Retrieve uploaded LOB MSI / Win32 app setup files from Microsoft Intune

There is no easy method to download the line of business MSI application setup file which has been uploaded to Intune. Once you create an application deployment in Intune using any method, the files related to the applications are uploaded to the a storage space maintained by microsoft.

But there could be a scenario when you would want the application files or scripts for either testing purposes or uninstallation of the same app using the application Installer. Recently, I came across a situation when I was upgrading zoom application on all end user devices.

Zoom version installed on user’s devices was very old and there was no MSI file existed for the old version of zoom application anywhere on the Internet. Zoom Support website also only contain the latest version of the application.

Therefore, for unintsalling the application either you can use msiexec command with uninstallstring which was available but did not work for me. The last option was to retrieve the MSI file which was deployed on users devices and use it for uninstallation.

Let’s just say that you have a Line Of business app called Zoom 5.4 deployed to all the company devices. This application is being deployed using Intune, there are no application files stored anywhere on your servers and the MSI installer is also not available on the Internet.

If you want to get the Zoom 5.4 application files, you will not be able to simply download it from the Microsoft Endpoint Manager Portal. For retreiving application files, you can push this application to a device which does not have this app installed.

Intune caches the application files temporarily on local system for Installation and when the installation is completed, the setup/application files are deleted. So there is a time window of few seconds to few minutes when you can copy the cached application files and save it in some other folder.

Where Intune downloads / cache’s Line of Business MSI on end user device ?

Intune windows LOB MSI files are cached at C:\Windows\system32\config\systemprofile\AppData\Local\mdm location. However, you may or may not find the cached files at this location depending upon if the application has been deployed in User or System Context.

If the application has been deployed in user context then you can find the cached files at this location: C:\Users\<username>\AppData\Local\mdm. In my case Zoom 5.4 was being deployed in user context so the cache location for this application was C:\Users\<username>\AppData\Local\mdm.

The application installation was very quick and the file disappeared in couple of seconds so if you are not quick then you may have to either uninstall the application for Intune to detect that its not installed on your system and during the next Intune refresh cycle, the application will be cached and deployed again or deploy it to a fresh device where the application is not existing.

Where Intune downloads / cache’s Win32 app on the end user device ?

If you are deploying Win32 apps via Intune the files for Intune Win32 app are cached at C:\Program Files (x86)\Microsoft Intune Management Extension\Content location.

You can also check the InstallSource Registry entry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall location from one of the device where this application is already deployed. After you have got the location, you can deploy this application on a fresh device and continuously monitor this location on that device. Intune will cache the application setup files at this location. You can quickly copy the setup files from here to any other folder.

As you can see the InstallSource for Google Chrome is showing as C:\Windows\system32\config\systemprofile\AppData\Local\mdm. Therefore, you need to monitor this location to retreive Google Chrome Installation files. Same goes for any other application as well. In the case of Zoom 5.4 application, InstallSource location was showing as C:\Users\<username>\AppData\Local\mdm where I found the setup files cached by Intune and copied it to another folder for later use.

Tip
If you do not find the application at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall location. You can also check the registry key to find the application InstallSource location: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
InstallSource Registry Key. Intune MSI File Download

Where Intune downloads / cache’s Powershell script on the end user device ?

You can push powershell scripts to end user devices using Intune by going to Microsoft Endpoint Manager admin center -> Devices -> Scripts. The scripts are first downloaded on End user device and then executed either in User context or Device context depending upon the settings configured from the Microsoft Endpoint Manager admin center.

The Intune powershell scripts are downloaded at C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts location and deleted after the script execution is completed. So you may generally find this folder empty.

In case you want to retreive a script from this location, first you need to push this script on a device where this script has never been deployed and monitor this location. You will have to be quick to copy the script to another folder before it gets deleted.

Intune Powershell Script Deployment from Microsoft Endpoint Manager admin center

How to find the status of Powershell script deployed from Intune

To verify the status of powershell script deployment, you can either check the deployment status of the script from Microsoft Endpoint Manager admin center or you can check the status of the Powershell script deployment from end user device as well. I will show you both the methods for you to verify the status of Powershell script deployment using Intune.

Using Microsoft Endpoint Manager admin center

  • Go to Devices -> Scripts
  • Click on the Powershell Script and check Overview tab.
  • Overview tab shows Device status and User status to verify the deployment status.

Using End User Device via Registry Editor

You can verify the status of Powershell script deployment from End user device as well. This can be confirmed using registry editor. But before you open registry editor on the target device, you need to find the Unique Identifier of the Powershell Script Deployment from Microsoft Endpoint Manager admin center. To find this Unique Identifier, you need to follow below steps:

  • Go to Devices -> Scripts
  • Click on the Powershell Script which you want to verify the deployment for
  • Check the Address bar and scroll to the end to find this Unique ID.

Example: https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/ConfigureWMPolicyMenuBlade/~/overview/policyId/08debbf8-4112-492c-8bdb-698820c80613/policyType~/0

Intune Powershell script GUID / Unique Identifier

After you find this Identifier, we can check the Poweshell script deployment status from End user machine using below steps:

  • Login on the target device.
  • Go to Start -> type Run -> In Run box type regedit
  • Go to the Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Policies

Search for the Unique Identifier of the powershell script deployment we noted earlier and on the right hand side you can check the Result registry entry which shows the status is either Success or Failed.

If you are curious to know more details about the Result then you can open ResultDetails registry entry and copy its text to notepad to read more information about the deployment. ResultDetails registry entry contains really useful information specially when the deployment is not successful. You will be able to get the reason of Powershell deployment failure if you check ResultDetails registry entry.

Intune Powershell script result from Device

Conclusion

In this blog post, we learned that how to download / get back Line of Business (LOB) MSI application from Intune. Microsoft does not provide any option to download the MSI file or application installer / setup files which are uploaded to Intune. Therefore, we have to monitor the cache location on one of the target device where Intune downloads the required installers, installs the application and removes / cleans up the installer files. During the time intune installs the application on your device, you can grab the application installer and copy it to a any other folder before Intune Management extention will delete the files.