Sunday, December 8, 2024
ConfigMgrIntune

Deploying Adobe Reader DC via ConfigMgr and Intune.

Welcome, in today’s post, I will demonstrate the complete end to end process on how to customise and deploy Adobe Reader DC via Microsoft Endpoint Manager (MEM) and Microsoft Endpoint Configuration Manager (MECM). As always, the customisations that I select during the process are examples only, change the options to suit your needs.

Prerequisites

  • Administrative permissions to MEM and MECM
  • Test devices for deployment
  • Device for package capture and customisation
  • Download the Adobe Reader DC setup file here
  • Download the Adobe Reader Customisation Wizard setup file here

Packaging Adobe Reader DC

Before we can perform any actions within MEM and MECM, we must customise our Adobe Reader DC installation files, on your device used for package creation, install the Adobe Reader Customisation Wizard downloaded earlier, accept all of the defaults, no need to open it just yet:

Next create the C:\Temp folder (or a location of your choice) and using the Adobe Reader DC setup file earlier, extract the contents to this location using the following command: .\AcroRdrDC2000920063_en_US.exe -sfx_o”c:\temp\” -sfx_ne (Note: The file name version may change going forward, update if required):

Once extracted, your directory should be as follows:

Next, open the Acrobat Customisation Wizard DC application from the start menu, once opened, go to File, select Open Package and browse to the AcroRead.msi file in the above directory:

Once opened, a number of options appear on the left hand side, I will go over some common options that are typically selected or deselected for enterprises:

On the Personalization Options, tick the option to Suppress display of the End User Licence Agreement (EULA):

On the Installation Options, select Make Reader the default PDF Viewer, Silently (no interface) and Suppress Reboot:

On the Shortcuts, Remove the shortcut from the Desktop section:

On the WebMail Profiles, tick Prevent end user from configuring WebMail profile:

On the Online Services and Features, Tick Disable product updates (Best practise if you want to control application versions, otherwise untick it), Disable upsell, Disable Adobe Acrobat Document Cloud Services, Disable Adobe Sign, Disable Send for Review, Disable third party connectors such as Dropbox, google Drive, etc and Disable SharePoint connector:

Once set, go to File and then Save Package:

Now back to the c:\Temp directory (or what you chose), you should see new .MST and .ref files, this has been created by the wizard which contains our customisation:

That’s it! I would recommend manually installing on a test machine at this stage to ensure all is well with the installation and to see that our customisations are present, do this by running the following command: Setup.exe /s

Creating the Intune Win32 Application

Using the source files that we’ve just created, we need to create an .intunewin file for the Win32 application deployment engine, as per my post on deploying Google Chrome, download the Win32 App Packaging tool, create a file structure and copy the above files to the sources directory, it should look like this:

Run the IntuneWinAppUtil.exe via PowerShell and enter in the following options:

  • Source Folder: C:\IntunePackaging\Source\AdobeReaderDC
  • Setup File: Setup.exe
  • Output folder: C:\IntunePackaging\Output\AdobeReaderDC

Once the .Intunewin file has been generated, I would recommend storing this file in a safe place as it may come useful for future clients or require repackaging for whatever reason, once ready, navigate to the MEM portal, select clients Apps on the left-hand side, then Windows and then finally select add:

Select Windows app (Win32):

Select the .intunewin file generated previously and then fill out the application details as per your requirements, I would recommend adding notes that detail what version of architecture the application is to aid administration going forward, also, adding a logo looks great in the Company Portal application, once the application information is setup how you wish then proceed to the next step, here’s mine:

Next, enter in the Install and Uninstall commands, these are as follows:

  • Install: Setup.exe /s
  • Uninstall: MsiExec.exe /x {AC76BA86-7AD7-1033-7B44-AC0F074E4100} /qn

On the requirements section, select both 32-bit and 64-bit, then minimum operating system of Windows 10 1607:

Create an MSI detection rule and enter in the following product code: {AC76BA86-7AD7-1033-7B44-AC0F074E4100}:

Skip dependencies and assign the device to a test device, once all has been confirmed as working, deploy to your endpoints.

Creating the ConfigMgr Application

Within your Configuration Manager environment, copy the installation files to your sources directory and make sure that ConfigMgr can view the files over the network via an UNC path, like so:

Open the Microsoft Endpoint Configuration Manager console, go to Software Library, Application Management, Applications and select Create Application:

Select Manually specify the application information and select Next:

Enter in identifying data for this application, like so:

Add additional information for end users, this information will be present within the Software Center:

Add a deployment type:

On the Create Deployment Type Wizard, select Script Installer and then Next:

Add a name for the deployment type and select next:

Enter in the content location (This will be the sources directory you created earlier), install and uninstall commands:

  • Install: Setup.exe /s
  • Uninstall: MsiExec.exe /x {AC76BA86-7AD7-1033-7B44-AC0F074E4100} /qn

Add Clause, select Windows Installer and enter in the product code of: {AC76BA86-7AD7-1033-7B44-AC0F074E4100}:

User Experience:

Skip requirements, dependencies and close the wizard once all confirmed on the summary page. This will now bring you back to the Create Application Wizard, select next and close:

Adobe Reader DC will now be listed in the Applications list, right click it and select Distribute Content:

Select your distribution points or groups and test the deployment to a test collection prior to deploying to production clients.