Skip to content

Instantly share code, notes, and snippets.

@nicolonsky
Last active January 30, 2024 12:39
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save nicolonsky/b04dd77129577f782178c0c049344101 to your computer and use it in GitHub Desktop.
Save nicolonsky/b04dd77129577f782178c0c049344101 to your computer and use it in GitHub Desktop.
Intune / Configuration Manager Proactive Remediation to trigger Office Click to Run Updater (intended to run for the logged on user to show built-in update pop-up)
# See Microsoft 365 Apps Version history https://learn.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date#version-history
$targetVersions = @{
'CurrentChannel' = [System.Version]::Parse('16.0.16130.20306')
'MonthlyEnterpriseChannel1' = [System.Version]::Parse('16.0.16026.20238')
'MonthlyEnterpriseChannel2' = [System.Version]::Parse('16.0.15928.20298')
'Semi-AnnualEnterpriseChannel(Preview)' = [System.Version]::Parse('16.0.16130.20306')
'Semi-AnnualEnterpriseChannel1' = [System.Version]::Parse('16.0.15601.20578')
'Semi-AnnualEnterpriseChannel2' = [System.Version]::Parse('16.0.14931.20944')
'CurrentChannel(Preview)' = [System.Version]::Parse('16.0.16227.20094')
}
$configuration = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\Configuration"
$displayVersion = $null
if ( [System.Version]::TryParse($configuration.VersionToReport, $([ref]$displayVersion))) {
Write-Output ("Discovered VersionToReport {0}" -f $displayVersion.ToString())
$targetVersion = $targetVersions.Values | Where-Object { $_.Build -eq $displayVersion.Build } | Select-Object -Unique -First 1
Write-Output ("Mapped minimum target version to {0}" -f $targetVersion.ToString())
if ($null -eq $targetVersion -or $displayVersion -lt $targetVersion) {
Write-Output ("Current Office365 Version {0} is lower than specified target version {1}" -f $displayVersion.ToString(), $targetVersion.ToString())
Write-Output "Triggering remediation..."
Exit 1
} else {
Write-Output ("Current Office365 Version {0} matches specified target version {1}" -f $displayVersion.ToString(), $targetVersion.ToString())
Exit 0
}
} else {
throw "Unable to parse VersionToReport for Office"
}
$processArgs = @{
'FilePath' = "$env:ProgramFiles\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
'ArgumentList' = "/update user"
'Wait' = $true
}
if (-not (Test-Path $processArgs['FilePath'])) { throw "OfficeC2RClient.exe not found!" }
Start-Process @processArgs
@dungadaman
Copy link

Yes, it can be used in user context. If so, it will display a message to the user about getting updates and prompting to close Office apps.

Actually, i have added 'ArgumentList' = "/update user updatepromptuser=false forceappshutdown=true" to force close the apps. In my test experience, this works best, with of course, propably missing latest edits of user documents. But my company agrees with this heavy method. Office needs to be patched quickly because of recent Outlook vulnerability.

@dungadaman
Copy link

Update: i've ran the detection script against a much older office installation and it fails and result in Exit code 0, thus not trying to remediate

Major Minor Build Revision


16 0 15427 20210

@nicolonsky
Copy link
Author

@dungadaman you can just perform a $null check for the $targetVersion I just updated the snippet

@dungadaman
Copy link

@dungadaman you can just perform a $null check for the $targetVersion I just updated the snippet
Thank you. I'll try asap. But at the moment, even with your latest edit, Remedation status Failed on every pc. Running your script interactively works. So something is wrong when deploying through Intune remediation.

@mdd-dsidler
Copy link

Set "Run script in 64-bit PowerShell" to YES, or it will not find the correct registry key

Oh! I feel so dumb. Didn't though about this. Thanks a lot. :)

That's OK, I had the same problem yesterday and took me 30 mins to realise :)

Good to hear I was not the only one ;-)

@Ali121-coder
Copy link

Ali121-coder commented Mar 29, 2023

Hi Everyone,

thank you for the script it worked for me perfectly. Few things I need to ask if someone can help me out with it.

1- should we target the devices or users in the proactive remediation package or it won’t matter?

2- what about the schedule? Should I run it once or daily or hourly? What’s a best practice and it won’t trigger the installation again and again on the fixed devices?

It would be really great if someone can guide me with it.

@Ali121-coder
Copy link

Can I anyone please let me know?

@TomislavPeharec
Copy link

@Ali121-coder In our case, we targeted the device group.

In the beginning we let it run hourly to get the clients checked and updated as soon as possible. Later we changed it so that it runs every few hours.
Even if you set it to run hourly, remediation will only run in case your clients haven’t updated to the version/s specified in the detection script.

In case the client already updated to the desired version (with PR or manually by the user), this info will be provided in the PR report (you just need to select all columns to be visible).

@Ali121-coder
Copy link

@TomislavPeharec thank you so much.

@femilovechild
Copy link

Can someone help? I am getting No Office ClickToRun on some computers even though they are running office 365 C2R version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment