Have you ever needed to retrieve an application that you deployed with Intune but it’s been about a billion years since you packaged that thing? Yeah, we’ve all been there. Luckily, modern IT guru and MVP Oliver Kieselbach created a utility that allows us to retrieve the .intunewin package and crack it open.

Before we get started, grab the utility here and this accompanying PowerShell script.

In order to retrieve the source or install file of an application deployed via Intune, you must enroll a device with the applications assigned to it and proceed to run the IntuneWinAppUtilDecoder.exe via PowerShell.

Application installers do not stay cached indefinitely, so you will have to enroll a new device in Autopilot.

Log into the PC that is now enrolled in Intune. Make sure you have local administrator rights on the device.

Place the decoder tools somewhere accessible like “C:\Decoder”:

Open an elevated PowerShell window:

Type cd C:\Decoder to navigate to the files we copied over.

Run the Get-DecryptInfoFromSideCarLogFiles.ps1 script (I’ve renamed mine to ‘decode.ps1’).

Depending on how many applications are needed, the script may run for some time.  When completed, open File Explorer and navigate to the output path specified in the script.  It should be:

%LOCALAPPDATA%\Temp

There you’ll find files in both the .tmp and .tmp. decoded formats.

Right click on the .decoded file and with an extraction tool, like “7Zip”, open the archive.

You can now see the original install files of the application, and extract them.

If you get stuck, hit me up at steve@getrubix.com and happy decoding!