Endpoint Central is an endpoint management and security solution for managing desktops, laptops, servers, and mobile devices from a central location. You can install patches, deploy software and operating system images, manage assets, software licenses, etc.
Endpoint Central Agent is a lightweight software application that manages devices using Endpoint Central. In this blog post, we will see how to deploy the agent using Intune. But before that, we will manually test the agent installation on one test PC to check the installation process.
Contents
1. Download ManageEngine Endpoint Central Agent
Using the Endpoint Central management server, you can download the agent. Follow below steps to download the agent:
- Go to Agent > Computers > Download Agent.
- Remote Office: Select the Office location.
- Platform: Select the Windows platform and click on Download Agent.
The ManageEngine Endpoint agent will be downloaded after you click Download Agent and select the office. I have a default location set as Local office, It downloaded a file called LocalOffice_Agent.exe. This is the agent file that we will be deploying using Intune.
If you’ve deployed the agent on the end user’s devices already and find the requirement to uninstall the Endpoint central agent, you can achieve this using Intune. This blog post will also guide you through the process of uninstalling the Endpoint central agent with the help of Intune.
Note
2. Deploy Endpoint Central Agent using Intune
Before creating a deployment package in the Intune admin center, you’ll need the installer or setup files for the agent. We will use the downloaded LocalOffice_Agent.exe file to create the deployment.
2.1. Create .IntuneWin file for deployment
I will use a PowerShell script to uninstall this agent. Copy and paste the code below into Notepad and save the file as Uninstall.ps1.
Uninstall.ps1
$agent = Get-WmiObject -Class Win32_Product -Filter "Name = 'ManageEngine UEMS - Agent'" $agent.uninstall() | out-null
- Copy LocalOffice_Agent.exe and Uninstall.ps1 files in one folder. For example D:\MEEndpointAgent
- Download Microsoft Win32 Content Prep Tool.
- Create an empty folder, for example, C:\output, or anywhere else.
Use the process below to repackage the application/setup files into a .intunewin file. Launch the command prompt, change the current folder to where the Microsoft Win32 Content Prep Tool is downloaded, and run. IntuneWinAppUtil.exe.
- Provide the source folder as the location where all setup files are copied. I have copied LocalOffice_Agent.exe and Uninstall.ps1 file in D:\MEEndpointAgent. Therefore, the source folder will be D:\MEEndpointAgent
- Provide the setup file name as LocalOffice_Agent.exe.
- Output folder – This is where the .intunewin file will be created.
- LocalOffice_Agent.intunewin file has been created successfully.
2.2. Create an App deployment on Intune admin center
- Sign in to the Intune admin center > Apps -> All Apps -> + Add
- Select App Type to Windows app (Win32).
- Select app package file and browse to LocalOffice_Agent.intunewin and click Ok.
App Information tab
On the App Information tab, provide information about the application, such as its name, Description, and Publisher Information. Other information, such as the app version, Category, Information URL, and Privacy URL, is optional.
- Name: ManageEngine Endpoint Central Agent
- Description: ManageEngine Endpoint Central Agent deployment using Intune.
- Publisher: ManageEngine
Program tab
You’ll need to specify the install and uninstall commands that will be executed to either install or uninstall the application.
- Install Command: .\LocalOffice_Agent.exe /silent
- Uninstall Command: powershell.exe -Executionpolicy Bypass -File .\Uninstall.ps1
- Allow available uninstall: Select Yes to provide the uninstall option for this app for users from the Company Portal.
- Install behavior: System
- Device restart behavior: No specific action
Requirements tab
You can specify the requirements that devices must meet to deploy the app. If your devices are 32-bit and 64-bit, check the boxes for 32-bit and 64-bit in the Operating system architecture drop-down. Otherwise, go with 64-bit.
- Operating System Architecture – 64-bit
- Minimum Operation System – Windows 10 1607
Detection Rules tab
Select Manually configure detection rules and click on +Add to add a detection rule.
- Click on + Add, and Select Rule type File.
- Path – C:\Program Files (x86)\ManageEngine\UEMS_Agent\
- File or folder: scripts
- Associate with a 32-bit app on 64-bit clients: Yes
Assignments tab
Click on Add group to add an Entra security group containing users or devices.
Monitoring the Deployment Progress
Intune admin center > Apps > All apps. Click on the deployment and check the Overview page to show the deployment status.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
End User Experience
Let’s check if the agent is installed on the target device. To confirm the agent installation, open Programs and Features and check if ManageEngine UEMS—Agent is showing in the list.
Uninstall Endpoint central agent using Intune
We created .intunewin package using LocalOffice_Agent.exe and an Uninstall.ps1 PowerShell script file. Also, when creating app deployment, we specified the Uninstall command as powershell.exe -Executionpolicy Bypass -File .\Uninstall.ps1
The LocalOffice_Agent.exe file deploys the ManageEngine UEMS – Agent while uninstalling.ps1 will be used to uninstall this agent. Add an Entra security group in the Uninstall section of the app deployment.
- From Intune admin center > Apps >All apps.
- Search for the app ManageEngine Endpoint Central Agent and click on it.
- Click on Properties > Edit Assignments.
- Click Add group under the Uninstall assignments section to add an Entra security group.
Deploy the Old version of ManageEngine Desktop Central agent using Intune
If you use an older version of the ManageEngine Desktop Central agent and want to deploy it on users’ devices using Intune. Then you can follow below steps.
Download ManageEngine Desktop central agent
Download Agent from Desktop Central > Agent > Computers > Download Agent. You can test the installation of this agent on one test PC manually by using below steps:
Extract the zip file, Double click on setup.bat Select Option 2 to install the WAN Agent on this computer (As shown in the screenshot below). Ignore the Install.bat file for now, as I created this file, which I will look into later when we create the Intune Package.
Deploy ManageEngine Desktop Central Agent using Intune
Please find below the steps to deploy ManageEngine desktop central agent using Intune:
- Download Agent from Desktop Central > Agent > Computers > Download Agent
- Select the respective office to download the agent setup.
- Extract the zip file.
Create a File Install.bat in the same folder where all other installation files are stored (as shown in the screenshot above).
Install.bat
msiexec /i DesktopCentralAgent.msi /qn REBOOT="REALLYSUPPRESS" MSIRESTARTMANAGERCONTROL="Disable" TRANSFORMS=DesktopCentralAgent.mst ENABLESILENT=yes
- Download Microsoft Win32 Content Prep Tool
- Create an empty folder for example C:\output or anywhere you like.
Use the process below to repackage the application/setup files into a .intunewin file. Launch the command prompt, change the current folder to where the Microsoft Win32 Content Prep Tool is downloaded, and run the command below.
Replace setup_folder with C:\DesktopCentral_Agent (this is where all your setup files are kept)
setup_file with Install.bat
Output_folder with C:\output (this is the folder where .intunewin file will be generated)
IntuneWinAppUtil.exe -c <setup_folder> -s <setup_file> -o <output_folder>
Example:
.\IntuneWinAppUtil.exe -c C:\DesktopCentral_Agent -s Install.bat -o C:\output
Output Folder:
Now once .intunewin file has been created, we can create a Win32 app deployment on Intune admin center using below steps:
- Login on Microsoft Intune admin center.
- Click on Apps -> All Apps -> + Add
- Select App Type to Windows app (Win32)
- Click on Select.
- Select app package file and browse to install .intunewin and click OK.
- Enter / Update the Name of the Application and Publisher Information and click Next.
- Program:
- Install Command – Install.bat
- Uninstall Command – %SystemRoot%\system32\msiexec.exe /x{6AD2231F-FF48-4D59-AC26-405AFAE23DB7} MSIRESTARTMANAGERCONTROL=Disable REBOOT=”ReallySuppress” /qn
- Device restart behaviour – No Specific Action
- Click Next.
- Requirements:
- Operating System Architecture – 64-bit
- Minimum Operation System – Windows 10 1607
- Detection Rules:
- Rules format – Manually configure detection rules
- Click on + Add, and Select Rule type MSI.
- MSI Product Code – {6AD2231F-FF48-4D59-AC26-405AFAE23DB7}
- MSI product version check – No
- Assignments: Assign the app to Entra security group.
After you click Create, it will upload the files and then push the agent to the users in your Pilot Group.
- Monitor the Installation: You can check the installation status from Application -> Monitor Device Install Status or User Install Status.
There are other ways to Uninstall the Endpoint central agent. If you are a ManageEngine endpoint central server administrator, log in to the admin portal, go to Agent > Computers, Select the computer, and then select Uninstall Agent.
Conclusion
In this blog post, we have seen how to deploy ManageEngine Endpoint Central Agent using Intune. Previously, the agent name was Desktop Central agent, and the setup files were in a different format. I have provided the steps for both the old and new agent Installers. I hope this post will help you deploy the agent across all devices in your organization.
Great guide, however, I’m not clear on the uninstall.ps1 file. Does it get packaged with the LocalOffice_Agent.exe file when running the content prep tool?