Dynamic win32 app detection

So here is what i am thinking about, let me know if this will work of not.

I am using a version of Evergreen to install or update Adobe reader DC, right now i have to update the detection method script with the new Version # to get the app to reinstall with the latest build.

What I’m wanting to do is have a scheduled task check for a new version history via release notes, update the detection script automatically then update that via command line MS graph kinda how Patch my pc does its packing. would this be doable?

ok so here is what i came up with so far, this is my detection for Evergreen version

# Application-specific variables
$appName = "AdobeAcrobatReaderDC"
$appLang = "MUI"
$appArch = "x64"
$tempPath = "C:\Temp\$appName"
		
# Check the latest stable version of the application using the Evergreen module
$appInfo = Get-EvergreenApp -Name $appName | Where-Object { $_.Architecture -eq $appArch -and $_.Type -eq $appType -and $_.Language -eq $appLang}  | `
Sort-Object -Property @{ Expression = { [System.Version]$_.Version }; Descending = $true } | Select-Object -First 1		


$scriptPath = "!!detection script path here!!"
$lineToUpdate = 2  # Line number to update (starting from 1)
$AppsVersion = '$AppVersion'
$newLine = "$AppsVersion = `"$([version]$appInfo.version)`" # DisplayVersion of the App in Add/Remove Programs"

$content = Get-Content $scriptPath
$content[$lineToUpdate - 1] = $newLine
Set-Content $scriptPath $content

i use the get-content and set to update the Detection script only editing line 2

$AppName = "Adobe Acrobat (64-bit)" # DisplayName in Add/Remove Programs
$AppVersion = "24.5.20399" # DisplayVersion of the App in Add/Remove Programs
$WindowsInstaller = 1 # 1 or 0 | 1 is MSI 0 is EXE
$SystemComponent = 0 # 1 or 0 | 1 is SystemComponent = 1, 0 is SystemComponent does not exist or is 0

# Gather all the apps in the Add/Remove Programs Registry Keys
$Apps = (Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\) | Get-ItemProperty | select DisplayName, DisplayVersion, WindowsInstaller, SystemComponent
$Apps += (Get-ChildItem HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\) | Get-ItemProperty | select DisplayName, DisplayVersion, WindowsInstaller, SystemComponent

# Check is the App DisplayName is found and the version in the registry is greater than or equal to the specified AppVersion
$AppFound = $Apps | Where-Object {
	($_.DisplayName -like $AppName) -and ([version]$_.DisplayVersion -ge [version]$AppVersion) -and ([bool]$_.WindowsInstaller -eq [bool]$WindowsInstaller) -and ([bool]$_.SystemComponent -eq [bool]$SystemComponent)
}

# Post some output if the app is found
if ($AppFound) {
	Write-Host "Installed $AppName"
	Exit 0
}
else {
	Write-Host "$AppName Not installed"
	Exit 1
}

now the only key missing is how to upload the new detection script to intune via automated ms graph this i know will involve setup of app secret ID.

Im having trouble finding a updated and documented solution to do this

This is where you could probably do with using the MSEndpointMgr.com IntuneWin32App PowerShell module:
GitHub - MSEndpointMgr/IntuneWin32App: Provides a set of functions to manage all aspects of Win32 apps in Microsoft Intune.
N.B. For full automation, you may want to consider Intune App Factory:
Intune App Factory - MSEndpointMgr
An Azure DevOps pipeline that can pretty much automatically package and deploy any app

1 Like

thanks ill take a look and report back my findings if this works

Hi, FWIW my detection script looks something like this:

try
{
  $EvergreenName = "AdobeAcrobatReaderDC"
  $EvergreenArgs = {$_.Architecture -eq "x86" -and $_.Language -eq "English (UK)"}
  $AppPath = "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

  if (Test-Path -LiteralPath $AppPath)
  {
    # -Last is used here so we don't use the bleeding edge production version
    if ([version](Get-Item $AppPath).VersionInfo.FileVersion -ge [version](Get-EvergreenApp -Name $EvergreenName | Where-Object {$EvergreenArgs.Invoke()} | Sort-Object Version -Descending | Select-Object -Last 1).Version)
    {
      Write-Output "Installed"
      exit 0
    }
    else
    {
      exit 0
    }
  }
}
catch
{
  # Evergreen is probably not installed
  exit 0
}

As you see, I tend to rely on the version of the executable, but it’s the same kind of idea. The only downfall I find is that the detection script only works if the app is required. If it is available, the app will show as available for install, but updating it is a manual process.

I’ve used a combo of Intune App Factory and PSPackageFactory to make my own, so I can publish to both Intune and ConfigMgr (largely a work in progress though).

… Alex …

This is why I avoid all this “Let’s create a Custom detection script for each Application” nonsense by using tag files.

Tag file exists ==> Installed!

Creating tag files has its own issues because if an app is removed manually, either by a user who may have admin rights (happens, such as LAPS, etc), or a rogue/novice service desk user, Intune or SCCM is never going to try and reinstall it.

Oh, we got that base covered. We create a new ARP entry pointing to a local copy of the PSADT package and make the original ones children of the custom one.