Installing WinGet Apps Using Configuration Manager

Learn how to seamlessly integrate Windows Package Manager into your deployment framework

Highlights

Streamlined Deployment: Combine Winget’s package management with Configuration Manager for seamless installations.
Powerful Scripting: Utilize PowerShell scripts to orchestrate silent installs and app verifications.
Robust Management: Leverage SCCM/MECM to deploy, manage, and remediate applications efficiently.

Introduction

Integrating the Windows Package Manager (WinGet) with Configuration Manager (formerly SCCM) provides a modern and efficient way to manage software deployment across an enterprise environment. This approach not only capitalizes on WinGet’s extensive repository of applications but also leverages the robust deployment, update management, and compliance features of Configuration Manager. In this comprehensive guide, we will explore the strategies, tools, and step-by-step processes to deploy WinGet applications using Configuration Manager.

Understanding the Basics

What is WinGet?

WinGet, or Windows Package Manager, is a command-line tool for managing software on Windows devices. It allows you to discover, install, upgrade, and remove applications from a curated repository. WinGet streamlines the process of maintaining software inventories and ensures that the latest versions, complete with security updates and patches, are deployed efficiently.

What is Configuration Manager?

Configuration Manager (often referred to as SCCM or MECM) is a comprehensive management platform for administering devices across an enterprise. It provides the backbone for software distribution, patch management, inventory management, and compliance. When combined with WinGet, Configuration Manager can automate and standardize the deployment of applications, ensuring that all endpoints remain consistent and secure.

Deployment Architecture Overview

Key Components

Integrating WinGet with Configuration Manager involves several core components:

WinGet Installation: Ensuring the target devices have WinGet installed, which is often part of the App Installer on Windows 11 or modern Windows 10 systems.
PowerShell Scripting: Creating scripts that leverage WinGet commands for app installation, update checks, and remediation.
Configuration Manager Packaging: Wrapping the scripts and necessary resources into an SCCM package or application that can be pushed to target machines.
Detection and Remediation: Establishing detection methods that confirm the app’s successful installation and remediation processes that correct non-compliant systems.

Integration Workflow

The typical workflow involves:

Deploying the App Installer (which includes WinGet) if not already present.
Creating and validating a PowerShell script that executes WinGet commands to install desired applications.
Packaging the script into a Configuration Manager application or package.
Deploying the package to target collections.
Utilizing detection methods ensuring that installed applications meet compliance.
Remediating any inconsistencies through automated scripts.

Step-by-Step Guide

1. Preparation and Prerequisites

Before beginning the integration process, ensure that the following prerequisites are met:

Verify that the target devices are running supported versions of Windows (Windows 11, recent Windows 10 builds, or Windows Server 2025).
Ensure that the App Installer, which contains WinGet, is either pre-installed or deployed using Configuration Manager.
Download and review community scripts (e.g., from popular GitHub repositories) if available, to familiarize yourself with best practices.
Confirm that you have administrative rights on the Configuration Manager server and target machines.

2. Deploying WinGet (App Installer)

For devices that do not have WinGet preinstalled, you can deploy the App Installer. There are two primary methods:

Deploy via Microsoft Store

Download the App Installer directly from the Microsoft Store and deploy it as a required application. This approach benefits from automatic updates through the store infrastructure.

Deploy Using PowerShell

Utilize PowerShell to install the App Installer by downloading the MSIX bundle and installing it using the $ Add-AppxPackage $ or $ Add-AppxProvisionedPackage $ commands.

3. Creating a PowerShell Script

A core component of this integration is a PowerShell script that uses WinGet to install applications. An example script is provided below to illustrate the process:


# <!-- Sample PowerShell script to install an application using WinGet -->
$WinGetPath = Get-ChildItem -Path (Join-Path -Path (Join-Path -Path $env:ProgramFiles -ChildPath "WindowsApps") -ChildPath "Microsoft.DesktopAppInstaller*_x64*\winget.exe")
if ($WinGetPath) {
    $AppID = "Notepad++.Notepad++"  # Replace with the desired App ID
    try {
        # Execute the installation silently with agreement acceptance
        Invoke-Expression -Command "cmd.exe /c '$($WinGetPath.FullName)' install --id $AppID --scope machine --silent --accept-source-agreements --accept-package-agreements"
        Write-Output "Installation of $AppID was successful."
    } catch {
        Write-Error "Installation failed for $AppID."
    }
} else {
    Write-Error "WinGet not found. Please ensure it is installed."
}

This script locates the WinGet executable, then uses it to install an application. Modify the $AppID variable to match the application you wish to deploy. Note that the --scope machine parameter ensures a system-wide installation and the silent operation is enabled with the --silent flag.

4. Packaging the Application in Configuration Manager

With the PowerShell script ready, the next step is to package it in Configuration Manager:

Create a New Application: In the Configuration Manager console, select “Applications” and choose "Create Application".
Source Files: Add the PowerShell script as the source file for the application.
Specify the Installation Program: Set the installation command to execute the PowerShell script. For example:
powershell.exe -ExecutionPolicy Bypass -File winget-install.ps1
Configure Detection Methods: Ensure that a detection method is implemented (using a separate script or registry checks) to confirm the application has been successfully installed.

5. Deploying the Application Package

Once packaged, deploy the application to your target audience:

Select Target Devices: Identify collections that need the application and assign the deployment accordingly.
Deployment Settings: Choose between mandatory (required) or optional (available) deployment, based on your environment’s needs.
Monitoring and Reporting: Monitor the deployment’s success using Configuration Manager’s built-in reporting tools to ensure compliance across devices.

6. Detection and Remediation

A critical part of this process is verifying that the intended application is installed correctly. Use configuration baselines and detection scripts to scan target devices for signs of successful installation. If an application is not found or the installation did not complete properly, a remediation script can retry the installation using the same WinGet command.

Detection Example

A detection script might query the list of installed packages or check a specific registry key that confirms the presence of the application.

In scenarios where an application update is required, the detection process should also consider version comparison, ensuring that the deployed version meets the desired version criteria.

7. Advanced Considerations

While the fundamental process is straightforward, some advanced topics can further enhance the deployment process:

WinGet Configuration Files

For more complex deployments or multiple application installations within a single workflow, consider using WinGet configuration files. These YAML files outline the desired state of your environment, such as multiple application installs, and make it easier to manage configurations across many devices.

Deployment Context

It is essential to determine the correct context in which your PowerShell scripts and WinGet commands run. Running the installation in system context versus user context can have considerable impacts on the installation path and permissions. Typically, for enterprise deployments via Configuration Manager, you want to run the scripts as a system process to ensure a consistent, system-wide installation.

Error Handling and Logging

Incorporate robust error handling in your scripts to capture failed installations. Logging installation outputs to a file, such as “C:\Winget-Installation.log”, can be useful for debugging issues. Additionally, having detailed error messages helps in quick remediation.

Deployment Monitoring and Troubleshooting

Monitoring Deployment Success

After deployment, use the reporting tools within Configuration Manager to track the success rate of the installations. Key performance indicators include:

Metric	Description	Expected Outcome
Installation Success Rate	Percentage of devices that successfully installed the application	95% or above
Error Logs	Count and details of installation failures	Minimal errors with clear remediation steps
Compliance Status	Devices meeting the installation criteria post-deployment	High compliance across target collections

Troubleshooting Common Issues

Some common challenges when deploying WinGet applications with Configuration Manager include:

WinGet Absence: Ensure that target devices have the App Installer installed. If missing, deploy the App Installer through SCCM before the main application deployment.
Permission Errors: Adjust the execution context of your PowerShell scripts to ensure they run in the required system context.
Script Failing Silently: Implement detailed logging within your scripts to capture and diagnose errors.

Best Practices and Final Tips

Standardizing Deployments

Adopting a standardized approach for deploying WinGet applications can simplify administrative overhead. Document your process, use version control for scripts, and test changes in a controlled environment before a full-scale rollout.

Maintaining Security and Compliance

Always make sure that your PowerShell scripts are secure by running them with minimal privileges when possible and ensuring that sensitive parameters are not hardcoded. Utilize Configuration Manager's compliance settings to track installations and enforce policies.

Future Enhancements

As the landscape of Windows administration evolves, consider additional integrations with cloud-based management platforms, such as Microsoft Endpoint Manager. Automation tools and further scripting capabilities can add layers of resilience and scalability to your deployments.

Conclusion

Integrating WinGet with Configuration Manager offers an efficient, scalable solution for deploying applications across an enterprise. By leveraging the strengths of WinGet’s package management and the robust capabilities of Configuration Manager, you can achieve a streamlined installation process that enhances consistency, security, and manageability. Through careful planning, the creation of custom PowerShell scripts, and the application of best practices for detection and remediation, this integration empowers IT departments to maintain high compliance levels while reducing administrative overhead. As technology evolves, continually revisiting and updating your deployment strategies will ensure that your organization remains at the forefront of software management and security.