Last Updated on July 28, 2022 by rudyooms
This blog will show you how to get back your LOB (MSI) apps from Intune. Last week I noticed a question popping up on Reddit asking for the same thing, so I decided to write a blog about it!
Retrieve uploaded msi application : Intune (reddit.com)
I will divide this blog into multiple parts
- The Installation flow
- How to retrieve the uploaded LOB app manually option 1
- How to retrieve the uploaded LOB app manually option 2
- My first attempt to create a Tool
- The Working version
That question on Reddit made me wonder if it was possible to create a tool to get back those lost MSI installation files. Some time ago I pretty much did the same with the Win32apps.
As we all know, the installation flow with the Win32 apps is just a little bit different. Before I am going to show you how to get them back I still need to show you the installation flow. Otherwise, we are just using the tool without knowing why it worked, right?
Please Note: Of course, I am aware of the fact that mixing Win32Apps and LOB apps during autopilot is definitely not the best practice but that doesn’t mean no one does it 🙂
2. Installation Flow
While I was writing a nice story to tell you about the MSI installation flow I decided to just shift delete it instead of creating a simple flow. Let’s take a look at the MSI installer flow itself and how the OMA-DM Client initializes this process
3. How to retrieve the uploaded LOB app manually option 1
When looking at the installation flow you will probably have noticed that the temporary MSI installation file will be placed inside the C:\Windows\system32\config\systemprofile\AppData\Local\mdm folder.
As shown below, I am triggering the installation of the MSI version of Google Chrome from the Company portal
After clicking on install, the device will first initialize a sync and when it’s done it will start downloading the MSI file
After the file was successfully downloaded the installation will kick-off and at that exact moment, you have some time to copy and paste the Windows installer installation file from the C:\Windows\system32\config\systemprofile\AppData\Local\mdm folder into another location.
4. How to retrieve the uploaded LOB app manually option 2
While writing this blog and after creating the Tool, I suddenly realized that you could also simply just fetch the Installer file from the c:\Windows\installer folder… This folder contains the Windows installer cache and is used to store important files for the applications used by the Windows installer.
As shown above, the Window installer folder still contains our Chrome MSI installation file. It even shows us the details about the App itself
The Windows installer folder contains all the MSI files for the apps that are installed. When removing the App, the corresponding MSI file will also be deleted. So I guess we have enough time to fetch that MSI file
5. My first attempt to create a Tool
I guess it’s always good to learn from your failures. My first idea was not the best one! As shown in this picture… It’s in dutch but please let me translate it for you!
Stupid ideas always begin with: Please hold my #membeer!
Let me explain why I am mentioning this quote. My first idea was to write a tool that simply will place some deny delete/delete subfolder and files restrictions on that MDM folder.
When looking back at the installation flow, I was telling you that BITS will download the file and will place a tmp file in that MDM folder. When the BITS download is done it will convert the tmp file into the required MSI file.
But while doing so it will also need to delete the temporary file! Guess what happens when you made sure NO ONE could delete files in that folder!
As shown above, the BITS client didn’t like that approach somehow when testing it on Windows 10…. That’s a shame…. What else could we do?
6. The Working version
After ditching my first idea, I needed to come up with a better one.
I decided to create a solution based upon a FileSystemWatcher
This FileSystemWatcher will monitor the C:\Windows\system32\config\systemprofile\AppData\Local\mdm folder we talked about earlier
If the FileSystemWatcher notices that a file is created/changed it will execute a defined action. This action is configured to copy that MSI file to your install\intune folder
After it fetches the MSI file from the MDM folder, it will kill the watcher process, close the tool itself, and open the explorer to show you the MSI file.
It’s always fun to take a better look at how stuff works. Getting back your LOB apps is way easier than getting back your Win32Apps. So for anyone who is still mixing their drinks during Autopilot I hope this blog showed you how to get them back
If you want to know how to get back your Win32Apps from Intune, please read this blog: