Winget as SCCM Application

Evgeniy Uk 21 Reputation points
2022-06-22T16:38:48.753+00:00

Hi. Can you tell me if anyone has set up a powershell script with winget, for example (winget install -e --id Adobe.Acrobat.Reader.64-bit) as Application via Software Center? Or maybe there is another way to integrate Winget and SCCM? Thanks in advance for the answer!

Microsoft Configuration Manager Application
Microsoft Configuration Manager Application
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Application: A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users.
506 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rita Hu -MSFT 9,641 Reputation points
    2022-06-23T08:52:30.823+00:00

    @Evgeniy Uk
    Thanks for your posting on Q&A.

    According to my test, the winget.exe program only be ran in user account and we could not run it in the SYSTEM account. Unfortunately, all the task have been finished in SYSTEM account in MECM. So the conclusion is that we can't implement this functionality through MECM. Below are the results of my test for your reference.

    Here are my test screenshot for your reference:
    214258-6.png

    I installed the PsExec.exe in my lab for test and we execute programs use the system account in this app, like screenshot 1. I found that the winget.exe is placed into the users path, like C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps. But the path which winget.exe program located didn't be included the Windows PATH environment variable.

    Environment variables path in Windows in my lab:
    C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps

    So we could not run this program in system account. In addition, I have tested it to run the command in user account and I installed the Adobe.Acrobat.Reader.64-bit successfully. As I have attached the screenshot 3 above.

    Hope the above will be helpful. Please don't forget to accept the answer if the above is helpful.

    Best regards,
    Rita


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


4 additional answers

Sort by: Most helpful
  1. Evgeniy Uk 21 Reputation points
    2022-06-23T20:07:58.35+00:00

    Dear @Rita Hu -MSFT , it turns out that running the script winget, from under the Software Center, I run it from the context of the user? Under the system, even using a forced launch of the script via psexec can not install? In general the installation log wrote similar ( about running under user context)
    But forgive me, I'm sorry, I'm not fully understood, is it possible somehow using SCCM method (Application) of software deploing to deploy the soft via winget script?


  2. Evgeniy Uk 21 Reputation points
    2022-07-06T07:10:11.773+00:00

    @Jason Sandys that is, for ConfigMgr, programs via Winget will be installed via Intune with Co-management configured?
    Did I understand you correctly?


  3. Anoop C Nair MVP Enterprise Mobility 21 Reputation points MVP
    2022-10-18T13:31:14.2+00:00

    Hi, I don't know whether the following scenario is supported or not. I did a quick test and it works in my lab without co-management.

    https://www.anoopcnair.com/install-app-windows-package-manager-winget-sccm/

    0 comments No comments

  4. Chris Stanton 0 Reputation points
    2024-12-12T22:08:55.6766667+00:00

    Found a solution. Powershell script that can be deployed as administrator. I use this to make the upgrade process easy. below is an example for google chrome.

    # Variables for the application and action
    # Valid actions: install or upgrade
    $AppId = "Google.Chrome"
    $Action = "upgrade"
    
    # Log file setup
    $LogDirectory = "C:\temp"
    $LogFile = Join-Path $LogDirectory "winget_script.log"
    if (!(Test-Path $LogDirectory)) {
        New-Item -ItemType Directory -Path $LogDirectory | Out-Null
    }
    
    # A helper function to write to the log file with timestamps
    function Log-Message {
        param([string]$Message)
        $timestamp = (Get-Date).ToString("yyyy-MM-dd HH:mm:ss")
        "$timestamp : $Message" | Out-File -FilePath $LogFile -Append
    }
    
    Log-Message "Starting winget script..."
    
    # Ensure LocalState path exists
    $LocalStatePath = "C:\Windows\System32\config\systemprofile\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState"
    if (!(Test-Path $LocalStatePath)) {
        New-Item -ItemType Directory -Path $LocalStatePath -Force | Out-Null
        Log-Message "Created LocalState directory: $LocalStatePath"
    } else {
        Log-Message "LocalState directory exists: $LocalStatePath"
    }
    
    # Ensure defaultState directory exists and has proper permissions
    $DefaultStatePath = "C:\Windows\Temp\WinGet\defaultState"
    if (!(Test-Path $DefaultStatePath)) {
        New-Item -ItemType Directory -Path $DefaultStatePath -Force | Out-Null
        Log-Message "Created WinGet defaultState directory: $DefaultStatePath"
    } else {
        Log-Message "WinGet defaultState directory exists: $DefaultStatePath"
    }
    
    # Ensure SYSTEM has full control over the defaultState directory
    icacls $DefaultStatePath /grant SYSTEM:F /T | Out-Null
    Log-Message "Ensured SYSTEM has full control on $DefaultStatePath"
    
    # Find the winget executable under Program Files\WindowsApps
    $WingetPath = Get-ChildItem "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*" -Recurse -Filter winget.exe -ErrorAction SilentlyContinue | Select-Object -First 1
    if (-not $WingetPath) {
        Log-Message "No winget executable found. Exiting."
        exit 1
    } else {
        Log-Message "Found winget executable: $($WingetPath.FullName)"
    }
    
    # Reset and update sources to ensure System profile has the necessary data
    try {
        & $WingetPath.FullName source reset --force | Out-String | Out-Null
        Log-Message "Winget source reset completed."
        & $WingetPath.FullName source update | Out-String | Out-Null
        Log-Message "Winget source update completed."
    } catch {
        Log-Message "Error resetting/updating winget sources: $($_.Exception.Message)"
        exit 1
    }
    
    # Run the winget command using the specified action and application ID
    try {
        Log-Message "Running winget $Action for $AppId..."
        $output = & $WingetPath.FullName $Action --id $AppId --exact --silent --accept-source-agreements --accept-package-agreements | Out-String
        Log-Message "Winget $Action output: $output"
        Log-Message "Completed winget $Action for $AppId."
    } catch {
        Log-Message "Error running winget command: $($_.Exception.Message)"
        exit 1
    }
    
    Log-Message "Winget script finished."
    
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.