solutions LLC or ESS LLC
Рет қаралды 19 М.
Microsoft Developer
Рет қаралды 7 М.
Jobskillshare Skills-Based Platform
Рет қаралды 1,3 МЛН
PowerShell.org
Рет қаралды 1 М.