From 42ba4d1d47f52e0af6d6612ef565bf4915825d2c Mon Sep 17 00:00:00 2001 From: Romain <96626929+Romanitho@users.noreply.github.com> Date: Tue, 25 Oct 2022 01:43:50 +0200 Subject: [PATCH] User context feature is not installed by default on update anymore --- Winget-AutoUpdate-Install.ps1 | 24 +++++++++----- .../functions/Invoke-PostUpdateActions.ps1 | 33 ------------------- 2 files changed, 15 insertions(+), 42 deletions(-) diff --git a/Winget-AutoUpdate-Install.ps1 b/Winget-AutoUpdate-Install.ps1 index 1409e86..338caf0 100644 --- a/Winget-AutoUpdate-Install.ps1 +++ b/Winget-AutoUpdate-Install.ps1 @@ -52,6 +52,9 @@ Specify the time of the update interval execution time. Default 6AM .PARAMETER RunOnMetered Run WAU on metered connection. Default No. +.PARAMETER InstallUserContext +Install WAU with system and user context executions + .PARAMETER BypassListForUsers Configure WAU to bypass the Black/White list when run in user context @@ -89,7 +92,8 @@ param( [Parameter(Mandatory = $False)] [Switch] $UpdatesAtLogon = $false, [Parameter(Mandatory = $False)] [ValidateSet("Daily", "Weekly", "BiWeekly", "Monthly", "Never")] [String] $UpdatesInterval = "Daily", [Parameter(Mandatory = $False)] [DateTime] $UpdatesAtTime = ("06am"), - [Parameter(Mandatory = $False)] [Switch] $BypassListForUsers = $false + [Parameter(Mandatory = $False)] [Switch] $BypassListForUsers = $false, + [Parameter(Mandatory = $False)] [Switch] $InstallUserContext = $false ) <# APP INFO #> @@ -277,15 +281,17 @@ function Install-WingetAutoUpdate { $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings -Trigger $taskTriggers Register-ScheduledTask -TaskName 'Winget-AutoUpdate' -InputObject $task -Force | Out-Null - # Settings for the scheduled task in User context - $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-upgrade.ps1`"`"" - $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11 - $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00 - - # Set up the task for user apps - $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings - Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -InputObject $task -Force | Out-Null + if ($InstallUserContext) { + # Settings for the scheduled task in User context + $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-upgrade.ps1`"`"" + $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11 + $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00 + # Set up the task for user apps + $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings + Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -InputObject $task -Force | Out-Null + } + # Settings for the scheduled task for Notifications $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-notify.ps1`"`"" $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11 diff --git a/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1 b/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1 index b14926a..d0b1848 100644 --- a/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1 +++ b/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1 @@ -89,39 +89,6 @@ function Invoke-PostUpdateActions { } } - #Set new User Context task and Set system task readable/runnable for all users - $UserTask = Get-ScheduledTask -TaskName "Winget-AutoUpdate-UserContext" -ErrorAction SilentlyContinue - if (!$UserTask) { - # Settings for the scheduled task in User context - $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WorkingDir)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WorkingDir)\winget-upgrade.ps1`"`"" - $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11 - $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00 - # Set up the task for user apps - $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings - Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -InputObject $task -Force | Out-Null - - #Set System task runnable for users - $scheduler = New-Object -ComObject "Schedule.Service" - $scheduler.Connect() - $task = $scheduler.GetFolder("").GetTask("Winget-AutoUpdate") - $sec = $task.GetSecurityDescriptor(0xF) - $sec = $sec + '(A;;GRGX;;;AU)' - $task.SetSecurityDescriptor($sec, 0) - - #log - Write-Log "-> 'Winget-AutoUpdate-UserContext' scheduled task created." "green" - } - - #Set ACL for users on logfile - $NewAcl = Get-Acl -Path $LogFile - $identity = New-Object System.Security.Principal.SecurityIdentifier S-1-5-11 - $fileSystemRights = "Modify" - $type = "Allow" - $fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type - $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList - $NewAcl.SetAccessRule($fileSystemAccessRule) - Set-Acl -Path $LogFile -AclObject $NewAcl - #Reset WAU_UpdatePostActions Value $WAUConfig | New-ItemProperty -Name WAU_PostUpdateActions -Value 0 -Force