Month: May 2013
Deploying Android Apps with Windows Intune
Using Windows Intune standalone? You can quickly deploy apps using the following process! This example utilizes an Android emulator being managed through Intune. For more information on how to set that up for testing, see https://t3chn1ck.wordpress.com/2013/05/01/setting-up-windows-intune-to-manage-android/.
Upload Android APK App
To begin, be sure to obtain a safe APK that you can deploy (e.g. don’t download an infected app!)
Click button to Add Software
Select the Android app installer type
Enter the desired app properties
Specify the Android OS version that the app can be installed upon
Finish the wizard
Deploy App to Device Group
Click button to Manage Deployment
Select the target group (this example just uses a static membership with my Intune user account)
Ensure the approval is set to be Available
Install App on Android Device
On your Android device (an emulator in this example), go to https://m.manage.microsoft.com and sign in
Select the app category
Select the app
Click “Get app”
When the app has been download, click the “drop arrow” that appears in the upper-left corner
Select the app
Select to Install (lower-right)
And voila…you’re app is installed!!
Scripting Service Account Changes
I recently had a situation where I needed to script the creation of a Windows service and specify a domain user/password to run the service. The main struggle was getting the service to grant the user “Log On As Service” rights, which wasn’t being automatically completed with the SC.exe tool. To accomplish this feat, the NTRights.exe utility from the Windows Server 2003 Resource Kit was needed, and will be needed for the below script!
sc.exe create "My Service" type= own start= auto binpath= "C:\Program Files\Product\MyApp.exe" sc.exe config "My Service" obj= "domain\username" password= "thePassword" type= own "ntrights.exe" -u domain\username +r SeServiceLogonRight sc.exe start "My Service"
Understanding Costs to Manage Windows 8 Devices with Intune
Side-loading keys (100 pack for $2500?) are different from the mobile device cert ($299/yr) and the Dev Center account ($99/yr) – and they are all unique to each tenant.
- Side-loading keys are way to bypass publishing apps through the public Windows Store and deploy apps to the Windows devices
- Mobile device certs are used to authentically sign the apps
- Windows Dev Center account is specifically used to create a company portal for any apps and for device enrollment
So initially it would be $400 for each tenant. If it’s ever needed to deploy apps through Intune to those Windows devices, then the side-loading keys are necessary.
For ‘how’ the Intune client generally gets installed on a WP8/RT device:
- Get a mobile device signing cert
- Get a Windows Dev Center account and obtain that the “Windows 8 Company Portal App”
- Sign that app with the mobile cert and publish via Intune
- Users (with the Intune account) can then utilize the “Company Apps” built-in function enroll their device and thereby get managed through Intune
SQL Query App-V 5.0 Usage
You can use the following query on your App-V 5.0 reporting server database (AppVReporting) to get application usage information for which users ran which software on which systems and when.
select distinct username, host_name, app_name, start_time from dbo.ApplicationUsage APPU join dbo.ClientInformation CLIINFO on APPU.host_id=CLIINFO.host_id order by start_time desc
Scripting Sybase PowerDesigner Viewer 16.x
Ran into a curious situation when automating the installation of Sybase PowerDesigner Viewer 16. If you just want the answer, then jump to the bottom of this post :-)
The installer was built as a self-extracting InstallShield setup. Typically, for a ConfigMgr package I like to use the extracted files. However, when attempting to run the Setup of the InstallShield installation, an error was generated that “setup.cab” was missing from “Disk2”. This was issue #1.
Since there was no “disk 2”, so I reverted back to just using the native, self-extracting installer. This appeared like it was going to be fairly simple as all defaults were going to be used. Most times, just using /s is enough to complete the silent installation. But no, this would be too easy. The installation would still not run unattended. Eventually I discovered that the only way to automate a silent installation was to create and include a setup.iss record file. Again, this is despite that only the defaults were being used and that a basic setup.iss was already included as part of the extracted files. This was issue #2.
So have we finally figured out how to automate the silent install? Of course not – there is no reason that a simple application should be so easy to automate. Running the install as PDV_16.exe /s /f1″setup.iss” would absolutely install PDV…when executed manually. As soon as it was deployed using ConfigMgr, the setup would fail with an error. Why oh why!?! Turns out that their installer also hates to be run in System context. Which is what we all know is how ConfigMgr needs to do it, especially for Task Sequences. This was issue #3.
After tussling with this application, I finally figured out that not only is a recorded installation (setup.iss) necessary, but so is specifying a location for the log file!! Conclusion? I despise Sybase installers. Answer? Use the following command line.
PDV_16.exe /s /f1"setup.iss" /f2"c:\windows\temp\pdvsetup.log"
One last comment. Make sure the log file is specified in a directory that already exists (such as c:\windows\temp), otherwise you end up with Issue #4. And use a wrapper (such as a batch file) to specify the current working directory of the setup.iss file, otherwise you’ll end up with Issue #5. If using a batch file, the command would like this for your ConfigMgr package:
"%~dp0PDV_16.exe" /s /f1"%~dp0setup.iss" /f2"c:\windows\temp\pdvsetup.log"
Setting up Windows Intune to Manage Android
Android with Windows Intune
Use this guide to help you get started testing management of Android devices with Windows Intune (Wave D) standalone. This guide assumes Office 365 has been completely set up, configured, and operational for your organization.
Create the emulator
First and foremost, create an Android emulator. One of the best guides that I have found for doing this is at http://www.javaexperience.com/10-easy-steps-to-install-android-emulator-in-windows/ (just make sure you’ve installed the latest version of Java first!). Below are the settings that I used for my emulator.
O365 Mailbox enabled for ActiveSync
Next, ensure that the user account(s) which will be used for testing the Android devices are enabled for ActiveSync.
Enable ActiveSync
Launch the Email app
Enter your username@domain.com and password
Select Exchange
Set the domain/username and server as m.outlook.com
Accept the cert
Configure settings as desired
You’re ready to go!
Activate the device
Once the sync has completed, then you’re connected
Exchange Connector (even for O365)
http://technet.microsoft.com/library/jj733621.aspx
Download the Exchange Connector from Intune (as this has an additional cert included):
Administration > Mobile Device Management > Microsoft Exchange > Exchange Connector
Managing Device Information
Confirm device
Create Android Device Group
Create Android User Group
Create Policy
“Create and Deploy a Custom Policy”
Set a policy name and require a password changed to require a password
Deploy the policy
t3chn1ck 