Last updated on August 13th, 2024 at 01:40 pm
I recently inherited a client with a fleet of devices running Trend Micro Worry-Free Business security on all their devices. This needed to be removed so we could replace it with an EDR. However, the client didn’t know the uninstall password, and their contract with Trend was no longer active. Luckily, Trend was still kind enough to provide us with their removal tool. I’ll make a separate post on how to use that with Intune. After some testing, we determined the removal tool required .NET 3.5 (this is not mentioned in their documentation). There were well over 200 devices that needed this. They were all enrolled in Intune, so this naturally became the vehicle for deployment.
You can use a Win32 App or a Remediation to install .NET 3.5, but for this blog I’ll use a Win32 app. This is for two reasons:
- I wanted to use this as a dependency for the Trend Removal App
- Changing the deployment to uninstall .NET 3.5 is simpler than making a second remediation
If you are installing this because it’s a requirement for another application, then I suggest staying with the Win32 app.
Now, on to the installation. This is rather simple. We will quickly walk through how this works if we were to manually run the script. First, we need to import the DISM PowerShell module:
Import-Module DISM
Then we can check to see if .NET 3.5 is installed with this command, and you can see it’s not installed on this device:
Get-WindowsOptionalFeature -Online | Where-Object FeatureName -eq NetFx3
To install it, we use this command. It will take a couple of minutes to complete the installation.
Enable-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -NoRestart
When its finished, we can confirm its installed:
That’s it. To uninstall, if you want to do that, simply run:
Disable-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -NoRestart
Now to package and deploy this with Intune. The scripts are available on my GitHub. Grab the files and wrap them as a Win32, or grab the intunewin file and import it. If you want to package the app yourself, place the install.ps1 and uninstall.ps1 files in an empty directory. Then target that directory with the Win32 packaging utility and specify install.ps1 as the install file:
Create a new Win32 app and target the .intunewin file you downloaded or created in the previous step. Our install and uninstall commands are below:
- powershell.exe -executionpolicy bypass .\install.ps1
- powershell.exe -executionpolicy bypass .\uninstall.ps1
Add your own requirements, and then choose custom detection script, and import the detection.ps1 script from GitHub.
Lastly, target your groups for deployment. If you don’t need the feature installed permanently, you can change the deployment method to uninstall when you’re finished, and the .NET Framework 3.5 will be removed 🙂