在 Windows 电脑上安装 Intune 软件客户端Install the Intune software client on Windows PCs

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

通过安装 Intune 客户端软件来注册 Windows 电脑。Windows PCs can be enrolled by installing the Intune client software. Intune 客户端软件可通过以下方法安装:The Intune client software can be installed by using the following methods:

  • IT 管理员可使用以下方法之一:手动安装、组策略或包括在磁盘映像中的安装By the IT admin, using one of these methods: manual installation, Group Policy, or installation included in a disk image

  • 最终用户可手动安装客户端软件By end users, who manually install the client software

Intune 客户端软件包含向 Intune 管理注册电脑所必需的最低软件配置。The Intune client software contains the minimum software necessary to enroll the PC in Intune management. 注册电脑后,Intune 客户端软件才会下载电脑管理所需的完整客户端软件。After a PC has been enrolled, the Intune client software then downloads the full client software required for PC management.

此系列下载可降低网络带宽的影响,并尽量减少最初在 Intune 中注册电脑时所需的时间。This series of downloads reduces the impact on the network's bandwidth and minimizes the time required to initially enroll the PC in Intune. 它还可确保第二次下载完成后,客户端将具有最新的软件。It also ensures that the client has the most recent software available after the second download has finished.

一个 Intune 许可证允许在最多五台电脑上安装 Intune 客户端软件。One Intune license allows the installation of the Intune client software on up to five PCs.

下载 Intune 客户端软件Download the Intune client software

所有方法都要求 IT 管理员先下载软件才可将其后续部署给最终用户,但用户自行安装 Intune 客户端软件的方法除外。All methods, except those in which users install the Intune client software themselves, require that IT admins download the software first so that it can be subsequently deployed to end users.

  1. Microsoft Intune 管理控制台中,单击“管理员”>“客户端软件下载”。In the Microsoft Intune administration console, click Admin > Client Software Download.

    下载 Intune PC 客户端

  2. 在“客户端软件下载”页上,单击“下载客户端软件”。On the Client Software Download page, click Download Client Software. 然后将包含该软件的 Microsoft_Intune_Setup.zip 包保存到网络上的安全位置。Then save the Microsoft_Intune_Setup.zip package that contains the software to a secure location on your network.

    Intune 客户端软件安装包内附有关你的帐户的唯一特定信息(可在内嵌证书中使用)。The Intune client software installation package contains unique and specific information, which is available through an embedded certificate, about your account. 如果未经授权的用户获得了此安装包的访问权限,则他们可以用该包的嵌入式证书所代表的帐户注册电脑,并可能获得访问公司资源的权限。If unauthorized users gain access to the installation package, they can enroll PCs to the account that is represented by its embedded certificate and might gain access to company resources.

  3. 将安装程序包的内容提取到网络上的安全位置。Extract the contents of the installation package to the secure location on your network.

    重要

    请不要重命名或删除提取的 ACCOUNTCERT 文件,否则客户端软件安装将失败。Do not rename or remove the ACCOUNTCERT file that is extracted, or the client software installation will fail.

手动部署客户端软件Deploy the client software manually

在要安装客户端软件的计算机上,转到客户端软件安装文件所在的文件夹。On the computer(s) on which the client software is going to be installed, go to the folder where the client software installation files are located. 然后运行 Microsoft_Intune_Setup.exe 安装客户端软件。Then run Microsoft_Intune_Setup.exe to install the client software.

备注

将鼠标悬停在客户端电脑上任务栏中的图标上时,将显示安装的状态。The status of the installation is displayed when you hover over the icon in the taskbar on the client PC.

使用组策略部署客户端软件Deploy the client software by using Group Policy

  1. 在包含文件 Microsoft_Intune_Setup.exeMicrosoftIntune.accountcert 的文件夹中,运行以下命令提取适用于 32 位和 64 位计算机且基于 Windows Installer 的安装程序:In the folder that contains the files Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert, run the following command to extract the Windows Installer-based installation programs for 32-bit and 64-bit computers:

    Microsoft_Intune_Setup.exe/Extract <destination folder>
    
  2. Microsoft_Intune_x86.msi 文件、Microsoft_Intune_x64.msi 文件和 MicrosoftIntune.accountcert 文件复制到要安装客户端软件且所有计算机都可访问的一个网络位置。Copy the Microsoft_Intune_x86.msi file, the Microsoft_Intune_x64.msi file, and the MicrosoftIntune.accountcert file to a network location that can be accessed by all computers on which the client software is going to be installed.

    重要

    请不要分隔或重命名文件,否则客户端软件安装将失败。Do not separate or rename the files or the client software installation will fail.

  3. 使用组策略将软件部署到网络上的计算机。Use Group Policy to deploy the software to computers on your network.

    有关如何使用组策略自动部署软件的详细信息,请参阅适用于新手的组策略For more information about how to use Group Policy to automatically deploy software, see Group Policy for Beginners.

将客户端软件部署为映像的一部分Deploy the client software as part of an image

通过使用以下示例过程作为指导,你可以将 Intune 客户端软件作为操作系统映像的一部分部署到计算机:You can deploy the Intune client software to computers as part of an operating system image by using the following procedure as a guide:

  1. 将客户端安装文件 Microsoft_Intune_Setup.exeMicrosoftIntune.accountcert 复制到引用计算机上的 %Systemdrive%\Temp\Microsoft_Intune_Setup 文件夹。Copy the client installation files, Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert, to the %Systemdrive%\Temp\Microsoft_Intune_Setup folder on the reference computer.

  2. 通过向“SetupComplete.cmd”脚本中添加以下命令来创建“WindowsIntuneEnrollPending”注册表项:Create the WindowsIntuneEnrollPending registry entry by adding the following command to the SetupComplete.cmd script:

    %windir%\system32\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Onlinemanagement\Deployment /v
    WindowsIntuneEnrollPending /t REG_DWORD /d 1
    
  3. 将以下命令添加到“setupcomplete.cmd”中,以使用 /PrepareEnroll 命令行参数运行注册程序包:Add the following command to setupcomplete.cmd to run the enrollment package with the /PrepareEnroll command-line argument:

    %systemdrive%\temp\Microsoft_Intune_Setup\Microsoft_Intune_Setup.exe /PrepareEnroll
    

    提示

    SetupComplete.cmd 脚本使 Windows 安装程序能够在用户登录之前修改系统。The SetupComplete.cmd script enables Windows Setup to make modifications to the system before a user signs on. “/PrepareEnroll”命令行参数会将目标计算机准备就绪,以便其在 Windows 安装程序结束后在 Intune 中自动注册。The /PrepareEnroll command-line argument prepares a targeted computer to be automatically enrolled in Intune after Windows Setup finishes.

  4. 将“SetupComplete.cmd”放在引用计算机的“%Windir%\Setup\Scripts”文件夹中。Put SetupComplete.cmd in the %Windir%\Setup\Scripts folder on the reference computer.

  5. 捕获引用计算机的映像,然后将此映像部署到目标计算机。Capture an image of the reference computer and then deploy this to targeted computers.

    完成 Windows 安装程序后重启目标计算机时,会创建“WindowsIntuneEnrollPending”注册表项。When the targeted computer restarts at the completion of Windows Setup, the WindowsIntuneEnrollPending registry key is created. 注册包会检查是否注册了计算机。The enrollment package checks to see if the computer is enrolled. 如果注册了计算机,则不需要采取其他操作。If the computer is enrolled, no further action is taken. 如果未注册计算机,则注册程序包会创建“Microsoft Intune 自动注册任务”。If the computer is not enrolled, the enrollment package creates a Microsoft Intune Automatic Enrollment Task.

    当自动注册任务在下一个计划的时间运行时,它会检查是否存在“WindowsIntuneEnrollPending”注册表值,并尝试在 Intune 中注册目标 PC。When the automatic enrollment task runs at the next scheduled time, it checks the existence of the WindowsIntuneEnrollPending registry value, and it tries to enroll the targeted PC in Intune. 如果注册由于任何原因失败,则下次运行任务时会重新尝试注册。If the enrollment fails for any reason, the enrollment is retried the next time the task runs. 重新尝试会持续一个月。The retries continue for a month.

    注册成功后或一个月后(以先发生者为准),系统就会从目标计算机中删除 Intune 自动注册任务、WindowsIntuneEnrollPending 注册表值和帐户证书。The Intune Automatic Enrollment Task, the WindowsIntuneEnrollPending registry value, and the account certificate are deleted from the targeted computer either when the enrollment is successful or after a month (whichever comes first).

指示用户自行注册Instruct users to self-enroll

用户可通过访问公司门户网站安装 Intune 客户端软件。Users install the Intune client software by going to the Company Portal website. 用户在 Web 门户中所见的确切信息有所不同,具体取决于帐户的 MDM 机构以及用户电脑的 OS 平台和/版本。The exact information that users see in the web portal varies, depending on your account's MDM Authority and the OS platform/version of the user's PC.

如果用户尚未分配 Intune 许可证,或尚未将组织的 MDM 机构设置为 Intune,则不会向用户显示任何注册选项。If users haven't been assigned an Intune license or if the organization's MDM Authority hasn't been set to Intune, users aren't shown any options to enroll.

如果用户已分配 Intune 许可证,且已将组织的 MDM 机构设置为 Intune:If users have been assigned an Intune license, and the organization's MDM Authority has been set to Intune:

  • Windows 7 或 Windows 8 电脑用户将只看到一个选项:通过下载和安装组织唯一的电脑客户端软件注册 Intune。Windows 7 or Windows 8 PC users are shown ONLY the option to enroll to Intune by downloading and installing the PC client software that is unique to their organization.

  • Windows 10 或 Windows 8.1 电脑用户将看到两个注册选项:Windows 10 or Windows 8.1 PC users are shown two enrollment options:

    • 将电脑注册为移动设备:用户选择“了解注册方法”按钮并获取如何将其电脑注册为移动设备的相关说明。Enroll PC as a mobile device: Users choose the Find Out How to Enroll button and are taken to instructions on how to enroll their PC as a mobile device. 此按钮将突出显示,因为 MDM 注册被视为默认的首选注册选项。This button is prominently displayed, because MDM enrollment is considered to be the default and preferred enrollment option. 但是,MDM 选项不适用于本主题,本主题只介绍客户端软件安装。However, the MDM option is not applicable to this topic, which covers only the client software installation.
    • 使用 Intune 客户端软件注册电脑:请让你的用户选择“单击此处下载”链接,然后将转到客户端软件安装。Enroll PC using the Intune client software: You'll need to tell your users to select the Click here to download it link, which takes them through the client software installation.

下表概述了这些选项。The following table summarizes the options.

每个平台的默认注册选项

以下屏幕截图显示用户使用软件客户端注册设备时将看到的内容。The following screenshots show what users see as they enroll their devices using the software client.

首先系统将提示用户标识或注册其设备。Users are first prompted to identify or to enroll their device.

标识或注册设备

若要让用户安装电脑客户端软件,请让他们选择“单击此处下载”链接,这将使用户能够下载电脑客户端软件并完成安装过程。To have your users install the PC client software, you'll need to tell them to select the Click here to download it link, which enables users to download the PC client software and takes them through the installation process. “了解注册方法”按钮可将用户转到一个文档(与这些软件客户端说明无关),该文档说明如何使用 MDM 注册进行注册。The Find out how to enroll button takes users to documentation about how to enroll using MDM enrollment, which is not relevant to these software client instructions.

选择“单击此处下载”链接

用户单击此链接时将看到“下载软件”按钮,选择此按钮可启动电脑客户端软件安装。When users click the link, they see a Download Software button, which they select to start the PC client software installation.

选择“下载软件”按钮

然后会提示用户使用公司凭据进行登录。Users are then asked to sign in with their corporate credentials.

使用凭据登录

用户将被转到安装的欢迎页面。Users are taken to the Welcome page for the installation.

电脑客户端安装的欢迎页面

用户选择“下一步”,然后开始安装。Users choose Next, and the installation starts.

电脑客户端安装的欢迎页面

安装完成后,用户选择“完成”。When the installation completes, users choose Finish.

完成电脑客户端安装

如果用户在使用 Intune 电脑客户端软件注册后,尝试将其电脑注册为移动设备,则会看到以下错误屏幕。If users try to enroll their PC as a mobile device after having already enrolled using the Intune PC client software, they see the following error screen.

如果电脑已注册,则会显示此屏幕

监视和验证成功的客户端部署Monitor and validate successful client deployment

使用下列过程之一来帮助你监视和验证成功的客户端部署。Use one of the following procedures to help you monitor and validate successful client deployment.

通过 Microsoft Intune 管理员控制台验证客户端软件的安装To verify the installation of the client software from the Microsoft Intune administrator console

  1. Microsoft Intune 管理控制台中,单击“组”>“所有设备”>“所有计算机”。In the Microsoft Intune administration console, click Groups > All Devices > All Computers.

  2. 在列表中,查找与 Intune 通信的被管理的计算机,或者在“搜索设备”框中键入计算机名或任何部分名称来搜索特定被管理的计算机。In the list, find the computers that are communicating with Intune, or search for a specific managed computer by typing the computer name (or any part of the name) in the Search devices box.

  3. 在控制台的底部窗格中检查计算机的状态。Examine the status of the computer in the bottom pane of the console. 解决任何错误。Resolve any errors.

创建显示所有注册计算机的计算机清单报表To create a computer inventory report to display all enrolled computers

  1. Microsoft Intune 管理控制台中,单击“报表”>“计算机清单报表”。In the Microsoft Intune administration console, click Reports > Computer Inventory Reports.

  2. 在“创建新报表”页上,将所有字段保留为默认值(除非想要应用筛选器),并单击“查看报表”。On the Create New Report page, leave the default values in all fields (unless you want to apply filters), and then click View Report.

  3. “计算机清单报告”页面会在新窗口中打开,窗口中会显示所有已在 Intune 中成功注册的计算机。The Computer Inventory Report page opens in a new window that displays all computers that are successfully enrolled in Intune.

    提示

    单击报表中的任何列标题以按该列的内容对列表进行排序。Click any column heading in the report to sort the list by the contents of that column.

卸载 Windows 客户端软件Uninstall the Windows client software

有两种方法可以取消注册 Windows 客户端软件:There are two ways to unenroll the Windows client software:

  • 使用 Intune 管理控制台(推荐方法)From the Intune admin console (recommended method)
  • 使用客户端上的命令提示符From a command prompt on the client

通过使用 Intune 管理控制台取消注册Unenroll by using the Intune admin console

若要通过使用 Intune 管理控制台取消注册软件客户端,请转到“组” > “所有计算机” > “设备”。To unenroll the software client by using the Intune admin console, go to Groups > All Computers > Devices. 右键单击客户端,然后选择“停用/擦除”。Right-click the client, and select Retire/Wipe.

通过使用客户端上的命令提示符取消注册Unenroll by using a command prompt on the client

使用提升的命令提示符运行以下命令之一。Using an elevated command prompt, run one of the following commands.

方法 1Method 1:

"C:\Program Files\Microsoft\OnlineManagement\Common\ProvisioningUtil.exe" /UninstallAgents /MicrosoftIntune

方法 2Method 2
请注意:每个 Windows SKU 上都安装了这些代理:Note that all of these agents are installed on every SKU of Windows:

wmic product where name="Microsoft Endpoint Protection Management Components" call uninstall<br>
wmic product where name="Microsoft Intune Notification Service" call uninstall<br>
wmic product where name="System Center 2012 - Operations Manager Agent" call uninstall<br>
wmic product where name="Microsoft Online Management Policy Agent" call uninstall<br>
wmic product where name="Microsoft Policy Platform" call uninstall<br>
wmic product where name="Microsoft Security Client" call uninstall<br>
wmic product where name="Microsoft Online Management Client" call uninstall<br>
wmic product where name="Microsoft Online Management Client Service" call uninstall<br>
wmic product where name="Microsoft Easy Assist v2" call uninstall<br>
wmic product where name="Microsoft Intune Monitoring Agent" call uninstall<br>
wmic product where name="Windows Intune Endpoint Protection Agent" call uninstall<br>
wmic product where name="Windows Firewall Configuration Provider" call uninstall<br>
wmic product where name="Microsoft Intune Center" call uninstall<br>
wmic product where name="Microsoft Online Management Update Manager" call uninstall<br>
wmic product where name="Microsoft Online Management Agent Installer" call uninstall<br>
wmic product where name="Microsoft Intune" call uninstall<br>
wmic product where name="Windows Endpoint Protection Management Components" call uninstall<br>
wmic product where name="Windows Intune Notification Service" call uninstall<br>
wmic product where name="System Center 2012 - Operations Manager Agent" call uninstall<br>
wmic product where name="Windows Online Management Policy Agent" call uninstall<br>
wmic product where name="Windows Policy Platform" call uninstall<br>
wmic product where name="Windows Security Client" call uninstall<br>
wmic product where name="Windows Online Management Client" call uninstall<br>
wmic product where name="Windows Online Management Client Service" call uninstall<br>
wmic product where name="Windows Easy Assist v2" call uninstall<br>
wmic product where name="Windows Intune Monitoring Agent" call uninstall<br>
wmic product where name="Windows Intune Endpoint Protection Agent" call uninstall<br>
wmic product where name="Windows Firewall Configuration Provider" call uninstall<br>
wmic product where name="Windows Intune Center" call uninstall<br>
wmic product where name="Windows Online Management Update Manager" call uninstall<br>
wmic product where name="Windows Online Management Agent Installer" call uninstall<br>
wmic product where name="Windows Intune" call uninstall

提示

客户端取消注册将为受影响的客户端留下过时的服务器端记录。Client unenrollment will leave a stale sever-side record for the affected client. 取消注册过程是异步过程,需要卸载 9 个代理,因此最多需要 30 分钟完成。The unenrollment process is asynchronous, and there are nine agents to uninstall, so it may take up to 30 mins to complete.

检查取消注册状态Check the unenrollment status

检查“%ProgramFiles%\Microsoft\OnlineManagement”并确保左侧仅显示以下目录:Check "%ProgramFiles%\Microsoft\OnlineManagement" and ensure that only the following directories are shown on the left:

  • AgentInstallerAgentInstaller
  • 日志Logs
  • UpdatesUpdates
  • 公用Common

删除 OnlineManagement 文件夹Remove the OnlineManagement folder

取消注册过程不会删除 OnlineManagement 文件夹。The unenrollment process does not remove the OnlineManagement folder. 卸载后等待 30 分钟,然后运行此命令。Wait 30 minutes after the uninstall, and then run this command. 如果过早运行,则卸载可能停留在未知状态。If you run it too soon, the uninstall could be left in an unknown state. 若要删除该文件夹,请启用提升的提示符并运行:To remove the folder, start an elevated prompt and run:

"rd /s /q %ProgramFiles%\Microsoft\OnlineManagement".

后续步骤Next steps

使用 Microsoft Intune 管理 Windows 电脑 客户端安装程序疑难解答Manage Windows PCs with Microsoft Intune Troubleshoot client setup