In this blog post we look at deploying HP Client Management Script Library via Microsoft Endpoint Manager. There isn't any real magic here, it's just a simple Win32 application. Come along and let us know what you think in the forums.
Prepare your directory
The following file layout is only a suggestion. In practice, feel free to organize your files as you see fit.
First, create the following directory structure on your hard drive:
- c:\prep\bin\
- c:\prep\hpcmsl\
- c:\prep\hpcmsl\content\
- c:\prep\hpcmsl\output\
Download HP Client Management Script Library installer
To download HPCMSL 1.5 (or whatever version may be latest when you read this), head over to the Download Library, locate the download in the list, and download it to c:\prep\hpcmsl\content on your hard drive. It will probably have a name such as hp-cmsl-latest.exe.
Get the Microsoft Win32 Content Prep Tool
For this step, you will need a copy of the Microsoft Win32 Content Prep tool, available from the Microsoft Github repository. Download this c:\prep\bin on your hard drive, and preserve its original name (IntuneWinAppUtil.exe).
Build the .intunewin file
Open a a command prompt window, change to directory _c:\prep\hpcmsl_ and run the following command:
..\bin\IntuneWinAppUtil -c .\content\ -s hp-cmsl-latest.exe -o .\output\
The output of the command will end with "File '.\output\hp-cms-latest.intunewin' has been generated successfully", and a 100% Done message. In your .\output folder, you should now have a hp-cmsl-latest.intunewin file.
You are now ready to switch over to the Microsoft Endpoint Manager admin center portal.
Publishing HP Client Management Script Library with Intune
Once logged in to EMM, switch over to the Apps section, and click the "Add" button:
On the resulting popup, select "Windows app (Win32)" from the dropdown and click the "Select" button. This will bring you to the Add App section. Visit the tabs in order:
1. Under App information tab, click the "select app package file" link, browse to the hp-cmsl-latest.intunewin file, and select it. Once you do that, the form will display additional fields. Fill them in as appropriate, focusing primarily on the required fields (those marked with an asterisk), then click 'next' when done.
Click 'Next' when ready.
2. Under the Program tab, enter the following values:
- Install command:
hp-cmsl-latest.exe /VERYSILENT /NORESTART /SUPPRESSMSGBOXES
-
Uninstall command:
C:\Program Files\WindowsPowerShell\HP.CMSL.UninstallerData\unins000.exe /VERYSILENT /NORESTART /SUPPRESSMSGBOXES
For the remaining values, select Install Behavior as 'System' and leave Device Restart Behavior as default or 'No specific action'. Return codes should be defined as success being 0, and everything else being a failure. If you wish to customize the result code handling, refer to InnoSetup exit codes documentation.
Click 'Next' when ready.
3. Under the Requirements tab, select the proper Operating System Architecture (64-bit strongly recommended), and Minimum Operating System as "Windows 10 1709" or higher, and leave the rest blank. Click 'Next' when ready.
4. Under Detection Rules tab, select Manually configure detection rules, and click 'Add'. From the slide-in dialog, create a registry rule, with the following fields:
Rule type: Registry
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5A1AECCB-E0CE-4D2C-833C-29CCEA959448}_is1
Value name: DisplayVersion
Detection method: String comparison
Operator: Equals
Value: 1.x.x*
Associated with 32-bit app on 64-bit clients: yes
*The "Value" is based on the version of CMSL you are using. For this example it's 1.5.0.
Click 'Next' when ready.
5. Under Dependencies tab, you do not need to add any dependencies.
6. Under Scope tags tab, if you utilize scopes, assign them here.
7. Under Assignments tab, assign the app to device groups, as needed.
8. Finally, on the Review + create tab, review your work, and click Create to create the app.
The HP Client Management Script Library will now be deployed to your clients. You can now use HP CMSL library functions as needed via Microsoft Endpoint Manager Proactive Remediation feature (or through any other management console, really).
Using HP CMSL from PowerShell interactively.
While deploying Proactive Remediations that use HP CMSL, the Intune Management Extensions will invoke the remediations with a switch to bypass the active powershell execution policy. If you want to call the library interactively from the command line once it's deployed, you will need to deal with this execution policy yourself. You have a number of options here:
- You can set execution policy to RemoteSigned, to allow untrusted scripts to run (not recommended) or..
- You can deploy the client certificate for the library, into the clients Trusted Publishers certificate.
Both of these approaches are documented in this article.
We hope this was helpful. We'll follow up in subsequent blog posts with a few examples of using HPCMSL via Intune.
Teaser image by cottonbro, Russia, via pexels.com.