Windows 10 Toast Notification Script Update: Run ConfigMgr applications directly from the action button

Introduction

Another update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.6.

The feedback and questions related to the Windows 10 Toast Notification Script keeps coming and that’s amazing!

In my last post and update of the script, I added the option to natively and with help of a custom protocol in Windows, to run task sequences directly from the action button.

Since then, I was asked if the script is able to launch application directly from the action button as well, and sure thing. I just added that capability to the script and the details are explained below.

What’s New

  •   1.6 – Added new option to run applications (ApplicationID) directly from the toast notification action button. Enable the option <RunApplicationID> in the config.xml
    • Created Display-ToastNotification function
      • Displaying the toast notification as been trimmed and merged into its own function
    • Created Test-NTSystem function
      • Testing if the script is being run as SYSTEM. This is not supported and will prevent the toast notification from being displayed
    • Converted all Get-WMIObject to Get-CimInstance
      • Get-WMIObject has been deprecated and is replaced with Get-CimInstance

Config.xml

The new option, which enables you to run applications directly from the Install/Action button, is highlighted below.

To enable the option, simply configure RunApplicationID to Enabled=”True” and specify the Application ID of the application in the Value field: Value=”ScopeId_A9117680-D054-482B-BC97-532E6CBD0E6B/Application_fd55f35c-4e34-4490-a3ec-ee0b79233ec6″

For your convenience, I have included a new example of the config.xml in the download: config-toast-officeupgrade.xml

Application ID

The ID of an application can be found using Powershell or by browsing the Software Center (and probably with other means too). Both of the options requires that the application in question is deployed to the device.

Powershell

Run below line of Powershell, inserting the name of the application.

Get-CimInstance -ClassName CCM_Application -Namespace "root\ccm\clientSDK" | Where-Object {$_.Name -eq "Your Application"} | Select-Object Id

The output will be similar to below illustration:

Software Center

The ID of the application can also be found via Software Center by browsing the application in question and using the Share button, also as illustrated below.

Note that it’s only the part after the “=” sign which is needed. Not the entire link.

How does it work?

In order for this to work, you need to create a custom protocol in Windows 10. The easiest approach is to install this through the .MSI I provide in the download:

Windows 10 Toast Notification Script Custom Action Protocols.msi

  • Note: This is now coming in a version 1.2.0. If you installed my previous version, you should be able to simply upgrade the installation to include the new files.

ToastRunApplicationID Protocol

The installation currently comes with three custom protocols. The one of interest in this example, is the one called ToastRunApplicationID. The installer creates below registry entries, which creates the custom protocol:

This enables us to use ToastRunApplicationID: as an action in the config.xml, which in return launches the referenced ToastRunApplicationID.cmd.

Local Files

The installation also drops some local files into ProgramData\ToastNotificationScript. The current content is illustrated below and currently consists of 5 files:

  • Run-PackageID.ps1 (not used in this example)
  • ToastReboot.cmd (not used in this example)
  • ToastRunPackageID.cmd (not used in this example)
  • Run-ApplicationID.ps1
  • ToastRunApplicationID.cmd

Run-ApplicationID.ps1

This is the new script doing the magic in this scenario. The script is included in the download, and is being installed onto the device with the installation of Windows 10 Toast Notification Script Custom Action Protocols.msi.

The script is somewhat self explanatory, and is triggering the installation of the application via WMI.

<#
.SYNOPSIS
    Script used to execute applications directly from my Windows 10 Toast Notification Script
   
.NOTES
    Filename: Run-ApplicationID.ps1
    Version: 1.0
    Author: Martin Bengtsson
    Blog: www.imab.dk
    Twitter: @mwbengtsson

.LINK
    
Windows 10 Toast Notification Script
#> # Function for triggering the installation or repairing of applications # Parts of this function is heavily inspired by Timmy's post at: https://timmyit.com/2016/08/08/sccm-and-powershell-force-installuninstall-of-available-software-in-software-center-through-cimwmi-on-a-remote-client/ # Function is modified to cater for a scenario where the application needs repairing instead of installing # Also removed bits and pieces which I don't need :-) function Trigger-AppInstallation() { param( [String][Parameter(Mandatory=$true)] $appID ) Begin { $application = (Get-CimInstance -ClassName CCM_Application -Namespace "root\ccm\clientSDK" | Where-Object {$_.Id -eq $appID}) $args = @{EnforcePreference = [UINT32] 0 Id = "$($application.Id)" IsMachineTarget = $application.IsMachineTarget IsRebootIfNeeded = $false Priority = 'High' Revision = "$($application.Revision)"} } Process { if ($application.InstallState -eq "NotInstalled") { try { Invoke-CimMethod -Namespace "root\ccm\clientSDK" -ClassName CCM_Application -MethodName Install -Arguments $args } catch { } } elseif ($application.InstallState -eq "Installed") { try { Invoke-CimMethod -Namespace "root\ccm\clientSDK" -ClassName CCM_Application -MethodName Repair -Arguments $args } catch { } } } End { } } $registryPath = "HKCU:\SOFTWARE\ToastNotificationScript" $applicationID = (Get-ItemProperty -Path $RegistryPath -Name "RunApplicationID").RunApplicationID Trigger-AppInstallation -appID $applicationID

Process Explained

The process may seem complicated, but it’s not. I will try to explain the sequence of actions here:

  1. Toast Notification Script run and tattoos the registry with the ID of the application into HKCU:\SOFTWARE\ToastNotificationScript
  2. When clicking the action/install button of the toast notification, the protocol ToastRunApplicationID: is being initiated
  3. This launches the ToastRunApplicationID.cmd, which again launches the final Powershell script: Run-ApplicationID.ps1
  4. Run-ApplicationID.ps1 dynamically picks up the ApplicationID from the registry and runs the corresponding application directly on the device
    • This makes sure you never have to edit any of the local files. Only the config.xml will ever need editing

Use Case Inspiration

OS Upgrade with Powershell App Deployment Toolkit

So, to keep it short. What I’m doing here, is to have the Install now button directly launching an application based on PSADT. The application based on PSADT, is in return launching the In-Place Upgrade Task Sequence.

The sequence is as following:

  1. Toast Notification pops up
  2. Install now button is launching the application based on PSADT
  3. PSADT is then launching the actual In-Place Upgrade Task Sequence
    1. This via the awesome customization that PSADT provides

If anything needs further explaining, don’t hesitate to reach out to me on Twitter or in the comments section down below.

Download

>> https://github.com/imabdk/Toast-Notification-Script <<

More info

48 thoughts on “Windows 10 Toast Notification Script Update: Run ConfigMgr applications directly from the action button”

  1. Amazing work, as previously mentioned in earlier version I did some modification and also used that function to trigger application

    Your version 1.6 is more complete and I want to follow your version-control and not mine so will use this when I have the time to deploy it 🙂

    Currently I use several version if your toast on the place I work and this is from production environment right now:

    I have a toast to remind people to update BIOS Firmware update on all our devices. We use Dell hardware

    I also have the last version but modified toast that will notify people about a important application software upgrade – a software from Check Point that is actually “resetting” the network adapter so thats why some custom-made information is required and also let the user decide when they are ready to be disturbed 🙂

    And the next big thing, our InPlace upgrade TS that we going to do from W10 1809 to 1909. No rush with this yet. But I am also using custom made PSADT that will be triggered with your toast.

    Almost forgot! Since Corona we are forced to work from home actually and when that policy applied we had to make sure VPN is working for everyone, so with that I made a reminder about changing password if it will expire within 14 days with your toast. and Alot of people got this toast and changed their password and we avoided hassle with the VPN from users that were frustrated at home when VPN did not work 🙂

    So yea, your work have helped me alot and is widely used where I work, a quite big authority in Sweden 🙂

    Any plans to maybe have this on Github in a public repo?

    //Andreas

    Reply
    • This is awesome Andreas. Thank you for letting me know all of this. Much appreciated. And yes, due to the deprecation of TechNet Gallery, I will move the script into GitHub soon enough 🙂

      Reply
  2. Don’t know if it is already possible, but can you add an action to the action button where if you click it opens your default browser and redirects you to a specific URL set in the XML? Just so we can nag our users to read important messages on the intranet during these special times.

    For now I’ve implemented three different scenario’s of your notification and it works like a charm.

    Reply
        • I would assume that https:yourwebsite.com should work too, but I haven’t tried (seeing this is a protocol based action as well, and should launch the default browser 🙂

          Reply
          • Unfortunately nothing happens and since Edge is not our default browser using Edge as the action first popups a message from Microsoft to set Edge as your default browser or to create a profile. This is not the desired behavior for now.

          • I’m sure you could do something with another custom protocol and even decide very specifically which browser you would open a given link in. What browser is your default? 🙂

  3. Another custom action incoming… 🙂

    It’s not that important, but it would be a nice to have feature when clicking on a button redirects you to a webpage with more information using the default browser (or a specific one like Chrome if that is not the default)

    Reply
  4. I’m using this script to install an application and running the script on a schedule. If the users clicks install and installs the app, the toast notification will pop up again during the next scheduled time anyway. Is there a way for the script to detect that the application has already been installed and to stop running? Its a bit annoying for the user to continually be asked to install the app when they have already done so or perhaps I am not using the scripts correctly?

    Reply
    • This is something I would manage with the collection you are deploying the toast notification script to. Hence the collection only consists of devices which doesn’t have the said app installed already, so once installed, the devices moves out of the collection and therefore is no longer a target of the deployment of the toast 🙂

      Reply
  5. Hey Martin, I’m running the script and nothing happens for some reason”

    PS C:\Support\Windows 10 Toast Notification – Run ConfigMgr Apps and TS from the action button> .\New-ToastNotification.ps1 -config config-toast-officeupgrade.xml
    VERBOSE: Running supported version of Windows. Windows 10 and workstation OS detected
    VERBOSE: The registry key for determining if toast notifications are enabled does not exist. The script will run, but toasts might not be displayed
    VERBOSE: Successfully loaded config-toast-officeupgrade.xml
    VERBOSE: Loading xml content from config-toast-officeupgrade.xml into variables
    VERBOSE: Successfully loaded xml content from config-toast-officeupgrade.xml
    VERBOSE: RunApplicationID set to True. Will allow execution of ApplicationID directly from the toast action button
    VERBOSE: Running Write-ApplicationIDRegistry function
    VERBOSE: ApplicationID: ScopeId_C413C893-E344-4206-96C1-F667AB423811/Application_4fc206d7-40ad-4e50-9110-f9275c11c9ca was found in WMI as deployed to the client
    VERBOSE: Writing the ApplicationID to registry

    RunApplicationID : ScopeId_C413C893-E344-4206-96C1-F667AB423811/Application_4fc206d7-40ad-4e50-9110-f9275c11c9ca
    PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\ToastNotificationScript
    PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE
    PSChildName : ToastNotificationScript
    PSDrive : HKCU
    PSProvider : Microsoft.PowerShell.Core\Registry

    VERBOSE: Greeting with given name selected. Replacing HeaderText
    VERBOSE: Running Get-GivenName function
    VERBOSE: Given name retrieved from Active Directory
    VERBOSE: Creating the xml for displaying both action button and dismiss button
    WARNING: Conditions for displaying toast notifications for UpgradeOS are not fulfilled
    WARNING: Conditions for displaying toast notifications for pending reboot uptime are not fulfilled
    WARNING: Conditions for displaying toast notifications for pending reboot registry are not fulfilled
    WARNING: Conditions for displaying toast notifications for pending reboot WMI are not fulfilled
    WARNING: Conditions for displaying toast notification for ADPasswordExpiration are not fulfilled
    VERBOSE: Toast notification is not used in regards to OS upgrade OR Pending Reboots OR ADPasswordExpiration. Displaying default toast
    VERBOSE: All good. Displaying the toast notification

    I can’t find “ToastEnabled” key under “HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications”.
    Can this be the issue?
    I’ve signed the scripts under C:\ProgramData\ToastNotificationScript with our cert too.

    Reply
      • Hmm, does the toast notification go straight to the action center perhaps? Do you have focus assist enabled? Is this happening when using both Software Center or Powershell as the notifying app?

        Reply
  6. Hi Martin,
    I am having some issues that the restart button does not restart the computer. It says that ” You will need a new app to open this toastreboot link. I have enable only Powershell. Thank you for any help.

    Reply
  7. Hi Martin,

    Any way I can use this for Windows Updates notification? I need just the notification, without any link to run it from the Toast.
    Please don’t laugh 🙂
    I’m thinking to deploy a dummy app to all machines, which will not be installed so your protocol doesn’t detect it as installed and proceed to the next phase.
    Edit your Run-ApplicationID.ps1 “Process” logic and add a check for installed O365 version and KBs with something dummy like below and run it only if $Compliance is False 🙂

    # O356version.txt and KBslist.txt need to be updated every month before patching cycle

    $InstalledO365version = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | ? {$_.DisplayName -like “Microsoft Office 365 ProPlus – en-us*”}).DisplayVersion
    $LatestO365versionPath = “\\FileShare\WindowsUpdatesLatesKBs\O356version.txt”
    $LatestO365version = get-content $LatestO365versionPath
    $O365Compliant = $True
    $WinSecurityCompliant = $True
    $KBsListPath = “\\FileShare\WindowsUpdatesLatesKBs\KBslist.txt”
    $KBsList = get-content $KBsListPath
    $InstalledHotFix = (Get-HotFix).hotfixid

    If ($InstalledO365version -ge $LatestO365version) {

    Write-host “Latest Office 365 version – $InstalledO365version Installed already !!!”

    }
    Else { $O365Compliant = $False
    Write-host “Office 365 Latest version $LatestO365version – Not Installed”

    }

    ForEach ($KB in $KBsList) {
    If (Get-HotFix $KB -ErrorAction SilentlyContinue) { Write-host “$KB – Installed”}

    Else { $WinSecurityCompliant = $False
    fWrite-host “$KB – Not Installed”

    }

    } #foreach

    $Compliance = $O365Compliant + $WinSecurityCompliant

    if (($application.InstallState -eq “NotInstalled”) -and ($Compliance -eq $False)) {
    “Proceed with POPUP”
    }

    Reply
  8. Hello Martin,
    I would like to ask you if you know an easy way to inform the user to free up disk space in case they have less than 5GB available?
    I saw some articles that will apply on PCs in certain SCCM collection, but it does not work very well.
    I am thinking for something as a scheduled task for example that will run a script checking the free disk space that does not rely on SCCM agent.

    Reply
    • Hey, you can leverage my toast notification to send out a notification to those devices being on less than 5Gb available. Finding devices that has less than 5GB available can be done via the proper collections. Is that something you are looking for?

      Reply
  9. Hi, Martin,

    I am currently implementing this process in my company, so thank you very much for your beautiful documentation!

    We would like to know if this is possible before launching the task sequence to update the computer, we would like to add a condition that it will check that the hard disk has free space. If not, a notification appears and asks to do a cleanup.

    Thanks for your answer 🙂

    Sorry if I’ve posted my message several times ^^’

    Translated with http://www.DeepL.com/Translator (free version)

    Reply
  10. Hi Martin,

    I’d like to display a toast notification that an application update is available in Software Center. Unfortunately, right now the script only looks at already installed applications in WMI.

    My update would be something that is not yet installed on the machine, so it cannot be referenced in WMI. Is there a workaround here?

    Reply
  11. Hi Martin,

    Firstly – thank you for the absolutely awesome job!

    Secondly, may I ask for a help? Please?
    I have altered all the required files and the toast comes up successfully. I even managed to reconnect a package of an app and the notification. However… When I click on “Install” button, it does not do what it’s supposed to, as our security policy disallow users to run cmd or ps1 files.
    I was thinking – as I am running this powershell toast process through Endpoint Manager with bypass policy, is there a way to incorporate the subsequent “install” command into the main script? What I mean is – all commands will run under user context, but with the “-ExecutionPolicy Bypass” as it’s set in the main process and without any additional ps1/cmd that needs to be called. This way it would be all-in-one and would avoid the chain (run toast -> call to run cmd) and override the need for proper user rights.

    Many thanks in advance!

    Reply
    • Hi!

      I’m afraid this chain of scripts is required, as the toast notification itself cannot do anything other than protocol based actions, like calling https: or settings: or any other built-in protocol. So in order for me to have it to do something custom, I need custom protocols and custom scripts. You would need to allow those scripts to run in your application/script whitelisting. If a security concern, you can create your own scripts and have disable the option to create them automatically by the script. Then digitally sign your own scripts and distribute yourself. Let me know if this explains it alright 🙂

      Reply
      • Hi,

        many thanks for such a quick reply!

        Yes, it does explain it alright 🙂 I was hoping for a way to click on “install” which would trigger some part of the script, or trigger the cmd/ps1 so it remains within the context. But I will follow your hint.

        Many thanks for the work and explanation!

        Reply
      • May I have one more question, please?

        How is that .cmd triggered? I know that it is written in registry, but in the script. When I press the button, it loads the cmd. In which part of the New-ToastNotification.ps1 is it specified (to run exactly the command)?

        Thank you.

        Reply
        • The cmd is triggered via the custom protocol. Take a peek in HKCU\Software\Classes\ToastRunApplicationID. This is something the New-ToastNotification.ps1 creates for you, when having CreateCustomScriptsAndProtocols enabled in the config.xml 🙂

          Reply
          • Thank you very much.

            I am challenging the possibilities of the “framework” and realized, that the “path\ToastRunPackageID.cmd” cannot be changed in way like “start /B cmd /c path\ToastRunPackageID.cmd”. I am struggling with the window being opened to the user and showing the prompt. I am trying everything to hide it. When I run it manually, it works. But when I run it through the reg key, it fails 🙂

          • Is it the short cmd prompt that pops up when clicking the action button that you want to get rid of now? If so, that’s only possible if you do something with .vbs, I’ve considered it myself, but then again, clicking something actively, to have a short cmd prompt show is not that big of a deal imo.


          • Is it the short cmd prompt that pops up when clicking the action button that you want to get rid of now? If so, that’s only possible if you do something with .vbs, I’ve considered it myself, but then again, clicking something actively, to have a short cmd prompt show is not that big of a deal imo.

            Yes, that is it. Got it. Thank you very much for your help and time.

  12. Anyone else having an issue with the Toast notification and SCCM\ConfigMgr where it executes script but it does not display the windows notification immediately? I have a deployment scheduled to run the notification every 15 mins. in execmgr.log it show it ran the script with exit code 0.. but nothing is displayed. When it does shows up it will then popup several times like if it is catching up to the previous missed notifications?

    Reply
    • Uhm, sounds like something in the OS is delaying the notifications somehow. If the script is triggered, and you confirmed that via the execmgr.log, the rest is really done by the OS itself. I haven’t seen it myself.

      Reply
  13. Mostly got it working (softwarecenter://). It appears you can’t make button 1 hide if you have button 2 shown, not a big deal. It also appears the notification is very fragile, it’s easy to accidently dismiss it if you are in the middle of something and it doesn’t persist in the action center, I think that functionality would be nice. Here is a link to what I mean and a way to do it by a quick registry edit through the powershell. I haven’t tried it because I’m not sure what appname this uses if any. Not really a coder:
    https://stackoverflow.com/questions/39344752/powershell-script-creates-windows-10-notification-and-it-disappears-after-popup

    Reply
    • My script does exactly that. Adds ShowInActionCenter in registry, that be whether you chose to use powershell or software center as the notifying app: New-ItemProperty -Path $RegPath\$App -Name “ShowInActionCenter” -Value 1 -PropertyType “DWORD” -Force

      Reply
  14. Is it possible to have both ‘RunPackageID’ and ‘RunApplicationID’ enabled at same time? I can enable=True for RunPackageID and toast executes properly. If I then set ‘RunApplicationID for enable=True then toast will no longer launch.

    My objective is to have ActionButton1 to Uninstall (pkgID) and ActionButton2 to Install (AppID) and ActionButton3 to Launch website FAQ. I cannot get more than 1 action button to work so not sure if having 3 action buttons is feasible. If not, then 3rd button can be Dismiss. Not sure where to even look to troubleshoot. Not sure what I’m doing wrong. Help??

    Reply
  15. Hi Martin, Great stuffs, thanks a lot.

    I did all the necessary steps.
    1) deploy the precache—> all good downlaoded
    2) deploy the install part—>deployed as with dynamicdeadline and for this I deploy it as required and created a expiration date.
    In this case, I see software center, the default windows popups comes up. And My toast is not displaying any more.
    Any idea pls?

    Reply
    • That would be possible, but you will need to create a custom protocol in registry, which the toast notification can use for its action. THats basically what I do with all the possible actions. Take a look at my previous posts on custom protocols and actions. 🙂

      Reply
      • Hello, I am trying to launch notepad.exe from a custom protocol in the registry. my protocol works when I test myprotocol:// but does not work from my xml toast. If the application I want to launch find it in “program files” or “program files x86” no problem but if it is in “C:\Windows” it doesn’t work. Can you help me ?

        Reply

Leave a Reply to Yavor Stefanov Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.