I still don’t understand why developers do not have an option to auto-update their apps. Especially when it’s a simple solution that is required.
Recently I was asked to upgrade hundreds of Intune managed devices 7-Zip installations. Some were over three years since they were last updated. 7-Zip does not have any natively automated process to do an update however the update is as simple as running the setup of the latest version from the 7-Zip website.
With this in mind it would be easy enough to package the latest version of 7-Zip as a Win32 app and deploy it using Intune or whatever RMM or MDM you are using however this would only update to the version packaged.
The better option would be an automated process or scheduled task that will download the very latest version from the 7-Zip website and install it.
# Ensure the script uses TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$dlurl = 'https://7-zip.org/' + (Invoke-WebRequest -UseBasicParsing -Uri 'https://7-zip.org/' | Select-Object -ExpandProperty Links | Where-Object {($_.outerHTML -match 'Download')-and ($_.href -like "a/*") -and ($_.href -like "*-x64.exe")} | Select-Object -First 1 | Select-Object -ExpandProperty href)
$installerPath = Join-Path $env:TEMP (Split-Path $dlurl -Leaf)
Invoke-WebRequest $dlurl -OutFile $installerPath
Start-Process -FilePath $installerPath -Args "/S" -Verb RunAs -Wait
Remove-Item $installerPathThis code will first of all enabled TLS1.2 for older OS. This is necessary for the download to work using Invoke-WebRequest. Next we pull the web page download from 7-zip.org and then parse it to find the download link (In case it ever changes).
Now we download the installer and run it silently and wait for it to finish. Once the setup exists we remove the installer file to clean things up.
Deploying the update
You can deploy this script however you wish but I would recommend that it runs at regular intervals to make sure that 7-Zip is as up to date as possible.
One method would be to deploy the file to your devices and create a scheduled task. Make sure it runs with the highest permissions so as System would be recommended.
Using Intune to deploy
If you deploy as a Script in Intune it will only run once which is great to bring devices up to the latest version one time however if we deploy as a remediation it will keep the device up to date.
# Check if 7Zip is installed for use as remediation in Update-7Zip
$commonPaths = @(
"C:\Program Files\7-Zip\7z.exe",
"C:\Program Files (x86)\7-Zip\7z.exe"
)
foreach ($path in $commonPaths) {
if (Test-Path -Path $path) {
Write-Output "7-Zip is installed at $path"
# 7-Zip is installed
Exit 1
}
}
# 7-Zip is not installed
Write-Output "7-Zip not detected"
Exit 0This script is the detection script and will check if 7-Zip is installed. If you find installations in other paths you can change the $commonPaths array to include them.
The remediation script is the same as the first script above.
# Ensure the script uses TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$dlurl = 'https://7-zip.org/' + (Invoke-WebRequest -UseBasicParsing -Uri 'https://7-zip.org/' | Select-Object -ExpandProperty Links | Where-Object {($_.outerHTML -match 'Download')-and ($_.href -like "a/*") -and ($_.href -like "*-x64.exe")} | Select-Object -First 1 | Select-Object -ExpandProperty href)
$installerPath = Join-Path $env:TEMP (Split-Path $dlurl -Leaf)
Invoke-WebRequest $dlurl -OutFile $installerPath
Start-Process -FilePath $installerPath -Args "/S" -Verb RunAs -Wait
Remove-Item $installerPathDeploy this to all devices for completion and make sure it runs weekly or however often you want to check for updates.
Do you have a better way to do this? Post in the comments below if you have any suggestions.