SOLVED

Intune Win32 app detection method

Brass Contributor

Hi,

I am attempting to create an Intune Win32 App package that will apply a custom theme to our computers.

 

custom.theme and lockscreen.jpg get copied to C:\Windows\Resources\Themes.

A folder named DesktopBackground is copied to C:\Windows\Resources\Themes and contains 35 jpg files.

 

The detection script for this should be extremely simple but when I install this package, it is always seen as not-compliant by Intune. The detection script checks the two files at C:\Windows\Resources\Themes and gets a count of jpg files in C:\Windows\Resources\Themes\DesktopBackground (must be 35 or more to be compliant). I cannot use manual rules because of the 25-rule restriction.

 

Here is my detection script:

# Initialize variables
$compliant = 0
$backgroundPath = "C:\Windows\Resources\Themes\DesktopBackground"
$file1 = "C:\Windows\Resources\Themes\custom.theme"
$file2 = "C:\Windows\Resources\Themes\LockScreen.jpg"
$logFile = "C:\Windows\Temp\complianceLog.txt"

# Test compliance
# custom.theme
if(-not(Test-Path -Path $file1)) {
    # custom.theme does not exist
    $compliant = 1
    Add-Content -Path $logFile -Value "custom.theme does not exist"
}

# LockScreen.jpg
if(-not(Test-Path -Path $file2)) {
    # LockScreen.jpg does not exist
    $compliant = 1
    Add-Content -Path $logFile -Value "LockScreen.jpg does not exist"
}

$fileCount = (Get-Childitem -Path $backgroundPath).Count
if($fileCount -lt 35) {
    # The number of desktop background slides is incorrect
    $compliant = 1
    Add-Content -Path $logFile -Value "The number of desktop background slides is incorrect"
}

if($compliant -eq 0) {
    Add-Content -Path $logFile -Value "Installation is compliant"
    Exit 0
} else {
    Add-Content -Path $logFile -Value "Installation is not compliant"
    Exit 1
}

This script always detects the installation as not-compliant, but all the expected files and folders are found in their place as expected. The result should be compliant.

 

Any ideas what is tripping up this detection?

 

Thank you!

Rob

8 Replies
best response confirmed by robmo (Brass Contributor)
Solution
You should have something that writes to STDOUT; you can use Write-Output with the text you write to the log file... Detections work with something STDOUT and an Exit 0 for detected or Exit 1 (or higher) for not detected and start the installation.
Yep... not notice any exit code etc, in it
if you want more info @robmo about the stdout

https://call4cloud.nl/2022/08/the-ballad-of-buster-exitcodes/

@Harm_Veenstra 

 

Is this what you are suggesting?

 

if($compliant -eq 0) {
    Add-Content -Path $logFile -Value "Installation is compliant"
    Write-Output "Installation is compliant"
    Exit 0
} else {
    Add-Content -Path $logFile -Value "Installation is not compliant"
    Write-Output "Installation is not compliant"
    Exit 1
}
Yes, that should be it. One Write-Output for Intune with the Exit code and one for your log (the detection script output is also visible in your Intune logs in c: program data, perhaps redundant?).
The logging was really about debugging. If I'm confident this is working properly, I would be comfortable with removing the logging feature.
I always use Start-Transcript c:\temp\xyz.log at the top of the script (xyz is an example) and Stop-Transcript at the end. That way, you see the script's output like you would when running it in a console.
This is running during Autopilot pre-provision so there isn't anything to see at that stage.
Adding the write-output to my exits has fixed my issue.
Thank you very much for help out!
Rob
Good to hear that it works, no problem!
1 best response

Accepted Solutions
best response confirmed by robmo (Brass Contributor)
Solution
You should have something that writes to STDOUT; you can use Write-Output with the text you write to the log file... Detections work with something STDOUT and an Exit 0 for detected or Exit 1 (or higher) for not detected and start the installation.

View solution in original post