James Vincent

How to Deploy ScreenConnect using Intune

James

I don’t like to do “per Application” posts, as I could be here all day, but I’m treating this blog more as a “note to future self” than anything else. That said, I’m an avid fan of ScreenConnect, or ConnectWise Control, or whatever it’s called these days… And for this, the application installation can be fiddly, as can detection. So this is how I’ve cobbled something together so that will simplify the installation, especially via Intune and/or Company Portal.

I have three scripts wrapped into a Win32 Intunewin file.

Install-ScreenConnect.ps1

# ScreenConnect Install Wrapper for Intune
# James Vincent
# February 2024

param(
  [Parameter(Mandatory=$true)]
  [string]$Client,
  [Parameter(Mandatory=$false)]
  [string]$Department,
  [Parameter(Mandatory=$false)]
  [string]$DeviceType
)

# Check for Working Directory
$FolderPath = "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect"
if (!(Test-Path $FolderPath)) {
  New-Item -ItemType Directory -Path $FolderPath
} else {
  write-host "$FolderPath already exists."
}

# .\Install-ScreenConnect.ps1 -Client "ClientName" -Department "No Consent" -DeviceType "No Consent"
# Install ScreenConnect
wget "https://YOURDOMAIN.screenconnect.com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=$Client&c=&c=$Department&c=$DeviceType&c=&c=&c=&c=" -OutFile $FolderPath\ScreenConnect.msi

Start-Process "msiexec.exe" -ArgumentList "/i", "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect\ScreenConnect.msi", "/qn", "/l*v", "`"$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Install-ScreenConnect.log`"" -Wait

# Delete the ScreenConnect Installer
$FilePath = "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect\ScreenConnect.msi"
if (!(Test-Path $FilePath)) {
  write-host "$FilePath not found."
} else {
  Remove-Item -LiteralPath "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps" -Force -Recurse
}

exit

Detect-ScreenConnect.ps1

# Define the application name
$applicationName = "ScreenConnect Client"

# Function to get the GUID from the uninstall string
function Get-GuidFromUninstallString($uninstallString) {
    $uninstallString -match '\{(.+?)\}' | Out-Null; $Matches[1]
}

# Search 64-bit registry
$uninstallKey64 = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Search 32-bit registry
$uninstallKey32 = Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Extract GUID from the uninstall string and if found, perform uninstall
if ($uninstallKey64) {
    $displayName = $uninstallKey64.DisplayName
    Write-Output "$displayName is Installed"
    exit 0
} elseif ($uninstallKey32) {
    $displayName = $uninstallKey32.DisplayName
    Write-Output "$displayName is Installed"
    exit 0
} else {
    Write-Output "Application not detected"
    exit 1
}

Uninstall-ScreenConnect.ps1

# Define the application name
$applicationName = "ScreenConnect Client"

# Function to get the GUID from the uninstall string
function Get-GuidFromUninstallString($uninstallString) {
    $uninstallString -match '\{(.+?)\}' | Out-Null; $Matches[1]
}

# Search 64-bit registry
$uninstallKey64 = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Search 32-bit registry
$uninstallKey32 = Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Extract GUID from the uninstall string and if found, perform uninstall
if ($uninstallKey64) {
    $displayName = $uninstallKey64.DisplayName
    $guid64 = Get-GuidFromUninstallString $uninstallKey64.UninstallString
    #Write-Output "GUID for ${$displayName}: $guid64"
    # Display uninstall command
    Write-Output "Uninstalling $displayName."
    $uninstallLogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Uninstall-$displayName.log"
    # Run the uninstall command
    Start-Process "msiexec.exe" -ArgumentList "/x", "`"{$guid64}`"", "/qn", "/l*v", "`"$uninstallLogFile`"" -Wait
    Write-Output "$displayName has been uninstalled."
    exit 0
} elseif ($uninstallKey32) {
    $displayName = $uninstallKey32.DisplayName
    $guid32 = Get-GuidFromUninstallString $uninstallKey32.UninstallString
    #Write-Output "GUID for ${$displayName}: $guid32"
    # Display uninstall command
    Write-Output "Uninstalling $displayName."
    $uninstallLogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Uninstall-$displayName.log"
    # Run the uninstall command
    Start-Process "msiexec.exe" -ArgumentList "/x", "`"{$guid32}`"", "/qn", "/l*v", "`"$uninstallLogFile`"" -Wait
    Write-Output "$displayName has been uninstalled."
    exit 0
} else {
    Write-Output "Uninstallation of $displayName failed"
    exit 1
}

With this all wrapped into a Win32 Intunewin, the Intunewin is loaded into Intune as a Win32 Application Type, with the following configuration;

For the Install and Uninstall commands, we use;

Install

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Install-ScreenConnect.ps1 -Client "ClientName" -Department "DepartmentName" -DeviceType "Laptop"

Uninstall

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Uninstall-ScreenConnect.ps1

And we throw in the Detection script to take care of the app detection.

Simple as peas.

Tags
, , , , , ,
James avatar

James

Leave a Reply

Your email address will not be published. Required fields are marked *