msfreaks / evergreenadmx Goto Github PK
View Code? Open in Web Editor NEWScript to keep Admx files up-to-date.
License: MIT License
Script to keep Admx files up-to-date.
License: MIT License
We may able to get the last modified date with this module which would allow us to get rid of the Adobe Acrobat FTP code and also add a bunch of other admx files that has no versioning.
Have a look and tell me what you think:
https://github.com/DanGough/PsDownload
The modified date will be updated once download has complete to match the Last-Modified header if found.
Get-MicrosoftEdgePolicyOnline does not work since it's looking for zip files but the ADMX are provided into a cab file.
When I run this, I always see a popup for OneDrive setup (even though I already have OneDrive setup on my PC). I believe it's cause it downloads the exe and then extracts, but anyway to disable this?
How is it possible to use the script behind a proxy that requires authentication?
I've noticed, running this script on a Server 2019 it stops after the OneDrive Setup. For some reason, Onedrive.exe is not launched for me. Then the Stop-Process at line 816 will also fail and stop the script.
My very simple fix would be:
Stop-Process -Name "OneDrive" -Force -ErrorAction SilentlyContinue
Of course a get-process ... | stop-process would be nicer.
Hello, in Line 753 is an error with the new-item command. Please correct the command.
When executing "EvergreenAdmx.ps1 -Windows11Version "23H2" -workingdirectory "C:_install\ADMX_latest" -Include "Windows 11" the following error is displayed:
C:\Program Files\WindowsPowerShell\Scripts\EvergreenAdmx.ps1 : Cannot validate argument on parameter 'Windows11Version'. The
argument "23H2" does not belong to the set "21H2,22H2" specified by the ValidateSet attribute. Supply an argument that is in the
set and then try the command again.
At line:1 char:37
It looks like 23H2 is not added to the latest release.
announcement:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/manage-windows-package-manager-with-group-policy/ba-p/2346322
package:
https://github.com/microsoft/winget-cli/releases/download/[version]/DesktopAppInstallerPolicies.zip
current package:
https://github.com/microsoft/winget-cli/releases/download/v1.6.3482/DesktopAppInstallerPolicies.zip
Please consider using the following code on top of your script to avoid redundancies.
$ProgressPreference = "SilentlyContinue"
$ErrorActionPreference = "SilentlyContinue"
Direct link here: https://aka.ms/avdgpo
Documentation: https://docs.microsoft.com/en-us/azure/virtual-desktop/shortpath
There's no web link to download the policy definitions for this one so the same recipe as OneDrive will have to be applied.
Policy Definitions location: C:\Program Files\Microsoft VS Code\policies
Please add Citrix Connnection Quality Indicator ADMX templates
You can grab the download here
https://support.citrix.com/article/CTX220774
and the admx are available in the following folder once the product is installed
"${env:ProgramFiles(x86)}\Citrix\HDX\bin\Connection Quality Indicator"
The challenge is that you can't download the fille unless you have a Citrix account and that you need to install the product on top of the VDA in order to get the admx templates. So maybe it's best to host a copy of the ADMX in the github repo or something.
It looks like the admx files are being extracted to 3 independent folders under C:\Program Files (x86)\Microsoft Group Policy and the script is trying to process them concatenated instead of as 3 independent paths. See verbose log below:
VERBOSE:
Processing Admx files for Windows 10
VERBOSE: GET https://www.microsoft.com/en-us/download/details.aspx?id=103124 with 0-byte payload
VERBOSE: received -1-byte response of content type text/html
VERBOSE: GET https://www.microsoft.com/en-us/download/confirmation.aspx?id=103124 with 0-byte payload
VERBOSE: received -1-byte response of content type text/html
VERBOSE: Found new version 103124.1.0 for 'Microsoft Windows 10 21H1'
VERBOSE: Downloading 'https://download.microsoft.com/download/5/e/7/5e7224e8-919c-4799-8ea3-c69b32d70832/Administrative Templates (.admx) for Windows 10 May 2021 Update.m
si' to 'S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\downloads\Administrative Templates (.admx) for Windows 10 May 2021 Update.msi'
VERBOSE: GET https://download.microsoft.com/download/5/e/7/5e7224e8-919c-4799-8ea3-c69b32d70832/Administrative Templates (.admx) for Windows 10 May 2021 Update.msi with 0
-byte payload
VERBOSE: received 13627392-byte response of content type application/octet-stream
VERBOSE: Installing downloaded Windows 10 Admx installer
VERBOSE: Grabbing installation path for Windows 10 Admx installer
VERBOSE: Found 'Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)'
VERBOSE: Grabbing uninstallation info from registry for Windows 10 Admx installer
VERBOSE: Found 'Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Administrative Templates (.admx) for Windows 10 May 2021 Update'
VERBOSE: Copying Admx files from 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows
Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions' to 'S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\admx'
Copy-Item : Cannot find path 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows
Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions' because it does not exist.
At S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\EvergreenAdmx.ps1:165 char:5
+ Copy-Item -Path "$($SourceFolder)\*.admx" -Destination "$($Target ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Program File...licyDefinitions:String) [Copy-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
VERBOSE: en-US not found
WARNING: Language 'en-US' not found for 'Microsoft Windows 10 21H1'. Processing 'en-US' instead.
VERBOSE: Copying 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows Server 2016 (Ver
sion 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions\en-US\*.adml' to 'S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\admx\en-US'
Copy-Item : Cannot find path 'C:\Program Files (x86)\Microsoft Group Policy\Administrative Templates (.admx) for Windows 10 May 2019 Update v3 Windows 10 and Windows
Server 2016 (Version 2.0) Windows 10 May 2021 Update (21H1)\PolicyDefinitions\en-US' because it does not exist.
At S:\Group Policy Objects\ADMX Files\Evergreen ADMX Everything but View\EvergreenAdmx.ps1:177 char:9
+ Copy-Item -Path "$($SourceFolder)\$($language)\*.adml" -Desti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Program File...finitions\en-US:String) [Copy-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
VERBOSE: Uninstalling Windows 10 Admx installer
In addition, When the uninstall prompt initiates MSI exec pops up with the parameter window (same as typing msiexe.exe /?)
Closing this window allows the script to continue. Maybe that's related to above?
There is also a language error on the installer whether I select -Languages 'en-US' or leave the option out. I suspected it was benign
I ran into problems with multiple items. I ran the following command on a server 2012R2 member server from a mapped drive to retrieve:
EvergreenAdmx.ps1" -Include "Windows 10", "Microsoft Edge", "Microsoft Office", "FSLogix", "Adobe AcrobatReader DC", "Google Chrome", "Microsoft Desktop Optimization Pack", "Mozilla Firefox", "Zoom Desktop Client" -verbose
The script is terminating without a message. Never attempts to retrieve Chrome, Firefox, Zoom. I only successfully retrieve FSL, Edge, Office. After extracting Edge policies zip file, it quietly exits.
You might want to update documentation around running from a mapped or network drive.
If I try running this from a local folder, I'm able to successfully get firefox, chrome, MDOP.
Zoom, however, still fails.
VERBOSE: GET https://support.zoom.us/hc/en-us/articles/360039100051 with 0-byte payload
Invoke-WebRequest : The remote server returned an error: (403) Forbidden.
At C:\Temp\ADMX\EvergreenAdmx.ps1:492 char:16
+ ... $web = Invoke-WebRequest -Uri $url -UseBasicParsing -ErrorAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Adobe fails (not fault of script)
Exception calling "GetResponse" with "0" argument(s): "Unable to connect to the remote server"
At C:\Temp\ADMX\EvergreenAdmx.ps1:403 char:9
+ $listResponse = $listRequest.GetResponse()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
However, it seems both adobe and zoom are terminating the entire process when they fail, even though they are supposed to silently continue?
Finally,
Let me know if you want me to open multiple bug reports?
This is a fantastic script. I know if I can get it working it's going to be a huge help!
The folder chromeadmx and the file policy_templates.zip are left in the %Temp% folder after the script has been processed.
Please add Windows 11 23H2 support
https://www.microsoft.com/en-us/download/details.aspx?id=105667
I modified the code to get the current version and redirected path from aka.ms/fslogix/download as follows:
function Get-FSLogixOnline {
<# .SYNOPSIS
Returns latest Version and Uri for FSLogix
#>
Function Get-RedirectedUrl {
Param (
[Parameter(Mandatory = $true)]
[String]$url
)
$request = [System.Net.WebRequest]::Create($url)
$request.AllowAutoRedirect = $true
try {
$response = $request.GetResponse()
$response.ResponseUri.AbsoluteUri
$response.Close()
}
catch {
"ERROR: $_"
}
}
try {
$ProgressPreference = 'SilentlyContinue'
$url = Get-RedirectedUrl -URL 'https://aka.ms/fslogix/download'
# grab version
$Version = ($url.Split("/")[-1] | Select-String -Pattern "(\d+(\.\d+){1,4})" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value }).ToString()
# return evergreen object
return @{ Version = $Version; URI = $url }
}
catch {
Throw $_
}
}
Function Get-RedirectedUrl {
Param (
[Parameter(Mandatory = $true)]
[String]$url
)
$request = [System.Net.WebRequest]::Create($url)
$request.AllowAutoRedirect = $true
try {
$response = $request.GetResponse()
$response.ResponseUri.AbsoluteUri
$response.Close()
}
catch {
"ERROR: $_"
}
}
try {
$ProgressPreference = 'SilentlyContinue'
$url = Get-RedirectedUrl -URL 'https://aka.ms/fslogix/download'
# grab version
$Version = ($url.Split("/")[-1] | Select-String -Pattern "(\d+(\.\d+){1,4})" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value }).ToString()
# return evergreen object
return @{ Version = $Version; URI = $url }
}
catch {
Throw $_
}
}
Hi. The Windows 10 and Windows 11 ADMX MSI files support extraction through the /a (administrative install) switch. This doesn't require installation / uninstallation / admin privileges, so you may prefer this method over the current approach.
Please consider adding Group Policy Template for Schannel (SSL settings)
Here's the github repo
https://github.com/Crosse/SchannelGroupPolicy
The Invoke-WebRequest forbidden issue seems to work fine with PowerShell 7. I only get the issue on PowerShell 5.2.
You could simply add the following code on top of your script
#Requires -Version 7.0
Check
DanGough/Nevergreen#28
Please add Windows 11 22H2 support
https://www.microsoft.com/en-us/download/details.aspx?id=104593
Hello. I have discovered that Adobe, who seems to think that we all have unlimited budgets for their products, have moved the ADMX files to a new location.
As you have the Adobe ADMX policies coming from the FTP, which seems to not getting updates and as FTP is blocked as a Security risk in most places, I wanted to share the information that I located after pulling my hair our in clumps (insert mental image of Otto von Scratchensniff and the Warner's Animaniacs) with the information and the source of this information.
Source: https://www.adobe.com/devnet-docs/acrobatetk/tools/DesktopDeployment/gpo.html#gpo-registry-template
Continuous Track
[Acrobat Continuous track]
(https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/misc/AcrobatADMTemplate.zip).
Use this for Acrobat 32-bit and 64-bit, 64-bit Reader, and the unified installer.
[Reader Continuous track]
(https://ardownload2.adobe.com/pub/adobe/reader/win/AcrobatDC/misc/ReaderADMTemplate.zip)
Classic Track 2020
[Acrobat Classic track]
(https://ardownload2.adobe.com/pub/adobe/acrobat/win/Acrobat2020/misc/AcrobatADMTemplate.zip)
[Reader Classic track]
(https://ardownload2.adobe.com/pub/adobe/reader/win/Acrobat2020/misc/ReaderADMTemplate.zip)
Classic Track 2017
[Acrobat Classic track]
(https://ardownload2.adobe.com/pub/adobe/acrobat/win/Acrobat2017/misc/AcrobatADMTemplate.zip)
[Reader Classic track]
(https://ardownload2.adobe.com/pub/adobe/reader/win/Acrobat2017/misc/ReaderADMTemplate.zip)
Template preferences fall into these broad categories:
General enterprise settings: Features such as disabling updates and setting the default PDF handler.
Security: Application security features such as enhanced security, sandboxing, and JS controls.
TrustManager: Trusting Windows OS security zones as defined in Internet Explorer.
Digital Signatures: Adobe Acrobat Trust List integration.
currently the script does not support proxy authentication:
I guess it should be as easy as using switch "-UseDefaultCredentials" on the Invoke-WebRequest executions, and "$listRequest.Credentials = [System.Net.CredentialCache]::DefaultCredentials" on the [Net.WebRequest] ones. Maybe optional if a specific global switch is provided, like "-UseProxyAuth" or so.
If I execute the following command, the result is an empty folder.
PS C:\Windows\system32> EvergreenAdmx.ps1 -WorkingDirectory "C:\Users\axadmin\Downloads\ADMX" -Languages @("en-US") -UseProductFolders:$true -Include @("Citrix Workspace App")
Cannot convert value "Files.0" to type "System.Version". Error: "Input string was not in a correct format."
At C:\Program Files\WindowsPowerShell\Scripts\EvergreenAdmx.ps1:1120 char:9
+ if (-not $Version -or [version]$evergreen.Version -gt [version]$V ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvalidCastParseTargetInvocation
There's no web link to download the policy definitions for this one so the same recipe as OneDrive will have to be applied.
Policy Definitions location: C:\Program Files\Microsoft VS Code\policies
https://blog.devolutions.net/2021/03/how-to-apply-group-policies-in-remote-desktop-manager
There seems to be a problem with the Microsoft Edge (URL):
Invoke-WebRequest : Der Remotename konnte nicht aufgelöst werden: 'msedge.sf.dl.delivery.mp.microsoft.com'
In C:\Program Files\WindowsPowerShell\Scripts\EvergreenAdmx.ps1:890 Zeichen:13
+ Invoke-WebRequest -Uri $evergreen.URI -UseBasicParsing -O ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
(Sorry for german, it says, the URL could not be resolved)
Thank you for the script!
It would be a good idea to uninstall OneDrive once the ADMX files were copied.
When downloading the Citrix Workspace ADMX, the process currently failes with:
WARNING: Language 'en-US' not found for 'Citrix Workspace App'. Processing 'en-US' instead.
Reason for this seems to be Line 1120
At the time of my execution, the $evergreen.URI had the value of:
https://downloads.citrix.com/19926/CitrixWorkspace_ADMX_Files_2109.1.zip?__gda__=exp=1636988266~acl=/*~hmac=328db70a42999e3af8e8699ac8a6995058b6d6d20e177742ecb1475b44889be7
That's why the split in Line 1120 currently resolves this as "*~hmac=328db70a42999e3af8e8699ac8a6995058b6d6d20e177742ecb1475b44889be7"
What works for me is modifying the Split's array index from -1 to -2. Then it gets the correct value of the Zip File name
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.