Intune - Deploy winSCP Application

24 November 2021 - Reading time: 7 minutes

A part that frustrated me, was how to deploy simple applications trough Intune,
but eventually I have found an easy way in order to install Software.
there are some differences every time, but I'll try to explain there.

small side note, these steps worked for my environment, its possible that it might be different for yours,
if you encounter any issues, please let me know so I can improve this manual and help you ;)


- Basic PowerShell knowledge
- Basic batch file knowledge
- Microsoft Win32 Content Prep Tool ( IntuneWinAppUtil.exe )
- WinSCP ( website )
- WinSCP logo ( 250x250 ) ( simple web search )

First Steps:

So in order to keep in simple, I actually create 2 folders, named:
- install
- output

place the IntuneWinAppUtil.exe in the root of your created folder
(we will come back on this later)

lets start with the contents of the install folder:
Create 3 files named (content will follow):
- install.cmd
- install-EXE.ps1
- uninstall.cmd

the logo (needed for Company portal so we have a nice logo)
WinSCP-<version>-Setup.exe file itself

This is basically everything you need in order to
deploy your application in Intune

Next we will show you what you need to place
as content in the 3 files you created



Content files:

lets start with the very easy part (where you need your batch skills)

This is actually a one line, used for Intune, since Intune errors out when you want to execute ps1 files.
I wanted to keep this file standard,
so I can use it over all the installation files I have, and the ps1 file is actually the only file I need to adjust.

@Powershell.exe -Executionpolicy bypass -File install-EXE.ps1 -action install


Actually the same for the uninstall file, same as install.cmd with a different action variable.

@Powershell.exe -Executionpolicy bypass -File install-EXE.ps1 -action uninstall

the important parts of this script are the following variables:

$logFileApplication = ""
Name of the application, this parameter will be used for the logs that the program creates (in case for troubleshooting)
I have used the location: "
$Setup_file = ""
the full exe file you placed into the "install" folder
$Setup_parameters = ""
the setup only works in silent mode, so in case of WinSCP I have found out that if you run the exe file trough the command line with the /? parameter you will see a whole list ( WinSCP-5.19.4-Setup.exe /? )
here you can select options such as silent mode, languages etc.
a full list of parameters can be found here: Inno Setup Help
$uninstall_file = ""
This program has a uninstaller, so I provided the location of this application
$uninstall_parameters = ""
the parameters for uninstalling this application.
In this case I tried the silent mode the same as the installation parameter (and in this case it worked)

  Custom script created Creating EXE files.

  This script will install any application that needs to be deployed troughout Intune
  Author: Rutger Hermarij
  Version 1.0 @ 11-12-2021

  [Rutger's blog]               -

  install-EXE.ps1 -action install
  install-EXE.ps1 -action uninstall

param (

# Variables
# log path and date format for log file
$logPath              = "${env:ProgramData}\CustomScripts\LOG" # path of log file
$dateFormat          =  (Get-Date).ToString('yyyyMMddHHmmss'); # date format for log file
# Name of application, so the log file will look like: Uninstall-<logFileApplication>-20211115121046.log
$logFileApplication   = "WinSCP"

$Setup_file           = 'WinSCP-5.19.4-Setup.exe'                      # EXE file itself
$Setup_parameters     = '/VERYSILENT /ALLUSERS'                        # silent parameters
$uninstall_file       = "${env:ProgramFiles(x86)}\WinSCP\unins000.exe" # uninstall path
$uninstall_parameters = '/SILENT'                                      # uninstall parameters

# if it doesn't exit, create it.
if (!(Test-Path $logPath )) {New-Item -Path $logPath -ItemType Directory -Force}

#depending on the provided parameter its installing or uninstalling the application
if($action -eq 'install') {
  # lets Transcript everything, so we know what happens (or not)
  Start-Transcript -Path "$logPath\Install-$logFileApplication-$dateFormat.log"
  Write-Output           "Provided parameters: $action"
  Start-Process -FilePath $Setup_file -ArgumentList $Setup_parameters -Wait
  # stop the Transcript, so we have all details.
elseif($action -eq 'Uninstall') {
  # lets Transcript everything, so we know what happens (or not)
  Start-Transcript -Path "$logPath\Uninstall-$logFileApplication-$dateFormat.log"
  Write-Output           "Provided parameters: $action"
  Start-Process -FilePath $uninstall_file -ArgumentList $uninstall_parameters -Wait
  # stop the Transcript, so we have all details.

What actually happens? (nerd mode)

The batch files is quite simple, the execute PowerShell and run the script.

The PowerShell script, checks the parameters that are provided (install or uninstall) 
install parameter provided (install.cmd)
start creating log files under C:\ProgramData\CustomScripts\LOG ), handy for troubleshooting
starts the installer ($Setup_file) with the parameters provided ($Setup_parameters)
stop creating log files.
uninstall parameter provided (uninstall.cmd)
start creating log files under C:\ProgramData\CustomScripts\LOG ), handy for troubleshooting
starts the uninstall file ($uninstall_file) with the parameters provided ($uninstall_parameters)
(and I used "${env:ProgramFiles(x86)}" in case someone doesn't have their Program Files folder not on their C drive.)
stop creating log files.


for testing you can simply try to run the batch files,
if everything goes well, you should have 1 log file in your "C:\ProgramData\CustomScripts\LOG" folder
and you should have the application installed on your machine without any popups
and the same would happen for uninstalling the application.
if you have any issues you can check the logs for details (PowerShell would show error messages there)

Creating a intunewin file for Intune

browse to the root folder we have created in beginning of the the manual
and type the following:

.\IntuneWinAppUtil.exe -c ".\install" -s "install-EXE.ps1" -o ".\output"

you will see a simular output as this, most important part is the Done at the end 

if its correct you should now have an install-EXE.intunewin file in your output folder,
I would recommend to rename this to WinSCP.intunewin since this name will be visible in intune itself.

Adding a new application in intune

browse to, select Apps, All Apps and click the Add button

as App type, select Windows app (Win32)
you will see a wizzard with 6 steps

App information
select app package file, this is your intunewin file you just created in your output folder.
once selected, you will see some more information, for this application you can type the following:

Name: WinSCP
Description: WinSCP is a popular SFTP client and FTP client for Microsoft Windows! Copy file between a local computer and remote servers using FTP, FTPS, SCP, SFTP, WebDAV or S3 file transfer protocols.
Publisher WinSCP
App Version 5.19.4
Category <Select where you think it fits best, for example business>
Show this as a featured app in the Company Portal <you want this app as featured in company portal?>
Information URL
Privacy URL
Developer WinSCP
Owner the person responsible in your business
Notes Notes, for example change number
Logo upload the WinSCP picture here from the requirements

here we will use the installation commands in order to install the application successfully

Install command install.cmd
uninstall command uninstall.cmd
install behavior SYSTEM

the rest you can keep as default

Here you can enter the system requirements, this is actually depending on your environment
here are the parameters I entered for WinSCP

Operating system architecture 64-bit
Minumum operating system Windows 10 21H1
Disk space required (MB) 100
Physical memory required (MB) 2048

and the rest I kept default

Detection Rules
This is is actually quite important,
if this is incorrect, the deployment will says it failed because it is unable to detect if the application is actually installed.
here are my values for WinSCP

Rule format Manually configure detection rules
Rule type File
Path %ProgramFiles(x86)%\WinSCP
File or folder WinSCP.exe
Detection method File or Folder exists
Associated with a 32-bit app on 64-bit client Yes

I left this one empty

Supersedence (preview)
I left this one empty

Depending on  your wishes, if you want to force install  this application or make it available for  "All users" to install it by themselves trough the company portal

and that's basically it. you might not see the application instantly,
you might need to re-Sync in order to get the latest updates from your organisation (under Settings)
click install and enjoy your deployed application.

Written by JUSTIN on 10 February 2022

Hey man, is this doc still valid? Followed along using the newer build of WinSCP and it errors out on all installs when syncing.

Written by on 10 February 2022

the version I used here it worked, not sure about the newer versions (need to check), you can check C:\ProgramData\CustomScripts\LOG for the output errors of your WinSCP installation.

I'll check in the meantime with a newer version, So I can update this manual

Written by on 10 February 2022

So this manual is created for WinSCP-5.19.4, the latest (currently) is WinSCP-5.19.5 so I don't this this update would give a huge difference.

you are also able to check the Intune portal ( Home - Apps -- Windows) Search for WinSCP and click User install status, and the selected user under the Column Status Details you will see for example &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;The application was not detected after installation....&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;; meaning you might made a mistake in your detection rules