Export (0) Print
Expand All

Set up your computers to be managed by Windows Intune

Updated: June 30, 2014

Applies To: Windows Intune

Use this guide to help you get your computers managed by Windows Intune.

Before you start installing the Windows Intune client software, read the topic Prepare to manage computers with Windows Intune to understand what must be in place to install the client correctly and then return to these instructions.

Use these steps get the client installed:

Then use one or more of the following methods to get the client installed:

If you no longer need to manage a computer with Windows Intune, you can retire the computer, which also removes the client software from the computer. For more information, see Manage computers with Windows Intune.

  1. In the Windows Intune administration console, click Administration > Client Software Download

  2. On the Client Software Download page, click Download Client Software and save the Windows_Intune_Setup.zip package containing the software to a secure location on your network.

    securitySecurity Note
    The Windows Intune client software installation package contains information about your account. If unauthorized users gain access to the installation package, they can enroll computers to the account that is represented by its embedded certificate.

  3. Extract the contents of the installation package to the secure location on your network.

    ImportantImportant
    Do not rename or remove the ACCOUNTCERT file that is extracted or the client software installation will fail.

  1. On a computer, browse to the folder where the client software installation files are located, and then run Windows_Intune_Setup.exe to install the client software.

    noteNote
    The status of the installation is displayed when you hover over the icon in the taskbar on the client computer.

  1. In the folder that contains the files Windows_Intune_Setup.exe and WindowsIntune.accountcert, run the following command to extract the Windows Installer-based installation programs for 32-bit and 64-bit computers:

    Windows_Intune_Setup.exe /Extract <destination folder>
    
  2. Copy the Windows_Intune_x86.msi file, the Windows_Intune_x64.msi file, and the WindowsIntune.accountcert file to a network location that can be accessed by all computers to which the client software is to be installed.

    ImportantImportant
    Do not separate or rename the files or the client software installation will fail.

  3. Use Group Policy to deploy the software to computers on your network.

    For more information about how to use Group Policy to automatically deploy software, see your Windows Server documentation.

Users can self-enroll each of their computers through the Windows Intune company portal. Each enrolled computer is linked to the user account that was used to install the client software.

noteNote
  • The user must be an administrator on the computer to install the client software.

  • Self-enrolling requires that Internet Explorer is installed on the client computer.

  • Each time a user self-enrolls a computer, it uses a Windows Intune license.

  • You must use a Microsoft Online Services ID to self-enroll a computer. You cannot self-enroll a computer using a Microsoft account (formerly Windows Live ID).

  • If the client software is already installed on a computer, the end-user will receive an error.

  1. Log on to the company portal from the computer that you want to enroll.

  2. Click Add Device.

  3. Click Download Software and then click Run.

  4. Click Next to start the Windows Intune Setup Wizard.

  5. When the setup wizard has completed, click Finish.

You can deploy the Windows Intune client software to computers as part of an operating system image by using the following example procedure as a basis:

  1. Copy the client installation files, Windows_Intune_Setup.exe and WindowsIntune.accountcert to the %Systemdrive%\Temp\Windows_Intune_Setup folder on the reference computer.

  2. Create the WindowsIntuneEnrollPending registry entry by adding the following command to the SetupComplete.cmd script:

    %windir%\system32\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Onlinemanagement\Deployment /v
    WindowsIntuneEnrollPending /t REG_DWORD /d 1
    
  3. Add the following command to setupcomplete.cmd to run the enrollment package with the /PrepareEnroll command-line argument:

    %systemdrive%\temp\Windows_Intune_Setup\Windows_Intune_Setup.exe /PrepareEnroll
    
    TipTip
    The SetupComplete.cmd script enables Windows Setup to make modifications to the system before a user logs on. The /PrepareEnroll command-line argument prepares a targeted computer to be automatically enrolled in Windows Intune after Windows Setup finishes.

  4. Put SetupComplete.cmd in the %Windir%\Setup\Scripts folder on the reference computer.

  5. Capture an image of the reference computer and then deploy this to targeted computers.

When the targeted computer restarts at the completion of Windows Setup, the WindowsIntuneEnrollPending registry key is created. The enrollment package checks whether the computer is enrolled. If the computer is enrolled, no further action is taken. If the computer is not enrolled, the enrollment package creates a Windows Intune Automatic Enrollment Task.

When the Windows Intune Automatic Enrollment Task runs at the next scheduled time, it checks the existence of the WindowsIntuneEnrollPending registry value, and it tries to enroll the targeted computer in Windows Intune. If the enrollment fails for any reason, the enrollment is retried the next time the task runs. The retries continue for a period of one month.

The Windows Intune Automatic Enrollment Task, the WindowsIntuneEnrollPending registry value, and the account certificate are deleted from the targeted computer when the enrollment is successful or after one month.

Use one of the following procedures to help you monitor and validate successful client deployment.

  1. In the Windows Intune administration console, click Groups > All Devices > All Computers.

  2. Scroll down the list of computers to find managed computers that are communicating with Windows Intune, or to search for a specific managed computer by typing the computer name, or any part of the name, in the Search devices box.

  3. Examine the status of the computer in the bottom pane of the console, and resolve any errors.

  1. In the Windows Intune administration console, click Reports > Computer Inventory Reports.

  2. On the Create New Report page, leave all fields as the default values (unless you want to apply filters), and click View Report.

  3. The Computer Inventory Report page opens in a new window that displays all computers that are successfully enrolled in Windows Intune.

    TipTip
    Click any column heading in the report to sort the list by the contents of that column.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft