Deploying InTune through SCCM Task Sequence

We’ve been consolidating systems at work and were faced with scrapping our asset management system in favour of our new case management system, Cherwell. Previously we used Alloy for inventory, and Alloy had no problem reporting hardware data during task sequence, even for machines that aren’t going to be connected to our network. We’ve got a few so-called “Open-PC’s” that won’t be on our network, aren’t connected to the domain and thusly won’t be reporting any hardware inventory to SCCM. I spent a long time trying to force a hardware inventory within the task sequence, but it doesn’t seem to be possible. One method would be to create a script and a scheduled task to remove the machine from domain some time after image having been applied, but this would just be annoying on a day-to-day basis. And it wouldn’t be reliable.

Thus my eyes fell to InTune, which doesn’t require a domain connection and will deliver inventory details, which we can pull to our case system. (For insurance reasons.) I tried many different methods of accomplishing this, and kept getting stuck because InTune and SCCM client inherently are incompatible with one another. InTune will simply refuse to be installed where the SCCM already exists.

I ended up creating a task sequence structure that accomplished what was required through scripts and SCCM PostAction.

  • Pre-requisites:
  • Create a package pointing to a directory where you’ll keep your source files. We’ll use this later. Throw your Intune .msi and certificate in this directory.
  • Create Install-IntuneClient.ps1 file containing the following(Thanks to Peter for most of the powershell script.):

    #Define variables
    $NewPath = “C:\Temp”
    $CertificateName = “MicrosoftIntune.accountcert”
    $UninstallPath = “C:\Windows\ccmsetup”
    $UninstallerName = “ccmsetup.exe”
    $UninstallerArguments = “/Uninstall”
    $InstallerName = “Microsoft_Intune_X64.msi”
    $InstallerArguments = “/qb!”
    #SCCM Uninstall
    Start-Process -FilePath “$UninstallPath\$UninstallerName” -ArgumentList $UninstallerArguments -Wait -PassThru
    #Waiting time introduced to ensure that msiexec is ready.
    Start-Sleep -s 160
    #Uninstall of MS Policy Platform, since InTune will think this version will work, but it won’t. You will get the client but it’ll get policy errors if you don’t do this step.
    Start-Process -FilePath “C:\Windows\System32\msiexec.exe” -ArgumentList “/X{6549B04F-E826-4E0A-8C3F-388540F08541} /qn”
    Start-Sleep -s 160
    #Intune Install
    Start-Process -FilePath “$NewPath\$InstallerName” -ArgumentList $InstallerArguments -Wait -PassThru
    #Folder Cleanup.
    Remove-Item $NewPath -Force -Recurse
    #Giving InTune a few minutes to talk to the server.
    Start-Sleep -s 160
    #Optional step – shuts down computer after finishing. Uncomment if you want it.

  • Create .cmd file containing the following:

    @echo off

    md c:\Temp
    copy /Y “%~dp0Microsoft_Intune_X64.msi” c:\Temp
    copy /Y “%~dp0MicrosoftIntune.accountcert” c:\Temp
    copy /Y “%~dp0Install-IntuneClient.ps1” c:\Temp

  • Task Sequence Steps:
  • Run Command Line containing: cmd /c “yourfilenamehere.cmd”
    I chose to point this at the package to pull the file from the server. You can of course do this in other ways, but this is my personal preference.
  • Set Task Sequence Variable: SMSTSPostAction

    PowerShell.exe -ExecutionPolicy ByPass -File “C:\Temp\Install-IntuneClient.ps1”

And you’re done.

Leave a Reply

Your email address will not be published. Required fields are marked *