From 8f39ea3ed144f3d223538cb53ea3964bedc997ff Mon Sep 17 00:00:00 2001 From: romanitho <96626929+Romanitho@users.noreply.github.com> Date: Tue, 4 Oct 2022 00:56:44 +0200 Subject: [PATCH] User context scheduled task added with app delta --- Winget-AutoUpdate-Install.ps1 | 17 +++++++++++++++++ .../functions/Get-WingetOutdatedApps.ps1 | 8 +++++++- .../functions/Get-WingetSystemApps.ps1 | 19 +++++++++++++++++++ Winget-AutoUpdate/functions/Start-Init.ps1 | 3 +++ .../functions/Start-NotifTask.ps1 | 3 --- Winget-AutoUpdate/winget-upgrade.ps1 | 6 ++++++ 6 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 Winget-AutoUpdate/functions/Get-WingetSystemApps.ps1 diff --git a/Winget-AutoUpdate-Install.ps1 b/Winget-AutoUpdate-Install.ps1 index e085ae2..8e2ee57 100644 --- a/Winget-AutoUpdate-Install.ps1 +++ b/Winget-AutoUpdate-Install.ps1 @@ -261,6 +261,15 @@ function Install-WingetAutoUpdate { $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings -Trigger $taskTriggers Register-ScheduledTask -TaskName 'Winget-AutoUpdate' -InputObject $task -Force | Out-Null + # Settings for the scheduled task in User context + $taskAction = New-ScheduledTaskAction –Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-upgrade.ps1`"`"" + $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11 + $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00 + + # Set up the task for user apps + $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings + Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -InputObject $task -Force | Out-Null + # Settings for the scheduled task for Notifications $taskAction = New-ScheduledTaskAction –Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-notify.ps1`"`"" $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11 @@ -270,6 +279,14 @@ function Install-WingetAutoUpdate { $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings Register-ScheduledTask -TaskName 'Winget-AutoUpdate-Notify' -InputObject $task -Force | Out-Null + #Set task readable/runnable for all users + $scheduler = New-Object -ComObject "Schedule.Service" + $scheduler.Connect() + $task = $scheduler.GetFolder("").GetTask("Winget-AutoUpdate") + $sec = $task.GetSecurityDescriptor(0xF) + $sec = $sec + '(A;;GRGX;;;AU)' + $task.SetSecurityDescriptor($sec, 0) + # Configure Reg Key $regPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winget-AutoUpdate" New-Item $regPath -Force | Out-Null diff --git a/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1 b/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1 index 153a8af..1686a09 100644 --- a/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1 +++ b/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1 @@ -52,5 +52,11 @@ function Get-WingetOutdatedApps { } } + #If current user is not system, remove system apps from list + if ($currentPrincipal -eq $true) { + $SystemApps = Get-Content -Path "$WorkingDir\winget_system_apps.txt" + $upgradeList = $upgradeList | Where-Object {$SystemApps -notcontains $_} + } + return $upgradeList | Sort-Object {Get-Random} -} \ No newline at end of file +} diff --git a/Winget-AutoUpdate/functions/Get-WingetSystemApps.ps1 b/Winget-AutoUpdate/functions/Get-WingetSystemApps.ps1 new file mode 100644 index 0000000..8191972 --- /dev/null +++ b/Winget-AutoUpdate/functions/Get-WingetSystemApps.ps1 @@ -0,0 +1,19 @@ +function Get-WingetSystemApps { + + #if not "Interactive" user, run as system + if ($currentPrincipal -eq $false) { + + #Json File where to export system installed apps + $jsonFile = "$WorkingDir\winget_system_apps.txt" + + #Get list of installed Winget apps to json file + & $Winget export -o $jsonFile --accept-source-agreements | Out-Null + + #Convert json file to txt file with app ids + $InstalledApps = get-content $jsonFile | ConvertFrom-Json + + #Return app list + Set-Content $InstalledApps.Sources.Packages.PackageIdentifier -Path $jsonFile + } + +} diff --git a/Winget-AutoUpdate/functions/Start-Init.ps1 b/Winget-AutoUpdate/functions/Start-Init.ps1 index 6dd41a3..71207da 100644 --- a/Winget-AutoUpdate/functions/Start-Init.ps1 +++ b/Winget-AutoUpdate/functions/Start-Init.ps1 @@ -5,6 +5,9 @@ function Start-Init { #Config console output encoding [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 + #Check if running account is system or interactive logon + $Script:currentPrincipal = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-4") + #Log Header $Log = "`n##################################################`n# CHECK FOR APP UPDATES - $(Get-Date -Format (Get-culture).DateTimeFormat.ShortDatePattern)`n##################################################" $Log | Write-host diff --git a/Winget-AutoUpdate/functions/Start-NotifTask.ps1 b/Winget-AutoUpdate/functions/Start-NotifTask.ps1 index 1d1b862..df20cea 100644 --- a/Winget-AutoUpdate/functions/Start-NotifTask.ps1 +++ b/Winget-AutoUpdate/functions/Start-NotifTask.ps1 @@ -22,9 +22,6 @@ function Start-NotifTask ($Title, $Message, $MessageType, $Balise, $OnClickActio $Balise "@ - - #Check if running account is system or interactive logon - $currentPrincipal = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-4") #if not "Interactive" user, run as system if ($currentPrincipal -eq $false) { diff --git a/Winget-AutoUpdate/winget-upgrade.ps1 b/Winget-AutoUpdate/winget-upgrade.ps1 index 2732fb0..e91f7fd 100644 --- a/Winget-AutoUpdate/winget-upgrade.ps1 +++ b/Winget-AutoUpdate/winget-upgrade.ps1 @@ -139,6 +139,12 @@ if (Test-Network) { } } + +#Run WAU in user context if currently as system +if ($currentPrincipal -eq $false) { + Get-ScheduledTask -TaskName "Winget-AutoUpdate-UserContext" -ErrorAction SilentlyContinue | Start-ScheduledTask -ErrorAction SilentlyContinue +} + #End Write-Log "End of process!" "Cyan" Start-Sleep 3 \ No newline at end of file