question

JimSmith-1758 avatar image
0 Votes"
JimSmith-1758 asked LuDaiMSFT-0289 commented

Intune Win32app requirement - Using a Powershell script

I am using a powershell script to check for a registry key (infact I'm checking all the values within a key, and excluding the values that we know should be there. if there is anything less the IF check outputs a 1.) Now running this script works fine, if there are additional values we get a 1 output. If I a remove any additional values, leaving only the value we expect to see then the script doesn't return anything.

Looking at all the docs (https://tech.nicolonsky.ch/intune-win32-app-requirements-deep-dive/ for example) it looks like I'm doing this correct.

But running the app on devices, they are all coming back as installed when I know for a fact all the devices have no additional values. I've ran the PS script manually on the device, and as expected the script returns no output.

I'm missing something very obvious here I'm sure!

$dir = Get-Item HKCU:\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover

$accounts = ($dir | Select-Object Property -ExpandProperty Property)


if ($accounts2 = $accounts -notmatch "myorgname.co.uk"){

Write-Host $accounts2


Write-output 1

Exit 0
}

196564-script.png


mem-intune-application-management
script.png (25.8 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 commented

@JimSmith-1758 Thanks for posting in our Q&A.

For this issue, did you want to output the account when the account not match "myorgname.co.uk" in the registry? If yes, please understand that this commend "if ($accounts2 = $accounts -notmatch XXX)" only output "true" or "false", it will not output the account. If you want to output 1 and the account, please try to change the script like the following:

 $dir = Get-Item HKCU:\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover
 $accounts = ($dir | Select-Object Property -ExpandProperty Property)
 if ($accounts -notmatch "myorgname.co.uk"){
 $accounts2 =$accounts
 Write-Host $accounts2
 Write-output 1
 Exit 0
 }

Hope it will help.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JimSmith-1758 avatar image JimSmith-1758 ·

Thanks LuDaiMSFT-0289

I don;t think the issue is with the actual Powershell if I'm reading things correct.

If I create a simple script with the following

Write-output 2

And then set a requirement in the deployment as an integer to return as 1, the Win32app continues to install when it should return as non-compliant as the script is outputting 2.

0 Votes 0 ·
LuDaiMSFT-0289 avatar image LuDaiMSFT-0289 JimSmith-1758 ·

@JimSmith-1758 Thanks for your update.

For this simple script, it will only output 2. It doesn't meet the requirement "equal to 1". In theory, this app will not be installed because it doesn't meet the requirement rule.

For this unexpected situation, it is suggested to check logs about requirements under C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension log.
Note: if you want to share some screen shots or meaasges, to protect your private information, please hide them.

If there is anything update, feel free to let us know.

0 Votes 0 ·