LOB Apps & Win32 Apps: The Intune Lightning Thief

Last Updated on July 28, 2022 by rudyooms

This blog will show you how to get back your LOB (MSI) apps from Intune. Last week I noticed a question popping up on Reddit asking for the same thing, so I decided to write a blog about it!

Retrieve uploaded msi application : Intune (reddit.com)

I will divide this blog into multiple parts

  1. Introduction
  2. The Installation flow
  3. How to retrieve the uploaded LOB app manually option 1
  4. How to retrieve the uploaded LOB app manually option 2
  5. My first attempt to create a Tool
  6. The Working version

1. Introduction

That question on Reddit made me wonder if it was possible to create a tool to get back those lost MSI installation files. Some time ago I pretty much did the same with the Win32apps.

As we all know, the installation flow with the Win32 apps is just a little bit different. Before I am going to show you how to get them back I still need to show you the installation flow. Otherwise, we are just using the tool without knowing why it worked, right?

Please Note: Of course, I am aware of the fact that mixing Win32Apps and LOB apps during autopilot is definitely not the best practice but that doesn’t mean no one does it 🙂

2. Installation Flow

While I was writing a nice story to tell you about the MSI installation flow I decided to just shift delete it instead of creating a simple flow. Let’s take a look at the MSI installer flow itself and how the OMA-DM Client initializes this process

3. How to retrieve the uploaded LOB app manually option 1

When looking at the installation flow you will probably have noticed that the temporary MSI installation file will be placed inside the C:\Windows\system32\config\systemprofile\AppData\Local\mdm folder.

As shown below, I am triggering the installation of the MSI version of Google Chrome from the Company portal

Graphical user interface, application

Description automatically generated

After clicking on install, the device will first initialize a sync and when it’s done it will start downloading the MSI file

Graphical user interface, text, application

Description automatically generated

After the file was successfully downloaded the installation will kick-off and at that exact moment, you have some time to copy and paste the Windows installer installation file from the C:\Windows\system32\config\systemprofile\AppData\Local\mdm folder into another location.

4. How to retrieve the uploaded LOB app manually option 2

While writing this blog and after creating the Tool, I suddenly realized that you could also simply just fetch the Installer file from the c:\Windows\installer folder… This folder contains the Windows installer cache and is used to store important files for the applications used by the Windows installer.

Graphical user interface, text, application

Description automatically generated

As shown above, the Window installer folder still contains our Chrome MSI installation file. It even shows us the details about the App itself

Graphical user interface, text, application

Description automatically generated

The Windows installer folder contains all the MSI files for the apps that are installed. When removing the App, the corresponding MSI file will also be deleted. So I guess we have enough time to fetch that MSI file

5. My first attempt to create a Tool

I guess it’s always good to learn from your failures. My first idea was not the best one! As shown in this picture… It’s in dutch but please let me translate it for you!

Stupid ideas always begin with: Please hold my #membeer!

Text, letter

Description automatically generated

Let me explain why I am mentioning this quote. My first idea was to write a tool that simply will place some deny delete/delete subfolder and files restrictions on that MDM folder.

Graphical user interface, text, application, email

Description automatically generated

When looking back at the installation flow, I was telling you that BITS will download the file and will place a tmp file in that MDM folder. When the BITS download is done it will convert the tmp file into the required MSI file.

But while doing so it will also need to delete the temporary file! Guess what happens when you made sure NO ONE could delete files in that folder!

Graphical user interface, table

Description automatically generated

As shown above, the BITS client didn’t like that approach somehow when testing it on Windows 10…. That’s a shame…. What else could we do?

6. The Working version

After ditching my first idea, I needed to come up with a better one.

I decided to create a solution based upon a FileSystemWatcher

Graphical user interface, text, application, email

Description automatically generated

This FileSystemWatcher will monitor the C:\Windows\system32\config\systemprofile\AppData\Local\mdm folder we talked about earlier

Text

Description automatically generated

If the FileSystemWatcher notices that a file is created/changed it will execute a defined action. This action is configured to copy that MSI file to your install\intune folder

Word

Description automatically generated with low confidence

After it fetches the MSI file from the MDM folder, it will kill the watcher process, close the tool itself, and open the explorer to show you the MSI file.

https://call4cloud.nl/wp-content/uploads/2022/06/GetLobAppsBack.zip

Conclusion:

It’s always fun to take a better look at how stuff works. Getting back your LOB apps is way easier than getting back your Win32Apps. So for anyone who is still mixing their drinks during Autopilot I hope this blog showed you how to get them back

chef GIF

If you want to know how to get back your Win32Apps from Intune, please read this blog:

Leave a Reply

Your email address will not be published.

  +  87  =  88