Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, June 27, 2019 7:38 AM
Hi Guys,
Hoping you can help...
In order to be able to leverage Autopilot I've been adding some of our on-prem SCCM packages to Intune using the IntuneWin conversion tool.
All working good except I'm having trouble tailoring the install experience to what I want. Take SAP GUI as an example. If a new version of this installs whilst SAP is open it breaks the application (not good). So to get around this we wrap the installer in a VBS script to inform the user to close SAP and click OK before the install starts. This works well and has served us effectively in the SCCM on-prem world.
I converted my package, set up my command line, detection methods etc and set to install as System. What I note is that whilst wscript is visible in Task Manager it cannot be seen on the desktop and so the user can never click OK and the install never begins. If I set to install as User then the message box displays but standard users are then prompted for elevation!
Can anyone advise of some options here? I really like the Company Portal self-serve thing but we need a way of having a bit more control over when complex applications are updated.
To clarify - this is what I'm referring to:
All replies (10)
Thursday, June 27, 2019 9:37 AM ✅Answered
You could try create a win32 package that contains the executables for SAP and also use powershell app deployments toolkit that can either close the specific processes or popup a GUI prompting the user to close SAP.
Thursday, June 27, 2019 1:59 PM ✅Answered
While I think it's generally a good idea to use the PS App Deployment Toolkit (PSADT) rather than create VBS or batches from scratch - PSADT alone won't help in this case.
Running a script in SYSTEM context and at the same time interacting with the user requires ServiceUI.exe from MDT. So you would call serviceui.exe and provide the EXE (e.g. powershell.exe) to start as a parameter.
Unfortunately it's not that simple because
- you need to start the proper version of serviceui.exe according to your OS - x64 or x86
- serviceui.exe will return an error if no user is logged in - so you either handle the error or test if users are logged in and run your EXE without serviceui.exe in that case
- if you need to pass quoted parameters to your install script you'll have even more fun than with powershell alone.
ConfigManager deployment types got the option to "Allow users to view and interact with the program installation" that does essentially the same thing but it's not that simple with Intune.
If you are aware of any other way to start an interactive program in system context I would be very interested to learn about it.
Cheers
Klaus
Thursday, June 27, 2019 9:51 AM
Interesting, I had not heard of the Powershell App Deployment toolkit until now. I will check it out thanks!
Thursday, June 27, 2019 3:32 PM
Thanks for the info -
I've taken a look at the PSADT and its a step forward but yes I have the same issue after messing about.
I was hoping I could use Execute-ProcessAsUser but alas it seems not...
So guess next stop its going to be looking at ServiceUI.exe....
SCCM can do this for years no issue....Intune, modern desktop management, cant....makes sense :)
Thursday, June 27, 2019 3:34 PM
If anyone else has cracked this problem and can prevent reinvention of the wheel I would be most grateful!
Thursday, June 27, 2019 4:42 PM
OK so ServiceUI has allowed me to do this....thank you both for all your helps. Now all I need to do is wrap my install in PowerShell, convert using IntuneWin, and then trigger using ServiceUI.
Progress! :)
Thursday, June 27, 2019 11:42 PM
Are you going to try add the ServiceUI x86/x64 in the Win32 app package (with all of the other application content), then in the PowerShell script have logic to launch the correct version of ServiceUI depending on the OS architecture? Then for the Win32 app installation command on Intune run “powershell.exe -executionpolicy Bypass .\install.ps1”
It should extract the Win32 app package then run the Powershell script that was in the package.
Thursday, July 25, 2019 9:06 AM | 1 vote
So my command line within Intune looks like this -
ServiceUI.exe Deploy-Application.exe Install
Actually works perfectly! Users see the prompts from the PS Deployment Kit but everything runs under the system account so no prompts for admin rights!
Monday, August 5, 2019 5:33 PM
hi,
Are you able to install SAP via Intune ? I am also trying the same. Can you provide me install and uninstall commands and also how do we push the XML file ?
kdesai14
Saturday, July 11, 2020 2:55 PM
To start an interactive program in system context you can use:
psexec -sid <program.exe>
Psexec is part of the sysinternal suite, and is distributed by Microsoft.