Sign in
 
HomeWindows 8Windows 7Windows VistaWindows XPMDOPWindows IntuneLibraryForums
Windows Client >
Remote Install of Windows Intune V2 through email? can this be done?

问题 Remote Install of Windows Intune V2 through email? can this be done?

  • Friday, March 23, 2012 4:46 PM
     
     
    Sign In to Vote
    0

    Hi Forum,

    Ok now I have been wondering if this is at all possible. Say I have 100 Users who all need an Install of the Windows Intune client software found in the Intune administration page. The PC's are all stand alone and in different locations, and the Users have no admin rights and are not tech savvy at all. I have the Local admin rights username and password.

    I need to build a script (or something) to be able to email each User so that when they click a button Intune installs on to their machine and I can operate from there. Most PC's run XP Pro and lets say 5 have Win7 Pro.

    Can this be done, and whats the best way to go about this?

    Thanks in advance!
    NN

    • Moved by Rich Prescott Friday, March 23, 2012 10:23 PM Intune client installs (From:The Official Scripting Guys Forum!)
    •  
     

All Replies

  • Friday, March 23, 2012 5:35 PM
     
     
    Sign In to Vote
    0

    Hi,

    This isn't really a scripting question, but my recommendation about this is to use a software installation GPO. You can ask about that in a GPO forum.

    Bill

     
  • Friday, March 23, 2012 6:13 PM
     
     
    Sign In to Vote
    0

    I don't believe INTune is about managing domain PCs.  It is intended for 'Cloud' based systems that ae not part of a domain.  It allows us to deploy software and updates through the cloud.

    The deplotyment method for InTune is to send you users to a web page and have them run the web based installer.  They will, of course, have to log in as admin.

    After intune is deployed you can install software remotely in a way similar to Group Policy.

    You best bet is to remoote into teh systems with RDP and do the instralls yourself ujnless yo want to give everyone your admin password.

    ¯\_(ツ)_/¯

     
  • Monday, March 26, 2012 7:55 AM
     
     
    Sign In to Vote
    0

    The PC's are not under a domain and I cannot use group policy, so I am now wondering if this is possible?

    It literally has to come through something like an email and just install with the certificate at a click of a button, maybe using SkyDrive?

    RDP is the worst case scenario but it is very time consuming, Im wondering if anyone out there knows of a possible solution?

     
  • Monday, March 26, 2012 6:20 PM
    Moderator
     
     
    Sign In to Vote
    0

    Hi NN,

    Have you investigated using PSexec?  You could remotely install Windows Intune without having to RDP to machines (you'd just need access to machines on the network and admin credentials.)

    http://technet.microsoft.com/en-us/sysinternals/bb897553

    Because the users are non-admins you would have to embed your credentials into a script or create a custom package that launches as system or your account which could pose a security risk.

    Thanks,

    Jon L. - MSFT

     
  • Monday, April 02, 2012 2:24 PM
     
     
    Sign In to Vote
    0

    Hi NN

    What about using an app/msi repackager to create a single exe that extracts Intune setup and the cert to a folder and then starts the installation?

    If you knew in advance which clients were 32 bit and which were 64 bit you could split the _x86 and _x64 MSIs out and package them with the certificate to save a few MB, but I don't think it would be worth the hassle except in extreme cases, which probably wouldn't be that useful for Intune anyway.

    regards
    Mark

    http://intuned.net

     
  • Monday, April 02, 2012 2:51 PM
     
     
    Sign In to Vote
    0

    Hi All,

    Thanks for all the responses.

    * I placed a .zip on a webpage, so that a user can click on, open and run the batch file.

    I tried looking into the PsExec, i didnt have much joy with that. The script I used and saved into a .bat file:

    @Echo Off
    copy /Y psexec.exe %temp%
    copy /Y Windows_Intune_Setup.exe %temp%
    copy /Y WindowsIntune.accountcert %temp%
    cd %temp%
    PsExec.exe /accepteula -u AdminA -p PASS@WORD Windows_Intune_Setup.exe /quiet
    Echo Done

    This unzips all 3 files and then places them in a temp folder, the PsExec is then put in a temp folder that the unzip software creates also, making it impossible to know the exact folder to point to, this in-turn makes it impossible to run the PsExec automatically.

    What could i do to make this work?

    Maybe i could use FTP to do this, if anyone knows a way round?

    Thanks in Advance!


    • Edited by Naked Nuts Monday, April 02, 2012 2:53 PM *additional
    •  
     
  • Monday, April 02, 2012 4:22 PM
     
     
    Sign In to Vote
    0

    No matter what you do you will have to expose your admin pasword in an email.

    The users will have to be admins to run this and should just use the web installer. 

    What you are trying to do is hard or impossible to make work because the system is designed, for security reasons, to not allow this type of installation to happen.

    ¯\_(ツ)_/¯

     
  • Tuesday, April 03, 2012 3:53 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi All,

    Thanks for all the responses.

    * I placed a .zip on a webpage, so that a user can click on, open and run the batch file.

    I tried looking into the PsExec, i didnt have much joy with that. The script I used and saved into a .bat file:

    @Echo Off
    copy /Y psexec.exe %temp%
    copy /Y Windows_Intune_Setup.exe %temp%
    copy /Y WindowsIntune.accountcert %temp%
    cd %temp%
    PsExec.exe /accepteula -u AdminA -p PASS@WORD Windows_Intune_Setup.exe /quiet
    Echo Done

    This unzips all 3 files and then places them in a temp folder, the PsExec is then put in a temp folder that the unzip software creates also, making it impossible to know the exact folder to point to, this in-turn makes it impossible to run the PsExec automatically.

    What could i do to make this work?

    Maybe i could use FTP to do this, if anyone knows a way round?

    Thanks in Advance!


    Hi NN,

    I suggested using PSEXEC as a way to remotely install the application for you, not to install it via a script/batch with your password embedded.  PSEXEC would be an easy way you could remotely install Windows Intune without having to give out your administrator password.  You should never embed your administrator password in script or batch file.

    Thanks,

    Jon L. - MSFT

     
  • Tuesday, April 03, 2012 4:02 AM
     
     
    Sign In to Vote
    0

    Can you please send me a link to the web page so I can get your password.  I could use it to contact and manage your users systems for you if you like;)

    Placing an administrator password on a web page is the dumbest thing I have heard for a long time.

    I have implement Intune and I am telling you that you need to have the users run this under their administrator account.   You can have them call you for the password to enter when they use 'Run As' to install the package.

    The instuctions for how to do this are on the Intue web site.  You cannot do it any other way. The Windwos security system will not allow you to do this by design.

    ¯\_(ツ)_/¯


     
  • Tuesday, April 03, 2012 9:40 AM
     
     
    Sign In to Vote
    0

    I understand the whole Password thing is an issue, thanks for the heads up. None of this is on anything but a test lab I have set-up which actually has 3 machines rebuilt running different OS with nothing on them etc, so the page and password will get you nowhere for now, I am running this to find out the possibility for future purposes.

    I am looking for possibilities of how this can be done on a mass deployment scale say 1000, quickly, safely and effectively, with no domain, no GPO, on diffferent machines etc.

    How would/should I go about using PsExec safely?

    Please no more talk like this jrv, I come here for your experience and knowledge to learn, if I cannot ask stupid questions and try ways out of the ordinary then nothing will be gained. Maybe someone else knows a way to hide a password? who knows...

    Thank you all in advance
    NN

     
  • Tuesday, April 03, 2012 9:52 AM
     
     
    Sign In to Vote
    0

    I amtrying to make a point.  Sending password through email in a zip file is never safe.  I wanted to be sure that you would take that seriously.

    There is, in my opinion, no secure way to do this.

    The point of Intune is to make remote installs possible in a saf eand secure way but first you have to run as an administrator.  Intune is a very difficult product to install automatically on older machines.  You can easily image it into a new build.

    If you have remote access to the machines you can possible trigger a remote install assuming that you can create the needed transforms.

    ¯\_(ツ)_/¯


     
  • Tuesday, April 03, 2012 10:14 PM
    Moderator
     
     
    Sign In to Vote
    0

    I understand the whole Password thing is an issue, thanks for the heads up. None of this is on anything but a test lab I have set-up which actually has 3 machines rebuilt running different OS with nothing on them etc, so the page and password will get you nowhere for now, I am running this to find out the possibility for future purposes.

    I am looking for possibilities of how this can be done on a mass deployment scale say 1000, quickly, safely and effectively, with no domain, no GPO, on diffferent machines etc.

    How would/should I go about using PsExec safely?

    Please no more talk like this jrv, I come here for your experience and knowledge to learn, if I cannot ask stupid questions and try ways out of the ordinary then nothing will be gained. Maybe someone else knows a way to hide a password? who knows...

    Thank you all in advance
    NN

    Hi NN,

    PSEXEC is a tool you'd run on your local machine and it would access the machines remotely.  You would need to have admin and network access to the machines to be able to use PSEXEC.     Review this technet article:

    http://technet.microsoft.com/en-us/sysinternals/bb897553

    It has all the basics to get started using PSEXEC.

    Thanks,

    Jon L. - MSFT

     
  • Tuesday, April 03, 2012 11:39 PM
     
     
    Sign In to Vote
    0

    As you can se by NN the probl;em is now geting more convoluted.

    You cannot do this.  It cannot be made to work in a safe way.

    Any package you deploy with an embedded password can be used to extract your admin password.

    If what you were asking were possible don';t you think Microsft would have added it.

    Actually they could. Thery could add a service to WIndoes update that would deploy a targeted update.  This ay yet happen but it might beexpensive as MS would have to re-purpose its WU systems.   They are currently agnostic as to clients but contain all of the bits needed to 'push' this software. 

    MS has offerd to give you the tools to push software.  The cost is that you need to give each user admin access for a short period of time.  Either go to teh machine, call the user or, in some way, make them a temporary admin.  After that you only need to give them a link.  Once the link is used to install the Intune client you canrevoke the admin capability.

    Sorry - that is as good as it gets.

    By the way. There are third party tools that you can purchase for $500 or so that can do what you ask. I don't hink they are all that saf ebut they do exist.

    ¯\_(ツ)_/¯

     
  • Wednesday, May 30, 2012 9:25 AM
     
     
    Sign In to Vote
    0

    Hi Forum,

    Ok now I have been wondering if this is at all possible. Say I have 100 Users who all need an Install of the Windows Intune client software found in the Intune administration page. The PC's are all stand alone and in different locations, and the Users have no admin rights and are not tech savvy at all. I have the Local admin rights username and password.

    I need to build a script (or something) to be able to email each User so that when they click a button Intune installs on to their machine and I can operate from there. Most PC's run XP Pro and lets say 5 have Win7 Pro.

    Can this be done, and whats the best way to go about this?

    Thanks in advance!
    NN

    Manually deploy the client software

    Perform the following steps to install the Windows Intune client software on individual client computers. Repeat this procedure on every computer that you want to enroll in the Windows Intune service.

    To manually install the client software

    1. Download the Windows Intune client software by following the instructions at Download the Client Software.

    2. Open the folder that contains the client software.

    3. Double-click Windows_Intune_Setup.zip. In the Compressed (zipped) folders dialog box, click Extract all.

    4. In the Select a Destination and Extract Files dialog box, browse to a secure location to which the Windows Intune setup files will be extracted.

    5. After the files are extracted, double-click Windows_Intune_Setup.exe to install the client software.

      ImportantImportant
      If the destination folder is not a secure location, you should delete the certificate after you deploy the Windows Intune client software.
    ???  Is this what you wanted to do?