Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

Reinstall a required Win32app using remediation on demand

Posted on January 27, 2025January 27, 2025 by Jörgen Nilsson

Remediations on demand is one of the coolest thing when it comes to troubleshooting a zero-trust modern managed device. We can run them instantly on demand to clients. It triggers fast and you get the status in the Intune Portal in minutes, the output from the script can take some time though.
We also need to make sure we have RBAC in place to be able to use pro-active remediations, without scope-tags admin that are allowed to run remediations on demand can run all remediations on demand that is in the tenant and that is not the scenario we want. We want it to look like below with only the suitable remediations visible.

This script will make it possible to reinstall the Required Win32App remotely using Remediation on demand, which makes it possible for ServiceDesk/Technician to solve app issues without remote controlling the machine. A great example is to fix the remote-control software if it doesn’t work, in this sample Remote Help, fixing VPN software issues is another.

The script will do the following:

  • Uninstall the application, in this sample a Windows Installer App
  • Remove the necessary IME registry values for the AppID in question
  • Remove the GRS entry for the app so it will try to reinstall when the IME agent is restarted.
  • Start a new PowerShell process that will wait 160 seconds before restarting the IME Agent.

Both the detection and remediation script can be downloaded here: Intune-MEM/ReinstallWin32App at master · Ccmexec/Intune-MEM · GitHub

Why start a new PowerShell process?

As we need to restart the IME Agent for the installation of the application to start, the result in the Intune Portal would never change from Pending.
A screenshot of a video game

AI-generated content may be incorrect.
What also is interesting is that the Intune Management agent has a delay before reporting in the result that and remediation on demand is run. It doesn’t have a message queue either so if we stop the IME Agent immediately the result will never be sent to the Intune Portal. In the sample below the delay is 158 seconds.

That is why I started a new PowerShell process with the following command.

Start-Process -FilePath powershell -ArgumentList '-Executionpolicy bypass -command "& {Start-Sleep 160 ; Restart-Service -Name IntuneManagementExtension -Force}"'

Starting a second PowerShell process solves the problem with “Run remediation Pending” as the IME Agent will detect that the Powershell process started by the IME Agent is run successfully and then it will start sending the result back to Intune.
After creating a new child process for PowerShell we start with a sleep for 160 seconds as that is the longest delay I have seen when testing it out. Then we will get the correct output in the Intune portal.

To implement the script

Change the first two lines with AppID and MSI Productcode to match the Win32app you want to reinstall.

To get the AppID open the application in the Intune Portal and the AppID is visible in the URL.

That is it, test it out, could be that the pause before restarting the IME Agent needs to be longer, but that is the longest delay I have seen when using it and testing it out.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • New settings in Intune Security Baseline Windows 11 24H2 -2504
  • Managing extensions in Visual Studio Code
  • Reinstall a required Win32app using remediation on demand
  • Administrator protection in Windows 11 – First look
  • Remediation on demand script – ResetWindowsUpdate
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT