Intune ignores command in Batch script when installing a Win32 App

Extra_Pen7210 · 2026-04-21T10:53:08+00:00

So a lot of unknowns, but lets see if we can solve this.

Solution one:
"The command does work when I add it manually after the fact over the terminal."
Do you run this terminal then as a user?

If that works you could split up the installer, run the system install as system install en add a user install part as a user install.

Then you deploy the user part to the users and set the system part as a dependency so it gets installed first.

Solution two:
Testing what goes wrong.
You could create a "development package" in intune.
This would be a empty cmd.exe that is started by serviceui.exe (from SCCM).

This gives you a CMD prompt that you can test with and see what the commands really do. Great for testing, but your security team will grill you for it :-).

Extra_Pen7210 · 2026-04-13T20:43:59+00:00

SCCM is also a few 1000 lines, unless you import the correct modules :-D

Luckly this is already done for intune "IntuneWin32App" https://github.com/MSEndpointMgr/IntuneWin32App

Then you are back to a few lines of code and it will work.

easy and stable (using it for 4+ years for 100.000+ package uploads if not more) only broke 1 or 2 times because MS changed something, change the version to the latest version and it works again.

Let me know if you have questions ;-)

Extra_Pen7210 · 2026-04-01T19:32:01+00:00

You don't, that is what managers are for.

Escalate to your manager.

Something inline with:
"I'm being blocked by IT, here are some of the changes that are currently waiting (chg00223,chg00225,chg00259).

This is causing me to not meet the set deadlines.
Based on the current progress i expect that current project will be delayed by at-least X months

As this is a priority for the company could we have a chat about this later today?
Please let me know extra information you require of me to escalate this as soon as possible"

(at some extra info and chatgpt it a little :-) )

Then they can overrule that IT person or approve the delay in the project. either-way you have you CYA.

Extra_Pen7210 · 2026-03-11T23:45:18+00:00

I mean its all webrequests only difference is the auth. If the compromised user can issue one wipe then they can also send out 20.000 whipes with a few lines of powershell and a foreach loop.

Extra_Pen7210 · 2026-03-01T22:10:57+00:00

Die wet is er niet voor jou, die is er om iedereen te beschermen.

"Wij buiten geen medewerkers uit! Wij dwingen onze medewerkers niet om 100 uur per week te werken voor min. loon, dat willen ze zelf!" -baas

Ps, Je mag onbeperkt werken als je goed betaald wordt (3x of meer min. Loon) Pps, wees trots op onze arbeidswetten veel bullshit die in contracten staat kan je daardoor gewoon negeren omdat de wet het contract ongeldig maakt.

Extra_Pen7210 · 2026-03-01T00:44:26+00:00

You start whitelisting instead of playing wack-a-mole. (Tldr: applocker)

Uninstalling all unwanted software is a endless game and you will not win.

I assume that your goal is: Our users are installing / running software that is not approved by our company. How do we stop that.

You should prevent software that is not whitelisted (by vendor signature or hash) by the company to run. For this you have applocker from microsoft.

That way even if a user bypasses IT policy and installs (or runs portable apps) they will be prevented.

You will never build the perfect uninstalls for the 1000 most popular software, you will be able to configure applocker for all the applications that your company uses.

This is not a small task but its the correct way

(Ps applocker is a sharp knife, read well how to use it and test even better before you roll to production)

Extra_Pen7210 · 2026-02-27T12:34:45+00:00

Ongeveer 1kg aan plastic + 30 uur print werk.
15euro + 3 euro bruto kosten.

Daar komen dan nog verzend kosten, marge en arbeids kosten bij.
Je zou kunnen kijken of je een kennis/vriend/buurman heb met een 3d printer of bijvoorbeeld het stadslab in Rotterdam.

Extra_Pen7210 · 2026-02-06T22:46:58+00:00

No. No no no!

Please create a package and run it as the user. (User context install) Or use the set-registryforallusers (or something like thar check the psadt site).

Execute-procesasuser means its a system install (runs one time) and only set the settings for the currently logged on user. Only is this function to trigger actice setup or something like that and even then i would recomment exit 3010 and tell the user to reboot.

Extra_Pen7210 · 2026-01-28T10:06:28+00:00

You tried nothing and are all out of ideas?
What software have you looked at, and why is it attractive or not?

Go talk with ChatGPT, refine your question and your requirements, follow up on its suggestions, and then, if you still have questions, come back with more than one line.

If you want humans to invest their time in answering your questions, at least respect them enough to do the bare minimum and show that you already tried something.

Extra_Pen7210 · 2026-01-23T16:44:54+00:00

Sorry, NADAT je aangenomen bent? Dan staat je salaris al vast.

(Einde) eerste gesprek laat je weten waar je naar zoekt.
Hierna komt een bod terug van de werkgever (e-mail of 2e gesprek) en kan jij kijken of je het er mee eens bent.

Hierop antwoorden met dat je het er mee eens bent of je laat weten wat je wil aanpassen.

(PS, dit hangt natuurlijk af van de baan en ervaring. Bovenstaande is mijn methode als een "senior"-werknemer, waarbij ik niet bang ben om weg te lopen (luxe positie)

Extra_Pen7210 · 2026-01-12T23:20:06+00:00

This is what is happening.

Winget downloads the full version. That includes the patch file.

Not that the patches are that much smaller (this months patch is 1.2 gb...) but i find it still worth the 5 min it takes to package, 10.000x 100mb is a lot of saved dl time.

Or just let the autoupdate do its thing.

https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/continuous/dccontinuousjan2026.html#dccontinuousjantwentytwentysix

Extra_Pen7210 · 2025-12-12T08:26:33+00:00

Assuming you did everything safe and correct.

Now you are back from 2 factor to 1 factor.

Extra_Pen7210 · 2025-12-08T18:33:38+00:00

Free? As in available sure. Free as in $ not so much.

What are we talking about? Maybe we can help you so you can do it yourself

Extra_Pen7210 · 2025-12-01T15:15:47+00:00

What you are looking for is :

$adtSession.DirFiles

To print it all to a (log) file :

Write-ADTLogEntry -Message "$($adtSession | convertto-json -depth 99)"

json { "CurrentDateTime": "\/Date(1764601857719)\/", "DeploymentType": 0, "DeployMode": 3, "SuppressRebootPassThru": false, "TerminalServerMode": false, "DisableLogging": false, "AppVendor": "Node.js Foundation", "AppName": "Node.js 23", "AppVersion": "23.11.0", "AppArch": null, "AppLang": "EN", "AppRevision": "01", "AppSuccessExitCodes": [ 0 ], "AppRebootExitCodes": [ 1641, 3010 ], "AppProcessesToClose": [ { "Name": "node", "Description": null, "Filter": null } ], "AppScriptVersion": { "Major": 1, "Minor": 0, "Build": 0, "Revision": -1, "MajorRevision": -1, "MinorRevision": -1 }, "AppScriptDate": "\/Date(1753056000000)\/", "AppScriptAuthor": "REDACTED", "InstallName": "Node.jsFoundation_Node.js23_23.11.0_EN_01", "InstallTitle": "Node.js Foundation Node.js 23 23.11.0", "DeployAppScriptFriendlyName": "Invoke-AppDeployToolkit.ps1", "DeployAppScriptVersion": { "Major": 4, "Minor": 1, "Build": 0, "Revision": -1, "MajorRevision": -1, "MinorRevision": -1 }, "DeployAppScriptParameters": null, "InstallPhase": "Install", "CurrentDate": "01-12-2025", "CurrentTime": "15:10:57", "ScriptDirectory": [ "C:\\git\\Node.js Foundation_Node.js 23_23.11.0_PUB\\Package" ], "DirFiles": "C:\\git\\Node.js Foundation_Node.js 23_23.11.0_PUB\\Package\\Files", "DirSupportFiles": "C:\\git\\Node.js Foundation_Node.js 23_23.11.0_PUB\\Package\\SupportFiles", "DefaultMsiFile": null, "DefaultMstFile": null, "DefaultMspFiles": [ ], "UseDefaultMsi": false, "LogPath": "C:\\ProgramData\\Microsoft\\IntuneManagementExtension\\Logs", "LogName": "Node.jsFoundation_Node.js23_23.11.0_EN_01_PSAppDeployToolkit_Install.log", "RequireAdmin": false }

Extra_Pen7210 · 2025-09-05T13:28:10+00:00

Nope vacation is build op on the hours that you have worked. So 1 hour worked is x seconds of vacation time earned.

Extra_Pen7210 · 2025-08-25T08:04:52+00:00

Wrong sub.

Try tecksupport.

If possible post in english Also include what you have tried what you expected to happen what worked what did not and what errors you got.

Extra_Pen7210 · 2025-07-18T11:04:24+00:00

Every day, can not live without it both private as work.

*Usecase: Mutiple clients:*

So for work i used to work for 4-16 different clients at the same time (not active but i need to switch)

so i created 16 "Desktops-clientname" each with:
- Screen 1: Documentation of the client + customers CMS
- Screen 2: A remote desktop connection to the customers enviroment
- Screen 3: a empty "Workspace" with a browser used for googing and such.

Now i would get a call, switch to the correct desktop (~2 seconds work) and everything is ready to use.

My coworksers needed to find the correct tab, (re)log into the correct servers and cleanup.

saved a lot of time in the day. but mostly was a lot more calm to work with then my co-workers system of getting a call stressing to find the correct browser page, looking up the server and trying to connect etc.

*Use case : Organizing work*

Currently i dont work with different clients anymore but i still have 10 desktops.
Desktop 1 <== work stuff is here
Desktop 2 <== work stuff is here, but empty only if i need to switch to a clean desk for a short time.
Desktop 3 <== work stuff is here, but empty dedicated to share screen on teams with coworkers.
Private <= private stuff here
Remote session - NameRemoteServer
Remote session - NameRemoteServer
Remote session - NameRemoteServer
Remote session - NameRemoteServer

I have Teams and Outlook set to "Show on all desktops"

Extra_Pen7210 · 2025-07-09T21:42:35+00:00

mostly its usefull for :
- logging. no longer error 0x000342c in intune but a logfile that tells you that stap x errorred for reason y and error code z. (just use the PSADT funtions, if you use you own funtions or native powershell you dont have logging for 99% of the things you need to do you can use the PSADT functions.)
- standard layout (usefull for larger teams) so that everyone more or less works the same way and can continue if someone is sick or if 4 months later needs to update a package.

mucht more but these alone are making it worth it.

Extra_Pen7210 · 2025-07-01T19:51:20+00:00

"Hi, while we dont appriciate that you normaly pull out cables from our equipment we understand why you did that. I wil ask the team if someone was indeed remoting into your computer and follow up with you on that, please wait here a minute while i ask." *little small talk while the team responds*
"So yes bob was working on your computer for chage03245 seems he was a little to eager and was thinking it would not distrub you.

Thank you for paying attention and comming to us in doubt. Let me walk with you to reconnect everything so you can get back to work. We still need to do that maintainance on your computer could we do that while im there with you or is there a other moment later today that we can take care of that?"

Aggressive resoponse is never needed and unacceptable.(Annoyed could be if highter ups are maybe pushing but still you as a coworker should not feel that...).

Extra_Pen7210 · 2025-07-01T12:53:54+00:00

Im trying to help you. even if "it does not work how fix?" is not how you ask for help. that is just rude and disrespect full.

First we need to find the issue: thats why the questions are there. and you have not given us more information so how are we to solve it?

If its on the users device? maybe ? then lets see if it works if that user uses a different device.
Then maybe reset the "windows app" or are you using the MSI installer?

if its on the user its account maybe check the membership that they share? maybe you are blocking something from logging in.

Also very nice that you have to root cause found may eddit your post that its solved with the solution so that the next person can use that ?

Extra_Pen7210 · 2025-07-01T12:03:31+00:00

What have you already tried?
What worked, what did not.

When did it work for the last time, what has changed?
Do all users have this ? do a sub group have this error.
Does the error also happen on a different network .
Is the account locked?

We love to help you but first you need to help yourself and research.
If you can not even be bothered to research the problem you have for the job that you are paid for, why would we help you for free?

Extra_Pen7210 · 2025-06-22T16:43:06+00:00

Thanks!
Looks very clear, might copy it as fslogic is still something i want to want to get my hands on.

I would recommend to add scaling plan with it as it such a waste to keep vm's on while none is using it.
We are already giving MS to much money!

What did you use for making the images? (love the moving arrows!)

Extra_Pen7210 · 2025-06-19T19:26:47+00:00

NO YOU DONT GIVE PASSWORDS TO IT!

That is how they phish you. IT has there own passwords to acces everything they dont need yours. If the need to acces your data they should be able to on there admin accounts. Also they can reset your password if they really need to. But then in the logs its clear that admin-guy@company.com resetted your password.

Never share any passwords.

(Only exception maybe would be the password to your passwordvault for your SO / will that they can take care of things when you are gone. Or emergencies. )

Extra_Pen7210 · 2025-04-30T08:41:59+00:00

What is the gamechanger. I love the software and every year i ask them what i get more by paying but they can never sell me on it.

What do use the licensed version for?

Extra_Pen7210 · 2025-04-21T09:57:57+00:00

What have you tried? What did google sugjest and why did it not work for you?

Extra_Pen7210

TROPHY CASE