<# .SYNOPSIS PSAppDeployToolkit - This script performs the installation or uninstallation of an application(s). .DESCRIPTION - The script is provided as a template to perform an install, uninstall, or repair of an application(s). - The script either performs an "Install", "Uninstall", or "Repair" deployment type. - The install deployment type is broken down into 3 main sections/phases: Pre-Install, Install, and Post-Install. The script imports the PSAppDeployToolkit module which contains the logic and functions required to install or uninstall an application. PSAppDeployToolkit is licensed under the GNU LGPLv3 License - (C) 2025 PSAppDeployToolkit Team (Sean Lillis, Dan Cunningham, Muhammad Mashwani, Mitch Richters, Dan Gough). This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . .PARAMETER DeploymentType The type of deployment to perform. .PARAMETER DeployMode Specifies whether the installation should be run in Interactive (shows dialogs), Silent (no dialogs), or NonInteractive (dialogs without prompts) mode. NonInteractive mode is automatically set if it is detected that the process is not user interactive. .PARAMETER AllowRebootPassThru Allows the 3010 return code (requires restart) to be passed back to the parent process (e.g. SCCM) if detected from an installation. If 3010 is passed back to SCCM, a reboot prompt will be triggered. .PARAMETER TerminalServerMode Changes to "user install mode" and back to "user execute mode" for installing/uninstalling applications for Remote Desktop Session Hosts/Citrix servers. .PARAMETER DisableLogging Disables logging to file for the script. .EXAMPLE powershell.exe -File Invoke-AppDeployToolkit.ps1 -DeployMode Silent .EXAMPLE powershell.exe -File Invoke-AppDeployToolkit.ps1 -AllowRebootPassThru .EXAMPLE powershell.exe -File Invoke-AppDeployToolkit.ps1 -DeploymentType Uninstall .EXAMPLE Invoke-AppDeployToolkit.exe -DeploymentType "Install" -DeployMode "Silent" .INPUTS None. You cannot pipe objects to this script. .OUTPUTS None. This script does not generate any output. .NOTES Toolkit Exit Code Ranges: - 60000 - 68999: Reserved for built-in exit codes in Invoke-AppDeployToolkit.ps1, and Invoke-AppDeployToolkit.exe - 69000 - 69999: Recommended for user customized exit codes in Invoke-AppDeployToolkit.ps1 - 70000 - 79999: Recommended for user customized exit codes in PSAppDeployToolkit.Extensions module. .LINK https://psappdeploytoolkit.com #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [ValidateSet('Install', 'Uninstall', 'Repair')] [PSDefaultValue(Help = 'Install', Value = 'Install')] [System.String]$DeploymentType, [Parameter(Mandatory = $false)] [ValidateSet('Interactive', 'Silent', 'NonInteractive')] [PSDefaultValue(Help = 'Interactive', Value = 'Interactive')] [System.String]$DeployMode = 'Interactive', [Parameter(Mandatory = $false)] [System.Management.Automation.SwitchParameter]$AllowRebootPassThru = $false, [Parameter(Mandatory = $false)] [System.Management.Automation.SwitchParameter]$TerminalServerMode = $false, [Parameter(Mandatory = $false)] [System.Management.Automation.SwitchParameter]$DisableLogging ) # 🚀 Force Interactive Mode in PSADT 4.0 ##================================================ ## MARK: Variables ##================================================ $adtSession = @{ # App variables. AppVendor = 'Ivanti' AppName = 'Ivanti Secure Access Client' AppVersion = '22.8.33059' AppArch = 'x64' AppLang = 'EN' AppRevision = '01' AppSuccessExitCodes = @(0) AppRebootExitCodes = @(1641, 3010) AppScriptVersion = '1.0.0' AppScriptDate = '07/07/2025' AppScriptAuthor = 'jxp066admin' # Install Titles (Only set here to override defaults set by the toolkit). InstallName = '' InstallTitle = '' # Script variables. DeployAppScriptFriendlyName = $MyInvocation.MyCommand.Name DeployAppScriptVersion = '4.0.6' DeployAppScriptParameters = $PSBoundParameters } function Install-ADTDeployment { ##================================================ ## MARK: Pre-Install ##================================================ $adtSession.InstallPhase = "Pre-$($adtSession.DeploymentType)" # 🚀 Force PSADT 4.0 to Run in Interactive Mode If ($adtSession.IsSilent()) { Write-ADTLogEntry "Forcing Interactive Mode in PSADT 4.0..." $global:DeployMode = "Interactive" Set-Variable -Name DeployMode -Value "Interactive" -Scope Global -Force } # VPN Detection (Improved) $VPNAdapter = Get-NetAdapter | Where-Object { $_.InterfaceDescription -match "Juniper" } $VPNActive = if ($VPNAdapter.Status -match "Up") { $true } else { $false } # Create Temporary Directory for Ivanti Files $TempLocation = New-Item -Path "C:\ProgramData\" -Name "Ivanti" -ItemType "directory" -Force Copy-ADTFile -Path "$($adtSession.DirFiles)\*" -Destination 'C:\ProgramData\Ivanti' # Handle VPN-Connected Scenario If ($VPNActive) { Write-ADTLogEntry "The VPN is currently active and connected. Prompting the user to update or defer." Show-ADTInstallationPrompt -Message "The Ivanti Secure Access VPN client requires an update. Since you are currently connected to the VPN, you may experience a brief disconnection during the update process. Once the update is complete, you will be automatically reconnected. On the next screen, you will have the option to either Close Apps & Install or Defer the update to a later time." -ButtonMiddleText 'OK' Show-ADTInstallationWelcome -CloseProcesses Pulse -AllowDefer -DeferTimes 4 -CloseProcessesCountdown 300 -PersistPrompt } else { Write-ADTLogEntry "The VPN is not currently active, proceeding with the update." } #Write-ADTLogEntry "Running the ISACDeepCleanScript to remove all previous installations of Pulse/Ivanti." # Execute Deep Clean Script # Define the PowerShell script path $ScriptPath = "$($adtSession.DirFiles)" Write-ADTLogEntry "Running the ISACDeepCleanScript to remove all previous installations of Pulse/Ivanti." ##================================================ ## MARK: Install ##================================================ $adtSession.InstallPhase = $adtSession.DeploymentType if($VPNActive -eq 'Up') { Show-ADTInstallationProgress -StatusMessage 'Installation in Progress...' Start-ADTProcess -FilePath "powershell.exe" -ArgumentList "-ExecutionPolicy Bypass -NoProfile -File `"$ScriptPath\ISACDeepCleanScriptSilentSigned.ps1`"" -Wait Start-ADTMsiProcess -FilePath 'PulseSecure.x64.msi' -ArgumentList 'CONFIGFILE=C:\ProgramData\Ivanti\NCH-Pulse-Secure.pulsepreconfig /qn' Restart-Service -Name PulseSecureService } else { Start-ADTProcess -FilePath "powershell.exe" -ArgumentList "-ExecutionPolicy Bypass -NoProfile -File `"$ScriptPath\ISACDeepCleanScriptSilentSigned.ps1`"" -Wait Start-ADTMsiProcess -FilePath 'PulseSecure.x64.msi' -ArgumentList 'CONFIGFILE=C:\ProgramData\Ivanti\NCH-Pulse-Secure.pulsepreconfig /qn' Restart-Service -Name PulseSecureService } ##================================================ ## MARK: Post-Install ##================================================ $adtSession.InstallPhase = "Post-$($adtSession.DeploymentType)" if($VPNActive -eq 'Up') { Show-ADTInstallationPrompt -Message "The Ivanti Secure Access VPN has been successfully updated." -ButtonMiddleText 'Ok' } ## Master Wrapper detection Set-ADTRegistryKey -Key "HKLM\SOFTWARE\InstalledApps\Ivanti_Ivanti Secure Access Client_22.8.31699 (Fix)" } function Uninstall-ADTDeployment { ##================================================ ## MARK: Pre-Uninstall ##================================================ $adtSession.InstallPhase = "Pre-$($adtSession.DeploymentType)" ##================================================ ## MARK: Uninstall ##================================================ $adtSession.InstallPhase = $adtSession.DeploymentType Start-ADTMsiProcess -Action 'Uninstall' -ProductCode '{603BA4C0-89B0-4A01-9FB3-4913CC44EECF}' -ArgumentList '/qn' ##================================================ ## MARK: Post-Uninstallation ##================================================ $adtSession.InstallPhase = "Post-$($adtSession.DeploymentType)" ## Master Wrapper detection Remove-ADTRegistryKey -Key "HKLM\SOFTWARE\InstalledApps\Ivanti_Ivanti Secure Access Client_22.8.31699 (Fix)" } function Repair-ADTDeployment { ##================================================ ## MARK: Pre-Repair ##================================================ $adtSession.InstallPhase = "Pre-$($adtSession.DeploymentType)" ##================================================ ## MARK: Repair ##================================================ $adtSession.InstallPhase = $adtSession.DeploymentType ##================================================ ## MARK: Post-Repair ##================================================ $adtSession.InstallPhase = "Post-$($adtSession.DeploymentType)" ## Master Wrapper detection Set-ADTRegistryKey -Key "HKLM\SOFTWARE\InstalledApps\Ivanti_Ivanti Secure Access Client_22.8.31699 (Fix)" } ##================================================ ## MARK: Initialization ##================================================ # Set strict error handling across entire operation. $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $ProgressPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue Set-StrictMode -Version 1 # Import the module and instantiate a new session. try { $moduleName = if ([System.IO.File]::Exists("$PSScriptRoot\PSAppDeployToolkit\PSAppDeployToolkit.psd1")) { Get-ChildItem -LiteralPath $PSScriptRoot\PSAppDeployToolkit -Recurse -File | Unblock-File -ErrorAction Ignore "$PSScriptRoot\PSAppDeployToolkit\PSAppDeployToolkit.psd1" } else { 'PSAppDeployToolkit' } Import-Module -FullyQualifiedName @{ ModuleName = $moduleName; Guid = '8c3c366b-8606-4576-9f2d-4051144f7ca2'; ModuleVersion = '4.0.6' } -Force try { $iadtParams = Get-ADTBoundParametersAndDefaultValues -Invocation $MyInvocation $adtSession = Open-ADTSession -SessionState $ExecutionContext.SessionState @adtSession @iadtParams -PassThru } catch { Remove-Module -Name PSAppDeployToolkit* -Force throw } } catch { $Host.UI.WriteErrorLine((Out-String -InputObject $_ -Width ([System.Int32]::MaxValue))) exit 60008 } ##================================================ ## MARK: Invocation ##================================================ try { Get-Item -Path $PSScriptRoot\PSAppDeployToolkit.* | & { process { Get-ChildItem -LiteralPath $_.FullName -Recurse -File | Unblock-File -ErrorAction Ignore Import-Module -Name $_.FullName -Force } } & "$($adtSession.DeploymentType)-ADTDeployment" Close-ADTSession } catch { Write-ADTLogEntry -Message ($mainErrorMessage = Resolve-ADTErrorRecord -ErrorRecord $_) -Severity 3 Show-ADTDialogBox -Text $mainErrorMessage -Icon Stop | Out-Null Close-ADTSession -ExitCode 60001 } finally { Remove-Module -Name PSAppDeployToolkit* -Force }