• Welcome to Support Forum: Get Support for Patch My PC Products and Services.

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - trevorbuley

Here is an interesting solution that we found.

The app install was failing on Windows 11 Pro Education as this version of windows had a couple of default Code Integrity policies applied out of the box.  The Enterprise version did not.
An Intune Edition upgrade policy was applied for end users, as well as a supplemental WDAC policy allowing the specific Python Root cert.
Has anyone seen the following (or similar) install failures for Python 3.11 (x64)?
App installation failed
29/11/2023 11:03:52 am
Error code: 0x80070659

The app was installing fine on a number of test devices, but is now failing on OOBE devices, both as forced install as well as optional. 
The Intune logs are very vague (as is the error code), just saying there is a configuration policy blocking it - however the policies are the same across all the devices.
One test device I had the install just work after a few reboots.


For whatever strange reason the creators of DB Browser for SQL lite made the option of creating a start menu/program menu shortcut optional (off) by default - unlike 99% of all other Windows apps.
Can we get the default install behavior for this app to have it turned on?
Should just be a simple addition to the command line: SHORTCUT_SQLITE_PROGRAMMENU=1

QuoteHi Trevor,
When you mention it attempts to update and breaks the install could you please elaborate on that?
Its the built in update (or part of) thats getting block by our WDAC rules (or device guard).  The internal updater is only able to partially update and thus bricks the install.

Quote from: JoeH on August 16, 2023, 06:17:35 AMFor what it's worth, I have a PowerShell script that runs via Post Script in PMPC which disables the built-in autoupdater.
Awesome!  Thanks JoeH, I'll give that a try!
Hi All,
Am having some issues with the internal updater in VSCode being 'on' by default when the app is pushed out via PMPC.
VSCode will initially deploy just fine, but the internal updater will attempt to update as soon as there is a new version and breaks the install.

Any chance we could get the internal updates setting turned off by default for VSCode deploys?
We use PMPC and ASR/WDAC.
The above works, but you also have to be careful with the ASR option of running Powershell scrips in constrained language mode. Some scripts (Java Install) fail.
Hi Liviu,
I checked our Defender policy that is applied to our fleet and the following paths are specifically excluded:
C:\Program Files (x86)\Microsoft Intune Management Extension\Content

Also buried in the logs was:

[Win32App] Set EnforcementStateMessage.ErrorCode -2146992128   IntuneManagementExtension   29/05/2023 8:38:40 AM   37 (0x0025)
[Win32App] Admin did NOT set mapping for lpExitCode: 32768 of app: 2ceb1c22-3f54-4a04-a643-fd0bd92dbca8   IntuneManagementExtension   29/05/2023 8:38:40 AM   37 (0x0025)
[Win32App] Setting enforcementState as: Error with lpExitCode: 32768 without mapping   IntuneManagementExtension   29/05/2023 8:38:40 AM   37 (0x0025)

[StatusService] Sending an update to user xxxx-xxxx-xxxx via callback for app: 2ceb1c22-3f54-4a04-a643-fd0bd92dbca8. Applicability: Applicable, Status: Failed, ErrorCode: -2146992128   IntuneManagementExtension   29/05/2023 8:38:55 AM   37 (0x0025)
[Win32App][ExecutionActionHandler] Handler completed with action status: Failed.   IntuneManagementExtension   29/05/2023 8:38:55 AM   37 (0x0025)

MEM Intune/Azure Environment here.
Every second PC or so seems to be getting this error when trying to install Oracle Java 8 JRE 8.0.3710.11 (x64).  Just occurred on a freshly imaged and deployed device, but the previous device has no issues.
Both devices have the same basic staff profile, Microsoft Surface devices running Windows 10 22H2 Enterprise.
Yes, Can we please get this!?!
Pure Intune (Non-SCCM) educational environment.

our Organization would like this as well.  Our students use it in Digitech classes.
Intune (Non SCCM) environment.