Microsoft Intune for Education, how to run a script
** Update 11/16/2017 **
I have come to the conclusion that Microsoft Intune for Education is NOT ready for prime time and I seriously doubt if it ever will be. There are so many simple things that cannot be done. I don't think Microsoft's heart is really in it.
Examples:
IF you do the trial, they will send you emails telling you to "click here" to order the licenses. It will take you to the portal where you can subscribe to office 365 licenses. Intune for Education will be NOWHERE on the list. If you ask support, they will spend 4 weeks trying to figure it out and then will tell you to call a reseller. Then you'll get another email telling you to "click here" to buy it (but you really can't -- it's a joke on you).
** Update **
My testing worked as an EXE but when I fully deployed this the app as an MSI it didn't install. When I manually tested the MSI from MS Edge, it claimed there was a virus in it. I'm not sure if it is blocking it or I just didn't give it enough time to deploy. I needed the app installed so I couldn't keep playing with it (and wasn't sure how best to debug it) so I installed manually.
I think this idea is still viable, just need time to diagnose it.
Links to other ideas:
http://microsoftmercenary.com/wp/deploy-batch-files-and-scripts-via-intune/
https://social.technet.microsoft.com/Forums
-----
So, Microsoft Azure Active Directory and Microsoft Intune for Education are not the same things as a normal Microsoft Active Directory server. They overlap but they aren't are the same and I'm not sure what Microsoft's roadmap is -- will they ever have group policy (GPO) functionality? Then there's Windows 10 S targeting education too. It's like a lot of overlapping without a strategy.
The Problem
Anyway, everyone says you can't run a bat script which is kind of true but not really.
Intune for Education does not let you install anything except an MSI. I needed to install Google Earth Pro, which is only an EXE. Trying to wrap the EXE in an MSI didn't seem to work. Trying to extract the MSI from the EXE did not work.
I did this and will maybe one day document this better:
I have come to the conclusion that Microsoft Intune for Education is NOT ready for prime time and I seriously doubt if it ever will be. There are so many simple things that cannot be done. I don't think Microsoft's heart is really in it.
Examples:
- You cannot use a group policy (GPO).
- For some reason, the intune keeps disabling the power icon on the login screen and disabling the power button on the device. The only way to power down nicely is to log all the way in and then choose shutdown. This is a policy issue (not controllable through intune) but manually fixing the policy doesn't stick -- it gets turned back off.
- Windows will auto-discover printers, you don't get any real control over printers. Students printing to the principals printer on her desk is bad.
- You can only install MSI packages, not EXE, no .bat or anything.
- You can't run any sort of login script or bootup script. I never got the idea below to work. You can't remotely run a command on the machines.
IF you do the trial, they will send you emails telling you to "click here" to order the licenses. It will take you to the portal where you can subscribe to office 365 licenses. Intune for Education will be NOWHERE on the list. If you ask support, they will spend 4 weeks trying to figure it out and then will tell you to call a reseller. Then you'll get another email telling you to "click here" to buy it (but you really can't -- it's a joke on you).
** Update **
My testing worked as an EXE but when I fully deployed this the app as an MSI it didn't install. When I manually tested the MSI from MS Edge, it claimed there was a virus in it. I'm not sure if it is blocking it or I just didn't give it enough time to deploy. I needed the app installed so I couldn't keep playing with it (and wasn't sure how best to debug it) so I installed manually.
I think this idea is still viable, just need time to diagnose it.
Links to other ideas:
http://microsoftmercenary.com/wp/deploy-batch-files-and-scripts-via-intune/
https://social.technet.microsoft.com/Forums
-----
So, Microsoft Azure Active Directory and Microsoft Intune for Education are not the same things as a normal Microsoft Active Directory server. They overlap but they aren't are the same and I'm not sure what Microsoft's roadmap is -- will they ever have group policy (GPO) functionality? Then there's Windows 10 S targeting education too. It's like a lot of overlapping without a strategy.
The Problem
Anyway, everyone says you can't run a bat script which is kind of true but not really.
Intune for Education does not let you install anything except an MSI. I needed to install Google Earth Pro, which is only an EXE. Trying to wrap the EXE in an MSI didn't seem to work. Trying to extract the MSI from the EXE did not work.
I did this and will maybe one day document this better:
- Create an AutoIt script that does the following.
- If Google Earth Pro isn't already installed, do this stuff.
- This script downloads the EXE from a local http server on the network
- It runs the EXE and gets it installed
- (that's the simple version)
- The autoit script can be compiled to an EXE. Do that.
- Use an EXE to MSI program to create the MSI. I used ExetoMsi (free version).
- Upload this tiny MSI to Intune for Education as a desktop app. Add it to the group and that should deploy it.
Things I like about this:
- the script uploaded to Intune for Edu is small. The actual google earth pro installer is local on the network. No need to download that thing on across our wan 30 times for each PC.
- I can use a tool that I'm familiar with like AutoIt Script. I suspect you can do something similar for vbs or dos batch scripts.
Things I don't like about this:
- it's a hack. Microsoft should just allow EXE installs via intune for edu. I read that it already allows them for other management tools (sccm?). Google should also stop being a jerk and create an MSI installer. They just like to poke Microsoft in the eye whenever they can.
- Microsoft should allow scripts to be run from Intune for Edu. Obviously it can be done, because I did it but it should just be easy.
- Microsoft should allow scripts to be run from Intune for Edu. Obviously it can be done, because I did it but it should just be easy.
- there's no control about "when" this runs. Intune gets around to it.
- there's still no way I know of to have a script that runs every time a user logs in. That would be optimal.
- removing apps from the intune for education group doesn't uninstall the apps, it just stops intune for edu from pushing them to new machines
*** Example of my autoit script (formatting got lost a bit) ***
; does \temp dir exist?
Local $tmp_dir = "c:\temp"
Local $tmp_dir_exists = FileExists($tmp_dir)
if Not $tmp_dir_exists then DirCreate($tmp_dir)
; Is google earth pro already installed?
$GEP_DIR = "c:\Program Files (x86)\Google\Google Earth Pro"
Local $gep_dir_exists = FileExists($GEP_DIR)
If Not $gep_dir_exists then
; copy exe
Local $gep_tmp_name = "c:\temp\googleearthpro.exe"
Local $gep_tmp_name_exists = FileExists($gep_tmp_name)
if Not $gep_tmp_name_exists then iNetGet("http://172.20.0.10/googleearthpro.exe", $gep_tmp_name)
Local $gep_tmp_name_exists = FileExists($gep_tmp_name)
; execute exe
if $gep_tmp_name_exists then RunWait(@ComSpec & " /c " & $gep_tmp_name & " OMAHA=1", "", @SW_HIDE)
EndIf
*** Example of my autoit script (formatting got lost a bit) ***
; does \temp dir exist?
Local $tmp_dir = "c:\temp"
Local $tmp_dir_exists = FileExists($tmp_dir)
if Not $tmp_dir_exists then DirCreate($tmp_dir)
; Is google earth pro already installed?
$GEP_DIR = "c:\Program Files (x86)\Google\Google Earth Pro"
Local $gep_dir_exists = FileExists($GEP_DIR)
If Not $gep_dir_exists then
; copy exe
Local $gep_tmp_name = "c:\temp\googleearthpro.exe"
Local $gep_tmp_name_exists = FileExists($gep_tmp_name)
if Not $gep_tmp_name_exists then iNetGet("http://172.20.0.10/googleearthpro.exe", $gep_tmp_name)
Local $gep_tmp_name_exists = FileExists($gep_tmp_name)
; execute exe
if $gep_tmp_name_exists then RunWait(@ComSpec & " /c " & $gep_tmp_name & " OMAHA=1", "", @SW_HIDE)
EndIf
Comments
Post a Comment