Using Intune and Winget to Install, Uninstall, and Update Windows Applications
Updated: Feb 2
SUMMARY: |
Application management is an important responsibility of IT departments with applications needing to be installed, uninstalled, or updated. This article will show you how to use Intune and winget, a Windows command line program, to do all three! |
The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 and Windows 11 computers. This tool is the client interface to the Windows Package Manager service. — Microsoft
Table of Contents
Prerequisites
NOTE: |
Winget can also be run from PowerShell, so we'll be using Intune to deploy PowerShell scripts with winget commands. |
Before deploying PowerShell scripts using the winget command, take note of the following prerequisites.
Always try to run the winget command in an elevated PowerShell mode. If the devices' users are local administrators, you can run the script under the user context.
Winget may not run correctly if executing the PowerShell script under the system context. If possible, try to run it as the user. If the user is not an administrator, you may want to consider another alternative to managing the application if the test fails.
Installing Applications
Step 1: Retrieve the App ID and Source
Before installing an application, you need its app ID and source. There are two primary sources for applications: winget and the Microsoft Store (msstore).
Use the command below on your computer first to find the ID and source:
winget search "app_name"Example:
Below are two examples where I used the winget search command to find the ID and source:
In the first example, the ID is Google.Chrome.EXE and the source is winget.
In the second example, the ID is XPFFZHVGQWWLHB and the source is msstore.
Step 2: Create the Script
Now that you have the app ID and the source, you can create a PowerShell script to install the application using the command below:
winget install -h --id "app_id" [--source "source"] --accept-source-agreements --accept-package-agreements-h: silent install
--id: copy and paste the app ID you retrieved in step 1
--source: optionally, copy and paste the source you retrieved in step 1
--accept-source-agreements: force the computer to accept Microsoft's Store policy if the source is "msstore." If this flag is not used, the script may stop and request the user to accept the policy.
--accept-package-agreements: force the computer to accept the license agreement. If this flag is not used, the script may stop and request the user to accept the policy.
Example:
Below is an example PowerShell script to install Google Chrome.
Step 3: Upload and Deploy the Script
Launch the Endpoint Manager (Intune) portal.
Select Devices in the left-hand menu blade then select Windows.
Select Scripts and remediations then select the Platform Scripts tab.
Select + Add .
To learn more about deploying PowerShell scripts, click the link below:
Uninstalling Applications
NOTE: |
You can use winget to uninstall all types of applications regardless of whether it was installed with winget or not. |
Step 1: Create the Script
Use the following command to uninstall applications:
winget uninstall -h --id "app_id" [--version "version"]-h: uninstall silently
--id: the application ID; if you do not know it:
Use the winget list "app_name" command if the application is installed on your machine.
Use the winget search "app_name" command if the application is not installed on your machine.
Note: if no ID is listed in the output, then use the app name instead, replacing the --id parameter (Ex. winget uninstall -h OneNote)
--version: optionally, you can specify which version of the application to uninstall
Example:
Below is an example PowerShell script used to uninstall Chrome. To prevent your PowerShell script from having any errors, we'll use the if statement to check if Chrome is installed first.
Step 2: Upload and Deploy the Script
Open the Endpoint Manager (Intune) portal.
Select Devices in the left-hand menu blade then select Windows.
Select Scripts and remediations then select the Platform Scripts tab.
Select + Add.
To learn more about deploying PowerShell scripts, click the link below:
Updating Applications
You can also use winget to update an application. For example, you can deploy a script that uses winget to update an application your end-users installed.
IMPORTANT: |
You can only use the winget command to upgrade an application if winget is the source in the winget list command or if winget is supported by that application. |
Step 1: Create the Script
Use the following command to upgrade an application:
winget upgrade -h --id "app_id" [--source "source"] --accept-source-agreements --accept-package-agreements-h: upgrade silently
--id: you must provide the app ID; if you do not know it:
Use the winget list "app_name" command if the application is installed on your machine.
Use the winget search "app_name" command if the application is not installed on your machine.
--source: optionally, provide the source of the application
--accept-source-agreements: force the computer to accept Microsoft's Store policy if the source is "msstore." If this flag is not used, the script may stop and request the user to accept the policy.
--accept-package-agreements: force the computer to accept the license agreement. If this flag is not used, the script may stop and request the user to accept the policy.
Example:
Below is an example PowerShell script used to update Chrome. To prevent your PowerShell script from having any errors, we'll use the if statement to check if Chrome is installed first.
Step 2: Upload and Deploy the Script
Open the Endpoint Manager (Intune) portal.
Select Devices in the left-hand menu blade then select Windows.
Select Scripts and remediations then select the Platform Scripts tab.
Select + Add.
To learn more about deploying PowerShell scripts, click the link below:
Troubleshooting Scripts that use Winget
After you deploy a PowerShell script that contains a winget command, you may receive errors in Intune. Below are common errors along with potential causes/resolutions.
User Account Control (UAC) Prompt
If your users receive a UAC prompt from the script with the winget commands, then the user is most likely not a local administrator.
Error 1603
You may receive this error for any of the following reasons provided by Microsoft.
Windows Installer is attempting to install an app that is already installed on your PC.
The folder that you are trying to install the Windows Installer package to is encrypted.
The drive that contains the folder that you are trying to install the Windows Installer package to is accessed as a substitute drive.
The SYSTEM account does not have Full Control permissions on the folder that you are trying to install the Windows Installer package to. You notice the error message because the Windows Installer service uses the SYSTEM account to install software.
Another potential cause is the script is being deployed under the user context and the user is not a local administrator.
Hello Gareth,
Thanks so much for this interesting post. I am a sysadmin apprentice (forced into this role by my current job position).
I have a task that requires uninstalling several applications that were either packaged in Intune or installed by the end user directly. I am having issues executing a simple test script (it was configured to run under the system context), but it fails to execute due to this context issue.
Here is the simple instruction (I will add the if instruction from your example):
winget uninstall --name app_name --silent
Since I don’t want to waste time searching for how to run this for every user and multiple apps, I’d like to use Task Scheduler to automate the process.…