For product provisioning in Workspace ONE UEM powered by AirWatch, Windows 7 and Windows Desktop devices can be configured using batch (BAT) files. While writing and running these batch files, there are best practices you can follow.

Accounting for Path

Windows Unified Agent is a 32-bit application, so when trying to run scripts in a 64-bit machine, proper redirections must be used to access the 64-bit folder or the registry hive.

There are two %windir%\System32 directories on a Windows x64 system.

  • %windir%\System32 directory is for 64-bit applications. This directory contains a 64-bit cmd.exe.
  • %windir%\SysWOW64 directory is for 32-bit applications. This directory contains a 32-bit cmd.exe.

Since Workspace ONE Intelligent Hub is a 32-bit application, it can access %windir%\System32 for running 64-bit applications by using %windir%\Sysnative in path.

Admin must use %windir%\Sysnative in script to access any 64-bit applications.

For example,

%windir%\Sysnative\manage-bde -on c: -skiphardwaretest
  • manage-bde is a 64-bit application and you access it only by providing proper path %windir%\Sysnative.
  • Certutil is part of both folders (32-bit and 64-bit), so there is no need to give %windir%\Sysnative in the script.

Writing Scripts for Registry

Since Windows Unified Agent is a 32-bit application, it always creates a record or performs any action on WOW6432 Node.

On 64-bit Windows, HKLM\Software\Wow6432Node contains values used by 32-bit applications running on the 64-bit system.

32-bit applications do not create records in HKLM\Software directly.

To write explicitly to a 64-bit hive, add the /reg:64 modifier to the end of your REG ADD command in scripts to create a record in the HKLM\Software registry path.

For example, REG ADD HKLM\Software\MyApp /reg:64

General Instructions

  • Running scripts in admin context when Standard User is logged in performs actions for Admin User.

    For example,

    Running a script in User context installs a certificate for a standard user in the Current user store.

    Running a script in Admin context installs a certificate for an Admin in the Current user store.

  • The path must be quoted while passing arguments to batch files.

    For example,

    "C:\Passing_Argument.bat" Hello World
  • The BAT file extension must always be included in the file path. Omitting this extension causes a file not found error and the script fails to run.
  • You must always have file action as run while deploying batch files.