Windows Intune Client – Behind the Scenes #SysCtr


Windows_intune_logo

As Microsoft announced on September 23rd updating their Windows Intune cloud service which will be available October 18th I thought it might be interesting having a closer look what is going-on after installing the Windows Intune client agents software.

In this post I will cover the following points of Windows Intune. Enjoy Glimlach

  • Windows Intune Client Software
  • Windows Intune Software Components
  • Windows Intune Log Files
  • Windows Intune Registry
  • Windows Intune Services
  • Windows Intune Operation Manager
  • Windows Intune Endpoint Protection
  • Windows Intune Task Scheduler
  • Windows Intune Center
  • Windows Intune Service Endpoints

Windows Intune Client Software

The Windows Intune client software can be downloaded from the Windows Intune Administrator console and can installed manually, by group policy or Configuration Manager.

When you enroll a client computer in the Windows Intune service, Windows Intune schedules the download and installation of additional agents, applications, and components to the client computer. These agents, applications, and components are updates to the initial Windows Intune client enrollment software package. After the Windows Intune client software is installed on client computers, the Windows Intune agents communicate with the Windows Intune service to provide the service with data about the clients.

Software Components

Component Name

Description

EasyAssist

This component is for Remote Assistance request, and can be accessed from the Windows Intune Center.

Microsoft Online Management Client Service

Microsoft Online Management Client Service

Microsoft Online Management Components

  • Microsoft Online Management Agent Installer
  • Microsoft Online Management Client

This component helps Windows Intune update additional components that manage the client computer.

Microsoft Online Management Policy Agent

Microsoft Online Management Policy Agent is responsible for applying policies to the client, and to report hardware/software inventory.

Microsoft Online Update Manager

This component is responsible for updating the client status to the Windows Intune online service. It consists of the service “Microsoft Updates Online Management Service”.

Microsoft Policy Platform

This agent allow clients to evaluate compliance settings.

Windows Firewall Configuration Provider

Provides for managing the Windows Firewall using a Group Policy.

Windows Intune Notification Service

This agent helps deliver administrator-initiated commands to the managed computer.

Windows Intune Center

The Windows Intune Center lets users of the managed computer request remote assistance from administrators by using Remote Assistance through Microsoft Easy Assist v2, manage how some updates are deployed to the computer, and start scans for malware.

Windows Intune Endpoint Protection

These agents help protect the managed computer against potential threats by using real-time protection, automatic scans, and definition updates.

Windows Intune Endpoint Protection

These agents help protect the managed computer against potential threats by using real-time protection, automatic scans, and definition updates.

Windows Intune Monitoring Agent

These agents monitor the health of the managed computer, and raise alerts to report current and potential problems.

Log Files

The log files for Windows Intune software components can be found at C:\Program Files\Microsoft\OnlineManagement\Logs\. This will be your start point in case of a troubleshooting.

Log files

Description

AgtInstaller.log

This log file provides information of the Operations Manager agent install process.

BitLockerStatusProvider.log

Contains information of your BitLocker configuration

ClientSvc.log

Microsoft Online Management Client Service log file

ClientSvcReportingEvents.log

 

Enrollment.log

This file details the process of a computer enrolling with Windows Intune.  If the computer fails to appear in the Windows Intune list of computers, this is the log to watch

HostProtection.log

This file provides details of any anti-malware activity on the computer. 

HostProtectionMofComp.log

This file shows the results of parsing HostProtectionWmiProvider.mof

Monitoring.log

Operations Manager log file

PolicyAgent.log

This file provides details of the process of processing hardware- , software and system policies

SignalingAgent.log

Windows Intune Notification Service

TaskExecution.log

This file shows task requests

Updates.log

This details information about updates evaluated and executed

Registry

The configuration of the Windows Intune client software is based at HKLM\SOFTWARE\Microsoft\OnlineManagement. Here you can find all Windows Intune settings.

clip_image002

Services

By installing the Windows Intune client agent and related Windows Intune components new services will be installed to your system. Below the services identified by installing Windows Intune client agent.

Display Name

Service Name

Executable

Microsoft Online Management Client Service

OmcSvc

omsvchost2.exe

Microsoft Online Management Updates Service

omupdsrv

omsvchost.exe

Windows Intune Notification Service

SignalingAgent

omsvchost2.exe

System Center Management

HealthService

HealthService.exe

Microsoft Antimalware Service

MsMpSvc

MsMpEng.exe

Operations Manager Agent

As mentioned before with the Windows Intune client software installs additional components including an Operations Manager 2012 SP1 RTM agent (7.0.9538.0). The management group used for Windows Intune is Intune. The management server configured is IntuneServer.

clip_image004

The configuration of the Operations Management agent can found as we used by a Operation Manager Agent at HKLM\SOFTWARE\Microsoft\Operations Manager\3.0

clip_image006

clip_image008

Interesting part are the management packs (39) which are used for monitoring you client systems. Below an overview of the management packs which are installed as part of the Windows Intune deployment.

Management Packs

Version

Microsoft.InformationWorker.CommonLibrary.xml

6.0.6278.0

Microsoft.InformationWorker.Office.2003.xml

6.0.6278.16052

Microsoft.InformationWorker.Office.2007.xml

6.0.6278.16052

Microsoft.InformationWorker.Office.2010.xml

6.0.6278.16052

Microsoft.InformationWorker.Windows.Explorer.xml

6.0.6278.16052

Microsoft.InformationWorker.Windows.InternetExplorer.xml

6.0.6278.16052

Microsoft.InformationWorker.Windows.MediaPlayer.xml

6.0.6278.16052

Microsoft.InformationWorker.Windows.OutlookExpressandMail.xml

6.0.6278.16052

Microsoft.InformationWorker.Windows.WindowsAndMSNMessenger.xml

6.0.6278.16052

Microsoft.OnlineManagement.Intune.Overrides.xml

Microsoft.SystemCenter.2007.xml

6.1.7221.16052

Microsoft.SystemCenter.ACS.Internal.xml

6.1.7221.16052

Microsoft.SystemCenter.ClientMonitoring.Library.xml

6.1.7221.0

Microsoft.SystemCenter.ClientMonitoring.Overrides.xml

1.0.0.2128

Microsoft.SystemCenter.DataWarehouse.Library.xml

6.1.7221.0

Microsoft.SystemCenter.DataWarehouse.Report.Library.xml

6.1.7221.0

Microsoft.SystemCenter.InstanceGroup.Library.xml

6.1.7221.0

Microsoft.SystemCenter.Internal.xml

6.1.7221.0

Microsoft.SystemCenter.Library.xml

6.1.7221.0

Microsoft.SystemCenter.ServiceDesigner.Library.xml

6.1.7221.0

Microsoft.Windows.Client.Library.xml

6.0.7024.0

Microsoft.Windows.Client.Overrides.xml

1.0.0.1

Microsoft.Windows.Client.Vista.Monitoring.xml

6.0.6729.16052

Microsoft.Windows.Client.Vista.xml

6.0.6729.0

Microsoft.Windows.Client.Win7.Monitoring.xml

6.0.6729.16052

Microsoft.Windows.Client.Win7.xml

6.0.6729.0

Microsoft.Windows.Client.Win8.Monitoring.xml

6.0.7024.16052

Microsoft.Windows.Client.Win8.xml

6.0.7024.0

Microsoft.Windows.Client.XP.xml

6.0.6729.16052

Microsoft.Windows.Cluster.Library.xml

6.1.7221.0

Microsoft.Windows.Library.xml

6.1.7221.0

System.ApplicationLog.Library.xml

6.1.7221.0

System.Health.Internal.xml

6.1.7221.0

System.Health.Library.xml

6.1.7221.0

System.Library.xml

6.1.7221.0

System.Mom.BackwardCompatibility.Library.xml

6.1.7221.16052

System.Performance.Library.xml

6.1.7221.0

System.Snmp.Library.xml

6.1.7221.0

Windows.Intune.Internal.xml

6.0.6278.0

Endpoint Protection

Depending if you configured Windows Intune Policies automatically deploy Windows Intune Endpoint Protection this client will be installed.

clip_image010

By default Windows Intune Endpoint Protection will not be deployed automatically. Furthermore you can configure the behavior what to do with you correct Antivirus solution (uninstall, upgrade, etc)

clip_image012

Task Scheduler

By default Microsoft.OnlineManagement.UpdateTask scheduled task is created and triggers the Windows Intune Updates Client. This task is scheduled daily and detects whether new updates are available.

clip_image014

This process can be triggered manually through the GUI or initiated by command prompt.

clip_image015

· %programfiles%\Microsoft\OnlineManagement\Updates\Bin\omupdclt.exe /detectnow

· %programfiles%\Microsoft\OnlineManagement\Updates\Bin\omupdclt.exe /updatenow

Client Center

The Windows Intune Client Center can be used whether applications are available through the Company Portal, check for new updates, initiate a system scan or contact your service desk or initiate a Remote Assistance session.

clip_image017

Service Endpoints

There is not such information available (or just I couldn’t find it) how the Windows Intune client agent is communicating to Windows Intune cloud services. At high level the Windows Intune client agents receives policies, software and many more bases on Windows Updates from Windows Intune Cloud services.

ff742836_Fig1_Windows_Intune_at_a_Glance(en-us,MSDN_10)

The opposite way the Windows Intune client agents communicates based on REST API endpoints/web services to the Windows Intune cloud servers. These web services are used for authentication purpose, uploading inventory-, events, etc.

In HKLM\SOFTWARE\Microsoft\OnlineManagement\…\ServiceEndpoints you find the endpoints used.

ServerAuthSlsLoc

https://manage.microsoft.com/ServerAuthLocationService/ServerAuthLocationService.svc

SlsLoc

https://manage.microsoft.com/LocationService/LocationService.svc

UnauthSlsLoc

http://manage.microsoft.com/UnauthLocationService/UnauthLocationService.svc

UserAuthSlsLoc

https://manage.microsoft.com/UserAuthLocationService/UserAuthLocationService.Svc

AgentEnrollmentSvc

https://msub05.manage.microsoft.com/AgentEnrollmentService/AgentEnrollmentService.svc

AgentSts

https://msub05.manage.microsoft.com/AgentSecurityTokenService/IWSTrust.svc

AgentSupportingSts

https://msub05.manage.microsoft.com/AgentSupportingSecurityTokenService/IWSTrust.svc

ClientSvc

https://msub05.manage.microsoft.com/ClientWebService/client.asmx/auth

EnrollmentSts

https://msub05.manage.microsoft.com/AgentEnrollmentSecurityTokenService/IWSTrust.svc

ErrorEventSvc

http://msub05.manage.microsoft.com/ErrorEventWebService/ErrorEventWebService.svc

EventSvc

https://msub05.manage.microsoft.com/EventWebService/EventWebService.svc

ExchangeIncomingGateway

https://msub05.manage.microsoft.com/ExchangeIncomingGateway/GatewayService.svc

IWPortalUdaClaimUrl

https://portal.manage.microsoft.com/devices/link

KeySvc

https://manage.microsoft.com/KeyService/KeyServiceAgent.svc

LocationSvc

https://manage.microsoft.com/LocationService/LocationService.svc

RemoteAssistanceSvc

https://msub05.manage.microsoft.com/RemoteAssistanceService/RemoteAssistanceService.svc

SignalingSvc

https://msub05.manage.microsoft.com/SignalingService/Signal.AsyncHandler

TaskDownloadSvc

https://msub05.manage.microsoft.com/RemoteAssistanceService/TaskDownloadService.svc

UnauthClientSvc

https://msub05.manage.microsoft.com/ClientWebService/client.asmx

UnauthLocationSvc

http://manage.microsoft.com/UnAuthLocationService/UnAuthLocationService.svc

UserEnrollmentSts

https://msub05.manage.microsoft.com/UserEnrollmentSecurityTokenService/IWSTrust.svc

WUASelfUpdateUrl

http://msub05.manage.microsoft.com/SelfUpdate

     

What´s new in Intune?

As mentioned before Microsoft is currently upgrading there Windows Intune cloud service platform which introduces new features and capabilities.

image

Simplifying these into real world actions quickly clarifies what we get in Intune R2, and also highlights the investments in Windows Server 2012 R2 and Configuration Manager 2012 R2:

  • Delivering a seamless interface for users to registered devices to access organization data, while enabling IT Pros to gain more granular control over these device settings, ensuring they become compliant with your policies
  • Offering a consistent experience for your users to discover your organizations services, and subscribe to the services which you offer, across all of their resisted devices.
  • Unified experience for publishing our applications and services to all devices, regardless of there form factor, location, and whether they be managed devices, or user registered.
  • Securing the data on these devices is simplified, simply revoking a registered device will remove access to applications, data and polices from the device.

Sources:

http://technet.microsoft.com/en-us/library/jj662670.aspx

http://uksbsguy.com/blogs/doverton/archive/2011/11/15/log-files-on-each-pc-with-windows-intune.aspx

http://blog.coretech.dk/bfa/windows-intune-client-agent-components/

http://albertneef.wordpress.com/2012/01/12/windows-intune-commands/

http://www.petri.co.il/windows-intune-update-2013.htm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s