powershellmicrosoft-teamsintune

PowerShell script isfailing when executing from Intune


I'm running into difficulties running a PowerShell script via Intune on devices outside of my own. The background is as follows.

I want to deploy corporate images to each users workstation, under the context of their credentials, as the images are to be used as Microsoft Teams backgrounds. As such, they need to be deployed to C:\Users\<user name>\AppData\Roaming \Microsoft\Teams\Backgrounds\Uploads (note that we do not have Teams Premium licenses, so cannot deploy images via the Teams Admin Center).

When I execute my script locally, either on my laptop or another laptop, the script executes fine and the images are deployed to the correct directory. This has been tested using both a local admin account and also a non-privileged user account.

When I add the script and assign it to a group for deployment, it continues to work fine on my machine, but is failing on other laptops with the following error -

PS>TerminatingError(Import-Module): "Could not load file or assembly 'System.Management.Automation, Version=7.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified."

Connect-PnPOnline : The 'Connect-PnPOnline' command was found in the module 'PnP.PowerShell', but the module could not be loaded. For more information, run 'Import-Module PnP.PowerShell'.

Note that if I copy the script to another laptop and log in with non-admin rights, it runs successfully, so I know the native environment supports the script. It only fails when executing through Intune. I've trawled the Internet with no solution found to date.

Here is the script I am executing -

#Script for uploading Teams Corporate Backgrounds 
Start-Transcript -Path "C:\Apps\Teams_Background.log"
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Scope CurrentUser -Force
Unregister-PSRepository -Name PSGallery
Register-PSRepository -Default
# Determine if the PnP.PowerShell module needs to be installed
try {
    Write-Host "Attempting to locate PnP.PowerShell module"
    $PnPModule = Get-InstalledModule -Name PnP.PowerShell -Verbose:$false
    if ($null -ne $PnPModule) {
    Write-Host "Authentication module detected"
    }
    }
    catch [System.Exception] {
    Write-Host "Unable to detect PnP.PowerShell module, attempting to install from PSGallery"
    try {
    
    # Install PnP.PowerShell module
    Install-Module -Name PnP.PowerShell -Scope CurrentUser -Force -Confirm:$false -Verbose:$false
    Write-Host "Successfully installed PnP.PowerShell"
    }
    catch [System.Exception] {
    Write-Host "An error occurred while attempting to install PnP.PowerShell module. Error message: $($_.Exception.Message)" ; break
    }
    }
# Determine if the Az.Keyvault module needs to be installed
try {
    Write-Host "Attempting to locate Az.Keyvault module"
    $AzModule = Get-InstalledModule -Name Az.Keyvault -Verbose:$false
    if ($null -ne $AzModule) {
    Write-Host "Authentication module detected"
    }
    }
    catch [System.Exception] {
    Write-Host "Unable to detect Az.Keyvault module, attempting to install from PSGallery"
    try {
    
    # Install Az module
    Install-Module -Name Az.Keyvault  -Scope CurrentUser -Force -Confirm:$false -Verbose:$false
    Write-Host "Successfully installed Az.Keyvault"
    }
    catch [System.Exception] {
    Write-Host "An error occurred while attempting to install Az.Keyvault module. Error message: $($_.Exception.Message)" ; break
    }
    }
# Set variables for the SharePoint site and library
$tenant = "company.onmicrosoft.com"
$siteURL = "https://company.sharepoint.com/library"
$applicationID = "xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$library = "/Shared Documents/Templates & Branding/MS Teams Backgrounds"
$filename1 = "Teams_Background_file.jpg"
$filename2 = "Teams_Background_file_thumb.jpg"
$sourcepath1 = Join-Path $library $filename1
$sourcepath2 = Join-Path $library $filename2
$pathdir = Join-Path $ENV:Appdata "Microsoft\Teams\Backgrounds\Uploads"
    
#Create Backgrounds\Uploads folder if it doesn't exist
If (!(Test-Path $pathdir)) {
New-Item -ItemType Directory -Path $pathdir -Force | Out-Null
}
# Specify Key Vault Name and Certificate Name
$VaultName = "SharePointAuthentication"
$certName = "Certname"
# Establish a connection to Azure 
$clientID = "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
$key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$SecurePassword = $key | ConvertTo-SecureString -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $clientID, $SecurePassword
$tenantID = "xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$library = "/Shared Documents/Templates & Branding"
Connect-AzAccount -Credential $cred -TenantId $tenantID -ServicePrincipal
# Get certificate stored in KeyVault
$secret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certName
# $secretValueText = ($secret.SecretValue | ConvertFrom-SecureString -AsPlainText )
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret.SecretValue)
$secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
# connect to PnP
Connect-PnPOnline -Url $siteUrl -ClientId $applicationID -Tenant $tenant -CertificateBase64Encoded $secretValueText

# Upload the files to the library
Get-PnPFile $sourcepath1 -Path $pathdir -Filename $filename1 -AsFile -Force
Get-PnPFile $sourcepath2 -Path $pathdir -Filename $filename2 -AsFile -Force
# Disconnect from SharePoint Online
Disconnect-PnPOnline
Stop-Transcript

On my machine I have run this successfully with both Windows PowerShell Desktop version 5.1.22621.963 and PowerShell Core version 7.3.3

It appears that the way it executes when deployed via Intune is different to the way it runs locally, but I'm at a loss to understand why.

Any help will be greatly appreciated.


Solution

  • I've ended up putting the images files I need on an accessible web site and just using Invoke-WebRequest instead. This has removed the need for any interaction with PnP.Powershell and solved my problem.