This blog article covers how to deploy Windows Features like Windows Sandbox or Hyper-V with Microsoft Intune.
- Spoilt For Choice
- The approach
- PowerShell script for installation/uninstallation (WindowsSandbox.ps1)
- Custom Detection Script (DetectWindowsSandbox.ps1)
- Create Windows app (Win32) package
- Deploy Application with Microsoft Intune
Spoilt For Choice
Like so often, Microsoft Intune offers several ways to deploy Windows features. Windows features can be deployed via Intune PowerShell Scripts, Proactive Remediations Scripts or Windows Apps (Win32). Since the PowerShell Scripts and Proactive Remediations Scripts option does not allow you to easily uninstall the features after deployment, my favorite method is to deploy them via Windows Apps (Win32).
The approach
For the installation/uninstallation we use a PowerShell script, convert this via Win32PrepTool into the .intunewin format, and then distribute the package via Windows app (Win32). The detection is done by a custom detection script.
PowerShell script for installation/uninstallation (WindowsSandbox.ps1)
Param(
[Parameter(Mandatory=$true)]
[ValidateSet("Install", "Uninstall")]
[String[]]
$Mode
)
If ($Mode -eq "Install")
{
Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online -NoRestart
}
If ($Mode -eq "Uninstall")
{
Disable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -Online -NoRestart
}
If you want to deploy a different Windows feature than Windows Sandbox, only the FeatureName value needs to be adjusted. A few examples:
| Windows Features | PowerShell |
|---|---|
| Hyper-V | -FeatureName “Microsoft-Hyper-V” |
| Microsoft .NET Framework 3.5 | -FeatureName “NetFx3” |
| Windows Sandbox | -FeatureName “Containers-DisposableClientVM” |
| Windows Subsystem for Linux (WSL) | -FeatureName “Microsoft-Windows-Subsystem-Linux” |
Custom Detection Script (DetectWindowsSandbox.ps1)
Since Windows features are only installed during a reboot process, I recommend using a custom detection script as the detection method. This way the status can be checked immediately via PowerShell with Get-WindowsOptionalFeature. Other detection methods such as File or Registry can detect the detection only after a reboot, after the installation of the application.
$featureName = "Containers-DisposableClientVM"
if((Get-WindowsOptionalFeature -Online -FeatureName $featureName).State -eq "Enabled")
{
Write-host "Windows Optional Feature $featureName is enabled"
Exit 0
}
else
{
Write-host "Windows Optional Feature $featureName is not enabled"
Exit 1
}
If you want to deploy a Windows feature other than Windows Sandbox, only the $featureName variable needs to be adjusted.
Create Windows app (Win32) package
With the Win32PrepTool (IntuneWinAppUtil.exe) we now create the package. The tool is available on GitHub:
https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool
We start the command prompt (cmd.exe) as administrator and start the Win32PrepTool (IntuneWinAppUtil.exe).
| Win32PrepTool Settings | Comments |
|---|---|
| Please specify the source folder: | Here you have to specify where the installation/uninstallation PowerShell script (WindowsSandbox.ps1) is located. Example: C:\Temp\Source |
| Please specify the setup file: | Here you have to specify the name of the installation/uninstallation PowerShell script. Example: WindowsSandbox.ps1 |
| Please specify the output folder: | Here you can specify where the package should be stored. Example: C:\Temp |
Deploy Application with Microsoft Intune
Now we are ready and can deploy the application with Microsoft Intune:
Apps – Windows – Add – Windows app (Win32) – Select – Select app package file: select the previously created intunewin package (WindowsSandbox.intunewin)
| Windows app (Win32) Settings | Comments |
|---|---|
| App information – Name: | Enter any name for the Windows feature Example: Windows Sandbox |
| App information – Description | Enter any Description for the Windows feature Example: Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. |
| App information – Publisher | Enter Publisher Example: Microsoft |
| App information – Logo | Upload Logo for the Windows feature Example: sandbox.png |
| Program – Install command | powershell.exe -ExecutionPolicy Bypass -file WindowsSandbox.ps1 -Mode Install If your PowerShell script is named differently, this must be adapted |
| Program – Uninstall command | powershell.exe -ExecutionPolicy Bypass -file WindowsSandbox.ps1 -Mode Uninstall If your PowerShell script is named differently, this must be adapted |
| Program – Install behavior | System |
| Requirements – Operating system architecture | 64-bit |
| Requirements – Minimum operating system | Select the minimum operating system for the installation Example: Windows 10 21H1 |
| Detection Rules | Use a custom detection script: Select previously created custom detection script (DetectWindowsSandbox.ps1) |
| Dependencies | Is not required. Can be skipped |
| Supersedence (preview) | Is not required. Can be skipped |
| Assignments | Select Assignments and Create Application |
Last but not least, it should be noted that the installation and uninstallation of Windows features always happens during the reboot process. Therefore, a manual reboot must always be scheduled as soon as a Windows feature is installed or uninstalled.
Gobisweb 