Retrieve MSI/Win32 app setup files uploaded on Intune

Accessing the MSI setup file for a line of business application you’ve uploaded to Intune isn’t straightforward. When you set up an application deployment through the Intune admin center, the application setup files are automatically stored in Microsoft’s maintained storage space. This means there’s no direct and simple method for downloading them.

You may need to download application setup files in some scenarios. This could be for various reasons, such as testing or uninstalling an application using the application installer.

For instance, I recently encountered a situation when upgrading the Zoom application across all devices. The existing Zoom versions on user’s devices were outdated, and there were no available MSI files for these older versions on the internet. Even the Zoom Support website only provided the latest version of the application.

In such cases, uninstalling the application could be challenging. While the msiexec command with the UninstallString was available, it didn’t work for me. The last option was to retrieve the MSI file deployed on user’s devices and use it for uninstallation.

Let’s consider a scenario where a Line Of Business app called Zoom 5.4 is deployed to all company devices through Intune. You no longer have the application setup file, and the MSI installer for Zoom 5.4 is not available online. You can’t simply download the Zoom 5.4 application files from the Intune admin center if you wish to obtain them.

To retrieve the application files, you can deploy the application to a device that doesn’t have it installed. Intune temporarily caches the application files on the local system for installation. After the installation is complete, these setup/application files are deleted.

However, there is a small window of time, lasting from a few seconds to a few minutes, during which you can copy the cached application files and save them in another folder.

Where does Intune cache the line of business MSI on end-user devices?

Intune stores LOB MSI files in the C:\Windows\system32\config\systemprofile\AppData\Local\mdm location. However, whether you’ll find these cached files depends on whether the application was deployed in the User or System Context.

If the application was deployed in User Context, you’ll discover the cached files at this location: C:\Users<username>\AppData\Local\mdm. In my case, Zoom 5.4 was deployed in User Context, so its cache location was C:\Users<username>\AppData\Local\mdm.

The application installation happens quickly, and the setup file is removed within seconds. You won’t find the application in the cache folder if you’re not quick. In this situation, your only option is to redeploy the application to a new device and attempt to copy the application once more.

Where Does Intune Cache Win32 Apps on End User Devices?

When deploying Win32 apps through Intune, the Intune Win32 app files are cached at C:\Program Files (x86)\Microsoft Intune Management Extension\Content location.

To find the cached location of application setup files deployed via Intune, you can check the InstallSource Registry entry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall on a device where the application is already deployed. Once you’ve identified the location, you can deploy the same application on a new device and continually monitor this location. Intune will cache the application setup files, allowing you to copy them to another folder.

For example, in the screenshot below, the InstallSource for Google Chrome is displayed as C:\Windows\system32\config\systemprofile\AppData\Local\mdm. Consequently, you must monitor this location to retrieve Google Chrome installation files.

This process applies to any other application as well. In the case of the Zoom 5.4 application, the InstallSource location was shown as C:\Users<username>\AppData\Local\mdm, where I found the setup files cached by Intune, which I subsequently copied to another folder for future use.

Tip
If you do not find the application at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall location. You can also check the registry key to find the application InstallSource location: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
InstallSource location for Google Chrome Application
InstallSource location for Google Chrome Application

Where Does Intune Cache PowerShell Scripts on End User Devices?

You can deploy PowerShell scripts to end-user devices using Intune by navigating to the Intune admin center > Devices > Scripts. These scripts are initially downloaded to the end user’s device and then executed, either in the User context or Device context, depending on the settings configured in the Intune admin center.

Intune PowerShell scripts are downloaded to the following location: C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts. However, they are deleted after the script execution is completed, so you may often find this folder empty.

If you wish to retrieve a script from this location, you must deploy the script to a new device and monitor this location. To successfully copy the script to another folder, you must act quickly before the Intune Management Extension deletes it.

Here’s an example script for Zoom Uninstallation that I’ve deployed on devices.

Where Does Intune Cache PowerShell Scripts on End User Devices
Where Does Intune Cache PowerShell Scripts on End User Devices

How do you check the PowerShell script deployment status in Intune?

To confirm the PowerShell script’s deployment status, you have two options: you can check it from the Intune admin center or directly from the target device. I’ll guide you through both methods to verify the status of PowerShell script deployment using Intune.

1. Check PowerShell Script Deployment Status from Intune Admin Center

  • Go to Devices > Scripts and Remediations > Platform Scripts.
  • Click on the Powershell Script and check the Overview page.
  • The overview page shows the Device and User status to verify the deployment status.

2. Check PowerShell Script Deployment Status from Registry

To verify the successful execution of a PowerShell script deployed via Intune, you can use the Windows Registry Editor. Follow these steps to check the script’s status in the Windows registry. You’ll need the Policy ID associated with the PowerShell script deployment to do this. Here are the steps to find the Policy ID:

Find Policy ID for PowerShell Script Deployment

To locate the Policy ID for a PowerShell script deployment through the Intune admin center, follow the steps below:

  • Sign in to the Intune admin center.
  • Go to Devices > Scripts and Remediations > Platform Scripts.
  • Click on the script deployment and copy the Policy Identifier value from the browser’s address bar.

https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/ConfigureWMPolicyMenuBlade/~/overview/policyId/08debbf8-4112-492c-8bdb-698820c80613/policyType~/0

Find Policy ID for PowerShell Script Deployment
Find Policy ID for PowerShell Script Deployment
  • Open the Registry Editor by searching for “Registry Editor” in the Start menu and clicking on it.
  • Go to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Policies.
  • Look for the registry key associated with the PowerShell script deployment Policy ID. To check the deployment status, examine the “Result” registry entry. In the provided screenshot, the “Result” is marked as “Success.”
Check PowerShell Script Deployment Status from Registry
Check PowerShell Script Deployment Status from Registry

Conclusion

In this blog post, we explored obtaining the MSI setup files you uploaded to Intune. Microsoft does not offer a direct download option for MSI files from the Intune admin center. Consequently, you must extract the files after assigning the application to a target device.

Check the cache location on the target device to access the setup files. The Intune management extension will automatically delete these files once the application has been successfully installed on the device.

Leave a Comment