search

microsoft / MDE-PowerBI-Templates

A respository for MDATP PowerBI Templates
MIT License
196 stars 122 forks source link

Only works with applications specified if the registry key #14

Open imnota opened 1 year ago

imnota commented 1 year ago

Great script, but currently only works with applications registered in the specific registry key.

If we were able to specify a full path for apps requiring them and then modify the code to test if a full path is provided, then this would increase flexibility - (scrappily coded) eg:

"KeePass" = "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"

Then modify the code between line 111 and 119 (inclusive)to:

        if ($testFullPath) {
            if (test-path $_.value) {
                $target=$_.value
                #LogAndConsole "Full path specified and exists for $($_.key)"
            }
        } 
        if (-not ($testFullPath -or $target))
        {        
            try { $apppath = Get-ItemPropertyValue $reg_path -Name "Path" -ErrorAction SilentlyContinue } catch {}
            if ($apppath -ne $null)
            {
                $target = $apppath + "\" + $_.Value
            }
            else
            {
                try { $target = Get-ItemPropertyValue $reg_path -Name "(default)" -ErrorAction SilentlyContinue } catch {}
            }
        }

This could allow flexibility to do so with minimal change, albeit this does not allow for custom file locations (or potential 32 bit/64 bit variations).

Not saying this is appropriate in every environment or situation but looks like it will work in ours

imnota commented 1 year ago

One other approach - could use the application compatibility telemetry under "HK_User:[userGuid]\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store"

Add a function:

function GetApplicationCompatibilityPaths { 
    #Get application Compatibility Info per user
    New-PSDrive HKU Registry HKEY_USERS|out-null
    $applicationPaths=@{}
    $userKeys=Get-ChildItem -Path "HKU:"
    $userKeys|foreach {
        try {
            $appCompat=Get-Item -Path "HKU:\$($_.pschildname)\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" -ErrorAction SilentlyContinue
            if ($appCompat) {
                foreach($appPath in $appCompat.property) {
                    $AppExe=split-path $apppath -leaf
                    if ($appexe) {
                        $applicationpaths[$appexe]=$apppath
                    }
                }
            }

        } catch {
        }

    }
    remove-psdrive hku
    return $applicationPaths
}

Add a call to the function under line 93 ("LogAndConsole "Starting LNK rescue""):

$applicationPaths=GetApplicationCompatibilityPaths

Then, under line 119 (just before "if ($target -ne $null) {" ), add:

       if (-not $target) {
            $target=$applicationPaths[$_.value]            
        }
MelQL commented 1 year ago

I agree that it would be nice for the script to somehow automatically find programs that are not in the registry location being searched. If they can't be automatically found, it would be nice to have a way to edit the program list with the path name so that can be searched if the program is not found in the registry location.

For example, the AppV Client application C:\Program Files (x86)\Microsoft Application Virtualization\Client UI\AppVClientUX.exe does not seem to have a reference in the registry location being searched.

For now, I'm customizing the MS script with an extra programs list and supporting function based on HarmVeenstra's solution to the ( https://github.com/HarmVeenstra/Powershellisfun/blob/main/ASRmageddon%20Create%20Common%20Shortcuts%20Start%20Menu/Create_Common_Shortcuts.ps1). It would be nice if the general support was directly in the MS Script (even we have to manually add to the programs list in script) so everyone has this support (and it has MS code/testing and avoid any mistakes I might make when trying to integrate).