How to Package and Deploy Windows Applications with Intune

You cannot just upload your app’s installation file directly to Intune, it must be packaged using a small command-line tool: the IntuneWinAppUtil.  This archives and compresses the installation to a .intunewim file, and that’s what you upload.

This post will guide you through the process of getting your Win32 app ready for Intune upload (packaging) and configuring it for client installation (deploying)

Win32

Win32 applications are your traditional Executable/MSI apps which are then wrapped into intunewin format using the Win32AppGui tool from Microsoft.

Folder Layout

I’ve created this folder layout:

One thing to note here is that the packaging tool will grab every file in the Source directory you point it to, so make sure that folder only has source files in it.

 The 7zip folder is where the installer is.

The Intunewin folder is where we will store the Intunewin file.

Packaging the app

In the example for this post, I’ll be working with 7-Zip.  This only has one file, but if your app installer has multiple files (e.g. subfolders), that is supported too.

  1. Place your installation file(s) in a dedicated folder.  The entire contents of this folder will be archived, so make sure it includes everything you need, but nothing more.
  2. From the command prompt, run IntuneWinAppUtil.exe, which is the Win32 Content Prep Tool.  In the command prompt window, you are prompted for four pieces of info:
  • The source folder (created above)
  • The setup file (the file that begins app installation when executed)
  • An output folder (where the .intunewim file is saved)
  • Whether or not you need to specify a catalog folder (only needed if deploying to Windows 10 S mode)

After you complete the last prompt, a stream of output will fill the screen; the last line reporting the app has been packaged.

Deploying the app

  1. Navigate to Intune Admin Portal and then select Apps > Windows > Add:

2. Choose the app type Windows app (Win32) and click Select:

3. Select your Intunewin file and Ok:

4. Populate any fields on this page. You can also add your icon at the bottom to appear in Company Portal and click Next:

5. On the Program page, you need to enter install and uninstall commands for your app.  If you uploaded an MSI file, these are usually prepopulated for you by Intune using the msiexec parameters to do both actions silently. 

The install behavior is a key option to get right.  Generally, you want to choose System, as this executes the installation with administrative rights.  However, there may be circumstances you need to execute in the user context. Click  Next:

6. Add any app requirements (64-bit for example). I also usually add the earliest supported Windows OS version here, we don’t want unsupported versions. Click  Next:

7. For Intune to know whether or not the app is installed, you need to include detection rules. These are mandatory because, without them, Intune wouldn’t know when to stop trying to install the app, or how to report success/failure. Use the manually configure detection rules and use the MSI rule type.  This queries the MSI product code, which for MSIs is a unique identifier for the app.  For MSI uploads, it’s populated automatically.Click Ok and Next:

8. Dependencies – If the application requires something else to be installed first, add that here. You can also specify whether to force an install if it is missing. Click Next:

9. The next screen gives Supersedence options. If this is an updated application, select the previous version and you can tell it whether to in-place upgrade or remove and re-install. Click Next:

10. Here, we will deploy the app using Intune by assigning them to All Users group. You can choose how you want to assign the app to users and devices, and there are three options:

  • Required: The app is installed on devices in the selected groups.
  • Available for enrolled devices: Users install apps from the Company Portal app or the Company Portal website.
  • Uninstall: The app is uninstalled from devices in the selected groups.

From the above list of options, select Available for enrolled devices and add the group, because we want the app to be available for installation in Company Portal. Click Next:

11. On the final page for review + create, you can confirm the settings you’ve entered.  Hitting create will then upload the application. 

After some time, the Company Portal will be installed on your devices:

Deploy the Company Portal with Intune

The company portal is an essential app you should deploy on the devices you want to manage with Intune. With the Company Portal users can securely access their company apps and data, install or reinstall applications, check if the device meets compliance and more. Here are a few steps on how to deploy the Company Portal App from the Microsoft Store app (new) with Intune. 

The company portal can be installed on Windows 10/11, macOS, Android and iOS, but I will cover the Windows deployment in this post.

Deploy the App

  1. Sign in to the Intune portal with an account that has an Intune role assigned with the permission to deploy an App.
    Your account should have one of the following Intune roles assigned:
  • Intune Administrator
  • Application Manager

2. Select Apps All Apps > +Add

3. Select Microsoft Store app (New) and Click Select

4. Select Search the Microsoft Store app (New)

5. Search for Company Portal > Select Company Portal > Click Select

6. Change the App information as needed. I changed the Install behavior from User to System because I want to deploy the app to all users. I also added the category ProductivityClick Next when you are done changing the information of the App.

7. Now assign the App to the device or user groups you want. Like I said I want the Company Portal to be deployed to All Users. So I selected All Users with a Required deployment. Select Next.

8. Review the App settings and after reviewing select Create.

After some time the Company Portal will be installed on your devices:

Exchange 2013 DAG CU19 Upgrade

Here is the step that I will do to upgrade the Exchange 2013 to CU19, with the new .NET Framework 4.7.1.

Exchange 2013 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2013 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 SP1 was in effect CU4, and CU18 is the fourteenth post SP1 release. Updating from any CU to any CU is supported, however to the best of my knowledge Microsoft only tests updates from N-2 builds. For example, when Microsoft released CU19, they would test the update process from CU17 and CU18 as they were the previously supported builds. It means that when we are updating from CU10 to CU19, it’s possible that we will encounter some problem that Microsoft has not identified in their testing. Although that risk exists, in my opinion, it has diminished over time as the quality of the Exchange 2016/2013 code has improved. Microsoft best practices are to keep the Exchange upgrade with the two last version available, so now we should have been at CU17 or CU18, but since we are not, the best approach, in my opinion, is go directly to CU19.

After the Exchange 2013 CU16 the .NET 4.6.2 is a requirement, and to make a smooth transition, the CU15 was working with .NET 4.6.1 and .NET 4.6.2, so we could upgrade the .NET without getting big downtimes.

Since the CU15 is no longer available the bridge has washed out, so we need to upgrade the .NET first and then the Exchange.

How to Upgrade from Exchange 2013 CU10 to CU19 on DAG Members

  1. Backup/Snapshot of all Server
  2. I will check if the databases are healthy (Check the links below for more information about this step)
  3. Put one node in Maintenance mode (Check the links below for more information about this step)
  4. Reboot the Server
  5. Install .Net 4.7.1
  6. Reboot the Server
  7. Disable the Antivirus
  8. Install the CU19 (This step will take between 1 hour to 2 hours) – Note: We need to make sure there is disk space available, it makes sense to extract the CU to another drive than C: drive.
  9. Reboot the server after the successful CU installation.
  10. Wait a few minutes for the servers to get sorted, and check if the databases are healthy (Check the links below for more information about this step)
  11. Remove the server from Maintenance mode (Check the links below for more information about this step)
  12. Re-check if the databases are healthy (Check the links below for more information about this step)
  13. Repeat the same steps to update the Other DAG member

More information for the Steps 2,3,10,11 and 12 on this links below:

Technet: https://technet.microsoft.com/en-us/library/ee861125.aspx

Simple instruction: https://enterpriseit.co/microsoft-exchange/install-exchange-update-rollups-on-dag/

Installation failure recovery

Experience will show whether this is a major concern or not. Update rollups are usually able to roll back seamlessly if they encounter an error. Whether the cumulative update failed installation recovery process becomes a burden or not, only time will tell.

Some Items for Consideration

  • Make a full backup of the Exchange servers
  • The customs customisations can be lost, especially on the OWA
  • Third-party software integrations

Exchange .NET Framework Support Table

I believe that is all, the important things that we need to think about, off course, Microsoft have made it much simple the Exchange upgrades, and normally this runs smoothly, but be sure that you have a full backup of the servers.

Best of luck and hope this can help you.

Server “Online – Performance Counters not started” Windows Server

If you have the following message, Performance counters not started, on the Server Manager on All Servers menu.

The solution is simple:

  1. Right Click on the Server Name
  2. Click on Start Performance Counters

Voilà

Windows 2016 or Windows 10 fail to perform an in-place upgrade

When performing a Windows Server 2012 in-place upgrade to Windows Server 2016, and you get an error pops up saying just that the upgrade has failed, the first thing to do is look at the logs.

Location of the Windows Server 2016 in-place upgrade: C:\$Windows.~BT\Sources\panther\setupact.log

More info regarding log files that are created when you upgrade to a new version of Windows: https://support.microsoft.com/en-us/help/928901/log-files-that-are-created-when-you-upgrade-to-a-new-version-of-window

If you got these two errors below, we have the solution for you.

Error    MOUPG CDlpActionProductKeyValidate::ReportDownlevelInstallChannel(2896): Result = 0x80070490[gle=0x00000002]

Error    MOUPG ProductKey: Failed to report Host OS channel to telemetry.[gle=0x00000002]

The system was not able to mount the WIM file, so what can be preventing this to happen?

A filter driver could be causing this error. To find the filter driver, run this:

fltmc filters


CBFLTFS4 is a CallBackFilter develped by Eldos.


According to Eldos:
Callback File System (CBFS) lets you create virtual file systems and disks that expose and manage remote data as if these data were files on the local disk.

Callback File System is an SDK (software development kit, a component for use in software development) for Windows® platform.

We have it in our remote application host server because we have installed Liquidware Labs’ ProfileUnity.

SOLUTION
We need to temporarily disable this filter driver.

  1. In order to do that we need to change the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cbfltfs4
    Value: Start
    Type: REG_DWORD
    To: 4

  2. Restart the machine

You can also run this command line:

Disable
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cbfltfs4 /v Start /t REG_DWORD /d 4 /f

Enable Startup automatically (To run after the machine is upgraded)

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cbfltfs4 /v Start /t REG_DWORD /d 0 /f

Reference: Charlie Chang Blog

Skype for Business Monitoring Reports

Modifying Lync Server 2013 or Skype for Business 2015 Monitoring Reports URLs on the Control Panel

After moving the Skype for Business Monitoring Reports to a new SQL Server Reporting Services (SSRS) instance on another server, everything was working, but I was still seeing the old server and the new links to the Reporting Service on the Control Panel under “View Monitoring reports”.

So I add to remove the old Monitoring report server and edit the new one with the correct link page.

To do that I add made the following step:

  1. To check the configuration:

    Get-CsReportingConfiguration

    (For Lync Server 2010 “Get-CsService -MonitoringServer | Select-Object Identity”)

  2. Identify the old monitoring server and run:

    Remove-CsReportingConfiguration –identify “Service:….”

  3. Check that the old server is now removed:

    Get-CsReportingConfiguration

  4. Edit the new server with the desired configurations:

    Set-CsMonitoringServer -Identity ” Service:….”” -ReportingUrl “https://server.[domain]/ReportServer/Pages/ReportViewer.aspx?/LyncServerReports/Reports%20Home%20Page

Now you can see that I only have one link under the “View Monitoring reports” and it works with the correct link.

skype for business server 2015 control panel

Hope this helps you, and if you need some help, just contact us.

Windows 10 Stuck on Welcome Screen

If your computer was working perfectly until the last week, and now you get stuck on the welcome screen, whenever you reboot the computer, or the computer goes into sleep mode!?  This means that you have installed some nasty quality windows updates that are making your computer stop responding.

Are you getting crazy with this bug!? I was!!!

Search message tracking logs

Message tracking records the message activity as mail flows through the transport pipeline on Mailbox servers and Edge Transport servers. You can use the Get-MessageTrackingLog cmdlet in the Exchange Management Shell to search for entries in the message tracking log by using specific search criteria. For example:

  • Find out what happened to a message that was sent by a user to a specific recipient.
  • Find out if a transport rule acted on a message.
  • Find out if a message sent from an Internet sender made it into your Exchange organization.
  • Find all messages sent by a specified user during a specified time period.

This example searches the message tracking logs on the local server for all entries from 2/20/2018 8:00 AM to 2/20/2015 5:00 PM for all FAIL events where the message sender was sender@mutega.se

Get-MessageTrackingLog -ResultSize Unlimited -Start “2/20/2018 8:00AM” -End “2/20/2018 5:00PM” -EventId “Fail” -Sender “sender@mutega.se”

This example searches the message tracking logs on the local server for all entries from 2/20/2018 8:00 AM to 2/20/2015 5:00 PM for all emails sent to to@mutega.com where the message sender was sender@mutega.se

Get-MessageTrackingLog -ResultSize Unlimited -Start “2/20/2018 8:00AM” -End “2/20/2018 5:00PM” -EventId “Fail” -Sender “sender@mutega.se” -Recipients “to@mutega.com”

More info (Source article): https://technet.microsoft.com/en-us/library/bb124926%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396

Copy AD OU Structure To Another AD Location

This was made by MALEK Ahmed and change by João Dias, in order to copy a AD structure to a new AD location. Just copy and paste on the notepad and save it as .ps1

 

#START

#*********************************************************************************************
#
# Copy AD OU Structure To Another Location
#
# Written by João Dias
# Date 10/04/2017
#
# Version: 1.0
#
#*********************************************************************************************

#Configuration of the Source and the Destination
$sourceOU = “OU=mutegaold,DC=domain,DC=local”
$destinationOU = “OU=muteganew,DC=newdomain,DC=local”

#AD Path
$adPath= “LDAP://” + $destinationOU

#Importing AD module
import-module activedirectory
#Copying the OU’s to the destination
$objDomain=New-Object System.DirectoryServices.DirectoryEntry($adPath)
$ObjSearch=New-Object System.DirectoryServices.DirectorySearcher($ObjDomain)
[array] $OUs = @()
$OUs = dsquery * $sourceOU -Filter “(objectCategory=organizationalUnit)” -limit 0
$OUsorted = $OUs | sort-object { $_.Length}
for ($k=0; $k -le $OUsorted.Count -1; $k++)
{
$OUtoCreate = ($OUsorted[$k] -replace $sourceOU,$destinationOU).ToString()
$OUSearch = ($OUtoCreate -replace ‘”‘,””).ToString()
$ObjSearch.Filter = “(&(objectCategory=organizationalUnit)(distinguishedName=”+ $OUSearch + “))”
$allSearchResult = $ObjSearch.FindAll()
if ($allSearchResult.Count -eq 1)
{
“No changes were done on = ” + $OUtoCreate
}
else
{
dsadd ou $OUtoCreate
“OU Creation = ” + $OUtoCreate
}
}

#END

The script is provided “AS IS” without warranty of any kind. We disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Mutega IT, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Mutega IT has been advised of the possibility of such damages.

Export Active Directory Users data to a CSV file

Here is a old script that I write down during a AD migration, to export users data from Active Directory. Just copy and paste on the notepad and save it as .ps1

#START

#*********************************************************************************************
#
# Export AD users data
#
# Written by João Dias
# Date 10/04/2017
#
# Version: 1.0
#
#*********************************************************************************************

#Define location
$path = Split-Path -parent “c:\temp\*.*”

#Define OU location
$ou = ‘OU=users,DC=domain,DC=local’

#Create a variable for the date stamp in the log file
$LogDate = get-date -f yyyyMMddhhmm

#Define CSV and log file location variables
$csvfile = $path + “\Users_$logDate.csv”

#import the ActiveDirectory Module
Import-Module ActiveDirectory

$AllADUsers = Get-ADUser -Filter * -SearchBase $ou

$AllADUsers |
Select-Object @{Label = “First Name”;Expression = {$_.GivenName}},
@{Label = “Last Name”;Expression = {$_.Surname}},
@{Label = “Display Name”;Expression = {$_.DisplayName}},
@{Label = “Logon Name”;Expression = {$_.sAMAccountName}},
@{Label = “Full address”;Expression = {$_.StreetAddress}},
@{Label = “City”;Expression = {$_.City}},
@{Label = “State”;Expression = {$_.st}},
@{Label = “Post Code”;Expression = {$_.PostalCode}},
@{Label = “Country/Region”;Expression = {if (($_.Country -eq ‘GB’) ) {‘United Kingdom’} Else {”}}},
@{Label = “Job Title”;Expression = {$_.Title}},
@{Label = “Company”;Expression = {$_.Company}},
@{Label = “Directorate”;Expression = {$_.Description}},
@{Label = “Department”;Expression = {$_.Department}},
@{Label = “Office”;Expression = {$_.OfficeName}},
@{Label = “Phone”;Expression = {$_.telephoneNumber}},
@{Label = “Email”;Expression = {$_.Mail}},
@{Label = “Manager”;Expression = {%{(Get-AdUser $_.Manager -server $ADServer -Properties DisplayName).DisplayName}}},
@{Label = “Account Status”;Expression = {if (($_.Enabled -eq ‘TRUE’) ) {‘Enabled’} Else {‘Disabled’}}}, # the ‘if statement# replaces $_.Enabled
@{Label = “Last LogOn Date”;Expression = {$_.lastlogondate}} |

#Export CSV report

Export-Csv -Path $csvfile -NoTypeInformation

#END

The script is provided “AS IS” without warranty of any kind. We disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Mutega IT, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Mutega IT has been advised of the possibility of such damages.