Unable to get pnputil.exe to function in PowerShell script pushed via MS Intune

I've been struggling to get this script working via Intune for several days. The below is a script that checks to see if a printer is installed, if not, the driver is downloaded from our blob repository, extracted, added to the driver store, then the printer is added.

The script works perfectly when running locally, however, when I push it out via Intune to our Windows 10 devices, no printer is added, and Intune tells me that the script failed to run on the targeted devices, but I'm unsure why.

The script is failing at the line starting with $pnpOutput, everything up until that line is completed. After that line, add-printerport is successful (printer port is added to the computer), but nothing else is because all of the other commands require the driver to be installed, which it isn't. Checking C:\Windows\INF on the target computer confirms that the driver was not added to the driver store.

I figure the problem has something to do with the way I am calling pnputil.exe with powershell. I've tried phrasing the command a few ways with no result. I'm fairly new to powershell, but know enough to mash a couple of scripts together and do some basic troubleshooting.

I tried adding some error logging, but wasn't successful. I tried to out-file the $pnpoutput line but the resulting file was empty. I tried adding a try / catch around the whole last block, but my log file wasn't even created (not even locally, even when I broke the script on purpose to cause an error).

# This script installs the US Bizhub C368 printer
# This checks to see if the printer has already been added
$CheckPrinter = Get-printer | where {$_.Name -like "US Bizhub C368"}
If ($CheckPrinter -eq $null) {

# Make IT folder for driver download
$ITFolder = "C:\IT"
New-Item -Path $ITFolder -ItemType Directory

# Download the driver from Azure Blob repository
$source = "OurAzureBlobURL.com"
$zipdestination = "$ITFolder\USBizhubC368Driver.zip"
Invoke-WebRequest $source -OutFile $zipdestination

# Extract the zip archive and delete the zip
$unzippeddestination = "$ITFolder\USBizhubC368Driver"
Expand-Archive -Path $zipdestination -DestinationPath $unzippeddestination
Remove-Item -Path $zipdestination

$pnpOutput = pnputil -a "$unzippeddestination\KOAXWJ__.INF" | Select-String "Published name"
$null = $pnpOutput -match "Published name :\s*(?<name>.*\.inf)"
$driverINF = Get-ChildItem -Path C:\Windows\INF\$($matches.Name)
Add-PrinterDriver -Name "KONICA MINOLTA C368SeriesPCL" -InfPath $driverINF.FullName
Add-PrinterPort -Name "US Bizhub C368" -PrinterHostAddress "192.168.121.20"
Add-Printer -Name "US Bizhub C368" -DriverName "KONICA MINOLTA C368SeriesPCL" -PortName "US Bizhub C368"

}

Does anyone have any ideas? I'm up for some trial and error, so if you know how to make the logging work correctly, I'm happy to set that up, push it via Intune and report back with the error message. Powershell isn't my first language (yet), so I may need answers dumbed-down a little if possible :)

Thank you!

Thanks for the response! I'll give it a shot and report back. I'm not sure that's the issue, however. I say that because the driver is supposed to get installed one line above ($pnpOutput = pnputil -a "$unzippeddestination\KOAXWJ__.INF" | Select-String "Published name"), but it never even installs when pushed through Intune. The 2 lines below that line just help us figure out the name of the driver once it is installed so that we can pass it to add-printerdriver. If you see a flaw in my logic, please point it out, I'm here to learn!

Apologies I had only picked up on the intune element of your question afterwards. Whilst I don't have experience with intune I do with driver installation. How are you testing that pnputil is working? Where you are declaring a variable it may not allow output to file may be worth stripping the variable out and piping the output of pnputil directly either with out-file/ appending the line with "> somedestination\pnputil.txt"

No worries! Just to confirm, I pushed the revised script with your first suggestion, and no dice.

I'm testing pnputil by running the script locally and then verifying that the OEM##.inf is present in Windows and that I can add-printerdriver using the $driverinfvariable successfully. Unfortunately, when the script is run via Intune on a device, the INF never shows in C:\Windows\INF, however the extracted contents are in the IT folder, and add-printerport successfully added the port. From that evidence, I can assume everything in the script worked, with the exception of pnputil.exe.

I'll try pnputil -a "$unzippeddestination\KOAXWJ__.INF" | Select-String "Published name" | out-file c:\IT\Printerlog.txt to see if I can get some data from that. I'll report back asap.

Can you put up a link for the same driver?, I modified a few lines when testing earlier. I assumed due to the name you extracted files previously and rezipped.

As I am unfamiliar with intune and I don't know if this could be related another thing I would consider is declaring a fullpath to pnputil. It may not use environmental paths?

So the out-file outputted exactly what I was expecting when running locally: Published name : oem71.inf, however the out-file wasn't even created when going through Intune. It seems like it is running pnputil in a separate instance that doesn't have access to variables of the first (or something like that, but I could be wrong). Here are the files I'm using: dropbox.com/s/bvxirufwac0vebm/USBizhubC368Driver.zip?dl=0 I'll try declaring the full path and re-pushing. I have several other Intune PS scripts that install other software (no drivers) fine, so this is odd!

Alright, so I edited the first pnputil line to just this, just to see if we could catch what was going on: C:\Windows\System32\pnputil.exe -a "$unzippeddestination\KOAXWJ__.INF" | out-file C:\IT\Printerlog.txt and no log was created in that folder. I ran the script locally, and it made the log and produced pnputil output. I'm stumped. If it helps at all, Intune runs these scripts in the system context by default. I could try user context if you think that is worth it, but I'm not sure what pnputil likes and doesn't like.

Answer has been updated after seeing another script acheive similar to what you are trying to acheive GitHub Source, their newest commits shows the if/elseif statement that I had copied and modified.

Excellent! Thank you so much, that worked brilliantly! Any idea why we had to run the commands that way when pushing through Intune but not when running locally?

Without looking more into intune I cannot give an accurate answer (this is something I am considering using as we have mobile devices in our environment that I would like to be able to execute remotely without the need of enforcing vpn), however my thoughts are around the context it's being executed in, running from user context alone I think it would have issues elevating to admin however the part of script I copied was executing powershell as admin in the users context from system context (start-process).

If you intend on using the IT folder on systems to have multiple driver sets I would consider adjusting the above so that the pnputil is not recursively searching for inf files, this could cause some issues along with working a better way to seek "Published Name" as that could cause problems if it lists multiple names. Glad the above worked for you and your welcome :)

Makes sense. I also went ahead and made the script target the specific INF I'm after, since I can always figure that out beforehand. Thanks again for your help!