Hello,
Has anyone been successful in creating an .intunewin pkg for the AWS Client VPN (.msi) application by combining the config file (.ovpn) ?
If yes, please comment some ideas on how to proceed.
Just put the .ovpn and msi in the same intunewin pkg and a cmd or powershell script that executes the msi with the parameters you want.
Install command you put the powershell script or cmd file.
Haven not never done it for that program but the question is does the .ovpn file needed to be on the installation syntax or is that just file that needs to be copied after the install. if latter i would just do it as MSI business app installation with installation syntax ALLUSERS=1 /qn /norestart then create intunewin script that runs as a supersedence and replaces/adds the needed file
Put the msi and ovpn file in a folder. When you run the Intune packager, it asks for a directory. Input that directory and it will package both files together into an .intunewin package file.
Most of the time I have to create a Powershell installer script to do things like error handling or perform other operations, so you may want to look into that as well.
I like to use PSADT for this kind of thing, if you are handy with powershell at all.
you’ll want to do this in two steps:
-
Create intunewin package for the VPN client
-
Create a configuration profile to load the VPN config file
How is your VPN authentication set up? For us (SAML via Entra ID) we just deployed the msi, and directed users to the self service page to download their config file instead of collecting and distributing the configuration files. Low friction for users capable of reading the 1 page SOP that was sent via email.
Every one of my intune w32 apps include a .ps1 for install, this way you can do whatever the hell you want installing by powershell.
You would package the msi, .ovpn file and a contosoAwsVpnInstall.ps1 all in the same intunewin pkg, then your install command would be
powershell.exe -windowstyle hidden -executionpolicy bypass -file contosoAwsVpnInstall.ps1
When the .ps1 does the actual MSI install, use this kind of command:
Start-Process -FilePath msiexec.exe -Wait -ArgumentList "/i awsclientvpn.msi switch1=NO switch2=YES /qn"
The -wait means powershell will wait for msiexec.exe to finish before moving on. I’m not all that familiar with AWS VPN Client, but after that you can do things like start the app to create required files, then kill the process/service, then transfer the .owvpn where it needs to go, etc…
I recommend doing all your Intune apps this way, some other things I do is create reg keys after installation, or maybe stop services/processes before installing, having the install script first uninstall old versions. Delete public desktop icons if there are no switches for it, etc… you can do anything you want!
You ever solve this one? I ended up just pushing out the MSI installer, then I have a second of a wrapped PS1 using https://pastebin.com/3KuseVdG
Do note: I’ve tried the dependency option in Intune, and it fails, but if you install the client (either thru CP or a required install) and then run the profile from CP, it works
im assuming you are talking about when in autopilot OOBE phase, havent had any problems using LOB´s and Win32apps mixed, but we dont mix them on the OOBE