Today, I want to show you how to deploy WVD client via Microsoft Intune in a truly system context method with a little help from the PowerShell App Deployment Toolkit (PSADT).
This may or may not be a problem as such, the Remote Desktop client provided by Microsoft does not natively support System Context deployments, now you could deploy the application in the user context but specify the ALLUSERS=1 property but from an Intune perspective it is still deployed as a user context application, which means that users must first be logged onto the device to receive the deployment and won’t be deployed as part of Windows Autopilot Device ESP stage, here’s a screenshot of Win32 wrapping the Remote Desktop client and uploading to Intune, as you can see System is greyed out and is defaulted to User:
Admins can still deploy the Remote Desktop client using this method with the ALLUSERS=1 parameter for a system-wide installation, however, it’ll be deployed in the user context, so in short, users will need to be logged in to receive it. This may cause productivity issues if using devices are being used as thin clients and could be a potential wait for end-users to be fully productive. In addition, Autopilot pre-provisioned deployment (aka White glove) will not deploy the Remote Desktop client due to the application defaulting to user context, let’s fix that!
PowerShell Application Deployment Toolkit to the rescue, we will deploy the same Remote Desktop application for all users using PSADT and Microsoft Intune to resolve this and to ensure that the Remote Desktop application is deployed without any user being required to be logged in, this will aid when deploying devices via Autopilot to be used as thin clients for Windows Virtual Desktop for end-users to be productive right out of the box (especially if organisations use Autopilot pre-previsioned deployments aka White glove).
Obtaining Remote Desktop Client
You can download the Remote Desktop client via this link.
Wrapping the Remote Desktop client via Master Wrapper
On a test device, open Master Wrapper, on the general tab, select load from MSI and select the Remote Desktop MSI file:
This will automatically fill out some of the metadata, now also select Silent under Deploy mode:
Moving along the top tabs, select Actions and select Add Installer, select the same Remote Desktop MSI file as previous, this will automatically fill out the Execute-MSI parameters under install and Uninstall:
We need to modify the install action to add in additional arguments to ensure that the Remote Desktop application is installed for all users, append the installation script with the following -Parameters ‘AllUsers=1 /qn’ like so:
Moving onto the Pre-Actions tab, overwrite the Show installation welcome window and Show uninstallation welcome window to No:
No additional actions are required in the Master Wrapper application, make sure the project is saved. Within the directory that has been created by the Master Wrapper application, make sure to add the installation files (Remote Desktop MSI) to the Files folder:
Now that the PSADT Remote Desktop application has been created, we need to deploy this via Microsoft Intune, first of all we need to wrap the contents of the PSADT app into an Intunewim format, upload to Intune and then finally deploy\test.
Wrapping the PSADT App into an Intunewim format
I’m not going to go into massive detail here as I’m sure you’re familiar with the process of wrapping applications into an Intunewim format, download the toolkit here and wrap the folder structure created by the Master Wrapper application, your source directory should look like this before proceeding:
Run the IntuneWinAppUtil.exe and specify the following:
Please specify the source folder = %Your source directory% (In my example it’s C:\IntunePackaging\Build)
Please specify the setup file: Deploy-Application.exe
Please specify the output folder: Your Intunewim file destination (in my example it’s C:\IntunePackaging\Build)
Now you should have an Deploy-Application.Intunewim file, this is what we’ll upload to Intune for deployment:
Creating the Intune Win32 Application Deployment
Now that we have our wrapped PSADT Remote Desktop application in a format that Intune understands, we need to create the application, to do this, log into the MEMAC portal, go to Apps, Windows, Add and select an App Type of Windows App (Win32) and select the .Intunewim file and enter in some metadata for the application:
On the Program tab, enter in the following:
Install command: Deploy-Application.exe
Uninstall command: Deploy-Application.exe -DeploymentType Uninstall
Notice now that the System install behaviour is now available:
On the Requirements page, select x64 and Windows 10 1607:
For Detection rules, select Manually configure detection rules, then File and enter in the following:
|File or folder
|Greater than or equal to
|1.2.1844.0 (Update this for the version that you are deploying)
|Associated with a 32-bit app on 64-bit clients
My example detection rule:
On the assignments page, select a test group then verify that all is well before deploying on mass.
Trust but verify
Once the application has been created and deployed to a test device, ensure all is well, is the application in the program files directory? If so, that shows that a system context deployment has occurred.
As you can see here, all three of my test devices installed in the system context without any logged on users:
Happy deploying the Remote Desktop client in a true system context method.
Until next time!