Azure Virtual DesktopIntune

Deploy WVD Client in System Context via MSIntune

Today, I want to show you how to deploy WVD client via Microsoft Intune in a truly system context method with a little help from the PowerShell App Deployment Toolkit (PSADT).

The Problem

This may or may not be a problem as such, the Remote Desktop client provided by Microsoft does not natively support System Context deployments, now you could deploy the application in the user context but specify the ALLUSERS=1 property but from an Intune perspective it is still deployed as a user context application, which means that users must first be logged onto the device to receive the deployment and won’t be deployed as part of Windows Autopilot Device ESP stage, here’s a screenshot of Win32 wrapping the Remote Desktop client and uploading to Intune, as you can see System is greyed out and is defaulted to User:

WVD client showing as user context in Microsoft Intune

Admins can still deploy the Remote Desktop client using this method with the ALLUSERS=1 parameter for a system-wide installation, however, it’ll be deployed in the user context, so in short, users will need to be logged in to receive it. This may cause productivity issues if using devices are being used as thin clients and could be a potential wait for end-users to be fully productive. In addition, Autopilot pre-provisioned deployment (aka White glove) will not deploy the Remote Desktop client due to the application defaulting to user context, let’s fix that!

The Resolution

PowerShell Application Deployment Toolkit to the rescue, we will deploy the same Remote Desktop application for all users using PSADT and Microsoft Intune to resolve this and to ensure that the Remote Desktop application is deployed without any user being required to be logged in, this will aid when deploying devices via Autopilot to be used as thin clients for Windows Virtual Desktop for end-users to be productive right out of the box (especially if organisations use Autopilot pre-previsioned deployments aka White glove).

Obtaining PSADT

I personally use Master Wrapper by Master Packager, which I’ll demonstrate, but beware that the PSADT is free and open-source which can be downloaded from here.

Obtaining Remote Desktop Client

You can download the Remote Desktop client via this link.

Wrapping the Remote Desktop client via Master Wrapper

On a test device, open Master Wrapper, on the general tab, select load from MSI and select the Remote Desktop MSI file:

Selecting the WVD client

This will automatically fill out some of the metadata, now also select Silent under Deploy mode:

Moving along the top tabs, select Actions and select Add Installer, select the same Remote Desktop MSI file as previous, this will automatically fill out the Execute-MSI parameters under install and Uninstall:

We need to modify the install action to add in additional arguments to ensure that the Remote Desktop application is installed for all users, append the installation script with the following -Parameters ‘AllUsers=1 /qn’ like so:

Moving onto the Pre-Actions tab, overwrite the Show installation welcome window and Show uninstallation welcome window to No:

No additional actions are required in the Master Wrapper application, make sure the project is saved. Within the directory that has been created by the Master Wrapper application, make sure to add the installation files (Remote Desktop MSI) to the Files folder:

Intune Deployment

Now that the PSADT Remote Desktop application has been created, we need to deploy this via Microsoft Intune, first of all we need to wrap the contents of the PSADT app into an Intunewim format, upload to Intune and then finally deploy\test.

Wrapping the PSADT App into an Intunewim format

I’m not going to go into massive detail here as I’m sure you’re familiar with the process of wrapping applications into an Intunewim format, download the toolkit here and wrap the folder structure created by the Master Wrapper application, your source directory should look like this before proceeding:

Run the IntuneWinAppUtil.exe and specify the following:

Please specify the source folder = %Your source directory% (In my example it’s C:\IntunePackaging\Build)

Please specify the setup file: Deploy-Application.exe

Please specify the output folder: Your Intunewim file destination (in my example it’s C:\IntunePackaging\Build)

Example screenshot:

Now you should have an Deploy-Application.Intunewim file, this is what we’ll upload to Intune for deployment:

Creating the Intune Win32 Application Deployment

Now that we have our wrapped PSADT Remote Desktop application in a format that Intune understands, we need to create the application, to do this, log into the MEMAC portal, go to Apps, Windows, Add and select an App Type of Windows App (Win32) and select the .Intunewim file and enter in some metadata for the application:

On the Program tab, enter in the following:

Install command: Deploy-Application.exe

Uninstall command: Deploy-Application.exe -DeploymentType Uninstall

Notice now that the System install behaviour is now available:

On the Requirements page, select x64 and Windows 10 1607:

For Detection rules, select Manually configure detection rules, then File and enter in the following:

Setting NameValue
Rule TypeFile
Path%Programfiles%\Remote Desktop
File or foldermsrdcw.exe
Detection methodString (Version)
OperatorGreater than or equal to
Value1.2.1844.0 (Update this for the version that you are deploying)
Associated with a 32-bit app on 64-bit clientsNo

My example detection rule:

On the assignments page, select a test group then verify that all is well before deploying on mass.

Trust but verify

Once the application has been created and deployed to a test device, ensure all is well, is the application in the program files directory? If so, that shows that a system context deployment has occurred.

As you can see here, all three of my test devices installed in the system context without any logged on users:

Happy deploying the Remote Desktop client in a true system context method.

Until next time!