Deploy PowerShell Script Using Intune (MEM) –

 

We will now look at the steps to add and deploy PowerShell Script Using Intune (MEM). The steps to add a new PowerShell script are as follows.

 

Sign in to Microsoft Endpoint Manager portal (Intune)

Select Devices and then select Windows devices.

Under Windows Policies, select PowerShell Scripts.

To add a new PowerShell script, click Add button and deploy it to Windows 10 devices.

 

-If the associated app is a 64-bit application, retrieve the list.

 

Get-CimInstance -ClassName Win32_Product

 

If the app you intend to uninstall is identified using the above-mentioned PowerShell command, then use the below-mentioned script to uninstall the app.

 

Get-CimInstance -ClassName Win32_Product -Filter "Name = 'Your App Name'" |   Invoke-CimMethod -MethodName Uninstall -ErrorAction SilentlyContinue

 

-Replace ‘your app name’ with the software name that you intend to uninstall.

 

Remember, the software name should match exactly as displayed in the registry editor

 

 

 

If a 64 bit application you intend to uninstall hasn't been obtained from the mentioned command, it will be obtained and uninstalled using the script below. This script retrieves the app from the registry location and uninstalls it using the app uninstall string.

 

# Define the name of the application to uninstall

$AppName = "7-Zip 24.04 (x64)"

 

# Get the list of installed 64-bit applications

$64BitApps = Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | ForEach-Object {

    $app = Get-ItemProperty $_.PsPath

    if ($app.DisplayName) {

         [PSCustomObject]@{

             "Name" = $app.DisplayName

             "UninstallString" = $app.UninstallString

        }

    }

}

 

# Find the uninstall string for the specified application

$UninstallString = ($64BitApps | Where-Object { $_.Name -eq $AppName }).UninstallString

 

# Check if the uninstall string is found

if ($UninstallString) {

    # Run the uninstall command silently

    Write-Output "Uninstalling $AppName silently... $UninstallString"

    Start-Process -FilePath $UninstallString /S -Wait

    Write-Output "$AppName has been uninstalled silently."

} else {

    Write-Output "Application $AppName not found."

}

 

As I have used the silent flag '/S' in the above script because 7-Zip and other apps such as WinRAR and VLC etc. support the 'S' flag after the end of the uninstall string, but most apps don't support the /S flag. Instead, they support /q.  We have to manually check which app supports which flag.

 

If an app supports the 'q' flag instead of 's', then in this case, we will replace  ‘/S’ with                                 - ArgumentList "/quiet", "/norestart" for silently uninstallation.

 

.If the uninstall string contains an executable file along with its location, the above-mentioned script will work. However, if a GUID is present in the uninstall string, then use the following script to silently uninstall the app.

 

 

 

 

# Run the uninstallation command silently

Write-Output "Uninstalling application silently..."

Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {96A68E8D-E0D7-4CFB-9EE7-4FAA1AF9058B} /quiet" -Wait

Write-Output "Application has been uninstalled silently."

 

Replace above highlighted GUID with the app GUID that you want to uninstall.

 

 

 

 

 

 

 

If the associated app is a 32-bit application

 

# Define the name of the application to uninstall

$AppName = "Your App Name"

 

# Get the list of installed 32-bit applications

$32BitApps = Get-ChildItem "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | ForEach-Object {

    $app = Get-ItemProperty $_.PsPath

    if ($app.DisplayName) {

         [PSCustomObject]@{

             "Name" = $app.DisplayName

             "UninstallString" = $app.UninstallString

        }

    }

}

 

# Find the uninstall string for the specified application

$UninstallString = ($32BitApps | Where-Object { $_.Name -eq $AppName }).UninstallString

 

# Check if the uninstall string is found

if ($UninstallString) {

    # Run the uninstall command silently

    Write-Output "Uninstalling $AppName silently... $UninstallString"

    Start-Process -FilePath $UninstallString /S -Wait

    Write-Output "$AppName has been uninstalled silently."

} else {

    Write-Output "Application $AppName not found."

}

 

Replace ‘Your App Name’ with the actual app name that you want to uninstall.

 

 

Some apps, such as McAfee and AnyDesk etc, do not support silent uninstallation. If we deploy the script via Intune, it may result in an error or prompt the user to uninstall it, requiring user intervention.

 

 

A screenshot of a chat Description automatically generated

 

 

A screenshot of a computer Description automatically generated

 

 

-Points to remember

The Intune management extension agent checks after every reboot for any new scripts or changes. After you assign the policy to the Azure AD groups, the PowerShell script runs, and the run results are reported. Once the script executes, it doesn’t execute again unless there’s a change in the script or policy. If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-ins.

 

. If it's been a while since you deployed the script in Intune and it's not showing any status in the portal yet, follow the steps below.

1.Restart the device and sync the logged in account on device.

2.Restart the Intune management extension agent service.

 

 

 

. Remember, before deploying scripts through Intune, it's essential to thoroughly test them in a controlled environment to ensure they behave as expected and do not cause any unintended consequences. Additionally, make sure you have the necessary permissions to manage devices and deploy scripts in your Intune environment.