Using scripts to evaluate Win32 app requirements – “Require Chassis equals Laptop”

In this short post we will be looking at app requirements in the context of installing Win32 apps.

What are App Requirements?

App Requirements allow you to specify certain requirements are met before your app gets installed on your endpoint. If the requirements are not met the app will not install. Many admins create groups to target apps to users – this is great! But what if the user has a device that you know the app will not work on?

For example. The accounts department has a mix of users with laptops and PCs. We want to make software available to them but we know it will only work on a specific Windows version and if a certain registry key exists – this is where app requirements becomes so useful. We can target the accounts user group to make software available to them and only allow the app to install if certain requirements are met – we don’t need to create different groups to target specific users in the accounts department.

There are some built in requirements you can choose from when creating your Win32 application. Lets explore them briefly.

Operating System Architecture
Choose the architecture required to install the app
Options: 32-bit or 64-bit

Minimum operating system
Select the minimum operating system required to install the app
Options: Windows 10 1607 / 1703 / 1709 / 1803 / 1809 / 1903 / 1909

Disk space required (MB)
Free space required on the system drive to install the app

Physical memory required (MB)
Physical memory required to install the app

Minimum number of logical processors required
The minimum number of logical processors required to install the app

Minimum CPU speed required (MHz)
Minimum CPU speed required to install the app

As well as the options above you can also choose one of 3 extended requirements File, Registry and Script

File



Registry


Script

Script Example

In the following example, we will use a PowerShell script to check the Chassis type of the device. If the value returned indicates that it is a laptop, we will return success and the app requirement will be satisfied.

Script credit to https://powershell.one/wmi/root/cimv2/win32_systemenclosure

The script above mas modified to return 3 values which can be used in ConfigMgr / Intune. The out put of the script will be either IsLaptop, IsDesktop or IsServer

You can grab the modified script here https://github.com/byteben/Windows-10/blob/master/Detect_Chassis.ps1

Adding a script as an app requirement

1 . In the Win32 app wizard, select the requirements tab and click +Add

2 . In the Requirement type field, choose Script

3 . Enter a name in the Script name field

4 . Browse to and select the app requirement script

5 . From the Select output data type drop down box, select String

6 . From the Operator drop down box, select Equals

7 . Enter IsLaptop in the value field

8 . Click OK

9 . Complete the rest of the WIn32 application configuration

10 . Review and save the WIn32 application

Observing the app requirement behaviour

1 . Open the Company Portal on a device for a user you targeted with the app that satisfies the requirement i.e. IsLaptop

2 . Install the Win32 app

The app installs as expected because the script output matched the app requirement

3 . Now open the Company Portal on a device for a user you targeted with the app that does not satisfy the requirement i.e. IsDesktop

4 . Attempt to install the same Win32 app

The app will not install because the app requirement has not been met. The script output was not the expected IsLaptop

If we examine the IntuneManagementExtension.log file we can see the app requirement script block is passed

We can see the expected value of the script output

As we move through the log we can see the detection logic is run first, does the app exist? (1)
The app requirement rules are checked (2)
The extended app requirement rules are checked (3)

Summary

App requirements are a nice way to be able to target your apps to users and devices without having to be imaginative with Dynamic Membership in Azure AD Groups. In the example above we used a PowerShell script for the extended requirement to ensure the device was a laptop before the app was installed.

If you have any other imaginative examples of how you have used app requirements and scripting, let me know!

1 thought on “Using scripts to evaluate Win32 app requirements – “Require Chassis equals Laptop””

  1. The only thing to watch out for with this is “required” apps and the enrolment status page during AutoPilot enrolment. If you track all apps and an app fails to meet the requirements rule then the ESP will treat this as a failed/missing app. The only workaround is to selectively track apps and exclude the ones which may not pass requirements which isn’t ideal either – it would be better if there was an exception list to the track all option. Hopefully AutoPilot will get some additional controls to manage this scenario in the future.

Leave a Reply to Mark Thomas Cancel Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.