Template for the Win32 PowerShell script installer in Microsoft Intune

by
post views: 2,994

Introduction

Microsoft Intune now supports using a PowerShell script as the installer for Win32 apps. Instead of specifying a command line, you upload a script. This gives admins more flexibility when deploying applications.

I’ve created a template (install and uninstall) that can serve as inspiration, but also demonstrates how this enables you to:

Install or uninstall an application (MSI or EXE)
Copy or remove files to or from any directory
Add or remove registry settings

All as part of the same deployment. The script handles both SYSTEM and current user context – and when running as SYSTEM, it applies file and HKCU registry changes to all existing user profiles on the device.

The template is available on GitHub: imabdk/Intune-Win32-PowerShell-Script-Installer-Template 🙂

PowerShell

The template consists of two scripts – one for install and one for uninstall. Both follow the same structure with a configuration section at the top.

GitHub: imabdk/Intune-Win32-PowerShell-Script-Installer-Template

Install script:

  1. Runs the installer (MSI or EXE)
  2. Copies files to destination folders
  3. Applies registry settings

Uninstall script:

  1. Runs the uninstaller (MSI or EXE)
  2. Removes the copied files
  3. Removes the registry settings

When running as SYSTEM, both scripts automatically apply file and registry operations to all user profiles on the device.

Configuration

Edit the variables at the top of each script to match your application. Here’s the install script – the uninstall script follows the same pattern with removal variables:

# App identity
$AppName = "Notepad++"

# Installer (MSI or EXE)
$InstallerFile = "npp.8.9.1.Installer.x64.msi"
$InstallerArgs = "/qn /norestart"

# File copy
$FilesToCopy = @(
    @{ Source = "imabdk-config.json"; Destination = "$env:APPDATA\Notepad++" }
)

# Registry additions
$RegistryAdditions = @(
    @{ Path = "HKLM:\SOFTWARE\imab.dk"; Name = "AppVersion"; Value = "1.0"; Type = "String" }
    @{ Path = "HKCU:\SOFTWARE\imab.dk"; Name = "UserSetting"; Value = 1; Type = "DWord" }
)

Microsoft Intune

To use the PowerShell script installer, create a Win32 app as usual but select PowerShell script instead of a command line. You still need to package your app files with the Microsoft Win32 Content Prep Tool – but the scripts are uploaded separately in the portal.

Package contents

Your .intunewin package should contain:

  • The installer file (MSI and/or EXE)
  • Any files you want to copy

The install and uninstall scripts are uploaded directly in Intune.

Logging

Both scripts write to a log file in the Intune Management Extension logs folder:

%ProgramData%\Microsoft\IntuneManagementExtension\Logs<AppName>-Install.log
%ProgramData%\Microsoft\IntuneManagementExtension\Logs<AppName>-Uninstall.log

Each entry includes a timestamp, app name, and action:

When running MSI installers, detailed MSI logs are also written to the same folder:

%ProgramData%\Microsoft\IntuneManagementExtension\Logs<AppName>-MSI.log
%ProgramData%\Microsoft\IntuneManagementExtension\Logs<AppName>-MSI-Uninstall.log

32-bit gotcha

The Intune Management Extension runs as a 32-bit process. This means $env:ProgramFiles resolves to C:\Program Files (x86) instead of C:\Program Files.

If your uninstaller lives under the real Program Files folder, use $env:ProgramW6432 instead:

# Won’t work – resolves to Program Files (x86)
$UninstallerFile = “$env:ProgramFiles\Notepad++\uninstall.exe”

# Works – always resolves to C:\Program Files
$UninstallerFile = “$env:ProgramW6432\Notepad++\uninstall.exe”

$env:ProgramW6432 always points to the 64-bit Program Files folder regardless of whether the process is 32-bit or 64-bit, so it’s safe to use either way.

ENJOY 🙂

4 thoughts on “Template for the Win32 PowerShell script installer in Microsoft Intune”

  1. Hi, Martin. Thanks for creating the template. On Set-RegistryAdditions function, is there a workaround like in handling ‘$env:ProgramW6432’ to fix registries going to WOW6432Node for HKLM keys?

    Reply

    • Hi Ronnel, I suppose you are forcing the script to run as a 32 bit process then on a 64 bit OS? Intune defaults into running this as 64 bit and shouldn’t redirect registry operations. I’m not aware of any default variable like the one we have for the file redirection happening with $env:ProgramW6432.

      Reply

      • Hi, Martin. I checked if “Run script as 32-bit process on 64-bit clients” is toggled to see if it’s the case, but I confirmed it is not toggled. Below registry goes to the 32-bit hive when the script is executed from Company Portal. I’ve noticed this is the case for Win32 apps even before Intune introduced the separate install script feature. It seems to behave differently compared to Intune remediation scripts for example. My go to work around for this usually is using %sysnative% in the command line or PSADToolkit which handles all file and registry path redirection more robustly.

        $RegistryAdditions = @(
        @{ Path = “HKLM:\SOFTWARE\Test”; Name = “AppVersion”; Value = “1.0”; Type = “String” }
        )

        Reply

        • That has to be some kind of bug with Intune. I’m currently seeing the same regardless of how the switch is configured. Something is off, and Intune does not seem to run this as a 64 bit process when configured to. I’ll be back, and thanks for letting me know. 🙂

          Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.