James Vincent

How to Deploy ScreenConnect using Intune

I don’t like to do “per Application” posts, as I could be here all day, but I’m treating this blog more as a “note to future self” than anything else. That said, I’m an avid fan of ScreenConnect, or ConnectWise Control, or whatever it’s called these days… And for this, the application installation can be fiddly, as can detection. So this is how I’ve cobbled something together so that will simplify the installation, especially via Intune and/or Company Portal.

I have three scripts wrapped into a Win32 Intunewin file.

Install-ScreenConnect.ps1

# ScreenConnect Install Wrapper for Intune
# James Vincent
# February 2024

param(
  [Parameter(Mandatory=$true)]
  [string]$Client,
  [Parameter(Mandatory=$false)]
  [string]$Department,
  [Parameter(Mandatory=$false)]
  [string]$DeviceType
)

# Check for Working Directory
$FolderPath = "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect"
if (!(Test-Path $FolderPath)) {
  New-Item -ItemType Directory -Path $FolderPath
} else {
  write-host "$FolderPath already exists."
}

# .\Install-ScreenConnect.ps1 -Client "ClientName" -Department "No Consent" -DeviceType "No Consent"
# Install ScreenConnect
wget "https://YOURDOMAIN.screenconnect.com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=$Client&c=&c=$Department&c=$DeviceType&c=&c=&c=&c=" -OutFile $FolderPath\ScreenConnect.msi

Start-Process "msiexec.exe" -ArgumentList "/i", "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect\ScreenConnect.msi", "/qn", "/l*v", "`"$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Install-ScreenConnect.log`"" -Wait

# Delete the ScreenConnect Installer
$FilePath = "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect\ScreenConnect.msi"
if (!(Test-Path $FilePath)) {
  write-host "$FilePath not found."
} else {
  Remove-Item -LiteralPath "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps" -Force -Recurse
}

exit

Detect-ScreenConnect.ps1

# Define the application name
$applicationName = "ScreenConnect Client"

# Function to get the GUID from the uninstall string
function Get-GuidFromUninstallString($uninstallString) {
    $uninstallString -match '\{(.+?)\}' | Out-Null; $Matches[1]
}

# Search 64-bit registry
$uninstallKey64 = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Search 32-bit registry
$uninstallKey32 = Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Extract GUID from the uninstall string and if found, perform uninstall
if ($uninstallKey64) {
    $displayName = $uninstallKey64.DisplayName
    Write-Output "$displayName is Installed"
    exit 0
} elseif ($uninstallKey32) {
    $displayName = $uninstallKey32.DisplayName
    Write-Output "$displayName is Installed"
    exit 0
} else {
    Write-Output "Application not detected"
    exit 1
}

Uninstall-ScreenConnect.ps1

# Define the application name
$applicationName = "ScreenConnect Client"

# Function to get the GUID from the uninstall string
function Get-GuidFromUninstallString($uninstallString) {
    $uninstallString -match '\{(.+?)\}' | Out-Null; $Matches[1]
}

# Search 64-bit registry
$uninstallKey64 = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Search 32-bit registry
$uninstallKey32 = Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Extract GUID from the uninstall string and if found, perform uninstall
if ($uninstallKey64) {
    $displayName = $uninstallKey64.DisplayName
    $guid64 = Get-GuidFromUninstallString $uninstallKey64.UninstallString
    #Write-Output "GUID for ${$displayName}: $guid64"
    # Display uninstall command
    Write-Output "Uninstalling $displayName."
    $uninstallLogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Uninstall-$displayName.log"
    # Run the uninstall command
    Start-Process "msiexec.exe" -ArgumentList "/x", "`"{$guid64}`"", "/qn", "/l*v", "`"$uninstallLogFile`"" -Wait
    Write-Output "$displayName has been uninstalled."
    exit 0
} elseif ($uninstallKey32) {
    $displayName = $uninstallKey32.DisplayName
    $guid32 = Get-GuidFromUninstallString $uninstallKey32.UninstallString
    #Write-Output "GUID for ${$displayName}: $guid32"
    # Display uninstall command
    Write-Output "Uninstalling $displayName."
    $uninstallLogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Uninstall-$displayName.log"
    # Run the uninstall command
    Start-Process "msiexec.exe" -ArgumentList "/x", "`"{$guid32}`"", "/qn", "/l*v", "`"$uninstallLogFile`"" -Wait
    Write-Output "$displayName has been uninstalled."
    exit 0
} else {
    Write-Output "Uninstallation of $displayName failed"
    exit 1
}

With this all wrapped into a Win32 Intunewin, the Intunewin is loaded into Intune as a Win32 Application Type, with the following configuration;

For the Install and Uninstall commands, we use;

Install

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Install-ScreenConnect.ps1 -Client "ClientName" -Department "DepartmentName" -DeviceType "Laptop"

Uninstall

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Uninstall-ScreenConnect.ps1

And we throw in the Detection script to take care of the app detection.

Simple as peas. This is how a device will look in the Screen Connect console.

Tags
, , , , , ,
James avatar

James

9 responses to “How to Deploy ScreenConnect using Intune”

  1. Jessie

    Hi James – Thanks for this tutorial. May I ask if this is compatible with both Windows 10 and 11 devices?

    Reply
    1. James

      It is indeed!

      Reply
    2. James

      It most certainly is.

      Reply
  2. ClaytonDaniels

    How do you “wrap” the 3 scripts into an intunewin file… this is my struggle at the moment. I can wrap an msi, like Google Chrome, and was able to get that to work, but how are you getting these 3 scripts into the intunewin file?

    Reply
    1. James

      Hi Clayton, this article talks through using the Intune Wrapper; https://jamesvincent.co.uk/2023/02/09/227/ — How to create a Win32 App or Intunewin Package

      Reply
  3. charles

    James, would you be available to help customize this script for our environment? I tried copying and pasting what you have and following along but i think i am just a tad bit confused still. I of course changed the PS with my domain however when trying to run the PS outside of Intune itself it asks for a client name and when provided it just closes down and nothing seems to happen.

    Reply
    1. James

      Hi Charles, this script is already generic. It contains variables that you can use. I suspect there’s a variable missing or similar when you run it… Would need more information to advise further.

      Reply
  4. Kevin

    Awesome script!, is there away to install this and add the Company info as well?

    Reply
    1. James

      Hi Kevin,

      Thats the $Client variable… I’ve added a new screenshot to show what it looks like in the ScreenConnect Console.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *