Deploying IT Agent Portable With Intune
Contents
Pro Tips #72
One of the lesser known ways to scan devices with Lansweeper is the portable agent. Some of the long-time customers will remember LsPush, our previous portable agent. Portable agents have unique ability to be triggered by anything that can run an executable, giving you more control over when a device gets scanned.
In our example today, we will probably use the most popular reason to use a portable agent. Accurately scanning user logons.
As you might know, Lansweeper will scan the logged on user, but if another person logs on in between scans, there will be no record of that logon. To ensure Lansweeper always captures a logon, we will trigger a Lansweeper scan on logon.
Setting up Lansweeper to accept IT Agent Portable files
Before we can start deploying the portable agent and the scheduled task, we will need to ensure that Lansweeper is ready to accept the scans. To do this you will need to access the hub you want to use to process the portable agent scans and head over to the Settings > Data Transfer.
Here you will need to enable the IT Agent Portable code(s) and save your key. You will need this later on.
Certificates
Since we’re on the hub now, in order to safely transmit the data to your hub, you will also need to install a certificate on the machines that want to send data in their Trusted Root Certification Authorities. You can find the certificate in C:\Program Files\Lansweeper Network Discovery\hub\ssl
Download the Required Files
You will need a couple of files to get it all working. Starting off with the IT Agent Portable executable. You can download the IT Agent Portable from your Lansweeper interface in Download installers/packages menu in the Discovery section.
Download the Intune packaging tool from the Microsoft GitHub
Scheduled Task and Execution Script
Last but not least, download and edit the script to create the scheduled task and trigger the IT Agent Portable scan:
IT Agent Portable Scheduled Task Script
Items to edit:
- Replace https://YourHubServer:59525 with the details for the server your Hub is located on. This can be IP address or Name.
- Replace YourKeyHere with the key you saved earlier or go to your hub and grab it.
Creating the Intune Package
Next up lets create the deployment for the portable agent. All this really does is place the executable on the devices so its available for usage.
- Place the Portable agent in the following folder C:\Temp\Packaging\Source\Lansweeper-IT-Agent-Portable
- Place IntuneWinAppUtil.exe in C:\Temp
- Run the following in command in a command prompt:
C:\Temp\IntuneWinAppUtil.exe -c "C:\Temp\Packaging\Source" -s "Lansweeper-IT-Agent-Portable\Lansweeper.IT.Agent.Portable.exe" -o "C:\Temp\Packaging\Output"
- Output will be: C:\Temp\Packaging\Output\Lansweeper.IT.Agent.Portable.intunewin
Configure the Intune App
Now its time to move to Intune, head over and in your Intune Admin Center, create a new Win32 App and upload the .intunewin file we just created.
Install and Uninstall Commands
On the next page enter the Install Command:
powershell.exe -ExecutionPolicy Bypass -Command "Copy-Item -Path '.\Lansweeper-IT-Agent-Portable' -Destination 'C:\' -Recurse -Force"
This creates the folder C:\Lansweeper-IT-Agent-Portable and places the EXE inside.
Uninstall Command (optional):
powershell.exe -Command "Remove-Item -Path 'C:\Lansweeper-IT-Agent-Portable' -Recurse -Force"
Detection Rules
On the Detection rule page, you can use the following to ensure it can detect the deployment
- Rule type: File
- Path:
C:\Lansweeper-IT-Agent-Portable - File: Lansweeper.IT.Agent.Portable.exe
- Detection method: File exists
The rest of the app setup can be left to it’s default settings.
Configuring the Scheduled Task through Intune
Last but not least, you will need to ensure that the scheduled task is set up so that it triggers the scan at logon.
- Go to Microsoft Intune Admin Center → Devices → Scripts and remediations → Platform Scripts > Add > Windows 10 and later.
- Upload the script you downloaded earlier.
- Choose Run this script using the logged on credentials: No
- Enforce script signature check: No
- Assign it to the user or device group.
Troubleshooting
In case you see nothing appear, here is the PowerShell command you can use to manually trigger a scan and see the result or error message. Before running this you must edit the following two values:
- Replace https://YourHubServer:59525 with the details for the server your Hub is located on. This can be IP address or Name.
- Replace YourKeyHere with the key you saved earlier or go to your hub and grab it.
C:\Lansweeper-IT-Agent-Portable\Lansweeper.IT.Agent.Portable.exe scan -h https://YourHubServer:59525 --key YourKeyHere
And that’s it! Everything you need to get an IT Agent portable deployment set up and get more controls over when devices are scanned!
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.