Deploying a Device Driver With Intune
I need to deploy a specific driver to a set of devices. How can I do this with Intune?
I happened to come across a situation where I needed to push a driver out to a specific model of device. This driver could not be picked up through standard Windows updates, and deploying via SCCM was not an option. So the next best thing I could think of was to deploy the driver using Intune.
Here's the general process to achieve this goal:
You will need to begin by finding an executable installer for the driver you want to install. If you can get this in a .msi
format, do so, .msi
makes life easy when working with Intune. For the purposes of this article, I'll be using the Synaptics ThinkPad UltraNav Driver for Windows 10. If you navigate to the link it will take you to a download page from Lenovo's website. This driver is nice since it provides "Unnatended Install" instructions in the README, we can set the driver to perform an unnatended install by specifying the -s -sms
flags when we run Setup.exe
. This means the install command for this application will be "Setup.exe -s -sms
".
Once you have found the driver installer, if you don't mind the installation being interacted with by the users, then you are good to go.
Otherwise, you will need to find out how to do an unnatended installation if possible. This can vary depending on the product and manufacturer. Most large manufacturers and venders should have an unnatended installation feature depending on the product. You may have to play with the drivers on a test machine and make sure that installing them a certain way actually works.
Package your installer as a .intunewin
Win32 app.
Go to Intune and create a new App.
- Under App type select Windows app (Win32)
- Upload your
.intunewin
file you generated - Give it a Name and optional Description. Set the Publisher to the name of the vendor providing the files.
- For the Install command, it should be the command to launch the installer file (ex.
setupdrivers.exe \VERYSILENT
). In my case, the command wasSetup.exe -s -sms
. - Uninstall command in my case was optional, and I set it to
exit
since the drivers do not need to be uninstalled. Set this according to your use case. - Install behavior should typically be set to System if the driver requires administrator approval to install.
- In my case, I set Device restart behavior to Intune will force a mandatory device restart. Again, set this based on your requirements. The drivers I chose do not take affect until Windows restarts.
- Set your Operating system architecture and Minimum operating system variables to fit your environment.
- When setting detection rules, set the Rules format to Manually configure detection rules.
- Add a detection rule
- These following settings are dependent on the driver you select. I will give you the settings I chose to install the Synaptics drivers.
- Set Path to
C:\Program Files\Synaptics\SynTP\
- Set File or folder to
InstNT.exe
- Set Detection method to File or folder exists
- Set Associated with a 32-bit app on 64-bit clients to No
- Select OK to add the rule and go to the next page
- You should be able to skip adding dependencies.
- If you need this driver to have Supersedence for some reason, set it up now.
- Assign the application to whatever groups you want to install it to.
Once you have reviewed and confirmed your choices, Intune should start deploying the driver to any groups you specify. If it's a driver for a specific type of device, like the touchpad driver I used in this example, it's usually easiest to use a few dynamic device groups that have queries written to add any devices of deviceModel
type.