Windows - Software Lifecycle - Install Zoom (machine-Wide)

What the Zoom Installer does

This Automox Worklet™ installs Zoom as a machine-wide application on Windows endpoints. Machine-wide installation differs from user-based installation (which installs under AppData) by making Zoom available to all users on the endpoint and placing the application in Program Files.

The Worklet only detects machine-wide installations as compliant. User-based Zoom installations under AppData directories are not considered compliant, so this Worklet will install a machine-wide version even if a user-based installation exists.

For 64-bit systems, the Worklet uses a scriptblock executed through the native 64-bit PowerShell environment (sysnative\WindowsPowerShell) to handle the MSI installation correctly. This approach prevents architecture mismatches that can occur when the Automox agent runs in a 32-bit context on 64-bit Windows.

Why deploy Zoom through Automox

User-based Zoom installations create management challenges and inconsistent deployments. When users install Zoom themselves into AppData directories, IT teams lack visibility into versions, struggle to apply updates, and cannot control installation parameters. This approach results in endpoints running different Zoom versions with varying security postures.

Automating Zoom deployment through this Worklet standardizes the installation across your fleet. You can deploy the latest version to all endpoints with a single policy, reducing the need for users to install software themselves or submit IT tickets for meeting software.

The Worklet provides visibility into which endpoints have machine-wide Zoom installations, helping you track deployment progress and identify endpoints that may only have user-based installations that should be upgraded.

How Zoom installation works

1. Evaluation phase: The Worklet searches Windows registry uninstall keys for "Zoom" in both 64-bit and 32-bit registry paths. Only machine-wide installations (not user-based AppData installations) are considered compliant. If found, the endpoint is marked compliant. If not found, the endpoint proceeds to remediation.

2. Remediation phase: The Worklet creates a staging directory (C:\temp\Automox\ZoomInstall), downloads the MSI (32-bit or 64-bit based on architecture) from the Automox API cache, executes msiexec with /qn and /norestart arguments, logs installation to C:\ProgramData\amagent, waits up to five minutes for completion, and removes the staging directory.

Zoom installation requirements

• Windows workstation or server endpoint

• Network connectivity to download from api.automox.com

• Write access to C:\temp\Automox directory

• Administrative privileges for MSI installation

• No user configuration required - all parameters are predefined

Expected state after Zoom installation

After successful remediation, Zoom appears in the Windows Programs list and registry uninstall keys as a machine-wide installation. The Zoom application is installed in Program Files (not user AppData) and becomes available to all users on the endpoint. You can verify the machine-wide installation by checking that the registry path shows HKLM (not HKCU) and the installation location is under Program Files. Any user logging into the endpoint can launch Zoom immediately without individual installation.

Installation logs are saved to C:\ProgramData\amagent\Zoom64_install.log (or Zoom32_install.log for 32-bit systems). The staging directory is automatically removed after installation. Subsequent Worklet runs will detect the machine-wide installation and exit without action.

How to validate install zoom (machine-wide) changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for install zoom (machine-wide).

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Write-Output, Get-ChildItem, Get-ItemProperty.

4. Validate remediation effects from script operations such as New-Item, Out-Null, New-Object, then rerun evaluation for compliance.