James Vincent

How to Deploy ScreenConnect using Intune

Updated 29th September 2025, small improvements made to the Install and Detection scripts.

I don’t like to do “per Application” posts, as I could be here all day, but I’m treating this blog more as a “note to future self” than anything else. That said, I’m an avid fan of ScreenConnect, or ConnectWise Control, or whatever it’s called these days… And for this, the application installation can be fiddly, as can detection. So this is how I’ve cobbled something together so that will simplify the installation, especially via Intune and/or Company Portal.

I have three scripts wrapped into a Win32 Intunewin file.

Install-ScreenConnect.ps1

Note! Within the “Download Installer” step, you need to replace CHANGEMETOYOURACCOUNT to the path/host/account details aligned to your ScreenConnect account.

# ScreenConnect Install Wrapper for Intune
# James Vincent
# October 2025
# Enhanced with Logging

param(
    [Parameter(Mandatory=$true)]
    [string]$Client,
    [Parameter(Mandatory=$false)]
    [string]$Department,
    [Parameter(Mandatory=$false)]
    [string]$DeviceType
)

# Set up paths
$FolderPath = "$env:ProgramData\Microsoft\IntuneManagementExtension\Apps\ScreenConnect"
$LogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Install-ScreenConnect.log"
$InstallerPath = "$FolderPath\ScreenConnect.msi"

# Logging function
function Write-Log {
    param([string]$Message)
    $TimeStamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss"
    $Entry = "$TimeStamp - $Message"
    Write-Host $Entry
    Add-Content -Path $LogFile -Value $Entry
}

# Start Logging

# Check/create working directory
if (!(Test-Path $FolderPath)) {
    try {
        New-Item -ItemType Directory -Path $FolderPath -Force
        Write-Log "Created folder: $FolderPath"
    } catch {
        Write-Log "ERROR: Could not create folder $FolderPath - $_"
        exit 1
    }
} else {
    Write-Log "Folder already exists: $FolderPath"
}

# Download the installer
$DownloadUrl = "https://CHANGEMETOYOURACCOUNT.screenconnect.com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=$Client&c=&c=$Department&c=$DeviceType&c=&c=&c=&c="
try {
    Write-Log "Downloading ScreenConnect MSI from $DownloadUrl"
    Invoke-WebRequest -Uri $DownloadUrl -OutFile $InstallerPath -ErrorAction Stop
    Write-Log "Download completed: $InstallerPath"
} catch {
    Write-Log "ERROR: Failed to download ScreenConnect MSI - $_"
    exit 1
}

# Install ScreenConnect
try {
    Write-Log "Starting ScreenConnect installation"
    Start-Process "msiexec.exe" -ArgumentList "/i", "`"$InstallerPath`"", "/qn", "/l*v", "`"$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Install-ScreenConnect-MSI.log`"" -Wait
    Write-Log "ScreenConnect installation completed"
} catch {
    Write-Log "ERROR: Installation failed - $_"
    exit 1
}

# Delete installer
if (Test-Path $InstallerPath) {
    try {
        Remove-Item -Path $InstallerPath -Force
        Write-Log "Deleted installer: $InstallerPath"
    } catch {
        Write-Log "WARNING: Could not delete installer - $_"
    }
} else {
    Write-Log "Installer not found for deletion: $InstallerPath"
}

exit 0

Detect-ScreenConnect.ps1

# Detect ScreenConnect Installation & Output to logfile
# James Vincent
# October 2025

# Define log file path
$logFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Detect-ScreenConnect.log"

# Function to write output to console and log
function Write-Log {
    param([string]$Message)
    $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss"
    $logEntry = "$timestamp - $Message"
    Write-Output $logEntry
    Add-Content -Path $logFile -Value $logEntry
}

# Base path with wildcard for unique folder
$basePath = "${env:ProgramFiles(x86)}\ScreenConnect Client*"

# Check if any ScreenConnect Client folder exists
$folders = Get-ChildItem -Path $basePath -Directory -ErrorAction SilentlyContinue

if ($folders) {
    # Search for ScreenConnect.WindowsClient.exe inside each folder
    $scExe = $folders | ForEach-Object {
        Get-ChildItem -Path (Join-Path $_.FullName 'ScreenConnect.WindowsClient.exe') -ErrorAction SilentlyContinue
    }

    if ($scExe) {
        foreach ($exe in $scExe) {
            Write-Log "ScreenConnect.WindowsClient.exe found at: $($exe.FullName)"
            $fileVersion = (Get-Item $exe.FullName).VersionInfo.FileVersion
            Write-Log "File Version: $fileVersion"
            Write-Output "ScreenConnect.WindowsClient.exe exists | Version: $fileVersion"
            exit 0
        }
    } else {
        Write-Log "ScreenConnect.WindowsClient.exe not found in any ScreenConnect Client folder."
        exit 1
    }
} else {
    Write-Log "ScreenConnect Client folder not found."
    exit 1
}

Uninstall-ScreenConnect.ps1

# Define the application name
$applicationName = "ScreenConnect Client"

# Function to get the GUID from the uninstall string
function Get-GuidFromUninstallString($uninstallString) {
    $uninstallString -match '\{(.+?)\}' | Out-Null; $Matches[1]
}

# Search 64-bit registry
$uninstallKey64 = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Search 32-bit registry
$uninstallKey32 = Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -like "*$applicationName*" }

# Extract GUID from the uninstall string and if found, perform uninstall
if ($uninstallKey64) {
    $displayName = $uninstallKey64.DisplayName
    $guid64 = Get-GuidFromUninstallString $uninstallKey64.UninstallString
    #Write-Output "GUID for ${$displayName}: $guid64"
    # Display uninstall command
    Write-Output "Uninstalling $displayName."
    $uninstallLogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Uninstall-$displayName.log"
    # Run the uninstall command
    Start-Process "msiexec.exe" -ArgumentList "/x", "`"{$guid64}`"", "/qn", "/l*v", "`"$uninstallLogFile`"" -Wait
    Write-Output "$displayName has been uninstalled."
    exit 0
} elseif ($uninstallKey32) {
    $displayName = $uninstallKey32.DisplayName
    $guid32 = Get-GuidFromUninstallString $uninstallKey32.UninstallString
    #Write-Output "GUID for ${$displayName}: $guid32"
    # Display uninstall command
    Write-Output "Uninstalling $displayName."
    $uninstallLogFile = "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\App-Uninstall-$displayName.log"
    # Run the uninstall command
    Start-Process "msiexec.exe" -ArgumentList "/x", "`"{$guid32}`"", "/qn", "/l*v", "`"$uninstallLogFile`"" -Wait
    Write-Output "$displayName has been uninstalled."
    exit 0
} else {
    Write-Output "Uninstallation of $displayName failed"
    exit 1
}

With this all wrapped into a Win32 Intunewin, as shown below.

The Intunewin is loaded into Intune as a Win32 Application Type, with the following configuration.

For the Install and Uninstall commands, we use;

Install

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Install-ScreenConnect.ps1 -Client "ClientName" -Department "DepartmentName" -DeviceType "Laptop"

Uninstall

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Uninstall-ScreenConnect.ps1

And we throw in the Detection script to take care of the app detection.

Simple as peas. This is how a device will look in the Screen Connect console.

James avatar

James

I am a UK based Modern Workplace Architect, with an enthusiasm for Device Management.

20 responses to “How to Deploy ScreenConnect using Intune”

  1. Jessie

    Hi James – Thanks for this tutorial. May I ask if this is compatible with both Windows 10 and 11 devices?

    Reply
    1. James

      It is indeed!

      Reply
    2. James

      It most certainly is.

      Reply
  2. ClaytonDaniels

    How do you “wrap” the 3 scripts into an intunewin file… this is my struggle at the moment. I can wrap an msi, like Google Chrome, and was able to get that to work, but how are you getting these 3 scripts into the intunewin file?

    Reply
    1. James

      Hi Clayton, this article talks through using the Intune Wrapper; https://jamesvincent.co.uk/2023/02/09/227/ — How to create a Win32 App or Intunewin Package

      Reply
      1. Will

        Hi James,

        Hopping onto this comment. While your guide is very helpful, it does not cover how to wrap the powershell files effectively. Only how to wrap MSI files.

        Do you mind extrapolating how you would use the intune wrapper, specifically with the screenconnect powershell files described above? What do you use for the source setup file?

        Your guidance is greatly appreciated. Thank you so much!

        -Will

        Reply
        1. James

          Hi Will,

          The guide linked, referencing MSI can be followed. You can replace the setup file, with the .ps1 file (this could be anything!).

          The install command, written in this article, references … “-File .\Install-ScreenConnect.ps1” … that initial .\ is basically saying “look within the current working directory”, which in this instance is the .intunewin, and execute Install-ScreenConnect.ps1 from within the current directory/.intunewin.

          Cheers,
          James

          Reply
        2. James

          I’ve added a screenshot showing the wrap commands…

          Reply
  3. charles

    James, would you be available to help customize this script for our environment? I tried copying and pasting what you have and following along but i think i am just a tad bit confused still. I of course changed the PS with my domain however when trying to run the PS outside of Intune itself it asks for a client name and when provided it just closes down and nothing seems to happen.

    Reply
    1. James

      Hi Charles, this script is already generic. It contains variables that you can use. I suspect there’s a variable missing or similar when you run it… Would need more information to advise further.

      Reply
  4. Kevin

    Awesome script!, is there away to install this and add the Company info as well?

    Reply
    1. James

      Hi Kevin,

      Thats the $Client variable… I’ve added a new screenshot to show what it looks like in the ScreenConnect Console.

      Reply
  5. Max

    Hi James,

    I must be doing something wrong because whilst the above scripts and instructions works, the $Client variable doesn’t seem to do anything and all my installs go into the “Unknown” category and I then have to manually move them. Why would that be?

    Thank you for the script, it’s a life saver!!

    Reply
    1. James

      Hi Max,

      Share your script/config with me, and let’s take a look. Email to spamguard+websitecomments@vini.co.uk

      Reply
  6. Steve

    This works to roll out after a workstation is deployed but often fails via Autopilot or ESP or Pre Provisioning. Ever see that?

    Reply
    1. James

      Any error codes or logs? It’s possibly timing out? It’s possible the script doesn’t close and just hangs?

      It’s been a long time since I used this, specifically during ESP. But if you can supply logs/errors, I can advise.

      Reply
  7. Michael

    If you want an approach without scripting complexities to just get this done, export the SC client as an EXE, run it through the IntuneWinAppUtil, create your Intune app as follows:
    (Note: The util wrapper sidesteps the “untrusted app/MSI” issue.)

    App
    Name: ScreenConnect
    Description: ScreenConnect
    Publisher: ConnectWise
    App Version: No App Version
    Category: Computer management
    Show this as a featured app in the Company Portal: No
    Information URL: No Information URL
    Privacy URL: No Privacy URL
    Developer: No Developer
    Owner: No Owner
    Notes: No Notes
    Logo: No logo

    Program
    Install command: ScreenConnect.ClientSetup.exe /S
    Uninstall command: ScreenConnect.ClientSetup.exe /uninstall
    Installation time required (mins): 60
    Allow available uninstall: Yes
    Install behavior: System
    Device restart behavior: No specific action
    Return codes:
    0 Success
    1707 Success
    3010 Soft reboot
    1641 Hard reboot
    1618 Retry

    Requirements
    Check operating system architecture: x64,arm64
    Minimum operating system: Windows 10 1803
    Disk space required (MB): No Disk space required (MB)
    Physical memory required (MB): No Physical memory required (MB)
    Minimum number of logical processors required: No Minimum number of logical processors required
    Minimum CPU speed required (MHz): No Minimum CPU speed required (MHz)
    Additional requirement rules: No Additional requirement rules

    Detection rules
    Rules format: Manually configure detection rules
    Detection rules:
    Path: C:\Program Files (x86)\ScreenConnect Client (YourSCInstanceID)\
    File or Folder: ScreenConnect.WindowsClient.Exe
    Detection Method: File or Folder Exists

    Reply
    1. James

      Whilst this will work, it lacks any of the customisation the scripted approach I’ve created offers. A simple install like you’ve provided would suit a single entity.

      As I work with multiple clients, having the flex at time of install is really beneficial (to me).

      That said, the beauty of IT is that there’s always many ways to skin the cat.

      Reply
  8. Rob E

    Hi James

    Have you had a go at deploying on MacOS? I can get the app installed but the permissions are really driving me crazy!

    Cheers

    Reply
    1. James

      I have not. But who doesn’t like a challenge

      Which permissions out of interest?

      Reply

Leave a Reply to Max Cancel reply

Your email address will not be published. Required fields are marked *