在 Windows 電腦上安裝 Intune 軟體用戶端Install the Intune software client on Windows PCs

適用於:傳統入口網站中的 IntuneApplies to: Intune in the classic portal

重要

自 2020 年 10 月 15 日起結束對舊版電腦管理的支援。Legacy PC management is going out of support on October 15, 2020. 請將裝置升級至 Windows 10,並重新註冊為 MDM 裝置,讓 Intune 管理它們。Upgrade devices to Windows 10 and reenroll them as MDM devices to keep them managed by Intune.

深入了解Learn more

注意

您可以使用 Microsoft Intune 來管理 Windows 電腦,其方式包括使用行動裝置管理 (MDM) 作為行動裝置來管理,或使用 Intune 軟體用戶端作為電腦來管理,如下所述。You can use Microsoft Intune to manage Windows PCs either as mobile devices with mobile device management (MDM) or as computers with the Intune software client as described below. 不過,Microsoft 建議客戶如有可能盡量使用 MDM 管理解決方案However, Microsoft recommends that customers use the MDM management solution whenever possible. 如需詳細資訊,請參閱比較作為電腦或行動裝置來管理 Windows 電腦For more information see Compare managing Windows PCs as computers or mobile devices

Windows 電腦可藉由安裝 Intune 用戶端軟體進行註冊。Windows PCs can be enrolled by installing the Intune client software. Intune 用戶端軟體可以使用下列方式安裝:The Intune client software can be installed by using the following methods:

  • 透過 IT 系統管理員,使用下列其中一種方法:手動安裝、群組原則或磁碟映像中所含的安裝By the IT admin, using one of these methods: manual installation, Group Policy, or installation included in a disk image

  • 由手動安裝用戶端軟體的使用者安裝By end users, who manually install the client software

Intune 用戶端軟體包含在 Intune 管理中註冊電腦所需的基本軟體。The Intune client software contains the minimum software necessary to enroll the PC in Intune management. 註冊電腦之後,Intune 用戶端軟體接著會下載管理電腦時所需的完整用戶端軟體。After a PC has been enrolled, the Intune client software then downloads the full client software required for PC management.

此系列下載可降低對網路頻寬的影響,並將在 Intune 中初次註冊電腦時所需的時間縮到最短。This series of downloads reduces the impact on the network's bandwidth and minimizes the time required to initially enroll the PC in Intune. 同時也可確保第二個下載完成之後,用戶端都是安裝最新可用的軟體。It also ensures that the client has the most recent software available after the second download has finished.

一個 Intune 授權可允許在最多五部電腦上安裝 Intune 用戶端軟體。One Intune license allows the installation of the Intune client software on up to five PCs.

下載 Intune 用戶端軟體Download the Intune client software

除了使用者自行安裝 Intune 用戶端軟體以外的所有方法,都必須由 IT 管理員先下載軟體,然後才能部署至使用者。All methods, except those in which users install the Intune client software themselves, require that IT admins download the software first so that it can be subsequently deployed to end users.

  1. Microsoft Intune 管理主控台中,按一下 [系統管理] > [用戶端軟體下載] 。In the Microsoft Intune administration console, click Admin > Client Software Download.

    下載 Intune 電腦用戶端

  2. 在 [用戶端軟體下載] 頁面上,按一下 [下載用戶端軟體] 。On the Client Software Download page, click Download Client Software. 接著將包含軟體的 Microsoft_Intune_Setup.zip 套件儲存到網路上的安全位置。Then save the Microsoft_Intune_Setup.zip package that contains the software to a secure location on your network.

    Intune 用戶端軟體安裝套件包含和您的帳戶有關的唯一且專屬的資訊,並可透過內嵌憑證取得。The Intune client software installation package contains unique and specific information, which is available through an embedded certificate, about your account. 若未經授權的使用者能夠取該安裝套件,其便能將電腦註冊到其內嵌憑證所代表的帳戶,從而獲取存取公司資源的權限。If unauthorized users gain access to the installation package, they can enroll PCs to the account that is represented by its embedded certificate and might gain access to company resources.

  3. 將安裝套件的內容解壓縮到您的網路上安全的位置。Extract the contents of the installation package to the secure location on your network.

    重要

    請不要重新命名或移除已解壓縮的 ACCOUNTCERT 檔案,否則用戶端軟體安裝將會失敗。Do not rename or remove the ACCOUNTCERT file that is extracted, or the client software installation will fail.

手動部署用戶端軟體Deploy the client software manually

在將要安裝用戶端軟體的電腦上,移至用戶端軟體安裝檔案所在的資料夾。On the computer(s) on which the client software is going to be installed, go to the folder where the client software installation files are located. 接著執行 Microsoft_Intune_Setup.exe 安裝用戶端軟體。Then run Microsoft_Intune_Setup.exe to install the client software.

注意

當您將游標停留在用戶端電腦上工作列中的圖示上時,即可顯示安裝的狀態。The status of the installation is displayed when you hover over the icon in the taskbar on the client PC.

使用群組原則部署用戶端軟體Deploy the client software by using Group Policy

  1. 在包含 Microsoft_Intune_Setup.exeMicrosoftIntune.accountcert 檔案的資料夾中,執行下列命令以解壓縮適用於 32 位元和 64 位元電腦的 Windows Installer 安裝程式:In the folder that contains the files Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert, run the following command to extract the Windows Installer-based installation programs for 32-bit and 64-bit computers:

    Microsoft_Intune_Setup.exe/Extract <destination folder>
    
  2. Microsoft_Intune_x86.msi 檔案、Microsoft_Intune_x64.msi 檔案及 MicrosoftIntune.accountcert 檔案複製到要安裝用戶端軟體,並可供所有電腦可存取的網路位置。Copy the Microsoft_Intune_x86.msi file, the Microsoft_Intune_x64.msi file, and the MicrosoftIntune.accountcert file to a network location that can be accessed by all computers on which the client software is going to be installed.

    重要

    請勿將這些檔案分開或重新命名,否則用戶端軟體安裝將會失敗。Do not separate or rename the files or the client software installation will fail.

  3. 使用群組原則將軟體部署到您網路上的電腦。Use Group Policy to deploy the software to computers on your network.

    如需有關如何使用群組原則來自動部署軟體的詳細資訊,請參閱適用於新手的群組原則For more information about how to use Group Policy to automatically deploy software, see Group Policy for Beginners.

隨映像一起部署用戶端軟體Deploy the client software as part of an image

您可以使用下列程序作為前導,將 Intune 用戶端軟體隨著作業系統映像一起部署到電腦:You can deploy the Intune client software to computers as part of an operating system image by using the following procedure as a guide:

  1. 將用戶端安裝檔案 Microsoft_Intune_Setup.exeMicrosoftIntune.accountcert 複製到參考電腦的 %系統磁碟機%\Temp\Microsoft_Intune_Setup 資料夾。Copy the client installation files, Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert, to the %Systemdrive%\Temp\Microsoft_Intune_Setup folder on the reference computer.

  2. 將下列命令新增至 SetupComplete.cmd 指令碼,以建立 WindowsIntuneEnrollPending 登錄項目:Create the WindowsIntuneEnrollPending registry entry by adding the following command to the SetupComplete.cmd script:

    %windir%\system32\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Onlinemanagement\Deployment /v
    WindowsIntuneEnrollPending /t REG_DWORD /d 1
    
  3. 將下列命令新增至 setupcomplete.cmd,以使用 /PrepareEnroll 命令列引數執行註冊套件:Add the following command to setupcomplete.cmd to run the enrollment package with the /PrepareEnroll command-line argument:

    %systemdrive%\temp\Microsoft_Intune_Setup\Microsoft_Intune_Setup.exe /PrepareEnroll
    

    提示

    SetupComplete.cmd 指令碼可讓 Windows 安裝程式在使用者登入之前修改系統。The SetupComplete.cmd script enables Windows Setup to make modifications to the system before a user signs on. /PrepareEnroll 命令列引數會準備目標電腦,以在 Windows 安裝程式完成後自動註冊到 Intune 中。The /PrepareEnroll command-line argument prepares a targeted computer to be automatically enrolled in Intune after Windows Setup finishes.

  4. SetupComplete.cmd 放在參照電腦的 %Windir%\Setup\Scripts 資料夾中。Put SetupComplete.cmd in the %Windir%\Setup\Scripts folder on the reference computer.

  5. 擷取參照電腦的映像,然後將映像部署到目標電腦。Capture an image of the reference computer and then deploy this to targeted computers.

    當目標電腦在 Windows 安裝程式完成後重新啟動時,便會建立 WindowsIntuneEnrollPending 登錄機碼。When the targeted computer restarts at the completion of Windows Setup, the WindowsIntuneEnrollPending registry key is created. 註冊套件會檢查電腦是否已經註冊。The enrollment package checks to see if the computer is enrolled. 如果電腦已註冊,將不會採取進一步的動作。If the computer is enrolled, no further action is taken. 如果電腦未註冊,註冊套件會建立「Microsoft Intune 自動註冊工作」。If the computer is not enrolled, the enrollment package creates a Microsoft Intune Automatic Enrollment Task.

    當自動註冊工作在下次排程時間執行時,會檢查 WindowsIntuneEnrollPending 登錄值是否存在,並會嘗試在 Intune 中註冊目標電腦。When the automatic enrollment task runs at the next scheduled time, it checks the existence of the WindowsIntuneEnrollPending registry value, and it tries to enroll the targeted PC in Intune. 如果註冊因為任何原因失敗,工作下次執行時會重新嘗試註冊。If the enrollment fails for any reason, the enrollment is retried the next time the task runs. 重試會持續一個月。The retries continue for a month.

    當註冊成功或經過一個月之後 (取先達到者),將會從目標電腦刪除 Intune 自動註冊工作、WindowsIntuneEnrollPending 登錄值與帳戶憑證。The Intune Automatic Enrollment Task, the WindowsIntuneEnrollPending registry value, and the account certificate are deleted from the targeted computer either when the enrollment is successful or after a month (whichever comes first).

指示使用者自行註冊Instruct users to self-enroll

使用者前往公司入口網站安裝 Intune 用戶端軟體。Users install the Intune client software by going to the Company Portal website. 使用者在 Web 入口網站中看到的實際資訊可能有所不同,視您帳戶的 MDM 授權單位以及使用者電腦的作業系統平台/版本而定。The exact information that users see in the web portal varies, depending on your account's MDM Authority and the OS platform/version of the user's PC.

如果使用者尚未獲指派 Intune 授權,或者組織的 MDM 授權單位尚未設定為 Intune,則使用者看不到任何註冊選項。If users haven't been assigned an Intune license or if the organization's MDM Authority hasn't been set to Intune, users aren't shown any options to enroll.

如果使用者已獲指派 Intune 授權,而且組織的 MDM 授權單位已設定為 Intune:If users have been assigned an Intune license, and the organization's MDM Authority has been set to Intune:

  • Windows 7 或 Windows 8 電腦使用者下載並安裝組織特有的電腦用戶端軟體,才會看到註冊 Intune 選項。Windows 7 or Windows 8 PC users are shown ONLY the option to enroll to Intune by downloading and installing the PC client software that is unique to their organization.

  • 會向 Windows 10 或 Windows 8.1 電腦使用者顯示兩個註冊選項︰Windows 10 or Windows 8.1 PC users are shown two enrollment options:

    • 將電腦註冊為行動裝置:使用者選擇 [了解如何註冊] 按鈕,並取得如何將其電腦註冊為行動裝置的指示。Enroll PC as a mobile device: Users choose the Find Out How to Enroll button and are taken to instructions on how to enroll their PC as a mobile device. 因為會將 MDM 註冊視為預設和慣用註冊選項,所以會以醒目方式顯示此按鈕。This button is prominently displayed, because MDM enrollment is considered to be the default and preferred enrollment option. 不過,MDM 選項不適用於本主題,本主題僅涵蓋用戶端軟體安裝。However, the MDM option is not applicable to this topic, which covers only the client software installation.
    • 使用 Intune 用戶端軟體註冊電腦︰您需要告訴使用者選取 [Click here to download it](按一下這裡下載) 連結,以引導他們進行用戶端軟體安裝。Enroll PC using the Intune client software: You'll need to tell your users to select the Click here to download it link, which takes them through the client software installation.

下表摘要說明選項。The following table summarizes the options.

每個平台的預設註冊選項

下列螢幕擷取畫面顯示使用者在使用軟體用戶端註冊其裝置時看到的內容。The following screenshots show what users see as they enroll their devices using the software client.

系統會先提示使用者識別或註冊其裝置。Users are first prompted to identify or to enroll their device.

識別或註冊裝置

若要讓使用者安裝電腦用戶端軟體,則需要告訴他們選取 [Click here to download it](按一下這裡下載) 連結,讓使用者下載電腦用戶端軟體,並帶領他們進行安裝程序。To have your users install the PC client software, you'll need to tell them to select the Click here to download it link, which enables users to download the PC client software and takes them through the installation process. [了解如何註冊] 按鈕會將使用者帶至有關如何使用 MDM 註冊來註冊的文件,而這與這些軟體用戶端指示無關。The Find out how to enroll button takes users to documentation about how to enroll using MDM enrollment, which is not relevant to these software client instructions.

選擇 [Click here to download it](按一下這裡下載) 連結

使用者按一下連結時,就會看到 [下載軟體] 按鈕,只要選取它就會啟動電腦用戶端軟體安裝。When users click the link, they see a Download Software button, which they select to start the PC client software installation.

選擇 [下載軟體] 更新

系統接著會要求使用者使用其公司認證登入。Users are then asked to sign in with their corporate credentials.

使用您的認證登入

系統會將使用者帶至安裝的 [歡迎使用] 頁面。Users are taken to the Welcome page for the installation.

電腦用戶端安裝的歡迎使用頁面

使用者選擇 [下一步] ,然後安裝開始。Users choose Next, and the installation starts.

電腦用戶端安裝的歡迎使用頁面

安裝完成時,使用者選擇 [完成] 。When the installation completes, users choose Finish.

完成電腦用戶端安裝

如果使用者嘗試在已使用 Intune 電腦用戶端軟體註冊之後將電腦註冊為行動裝置,則會看到下列錯誤畫面。If users try to enroll their PC as a mobile device after having already enrolled using the Intune PC client software, they see the following error screen.

顯示是否已註冊電腦的畫面

監視並驗證成功的用戶端部署Monitor and validate successful client deployment

請使用下列其中一個程序協助您監視及驗證成功的用戶端部署。Use one of the following procedures to help you monitor and validate successful client deployment.

若要從 Microsoft Intune 系統管理員主控台確認用戶端軟體的安裝To verify the installation of the client software from the Microsoft Intune administrator console

  1. Microsoft Intune 管理主控台中,按一下 [群組] > [所有裝置] > [所有電腦] 。In the Microsoft Intune administration console, click Groups > All Devices > All Computers.

  2. 在清單中,尋找正與 Intune 通訊的受管理電腦,或在 [搜尋裝置] 方塊中,輸入電腦名稱或局部名稱來搜尋特定的受管理電腦。In the list, find the computers that are communicating with Intune, or search for a specific managed computer by typing the computer name (or any part of the name) in the Search devices box.

  3. 從主控台的下方窗格中,查看電腦的狀態。Examine the status of the computer in the bottom pane of the console. 解決任何錯誤。Resolve any errors.

若要建立電腦清查報表以顯示所有已註冊的電腦To create a computer inventory report to display all enrolled computers

  1. Microsoft Intune 管理主控台中,按一下 [報表] > [電腦清查報表] 。In the Microsoft Intune administration console, click Reports > Computer Inventory Reports.

  2. 在 [建立新報表] 頁面上,保留所有欄位的預設值 (除非您要套用篩選器),然後按一下 [檢視報表] 。On the Create New Report page, leave the default values in all fields (unless you want to apply filters), and then click View Report.

  3. [電腦清查報表] 頁面會隨即在新視窗中開啟,顯示已在 Intune 中註冊成功的所有電腦。The Computer Inventory Report page opens in a new window that displays all computers that are successfully enrolled in Intune.

    提示

    按一下報表中的任意欄標題,依該欄的內容排序清單。Click any column heading in the report to sort the list by the contents of that column.

將 Windows 用戶端軟體解除安裝Uninstall the Windows client software

有兩種方法可以取消註冊 Windows 用戶端軟體:There are two ways to unenroll the Windows client software:

  • 從 Intune 管理主控台 (建議的方法)From the Intune admin console (recommended method)
  • 從用戶端的命令提示字元From a command prompt on the client

使用 Intune 管理主控台取消註冊Unenroll by using the Intune admin console

若要使用 Intune 管理主控台取消註冊軟體用戶端,請移至 [群組] > [所有電腦] > [裝置] 。To unenroll the software client by using the Intune admin console, go to Groups > All Computers > Devices. 以滑鼠右鍵按一下用戶端,然後選取 [淘汰/抹除] 。Right-click the client, and select Retire/Wipe.

使用用戶端上的命令提示字元取消註冊Unenroll by using a command prompt on the client

使用已提高權限的命令提示字元執行下其中一個命令。Using an elevated command prompt, run one of the following commands.

方法 1Method 1:

"C:\Program Files\Microsoft\OnlineManagement\Common\ProvisioningUtil.exe" /UninstallAgents /MicrosoftIntune

方法 2 請注意,並非每個 Windows 的 SKU 上都已安裝這些代理程式:Method 2 Note that all of these agents are installed on every SKU of Windows:

wmic product where name="Microsoft Endpoint Protection Management Components" call uninstall
wmic product where name="Microsoft Intune Notification Service" call uninstall
wmic product where name="System Center 2012 - Operations Manager Agent" call uninstall
wmic product where name="Microsoft Online Management Policy Agent" call uninstall
wmic product where name="Microsoft Policy Platform" call uninstall
wmic product where name="Microsoft Security Client" call uninstall
wmic product where name="Microsoft Online Management Client" call uninstall
wmic product where name="Microsoft Online Management Client Service" call uninstall
wmic product where name="Microsoft Easy Assist v2" call uninstall
wmic product where name="Microsoft Intune Monitoring Agent" call uninstall
wmic product where name="Windows Intune Endpoint Protection Agent" call uninstall
wmic product where name="Windows Firewall Configuration Provider" call uninstall
wmic product where name="Microsoft Intune Center" call uninstall
wmic product where name="Microsoft Online Management Update Manager" call uninstall
wmic product where name="Microsoft Online Management Agent Installer" call uninstall
wmic product where name="Microsoft Intune" call uninstall
wmic product where name="Windows Endpoint Protection Management Components" call uninstall
wmic product where name="Windows Intune Notification Service" call uninstall
wmic product where name="System Center 2012 - Operations Manager Agent" call uninstall
wmic product where name="Windows Online Management Policy Agent" call uninstall
wmic product where name="Windows Policy Platform" call uninstall
wmic product where name="Windows Security Client" call uninstall
wmic product where name="Windows Online Management Client" call uninstall
wmic product where name="Windows Online Management Client Service" call uninstall
wmic product where name="Windows Easy Assist v2" call uninstall
wmic product where name="Windows Intune Monitoring Agent" call uninstall
wmic product where name="Windows Intune Endpoint Protection Agent" call uninstall
wmic product where name="Windows Firewall Configuration Provider" call uninstall
wmic product where name="Windows Intune Center" call uninstall
wmic product where name="Windows Online Management Update Manager" call uninstall
wmic product where name="Windows Online Management Agent Installer" call uninstall
wmic product where name="Windows Intune" call uninstall

提示

取消註冊用戶端時,會針對受影響用戶端留下伺服器端過時記錄。Client unenrollment will leave a stale server-side record for the affected client. 取消註冊是非同步的,且有九個代理程式要解除安裝,因此最多可能需要 30 分鐘才能完成。The unenrollment process is asynchronous, and there are nine agents to uninstall, so it may take up to 30 mins to complete.

檢查取消註冊狀態Check the unenrollment status

檢查 "%ProgramFiles%\Microsoft\OnlineManagement",並確認左側只有顯示下列目錄:Check "%ProgramFiles%\Microsoft\OnlineManagement" and ensure that only the following directories are shown on the left:

  • AgentInstallerAgentInstaller
  • 記錄Logs
  • UpdatesUpdates
  • CommonCommon

移除 OnlineManagement 資料夾Remove the OnlineManagement folder

取消註冊程序不會移除 [OnlineManagement] 資料夾。The unenrollment process does not remove the OnlineManagement folder. 解除安裝之後請等候 30 分鐘,然後執行此命令。Wait 30 minutes after the uninstall, and then run this command. 如果太早執行,解除安裝程序可能會停留在未知狀態。If you run it too soon, the uninstall could be left in an unknown state. 若要移除資料夾,請啟動已提高權限的命令提示字元並執行:To remove the folder, start an elevated prompt and run:

rd /s /q %ProgramFiles%\Microsoft\OnlineManagement

後續步驟Next steps

使用 Intune 軟體用戶端執行的一般 Windows 電腦管理工作Common Windows PC management tasks with the Intune software client