All / Intune / Powershell / Windows

Company Portal System Tray Icon

jannikreinhard5 Comments

It is difficult for support engineers to guide users to the company portal because the company portal is called differently depending on the system language. In german, for example, the Company Portal is called “Unternehmensportal”. To simplify this and make access faster I have written a small system tray icon. This icon is not only there to open the Company Portal, it also offers many other functions to simplify the troubleshooting process.

Functions

The System Tray tool provides the following functions:

Sync: When you select the Sync button, a IME sync (Intune Management Extension) is triggered.

$syncIme = New-Object -ComObject Shell.Application
$syncIme.open("intunemanagementextension://syncapp")

Open Company Portal: With this button you can open the Company Portal.

explorer.exe shell:appsFolder\Microsoft.CompanyPortal_8wekyb3d8bbwe!App

Troubleshoot: This menu contains various actions to troubleshoot the IME. This can be very helpful for support cases

  • Install CMTrace (Invoke-WebRequest -Uri $cmtraceSourceLink -OutFile $cmtracePath)
    • You can specify in path in the $cmtraceSourceLink variable from where you want to download the CMTrace. Default is from my GitHub repository. The installation path is (C:\Windows\Temp).
  • Show IME Logs (explorer c:\ProgramData\Microsoft\IntuneManagementExtension\Logs)
  • Collect diagnostic logs (MdmDiagnosticsTool.exe -out c:\temp\diagnostic)
  • IME Restart (Restart-Service -Name “IntuneManagementExtension”)
  • User Certificate (Certmgr.msc)
  • Machine Certificate (Certlm.msc)
  • IME Registry (regedit + [System.Windows.MessageBox]::Show(‘Navigate to: “HKLM\SOFTWARE\Microsoft\IntuneManagementExtension”‘) )

Exit: Stop the System Tray Icon

How to Deploy

  • Now we just need to deploy the scripts via Intune. To do this, we open the MEM portal and navigate to Devices -> Scripts
  • Download the deployment script from my git hub repository
    • There are two scripts one for direkt execution (Create-IntuneSystemtray.ps1) and one for the deployment via Intune (Deploy-IntuneSystemtrayScript.ps1)
  • Click ADD
  • Enter a name
  • Click Next
  • Upload the Script
  • Select Yes at “Run this script using the logged on credentials
  • Click Next
  • Click Add Groups
  • Select a Group and click Select
  • Click Next
  • Click Add

Conclusion

The script shows you how to create a system tray icon and how to distribute it using Intune. You can customize the script to your needs. For example, you can add a button that uploads the logs to a customized storage. If you have any questions or need help then let me know.

Stay healthy, Cheers
Jannik

5 thoughts on “Company Portal System Tray Icon

  1. Hi Jannik,

    Scheduled task can’t be created. Error message is “access denied”. I think because of line 125. It requires access to HLKM/…./…./…./IntuneManagementExtension.

    Like

    • Hello Roy thank you for the information. I have fixed this and the sync will now triggered on this way:
      $syncIme = New-Object -ComObject Shell.Application
      $syncIme.open(“intunemanagementextension://syncapp”)

      Like

  2. Deploying the script this way, will only work if your end users are local admin. If you want to deploy the script and run the scheduled task as limited users, you need to change the trigger:

    $user = New-ScheduledTaskPrincipal -GroupId ‘S-1-5-32-545’ -RunLevel Limited

    Like

Comments are closed.