search

Weatherlights / Winget-AutoUpdate-Intune

WAUaaS daily updates apps as system and notify users. WAUaaS brings you WAU in a service like pattern that can be deployed and configured by Microsoft Intune (or other MDM solutions).
MIT License
158 stars 8 forks source link

Descriptions for ADMX template #3

Closed thomas-ingle closed 1 year ago

thomas-ingle commented 1 year ago

Have configured the Application List policy to include only apps we want to update. I have also configured the Use White List instead of Black List policy to enabled and applications not in the list are being updated. Is something backwards here? Can't find an explanation.

KnifMelti commented 1 year ago

Hello! I've implemented the list from GPO in a function now in the original WAU after @Weatherlights proposed it in https://github.com/Romanitho/Winget-AutoUpdate/discussions/256#discussioncomment-4710599 But to make it work I had to convert the list from registry to an array of strings (from an array of properties) to make it work with the comparison -contains , maybe that's the case here? I don't know how the list from GPO is pulled in Winget-AutoUpdate-Intune, but it feels like maybe that can be the problem... ...here's the Included part:

function Get-IncludedApps {

    if ($GPOList) {

        if (Test-Path "HKLM:\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\WhiteList") {

            $Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\WhiteList\'

            $ValueNames = (Get-Item -Path "HKLM:\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\WhiteList").Property

            foreach ($ValueName in $ValueNames) {
                $AppIDs = [Microsoft.Win32.Registry]::GetValue($Key, $ValueName, $false)
                [PSCustomObject]@{
                    Value = $ValueName
                    Data = $AppIDs.Trim()
                }
            }

        }
        return $AppIDs

    }
    elseif (Test-Path "$WorkingDir\included_apps.txt") {

        return (Get-Content -Path "$WorkingDir\included_apps.txt").Trim() | Where-Object { $_.length -gt 0 }

    }

}

In Winget-Upgrade.ps1:

#Fix and count the array if GPO List as ERROR handling!
if ($GPOList) {
    if ($UseWhiteList) {
        $WhiteList = $toUpdate.GetUpperBound(0)
        if ($null -eq $WhiteList) {
            Write-Log "Critical: Whitelist doesn't exist in GPO, exiting..." "Red"
            New-Item "$WorkingDir\logs\error.txt" -Value "Whitelist doesn't exist in GPO!" -Force
            Exit 1
        }
        $toUpdate = $toUpdate.Data
    }
    else {
        $BlackList = $toSkip.GetUpperBound(0)
        if ($null -eq $BlackList) {
            Write-Log "Critical: Blacklist doesn't exist in GPO, exiting..." "Red"
            New-Item "$WorkingDir\logs\error.txt" -Value "Blacklist doesn't exist in GPO!" -Force
            Exit 1
        }
        $toSkip = $toSkip.Data
    }
}

/.../

#If White List
if ($UseWhiteList) {
    #For each app, notify and update
    foreach ($app in $outdated) {
        if (($toUpdate -contains $app.Id) -and $($app.Version) -ne "Unknown") {
            Update-App $app
        }
        #if current app version is unknown
        elseif ($($app.Version) -eq "Unknown") {
            Write-Log "$($app.Name) : Skipped upgrade because current version is 'Unknown'" "Gray"
        }
        #if app is in "excluded list"
        else {
            Write-Log "$($app.Name) : Skipped upgrade because it is not in the included app list" "Gray"
        }
    }
}
...
Weatherlights commented 1 year ago

Hey @thomas-ingle

Sorry for the late reply. What you try to configure it looks totally fine and "should" work as you expect it. But for the start I would need a little more input from you.

Can you check wether the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\weatherlights.com\Winget-AutoUpdate\UseWhiteList is set to 1 or 0 (or does not exist at all) aswell as the existence of the file %PROGRAMDATA%\Winget-AutoUpdate-Configurator\included_apps.txt and the LastCommand.txt file includes the -UseWhiteList parameter

If the key exist and is set to 1 please also check if the key is set to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winget-AutoUpdate\WAU_UseWhiteList

It is also helpfull if you can provide the log files as described here.

I also changed a behaviour where WAU would be enabled even if there is no policy is place... this had the effect that everything is updated (running WAU simply 'as is' without any lists). With the newest version this is has changed so WAU will not run unless a policy tells it to do so. So an explaination could be the app was installed (and launched) before the policy was applied... ADMX backed policies take a littler longer for intune to process since they require two sync cycles to be fully active.

Weatherlights commented 1 year ago

Hey @KnifMelti

thanks for the input :). My mechanism is very simply: Before I configure WAU I convert the registry content in a corresponding txt file which is referenced upon the configuration of WAU. So I generate a list and then reference it.

The dump is simple by accessing an invisible attribute of the PSObject and then only get me the list elements (so keys that are numbers). ForEach ( $item in $list.PSObject.Properties | where { $_.Name -match "[0-9]+" } ) { $parsedList += $item.Value + "``n" }

I try to build around WAU rather not within WAU to keep the level complexity low on my end :).

KnifMelti commented 1 year ago

Nice! Mind if I reuse the ForEach ( $item in $list.PSObject.Properties | where { $_.Name -match "[0-9]+" } ) { $parsedList += $item.Value + "``n" } in WAU?

KnifMelti commented 1 year ago

...changed my mind, but thanks (I have a stable Function now - have just begun coding in PS)!

Weatherlights commented 1 year ago

I wouldn't have guessed that :D. But yea in the no need to screw something up just for the looks :).

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 1 year ago

This issue was closed because it has been inactive for 14 days since being marked as stale.