Intune deployment of Win32 app in User context
Marlon Yu
Hi,
Has anyone managed to deploy a Win32 app using Intune in user context?
This is my first time doing a user context deployment (system context deployments are working fine). It keeps causing an 0x81036502 error code (which ironically isn’t even listed in Microsoft’s own error code document) during the Account setup portion of the ESP, specifically the final APPS part.
Under Assignments, if I assign the user group to AVAILABLE FOR ENROLLED DEVICES instead of REQUIRED, I can successfully install it from the Company Portal.
Since the Win32app is actually a Powershell script that creates a signature template in Outlook for Azure AD only joined machines, it needs to be installed for each user and each user must log on so that it can properly expand the %USERPROFILE% and %APPDATA% entries. From my understanding of this MS document, this is what User context is for.
Anyone encountered this error before or have any other suggestions for deploying in user context?
Marlon
| *** RANGITOTO COLLEGE EMAIL DISCLAIMER *** |
| The contents of this email and any attachments are confidential and may be legally privileged. If you are not the intended recipient please advise the sender immediately and delete the email and attachments. Any use, dissemination, reproduction or distribution of this email and any attachments by anyone other than the intended recipient is prohibited. |
| *** RANGITOTO COLLEGE EMAIL DISCLAIMER *** |
Marlon Yu
Just to close the loop on this one and hopefully prevent someone else from losing 4 days on it poring over MS docs and Google results …
When deploying an app in User context, keep in mind that the DETECTION routine is still executed in SYSTEM context. There is no way to go user context for it. Had it not been for someone (Thank You!) pointing me to the fact that we can use CMTrace (part of SCCM) to make sense of the InTune log, I wouldn’t have figured it out (the tool can be downloaded as part of the ConfigMgrTools and does not require SCCM to be installed).
As you can see from the screencap below, the IME log file indicated that it was looking under C:\Users for the name of the MACHINE instead of the USER when expanding %USERNAME%.
NOTE: the above was the last one I tried. I had also tried %USERPROFILE% and %APPDATA% both of which got expanded using the machine name as well.
MS Support informed me that it takes about 8hrs to sync the status between the client and InTune so I waited on 1 of them and if you go under Troubleshooting + Support, specify the user and then select the device, under Managed Apps, you’ll be able to select the app that is failing but ironically, it won’t match the error shown on the device screen (0x81036502). Instead it will show 0x87D1041C which would have been a more helpful clue (not detected after successful install would have nudged me earlier to the detection routine).
As for the solution, depending on what you need there may be scripts out there such as this that can be used as custom detection. I decided to keep it simple and just modify my Powershell script to leave a blank file under %ProgramData% that I tell the detection routine to look for (making sure that my uninstall command removes it as well).
Marlon Yu, PMP, MIITP
IT Services Manager
From: 'Marlon Yu' via Techies for schools <techies-f...@googlegroups.com>
Sent: Wednesday, 6 April 2022 1:40 pm
To: techies-f...@googlegroups.com
Subject: [techies-for-schools] Intune deployment of Win32 app in User context
|
CAUTION: This email originated from outside of Rangitoto College. Be careful about clicking on links or opening attachments. If in doubt, ask IT. |
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
techies-for-sch...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/techies-for-schools/SYXPR01MB136017E6497E9192C46F4A7DB8E79%40SYXPR01MB1360.ausprd01.prod.outlook.com.
Sam McNeill
