msfreaks / evergreenadmx Goto Github PK

HI, if I try to include "Citrix Workspace App" the script fails with an error, see screenshots below. The following command was used:
EvergreenAdmx.ps1 -WorkingDirectory "C:\Users\xenadmin\Downloads\ADMX" -Languages @("de-DE", "en-US") -UseProductFolders:$true -Include @("Citrix Workspace App")

We may able to get the last modified date with this module which would allow us to get rid of the Adobe Acrobat FTP code and also add a bunch of other admx files that has no versioning.

Have a look and tell me what you think:
https://github.com/DanGough/PsDownload

The modified date will be updated once download has complete to match the Last-Modified header if found.

hi,
I experienced an issue if on the computer this script is executed the ADMX files for another Win10 version are already installed:

As you can see, somehow the two folders of the installed ADMX (20H2 and 21H1) are mixed together...

Get-MicrosoftEdgePolicyOnline does not work since it's looking for zip files but the ADMX are provided into a cab file.

https://learn.microsoft.com/en-us/answers/questions/1246788/group-policy-for-new-microsoft-laps

https://support.citrix.com/article/CTX133565

When I run this, I always see a popup for OneDrive setup (even though I already have OneDrive setup on my PC). I believe it's cause it downloads the exe and then extracts, but anyway to disable this?

How is it possible to use the script behind a proxy that requires authentication?

I've noticed, running this script on a Server 2019 it stops after the OneDrive Setup. For some reason, Onedrive.exe is not launched for me. Then the Stop-Process at line 816 will also fail and stop the script.

My very simple fix would be:
Stop-Process -Name "OneDrive" -Force -ErrorAction SilentlyContinue

Of course a get-process ... | stop-process would be nicer.

Hello, in Line 753 is an error with the new-item command. Please correct the command.

When executing "EvergreenAdmx.ps1 -Windows11Version "23H2" -workingdirectory "C:_install\ADMX_latest" -Include "Windows 11" the following error is displayed:

C:\Program Files\WindowsPowerShell\Scripts\EvergreenAdmx.ps1 : Cannot validate argument on parameter 'Windows11Version'. The
argument "23H2" does not belong to the set "21H2,22H2" specified by the ValidateSet attribute. Supply an argument that is in the
set and then try the command again.
At line:1 char:37

It looks like 23H2 is not added to the latest release.

announcement:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/manage-windows-package-manager-with-group-policy/ba-p/2346322

package:
https://github.com/microsoft/winget-cli/releases/download/[version]/DesktopAppInstallerPolicies.zip

current package:
https://github.com/microsoft/winget-cli/releases/download/v1.6.3482/DesktopAppInstallerPolicies.zip

refer: Weatherlights/Winget-AutoUpdate-Intune#12

Please consider using the following code on top of your script to avoid redundancies.

$ProgressPreference = "SilentlyContinue"
$ErrorActionPreference = "SilentlyContinue"

I get the following error

The msi still seems to install normally

and I see files in C:\Program Files (x86)\Microsoft Group Policy\Windows 11 September 2022 Update (22H2)\PolicyDefinitions

However, none of them gets copied over

Direct link here: https://aka.ms/avdgpo
Documentation: https://docs.microsoft.com/en-us/azure/virtual-desktop/shortpath

There's no web link to download the policy definitions for this one so the same recipe as OneDrive will have to be applied.

Policy Definitions location: C:\Program Files\Microsoft VS Code\policies

https://code.visualstudio.com/docs/setup/enterprise

Please add Citrix Connnection Quality Indicator ADMX templates

You can grab the download here
https://support.citrix.com/article/CTX220774

and the admx are available in the following folder once the product is installed

"${env:ProgramFiles(x86)}\Citrix\HDX\bin\Connection Quality Indicator"

The challenge is that you can't download the fille unless you have a Citrix account and that you need to install the product on top of the VDA in order to get the admx templates. So maybe it's best to host a copy of the ADMX in the github repo or something.

It looks like the admx files are being extracted to 3 independent folders under C:\Program Files (x86)\Microsoft Group Policy and the script is trying to process them concatenated instead of as 3 independent paths. See verbose log below:

VERBOSE: 
Processing Admx files for Windows 10 
VERBOSE: GET https://www.microsoft.com/en-us/download/details.aspx?id=103124 with 0-byte payload
VERBOSE: received -1-byte response of content type text/html
VERBOSE: GET https://www.microsoft.com/en-us/download/confirmation.aspx?id=103124 with 0-byte payload
VERBOSE: received -1-byte response of content type text/html
VERBOSE: Found new version 103124.1.0 for 'Microsoft Windows 10 21H1'
VERBOSE: Downloading 'https://download.microsoft.com/download/5/e/7/5e7224e8-919c-4799-8ea3-c69b32d70832/Administrative Templates (.admx) for Windows 10 May 2021 Update.m
si' to 'S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\downloads\Administrative Templates (.admx) for Windows 10 May 2021 Update.msi'
VERBOSE: GET https://download.microsoft.com/download/5/e/7/5e7224e8-919c-4799-8ea3-c69b32d70832/Administrative Templates (.admx) for Windows 10 May 2021 Update.msi with 0
-byte payload
VERBOSE: received 13627392-byte response of content type application/octet-stream
VERBOSE: Installing downloaded Windows 10 Admx installer
VERBOSE: Grabbing installation path for Windows 10 Admx installer
VERBOSE: Found 'Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)'
VERBOSE: Grabbing uninstallation info from registry for Windows 10 Admx installer
VERBOSE: Found 'Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Administrative Templates (.admx) for Windows 10 May 2021 Update'
VERBOSE: Copying Admx files from 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows 
Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions' to 'S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\admx'
Copy-Item : Cannot find path 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows 
Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions' because it does not exist.
At S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\EvergreenAdmx.ps1:165 char:5
+     Copy-Item -Path "$($SourceFolder)\*.admx" -Destination "$($Target ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\Program File...licyDefinitions:String) [Copy-Item], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
 
VERBOSE: en-US not found
WARNING: Language 'en-US' not found for 'Microsoft Windows 10 21H1'. Processing 'en-US' instead.
VERBOSE: Copying 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows Server 2016 (Ver
sion 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions\en-US\*.adml' to 'S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\admx\en-US'
Copy-Item : Cannot find path 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows 
Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions\en-US' because it does not exist.
At S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\EvergreenAdmx.ps1:177 char:9
+         Copy-Item -Path "$($SourceFolder)\$($language)\*.adml" -Desti ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\Program File...finitions\en-US:String) [Copy-Item], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
 
VERBOSE: Uninstalling Windows 10 Admx installer

In addition, When the uninstall prompt initiates MSI exec pops up with the parameter window (same as typing msiexe.exe /?)
Closing this window allows the script to continue. Maybe that's related to above?

There is also a language error on the installer whether I select -Languages 'en-US' or leave the option out. I suspected it was benign

I ran into problems with multiple items. I ran the following command on a server 2012R2 member server from a mapped drive to retrieve:
EvergreenAdmx.ps1" -Include "Windows 10", "Microsoft Edge", "Microsoft Office", "FSLogix", "Adobe AcrobatReader DC", "Google Chrome", "Microsoft Desktop Optimization Pack", "Mozilla Firefox", "Zoom Desktop Client" -verbose

The script is terminating without a message. Never attempts to retrieve Chrome, Firefox, Zoom. I only successfully retrieve FSL, Edge, Office. After extracting Edge policies zip file, it quietly exits.

You might want to update documentation around running from a mapped or network drive.

If I try running this from a local folder, I'm able to successfully get firefox, chrome, MDOP.

Zoom, however, still fails.

VERBOSE: GET https://support.zoom.us/hc/en-us/articles/360039100051 with 0-byte payload
Invoke-WebRequest : The remote server returned an error: (403) Forbidden.
At C:\Temp\ADMX\EvergreenAdmx.ps1:492 char:16
+ ...      $web = Invoke-WebRequest -Uri $url -UseBasicParsing -ErrorAction ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Adobe fails (not fault of script)

Exception calling "GetResponse" with "0" argument(s): "Unable to connect to the remote server"
At C:\Temp\ADMX\EvergreenAdmx.ps1:403 char:9
+         $listResponse = $listRequest.GetResponse()
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

However, it seems both adobe and zoom are terminating the entire process when they fail, even though they are supposed to silently continue?

Finally,

Let me know if you want me to open multiple bug reports?

This is a fantastic script. I know if I can get it working it's going to be a huge help!

The folder chromeadmx and the file policy_templates.zip are left in the %Temp% folder after the script has been processed.

Please add Windows 11 23H2 support
https://www.microsoft.com/en-us/download/details.aspx?id=105667

I modified the code to get the current version and redirected path from aka.ms/fslogix/download as follows:

function Get-FSLogixOnline {

    <#     .SYNOPSIS
    Returns latest Version and Uri for FSLogix
   #>
    Function Get-RedirectedUrl {
        Param (
            [Parameter(Mandatory = $true)]
            [String]$url
        )
    
        $request = [System.Net.WebRequest]::Create($url)
        $request.AllowAutoRedirect = $true
    
        try {
            $response = $request.GetResponse()
            $response.ResponseUri.AbsoluteUri
            $response.Close()
        }
    
        catch {
            "ERROR: $_"
        }
    
    }
    
    try {
        $ProgressPreference = 'SilentlyContinue'
        $url = Get-RedirectedUrl -URL 'https://aka.ms/fslogix/download'
        # grab version
        $Version = ($url.Split("/")[-1] | Select-String -Pattern "(\d+(\.\d+){1,4})" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value }).ToString()

        # return evergreen object
        return @{ Version = $Version; URI = $url }
    }
    catch {
        Throw $_
    }
}
    Function Get-RedirectedUrl {
        Param (
            [Parameter(Mandatory = $true)]
            [String]$url
        )
    
        $request = [System.Net.WebRequest]::Create($url)
        $request.AllowAutoRedirect = $true
    
        try {
            $response = $request.GetResponse()
            $response.ResponseUri.AbsoluteUri
            $response.Close()
        }
    
        catch {
            "ERROR: $_"
        }
    
    }
    
    try {
        $ProgressPreference = 'SilentlyContinue'
        $url = Get-RedirectedUrl -URL 'https://aka.ms/fslogix/download'
        # grab version
        $Version = ($url.Split("/")[-1] | Select-String -Pattern "(\d+(\.\d+){1,4})" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value }).ToString()

        # return evergreen object
        return @{ Version = $Version; URI = $url }
    }
    catch {
        Throw $_
    }
}

aka.ms: https://aka.ms/vs/admx/details
true link: https://www.microsoft.com/en-us/download/details.aspx?id=104405

Hi. The Windows 10 and Windows 11 ADMX MSI files support extraction through the /a (administrative install) switch. This doesn't require installation / uninstallation / admin privileges, so you may prefer this method over the current approach.

Please consider adding Group Policy Template for Schannel (SSL settings)
Here's the github repo
https://github.com/Crosse/SchannelGroupPolicy

https://kb.foxitsoftware.com/hc/en-us/articles/360040241112-Available-GPO-templates

The Invoke-WebRequest forbidden issue seems to work fine with PowerShell 7. I only get the issue on PowerShell 5.2.

You could simply add the following code on top of your script

#Requires -Version 7.0

Check
DanGough/Nevergreen#28

Please add Windows 11 22H2 support
https://www.microsoft.com/en-us/download/details.aspx?id=104593

As soon as I try to download OneDrive ADMX files, I receive the following error:

Hello. I have discovered that Adobe, who seems to think that we all have unlimited budgets for their products, have moved the ADMX files to a new location.

As you have the Adobe ADMX policies coming from the FTP, which seems to not getting updates and as FTP is blocked as a Security risk in most places, I wanted to share the information that I located after pulling my hair our in clumps (insert mental image of Otto von Scratchensniff and the Warner's Animaniacs) with the information and the source of this information.

Source: https://www.adobe.com/devnet-docs/acrobatetk/tools/DesktopDeployment/gpo.html#gpo-registry-template

Continuous Track
[Acrobat Continuous track]
(https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/misc/AcrobatADMTemplate.zip).
Use this for Acrobat 32-bit and 64-bit, 64-bit Reader, and the unified installer.
[Reader Continuous track]
(https://ardownload2.adobe.com/pub/adobe/reader/win/AcrobatDC/misc/ReaderADMTemplate.zip)

Classic Track 2020
[Acrobat Classic track]
(https://ardownload2.adobe.com/pub/adobe/acrobat/win/Acrobat2020/misc/AcrobatADMTemplate.zip)
[Reader Classic track]
(https://ardownload2.adobe.com/pub/adobe/reader/win/Acrobat2020/misc/ReaderADMTemplate.zip)

Classic Track 2017
[Acrobat Classic track]
(https://ardownload2.adobe.com/pub/adobe/acrobat/win/Acrobat2017/misc/AcrobatADMTemplate.zip)
[Reader Classic track]
(https://ardownload2.adobe.com/pub/adobe/reader/win/Acrobat2017/misc/ReaderADMTemplate.zip)

Template preferences fall into these broad categories:
General enterprise settings: Features such as disabling updates and setting the default PDF handler.
Security: Application security features such as enhanced security, sandboxing, and JS controls.
TrustManager: Trusting Windows OS security zones as defined in Internet Explorer.
Digital Signatures: Adobe Acrobat Trust List integration.

currently the script does not support proxy authentication:

I guess it should be as easy as using switch "-UseDefaultCredentials" on the Invoke-WebRequest executions, and "$listRequest.Credentials = [System.Net.CredentialCache]::DefaultCredentials" on the [Net.WebRequest] ones. Maybe optional if a specific global switch is provided, like "-UseProxyAuth" or so.

If I execute the following command, the result is an empty folder.

PS C:\Windows\system32> EvergreenAdmx.ps1 -WorkingDirectory "C:\Users\axadmin\Downloads\ADMX" -Languages @("en-US") -UseProductFolders:$true -Include @("Citrix Workspace App")
Cannot convert value "Files.0" to type "System.Version". Error: "Input string was not in a correct format."
At C:\Program Files\WindowsPowerShell\Scripts\EvergreenAdmx.ps1:1120 char:9
+     if (-not $Version -or [version]$evergreen.Version -gt [version]$V ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastParseTargetInvocation

There's no web link to download the policy definitions for this one so the same recipe as OneDrive will have to be applied.

Policy Definitions location: C:\Program Files\Microsoft VS Code\policies

https://blog.devolutions.net/2021/03/how-to-apply-group-policies-in-remote-desktop-manager

Include BIS-F only downloads the ADMX, but not the ADML file.
If I take a look into the downloads directory, the downloaded ZIP file contains the ADML file, so it must be missing during the extraction.

There seems to be a problem with the Microsoft Edge (URL):

Invoke-WebRequest : Der Remotename konnte nicht aufgelöst werden: 'msedge.sf.dl.delivery.mp.microsoft.com'
In C:\Program Files\WindowsPowerShell\Scripts\EvergreenAdmx.ps1:890 Zeichen:13
+             Invoke-WebRequest -Uri $evergreen.URI -UseBasicParsing -O ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

(Sorry for german, it says, the URL could not be resolved)
Thank you for the script!

It would be a good idea to uninstall OneDrive once the ADMX files were copied.

When downloading the Citrix Workspace ADMX, the process currently failes with:

WARNING: Language 'en-US' not found for 'Citrix Workspace App'. Processing 'en-US' instead.

Reason for this seems to be Line 1120

$sourceadmx = "$($env:TEMP)\citrixworkspaceapp$([io.path]::GetFileNameWithoutExtension($evergreen.URI.Split("/")[-1].Split("?")[0]))\Configuration"

At the time of my execution, the $evergreen.URI had the value of:
https://downloads.citrix.com/19926/CitrixWorkspace_ADMX_Files_2109.1.zip?__gda__=exp=1636988266~acl=/*~hmac=328db70a42999e3af8e8699ac8a6995058b6d6d20e177742ecb1475b44889be7

That's why the split in Line 1120 currently resolves this as "*~hmac=328db70a42999e3af8e8699ac8a6995058b6d6d20e177742ecb1475b44889be7"

What works for me is modifying the Split's array index from -1 to -2. Then it gets the correct value of the Zip File name