From a6e1a5030a016a5a5c234357e9a48b1b5158f702 Mon Sep 17 00:00:00 2001 From: KnifMelti Date: Thu, 19 Jan 2023 07:11:20 +0100 Subject: [PATCH] GPO Black/White List Activated in WAU --- Policies/en-US/WAU.adml | 13 +++--- Winget-AutoUpdate/Winget-Upgrade.ps1 | 44 ++++++++++++------- .../functions/Get-ExcludedApps.ps1 | 6 ++- .../functions/Get-IncludedApps.ps1 | 7 ++- 4 files changed, 45 insertions(+), 25 deletions(-) diff --git a/Policies/en-US/WAU.adml b/Policies/en-US/WAU.adml index afcb660..3fd9f39 100644 --- a/Policies/en-US/WAU.adml +++ b/Policies/en-US/WAU.adml @@ -26,19 +26,20 @@ If this policy is disabled or not configured, the default is No. This policy setting specifies whether to update WAU to PreRelease versions or not (via WAU AutoUpdate). If this policy is disabled or not configured, the default is No. - Application Blacklist + Application GPO Blacklist Provide the WinGet IDs of applications you want to exclude. - Application Whitelist + Application GPO Whitelist Provide the WinGet IDs of applications you want to include. Use WhiteList instead of BlackList This policy setting specifies whether to use a Whitelist or not. If this policy is disabled or not configured, the default is No. - Get Black/White List from external Path (URL/UNC/Local) - If this policy is enabled, you can set a (URL/UNC/Local) Path to external lists other than the default. - + Get Black/White List from external Path (URL/UNC/GPO/Local) + If this policy is enabled, you can set a (URL/UNC/GPO/Local) Path to external lists other than the default. +If "Application GPO Blacklist/Whitelist" is set in this GPO the Path should be: GPO + If this policy is disabled or not configured, the default ListPath is used (WAU InstallLocation). Get Mods from external Path (URL/UNC/Local) If this policy is enabled, you can set a (URL/UNC/Local) Path to external mods other than the default. @@ -140,7 +141,7 @@ If this policy is disabled or not configured, the default size is used. - + diff --git a/Winget-AutoUpdate/Winget-Upgrade.ps1 b/Winget-AutoUpdate/Winget-Upgrade.ps1 index a880d87..e9fc423 100644 --- a/Winget-AutoUpdate/Winget-Upgrade.ps1 +++ b/Winget-AutoUpdate/Winget-Upgrade.ps1 @@ -127,26 +127,32 @@ if (Test-Network) { #Get External ListPath if run as System if ($WAUConfig.WAU_ListPath) { - Write-Log "WAU uses External Lists from: $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))" - $NewList = Test-ListPath $WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/") $WAUConfig.WAU_UseWhiteList $WAUConfig.InstallLocation.TrimEnd(" ", "\") - if ($ReachNoPath) { - Write-Log "Couldn't reach/find/compare/copy from $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))..." "Red" - $Script:ReachNoPath = $False - } - if ($NewList) { - Write-Log "Newer List downloaded/copied to local path: $($WAUConfig.InstallLocation.TrimEnd(" ", "\"))" "Yellow" + if ($($WAUConfig.WAU_ListPath) -eq "GPO") { + Write-Log "WAU uses External Lists from: $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))" + $Script:GPOList = $True } else { - if ($WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\included_apps.txt")) { - Write-Log "List (white) is up to date." "Green" + Write-Log "WAU uses External Lists from: $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))" + $NewList = Test-ListPath $WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/") $WAUConfig.WAU_UseWhiteList $WAUConfig.InstallLocation.TrimEnd(" ", "\") + if ($ReachNoPath) { + Write-Log "Couldn't reach/find/compare/copy from $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))..." "Red" + $Script:ReachNoPath = $False } - elseif (!$WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\excluded_apps.txt")) { - Write-Log "List (black) is up to date." "Green" + if ($NewList) { + Write-Log "Newer List downloaded/copied to local path: $($WAUConfig.InstallLocation.TrimEnd(" ", "\"))" "Yellow" } else { - Write-Log "Critical: White/Black List doesn't exist, exiting..." "Red" - New-Item "$WorkingDir\logs\error.txt" -Value "White/Black List doesn't exist!" -Force - Exit 1 + if ($WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\included_apps.txt")) { + Write-Log "List (white) is up to date." "Green" + } + elseif (!$WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\excluded_apps.txt")) { + Write-Log "List (black) is up to date." "Green" + } + else { + Write-Log "Critical: White/Black List doesn't exist, exiting..." "Red" + New-Item "$WorkingDir\logs\error.txt" -Value "White/Black List doesn't exist!" -Force + Exit 1 + } } } } @@ -176,6 +182,10 @@ if (Test-Network) { } } + if ($($WAUConfig.WAU_ListPath) -eq "GPO") { + $Script:GPOList = $True + } + #Get White or Black list if ($WAUConfig.WAU_UseWhiteList -eq 1) { Write-Log "WAU uses White List config" @@ -221,7 +231,7 @@ if (Test-Network) { if ($UseWhiteList) { #For each app, notify and update foreach ($app in $outdated) { - if (($toUpdate -contains $app.Id) -and $($app.Version) -ne "Unknown") { + if (($toUpdate -match $app.Id) -and $($app.Version) -ne "Unknown") { Update-App $app } #if current app version is unknown @@ -238,7 +248,7 @@ if (Test-Network) { else { #For each app, notify and update foreach ($app in $outdated) { - if (-not ($toSkip -contains $app.Id) -and $($app.Version) -ne "Unknown") { + if (-not ($toSkip -match $app.Id) -and $($app.Version) -ne "Unknown") { Update-App $app } #if current app version is unknown diff --git a/Winget-AutoUpdate/functions/Get-ExcludedApps.ps1 b/Winget-AutoUpdate/functions/Get-ExcludedApps.ps1 index ad77101..8961601 100644 --- a/Winget-AutoUpdate/functions/Get-ExcludedApps.ps1 +++ b/Winget-AutoUpdate/functions/Get-ExcludedApps.ps1 @@ -2,7 +2,11 @@ function Get-ExcludedApps { - if (Test-Path "$WorkingDir\excluded_apps.txt") { + if ($GPOList) { + + return Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\BlackList" + } + elseif (Test-Path "$WorkingDir\excluded_apps.txt") { return (Get-Content -Path "$WorkingDir\excluded_apps.txt").Trim() | Where-Object { $_.length -gt 0 } diff --git a/Winget-AutoUpdate/functions/Get-IncludedApps.ps1 b/Winget-AutoUpdate/functions/Get-IncludedApps.ps1 index e767953..ce3e636 100644 --- a/Winget-AutoUpdate/functions/Get-IncludedApps.ps1 +++ b/Winget-AutoUpdate/functions/Get-IncludedApps.ps1 @@ -2,7 +2,12 @@ function Get-IncludedApps { - if (Test-Path "$WorkingDir\included_apps.txt") { + if ($GPOList) { + + return Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\WhiteList" + + } + elseif (Test-Path "$WorkingDir\included_apps.txt") { return (Get-Content -Path "$WorkingDir\included_apps.txt").Trim() | Where-Object { $_.length -gt 0 }