In this blog post, I will show you how to deploy WinSCP using Intune. WinSCP is an open-source, free SFTP client, FTP client, WebDAV client, S3 client, SCP client, and file manager for Windows. Its primary function is to handle file transfers between a local and a remote computer. Additionally, WinSCP provides scripting capabilities and basic file management functionality.
WinSCP application is available for download in multiple formats like EXE, MSI or even a portable Installer is also available that does not require any installation. You can use any of the available installer format to deploy this app. I will provide the steps to deploy WinSCP silently on Windows 10/11 devices using both the .exe and .MSI installers.
Contents
Download WinSCP Application Installer File
For Installing WinSCP application, you can use either .exe or .MSI Installer file. If you want to deploy this app using .MSI installer, then you can use line-of-business app deployment method from Intune admin center. For .exe based installer, you can use Win32 app deployment method. Below steps show you how to download .exe and .MSI installer files of this app.
Click on Download WinSCP button to download .exe Installer of this app.
Download WinSCP .MSI Installer File
You can download .MSI based Installer by clicking on OTHER DOWNLOADS button and then click on DOWNLOAD button under MSI Installation package to download the MSI installer of WinSCP App.
Deploy WinSCP using .MSI Installer File
Let’s explore the steps to deploy WinSCP using an .MSI installer file. For this deployment, we will use the line-of-business app method, which I prefer over the Win32 app deployment method. This approach is simpler and eliminates the need to search for silent install and uninstall commands. Any MSI-packaged application comes with standard MSI command-line switches for installation and uninstallation, making the process straightforward.
To check the silent installation switches for any MSI file, you can open a Command Prompt and run the MSI file with the /? switch. This will display the available options for silent installation. For more information on discovering silent command-line switches for MSI or EXE files, refer to this link: Find Silent Command Line Install Switches of Any EXE or MSI.
Using the App type drop-down, Select Line-of-business app option.
Click on Select app package file and browse to the downloaded WinSCP MSI installer file.
App Information
Provide Name, Description, and Publisher Information.
App Install Context can be either User or Device. However, some MSI Installer files will not provide the flexibility to choose this option and will either default to Device or User. In case of WinSCP app, the App install context is pre-determined by the MSI installer setup file which is Device.
Ignore App version: Select Ignore app version to Yes or No based on the below criteria.
Select Ignore app version Yes, if you want the app installed when it’s not found on the target device. If the app is already there, but the version number is different, it will be ignored, and the app will not be deployed.
Select Ignore app version No if you want the app installed even if it’s not found on the target device or if the app version you are deploying differs from the one already installed on the target device.
Command-line arguments: Provide the command-line switches for the app installation. For example, when installing the WinSCP application, you can use the switches /norestart and /qn. This ensures that the device is not restarted after the application is installed, and the installation process runs silently.
Assignments Tab: Add an Entra security group containing users or devices to deploy this app.
Review + Create: Review the app deployment summary and click on Create.
Deploy WinSCP using .EXE Installer File
You can also use the WinSCP .exe installer file to deploy the application using Intune. For deploying any .exe application, Win32 app deployment method is recommended. This method differs from the line-of-business app deployment approach and can be more complex.
Win32 app deployment method requires the application to be packaged in the .intunewin file format. During deployment configuration in the Intune admin center, you need to specify the commands for installing and uninstalling the application. A detection method is also required to verify whether the application was installed successfully. For more detailed guidance on the deployment of Win32 apps, refer to the post: Deploy Win32 apps using Intune.
Create an IntuneWin file
As discussed earlier, Win32 app deployment method requires the application to be in .intunewin file format. To prepare this, gather all application setup files, including any support files or scripts, and place them in a single, isolated folder. Ensure that no other files apart from application support files exists in this folder.
Next, use the Intune Content Prep Tool and provide the folder’s location to repackage it into a .intunewin file. For detailed guide, refer to the post: How to Create an IntuneWin File.
Let’s create .Intunewin file for WinSCP app.
Copy WinSCP-6.3.6-Setup.exe file in any empty folder (e.g., D:\SourceFiles).
Download the Microsoft Win32 Content Prep tool and extract it into any folder. I have extracted it to D:\IntuneContentPrepTool folder.
Launch PowerShell as an administrator and navigate to D:\IntuneContentPrepTool.
Run IntunewinAppUtil.exe and provide Source Folder, Setup File, Output Folder, and Catalog Folder Information.
Source Folder: Enter the folder’s location where .exe files/setup files are stored.
Setup File: Enter the name of the .exe file.
Output folder: Enter the location where .Intunewin file will be generated.
Catalog folder: Type N and press Enter.
Intunewin file has been created for WinSCP application.
Create Win32 app deployment on Intune
Once you have created .intunewin file, you can deploy it using Win32 app deployment method from Intune admin center.
Click on + Add and Select Windows app (Win32) from the app type.
App Information: Click on Select app package file and browse the Intunewin file. Provide Information in the mandatory fields below. The rest of the fields are optional but useful for application documentation and troubleshooting issues.
Requirements: You can specify the requirements that devices must meet to deploy the app. If your devices mix 32-bit and 64-bit types, check the boxes for 32-bit and 64-bit in the operating system architecture drop-down. Else, go with 64-bit.
Operating System Architecture: 64-bit
Minimum operating system: Select the minimum OS requirement for this deployment.
Detection Rules: Select Manually configure detection rules and click on +Add to add a detection rule.
Rule Type: File
Path: C:\Program Files (x86)\WinSCP
File or folder: WinSCP.exe
Detection method: File or folder exists.
Associated with 32-bit app on 64-bit clients: No
Above detection rule detects the presence of WinSCP.exe file to detect the application and reports its status to Intune. Alternatively, You can use a detection method which can detect the version of WinSCP installed on the target device. It’s useful in scenarios where you want to update the application based on the version information.
Associated with a 32-bit app on 64-bit clients: No
Alternative Detection Rule for WinSCP App
Dependencies: Click Next.
Supersedence: Click Next.
Assignments: Assign this application to an entra group containing users/devices.
Review + create: Review the deployment and click on Create.
Monitoring WinSCP Deployment Progress
From the Intune admin center > Apps > All apps. Click on the deployment and check the Overview page to show the deployment status.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
End User Experience
After the deployment is completed successfully, you can check and confirm if the application has been installed successfully. You will find a desktop shortcut of the application and also a Start menu item. Launch the app to confirm if it’s working fine.
You can also check in Programs and Features to confirm if WinSCP app has been installed.
WinSCP Application Registry Entries
After WinSCP application is installed on the device, you can find its corresponding registry entries by following below steps:
Press Win+R to open the Run dialog box.
Type regedit and press Enter to open the Registry editor.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1 and find application information like DisplayName, DisplayVersion, Install Path etc. on the right-hand side pane.
Other locations where you can find registry keys related to WinSCP are mentioned below. You can navigate to these keys and explore the entries created by the application.
Uninstallation of WinSCP application using Intune is straightforward. If you have deployed this app using line-of-business app method which utilizes .MSI installer file, you can use the same deployment on Intune admin center and add the group in the Uninstall assignment section. Ensure that the same device is not in Required and Uninstall assignment section both.
Same concept will apply when you have created WinSCP deployment using Win32 app deployment method which utilizes its .exe installer file. Edit the application and add the group in Uninstall assignment section to uninstall this app. Uninstall Command specified in the program tab of Win32 app deployment will be executed on the devices which are targeted for uninstallation.
