Intune - Install and assign to different groups

jmarlowe

I have been working through the Intune configuration for Tensor. I have the process working for installing the Host and Full applications to my users. I have numerous groups in my account that I need to have devices assigned to. I am using the script supplied by support and it works very well once you break it down:

:Install, pretty simple
start /wait MSIEXEC.EXE /i "PATH_TO_MSI_FILE\TeamViewer_Full.msi" /qn

:wait on the install to fully finish
timeout /t 30 /nobreak

:launch the app (probably already running, but that's fine) and pass the assignment ID from your rollout configuration
"C:\Program Files\TeamViewer\TeamViewer.exe" assignment --id YOUR_ASSIGNMENT_ID

This process works surprisingly well, but I'm at a point where deployment requires a lot of steps to create custom scripts for each group / assignment ID, package up the intunewin, and create the app in Intune.

I need to get to where I can have a single install / intunewin. I think this is possible by taking the Rollout item out of the original install script. The steps are all the same up to that point anyway.

But then how do you assign the rollout to the device? I use the device's group membership to install the package with the custom script now. This is problematic because I will have to go through the whole process again at the next update…

What I would like to do is create a Script / Remediation in Intune that will check if TeamViewer.exe exists, and run a script to assign the rollout if it does.

I tried it by passing a command line flag that will assign a rollout id. This works, but I still have to create a new script / remediation for each ID used. It saves time on the intunewin creation, but I think it can still be better.

@ECHO OFF

IF "%~1" == "Group1" (
"C:\Program Files\TeamViewer\TeamViewer.exe" assignment --id <RolloutID1>
) ELSE IF "%~1" == "Group2" (
"C:\Program Files\TeamViewer\TeamViewer.exe" assignment --id <RolloutID2>
) ELSE (
ECHO "No group found"
)

I'm thinking I could check for group membership in powershell, then assign the ID accordingly.

Unfortunately, I'm just not good at the Azure powershell stuff… Anyone have any ideas?

jmarlowe

I appreciate the help @JeanK but I think I've got it ironed out as much as I can…

FWIW: here is my latest script and it seems to be working…

Check for TeamViewer installed:

Start-Transcript -Path $env:TEMP\Check-TeamViewerInstalled.txt

$file = "$env:ProgramFiles\TeamViewer\TeamViewer.exe"

if (Test-Path "$file") {
write-output "File Found - $file"
Stop-Transcript
Exit 1
}

Else {
write-output "File NOT Found - $file"
Stop-Transcript
Exit 0
}

Update Config if Found

#Start Log
Start-Transcript -Path $env:TEMP\Update-TeamViewerConfig.txt

$Site = "<sitename>"
$ID = "<rolloutID>"

Start-Process -NoNewWindow -filepath "C:\Program Files\TeamViewer\TeamViewer.exe" -ArgumentList "assignment --id $ID"
Write-Output "Added to $Site"

Stop-Transcript
Exit 0

If the first script finds TeamViewer.exe, it exits with 1, which calls the remediation script. I assign it to devices via Azure group. If a computer goes into one group, you can change the group membership and it will eventually remediate into the correct group.

So, I now have a single App to install, but a had to create a different remediation process for each group. At this point, if we add a new group, I'll have to do a new remediation script and upload. If the MSI file is updated, I only have one app to replace. Otherwise, I don't have to touch the remediations. I think this is as good as it will get…

JeanK

Hi @jmarlowe,

Thanks a lot for reaching out to us!

Unfortunately, we can't provide any help regarding custom scripts publicly.

As every environment is different it could lead to technical issues if other users try to reproduce the scripts within their network.

However, what I would recommend is opening a support ticket, so our engineers may look into your questions.

You can open a ticket by clicking this link: https://www.teamviewer.com/en/global/support/customer-support/#licensed-support

Our team will be more than happy to help!

Let me know if there's anything I can help you with.

All the best,

/JeanK

jmarlowe

I appreciate the help @JeanK but I think I've got it ironed out as much as I can…

FWIW: here is my latest script and it seems to be working…

Check for TeamViewer installed:

Start-Transcript -Path $env:TEMP\Check-TeamViewerInstalled.txt

$file = "$env:ProgramFiles\TeamViewer\TeamViewer.exe"

if (Test-Path "$file") {
write-output "File Found - $file"
Stop-Transcript
Exit 1
}

Else {
write-output "File NOT Found - $file"
Stop-Transcript
Exit 0
}

Update Config if Found

#Start Log
Start-Transcript -Path $env:TEMP\Update-TeamViewerConfig.txt

$Site = "<sitename>"
$ID = "<rolloutID>"

Start-Process -NoNewWindow -filepath "C:\Program Files\TeamViewer\TeamViewer.exe" -ArgumentList "assignment --id $ID"
Write-Output "Added to $Site"

Stop-Transcript
Exit 0

If the first script finds TeamViewer.exe, it exits with 1, which calls the remediation script. I assign it to devices via Azure group. If a computer goes into one group, you can change the group membership and it will eventually remediate into the correct group.

So, I now have a single App to install, but a had to create a different remediation process for each group. At this point, if we add a new group, I'll have to do a new remediation script and upload. If the MSI file is updated, I only have one app to replace. Otherwise, I don't have to touch the remediations. I think this is as good as it will get…

JeanK

That's good news! Thanks a lot for sharing your way of doing things - it is helpful for other users!

Looking forward to seeing you posting again. 🙂

/JeanK