This page looks best with JavaScript enabled

Using Winget and Chocolatey with MDT

 ·  ☕ 6 min read

Windows Package Managers

Microsoft has created winget and Chocolatey is a third-party package manager for Windows. I like both for a variety of reasons and have been testing them out as a way to modernize the install software whilst still using Microsoft Deployment Toolkit (MDT).

Using a package manager during initial deployment or image creation can be useful for deploying applications that are updated frequently like Adobe Reader or Google Chrome. It’s also easier for you as the image admin. Instead of downloading the offline installer, finding the silent install command and then going through the steps of adding it to MDT, you can use a package manager to retrieve the application, install it and you’re done. You could also set up a scheduled task to run regularly to keep third-party software up-to-date when the PC is deployed out in the field.

Winget

Winget is Microsoft’s package manager for Windows 10 and 11. It is not a functional part of Windows 10 or 11 version 21H2 or 22H2 after the initial OS install - the Microsoft Store app updater needs to run and make it available for use. Even if you download the winget package from github and install it via PowerShell, the Microsoft Store will still need to run and sync for it to work - take it from me I have spent this past week testing this out thoroughly.

Winget is good and I’d recommend it but some bugs when installing certain packages still remain - for example at the time of writing the Ubisoft.Connect package won’t install even though it did a few weeks ago when I last installed it. Weird. That said, for most common packages that you’d install in a business environment it works well.

Installing and Using winget

In order to use winget as part of a Task Sequence I’ve made a small PowerShell script to trigger the Microsoft Store updater and wait until winget is the correct version before exiting. Then the Task Sequence can continue and use winget to install any applications that you want with the additional benefit that the Microsoft Store apps are also now up to date.

Please note: because we must run the Microsoft Store sysprep will be impossible. Because of this I do not recommend using winget if you are building a “golden” or “thick” image. If you intend on running sysprep you should use Chocolatey instead.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
## Run the MS Store update and wait until winget is installed

$OSVBui = [environment]::OSVersion.Version | Select-Object -expand build
$wmiObj = Get-WmiObject -Namespace "root\cimv2\mdm\dmmap" -Class "MDM_EnterpriseModernAppManagement_AppManagement01"

## Windows 10 22H2
If ($OSVBui -eq "19045")
{
    Do {
        $updateTrigger = $wmiObj.UpdateScanMethod()
        start-sleep -S 60
    } until (Get-appxprovisionedpackage -online | where-object {$_.packagename -like 'Microsoft.DesktopAppInstaller*'} | where-object {$_.version -notlike "2019.125.2243.0"})
}

## Windows 11 22H2
If ($OSVBui -eq "22621")
{
    Do {
        $updateTrigger = $wmiObj.UpdateScanMethod()
        start-sleep -S 60
    } until (Get-appxprovisionedpackage -online | where-object {$_.packagename -like 'Microsoft.DesktopAppInstaller*'} | where-object {$_.version -notlike "2022.310.2333.0"})
}

To run the PowerShell script above as part of a Task Sequence and have it wait until it completes (in my extensive testing MDT doesn’t wait for the “do until” block to complete) we must create a small batch file containing the command below and then add this to the Task Sequence.

1
start /wait powershell -ep bypass -WindowStyle hidden Z:\_custom\winget\update-store.ps1

Once winget is installed and usable, we can use winget’s import function to install a list of applications. Below is the command that I use to install all my applications which is are in JSON file that I exported from winget on another system.

1
winget import %DEPLOYROOT%\_custom\winget\apps-winget.json --accept-package-agreements --accept-source-agreements

You can also make a batch or PowerShell script that contains a list of winget install commands for each application.

1
2
3
4
5
6
7
8
winget install -e --id Microsoft.VCRedist.2015+.x64 --accept-package-agreements --accept-source-agreements
winget install -e --id Microsoft.DotNet.DesktopRuntime.6 --accept-package-agreements --accept-source-agreements
winget install -e --id 7zip.7zip --accept-package-agreements --accept-source-agreements
winget install -e --id VideoLAN.VLC --accept-package-agreements --accept-source-agreements
winget install -e --id Adobe.Acrobat.Reader.64-bit --accept-package-agreements --accept-source-agreements
winget install -e --id Notepad++.Notepad++ --accept-package-agreements --accept-source-agreements
winget install -e --id Google.Chrome --accept-package-agreements --accept-source-agreements
winget install -e --id Mozilla.Firefox --accept-package-agreements --accept-source-agreements

To see if winget has an application in it’s repository you can use the search command

1
winget search "firefox"

For more information on winget commands please see Microsoft’s documentation pages.

Updating with Winget

Winget can be scheduled to update installed software using a Scheduled Task. Due to how winget works you should check first on a test system to see what it will update just in case you have an app installed that you don’t want updated for whatever reason.

You can check to see what will be updated with the following command:

1
winget upgrade

The command below will update all the software it supports. The --silent switch in this context means that the UI will in some cases still show but it is just progress and the upgrades are automated.

1
winget upgrade --all --silent

Chocolatey

Chocolatey is a third-party Windows package manger and can be easily installed. Chocolatey is free but has a Business/Pro version that syncs with the “Programs and Features” list in Windows. The free version can be used to install and update software that was installed by Chocolatey but it will not touch software that it didn’t install.

Installing and Using Chocolatey

As per the instructions on the website Chocolatey can be installed using a PowerShell one liner:

1
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

Here is the PowerShell script that I use to install Chocolatey and also the list of software I require.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
choco feature enable -n allowGlobalConfirmation
choco install vcredist140
choco install dotnet-6.0-desktopruntime
choco install 7zip
choco install vlc
choco install adobereader
choco install notepadplusplus
choco install googlechrome
choco install firefox

To find out if Chocolatey has an application in it’s repository and the command to install it, please see the Chocolatey Package site.

Updating with Chocolatey

Chocolatey can be scheduled to update installed software using a Scheduled Task. Like with winget you should check first on a test system to see what it will update just in case you have an app installed that you don’t want updated.

You can check to see what will be updated with the following command:

1
choco outdated

The command below will update all the software it supports silently.

1
choco upgrade all

Support My Work

If you would like to support me, please check out the links below.

If you’d like to contact me, please leave a comment, send me a tweet, or you can join the community on Discord.

-Mike

Share on
Support the author with