top of page
Search
  • Writer's pictureGareth Oxendine
    • May 17
    • 5 min read

Using Intune and Winget to Install, Uninstall, and Update Windows Applications

Updated: Aug 11

If you are like me, you are responsible for installing, updating, and uninstalling applications on devices at your company. There are several ways to perform these tasks. This article will go over a built-in Windows command line tool called winget. Knowing how to use this command line program will add another tool to your "endpoint management tool belt."


The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 and Windows 11 computers. This tool is the client interface to the Windows Package Manager service. — Microsoft 

Table of Contents


Prerequisites

Before deploying PowerShell scripts using the winget command, take note of the following prerequisites.

  • Always try to run the winget command in an elevated PowerShell shell. If the users of the devices are local administrators, then you can run the script under the user context.

  • Winget may not run correctly if executing the PowerShell script under the system context. If possible, try to run it as the user. If the user is not an administrator, you may want to consider another alternative to managing the application if the test fails.


Installing Applications

Step 1: Retrieve the App ID and Source

Before you can install an application, you first need its app ID as well as the source of the application [there are two primary sources for applications: winget and the Microsoft Store (msstore)]. Use the command below on your computer first to find the ID and source:

winget search "app_name"

Below are two examples where I used the winget search command to find the ID and source.

















In the first example, the ID is Google.Chrome.EXE and the source is winget. In the second example, the ID is XPFFZHVGQWWLHB and the source is msstore.


Step 2: Create the Script

Now that you have the app ID and the source, you can create a PowerShell script to install the application using the command below: 

winget install -h --id "app_id" [--source "source"] --accept-source-agreements --accept-package-agreements

  • -h: silent install

  • --id: copy and paste the app ID you retrieved in step 1

  • --source: optionally, copy and paste the source you retrieved in step 1

  • --accept-source-agreements: force the computer to accept Microsoft's Store policy if the source is "msstore." If this flag is not used, the script may stop and request the user to accept the policy.

  • --accept-package-agreements: force the computer to accept the license agreement. If this flag is not used, the script may stop and request the user to accept the policy.


Below is an example PowerShell command to install Google Chrome.







Step 3: Upload and Deploy the Script

  1. Open the Endpoint Manager (Intune) portal.

  2. Select Devices in the left-hand menu blade then select Windows.

  3. Select Scripts and remediations then select the Platform Scripts tab.

  4. Select + Add (see below).

Adding a Script in Endpoint Manager (Intune)
Adding a Script in Endpoint Manager (Intune)

Uninstalling Applications







Step 1: Create the Script

Use the following command to uninstall applications: 

winget uninstall -h --id "app_id" [--version "version"]

  • -h: uninstall silently

  • --id: the application ID; if you do not know it:

    • Use the winget list "app_name" command if the application is installed on your machine.

    • Use the winget search "app_name" command if the application is not installed on your machine.

    • Note: if no ID is listed in the output, then use the app name instead, replacing the --id parameter (Ex. winget uninstall -h OneNote)

  • --version: optionally, you can specify which version of the application to uninstall


Below is an example PowerShell script used to uninstall Chrome. To prevent your PowerShell script from having any errors, use the if statement to check if Chrome is installed first.






Step 2: Upload and Deploy the Script

  1. Open the Endpoint Manager (Intune) portal.

  2. Select Devices in the left-hand menu blade then select Windows.

  3. Select Scripts and remediations then select the Platform Scripts tab.

  4. Select + Add.


Updating Applications

You can also use winget to update an application. A use-case for this could be forcing an update on an application that your end-users installed themselves.








Step 1: Create the Script

Use the following command to upgrade an application: 

winget upgrade -h --id "app_id" [--source "source"] --accept-source-agreements --accept-package-agreements

  • -h: upgrade silently

  • --id: you must provide the app ID; if you do not know it:

    • Use the winget list "app_name" command if the application is installed on your machine.

    • Use the winget search "app_name" command if the application is not installed on your machine.

  • --source: optionally, provide the source of the application

  • --accept-source-agreements: force the computer to accept Microsoft's Store policy if the source is "msstore." If this flag is not used, the script may stop and request the user to accept the policy.

  • --accept-package-agreements: force the computer to accept the license agreement. If this flag is not used, the script may stop and request the user to accept the policy.


Below is an example PowerShell script used to update Chrome. To prevent your PowerShell script from having any errors, use the if statement to check if Chrome is installed first.










Step 2: Upload and Deploy the Script

  1. Open the Endpoint Manager (Intune) portal.

  2. Select Devices in the left-hand menu blade then select Windows.

  3. Select Scripts and remediations then select the Platform Scripts tab.

  4. Select + Add.


Troubleshooting Scripts that use Winget

After you deploy a PowerShell script that contains a winget command, you may receive errors in Endpoint Manager. Below are common errors along with potential causes/resolutions.


User Account Control (UAC) Prompt

If your users receive a UAC prompt from the script with the winget commands, then the user is most likely not a local administrator.


Error 1603

You may receive this error for any of the following reasons provided by Microsoft.

  1. Windows Installer is attempting to install an app that is already installed on your PC.

  2. The folder that you are trying to install the Windows Installer package to is encrypted.

  3. The drive that contains the folder that you are trying to install the Windows Installer package to is accessed as a substitute drive.

  4. The SYSTEM account does not have Full Control permissions on the folder that you are trying to install the Windows Installer package to. You notice the error message because the Windows Installer service uses the SYSTEM account to install software.

Another potential cause is the script is being deployed under the user context and the user is not a local administrator.

891 views2 comments

Recent Posts

Like this Article?

If this information was helpful, we want to know!

Leave a like by clicking the heart at the bottom of the page. 

Next Coffee on You?

We hope this article was helpful to you! If so, want to send a donation as a form of thanks? Just click the coffee cup!  :)

Never Miss a Post. Subscribe Now!

Want to be notified whenever a new article is posted? Enter your email address and subscribe!

Thanks for submitting!

Donate to the Blog?

We hope the blog was helpful to you! If so, we'll take a donation as a form of thanks! :) 

© 2024 by DMTT. Powered and secured by Wix

$

Thank you for your donation!

bottom of page