GPO Black/White List Activated in WAU

pull/263/head
KnifMelti 2023-01-19 07:11:20 +01:00
parent 21fa9eb25d
commit a6e1a5030a
4 changed files with 45 additions and 25 deletions

View File

@ -26,18 +26,19 @@ If this policy is disabled or not configured, the default is No.</string>
<string id="UpdatePrerelease_Explain">This policy setting specifies whether to update WAU to PreRelease versions or not (via WAU AutoUpdate). <string id="UpdatePrerelease_Explain">This policy setting specifies whether to update WAU to PreRelease versions or not (via WAU AutoUpdate).
If this policy is disabled or not configured, the default is No.</string> If this policy is disabled or not configured, the default is No.</string>
<string id="BlackList_Name">Application Blacklist</string> <string id="BlackList_Name">Application GPO Blacklist</string>
<string id="BlackList_Explain">Provide the WinGet IDs of applications you want to exclude.</string> <string id="BlackList_Explain">Provide the WinGet IDs of applications you want to exclude.</string>
<string id="WhiteList_Name">Application Whitelist</string> <string id="WhiteList_Name">Application GPO Whitelist</string>
<string id="WhiteList_Explain">Provide the WinGet IDs of applications you want to include.</string> <string id="WhiteList_Explain">Provide the WinGet IDs of applications you want to include.</string>
<string id="UseWhiteList_Name">Use WhiteList instead of BlackList</string> <string id="UseWhiteList_Name">Use WhiteList instead of BlackList</string>
<string id="UseWhiteList_Explain">This policy setting specifies whether to use a Whitelist or not. <string id="UseWhiteList_Explain">This policy setting specifies whether to use a Whitelist or not.
If this policy is disabled or not configured, the default is No.</string> If this policy is disabled or not configured, the default is No.</string>
<string id="ListPath_Name">Get Black/White List from external Path (URL/UNC/Local)</string> <string id="ListPath_Name">Get Black/White List from external Path (URL/UNC/GPO/Local)</string>
<string id="ListPath_Explain">If this policy is enabled, you can set a (URL/UNC/Local) Path to external lists other than the default. <string id="ListPath_Explain">If this policy is enabled, you can set a (URL/UNC/GPO/Local) Path to external lists other than the default.
If "Application GPO Blacklist/Whitelist" is set in this GPO the Path should be: GPO
If this policy is disabled or not configured, the default ListPath is used (WAU InstallLocation).</string> If this policy is disabled or not configured, the default ListPath is used (WAU InstallLocation).</string>
<string id="ModsPath_Name">Get Mods from external Path (URL/UNC/Local)</string> <string id="ModsPath_Name">Get Mods from external Path (URL/UNC/Local)</string>
@ -140,7 +141,7 @@ If this policy is disabled or not configured, the default size is used.</string>
</presentation> </presentation>
<presentation id="ListPath"> <presentation id="ListPath">
<textBox refId="ListPath"> <textBox refId="ListPath">
<label>(URL/UNC/Local) Path:</label> <label>(URL/UNC/GPO/Local) Path:</label>
</textBox> </textBox>
</presentation> </presentation>
<presentation id="ModsPath"> <presentation id="ModsPath">

View File

@ -127,26 +127,32 @@ if (Test-Network) {
#Get External ListPath if run as System #Get External ListPath if run as System
if ($WAUConfig.WAU_ListPath) { if ($WAUConfig.WAU_ListPath) {
Write-Log "WAU uses External Lists from: $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))" if ($($WAUConfig.WAU_ListPath) -eq "GPO") {
$NewList = Test-ListPath $WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/") $WAUConfig.WAU_UseWhiteList $WAUConfig.InstallLocation.TrimEnd(" ", "\") Write-Log "WAU uses External Lists from: $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))"
if ($ReachNoPath) { $Script:GPOList = $True
Write-Log "Couldn't reach/find/compare/copy from $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))..." "Red"
$Script:ReachNoPath = $False
}
if ($NewList) {
Write-Log "Newer List downloaded/copied to local path: $($WAUConfig.InstallLocation.TrimEnd(" ", "\"))" "Yellow"
} }
else { else {
if ($WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\included_apps.txt")) { Write-Log "WAU uses External Lists from: $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))"
Write-Log "List (white) is up to date." "Green" $NewList = Test-ListPath $WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/") $WAUConfig.WAU_UseWhiteList $WAUConfig.InstallLocation.TrimEnd(" ", "\")
if ($ReachNoPath) {
Write-Log "Couldn't reach/find/compare/copy from $($WAUConfig.WAU_ListPath.TrimEnd(" ", "\", "/"))..." "Red"
$Script:ReachNoPath = $False
} }
elseif (!$WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\excluded_apps.txt")) { if ($NewList) {
Write-Log "List (black) is up to date." "Green" Write-Log "Newer List downloaded/copied to local path: $($WAUConfig.InstallLocation.TrimEnd(" ", "\"))" "Yellow"
} }
else { else {
Write-Log "Critical: White/Black List doesn't exist, exiting..." "Red" if ($WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\included_apps.txt")) {
New-Item "$WorkingDir\logs\error.txt" -Value "White/Black List doesn't exist!" -Force Write-Log "List (white) is up to date." "Green"
Exit 1 }
elseif (!$WAUConfig.WAU_UseWhiteList -and (Test-Path "$WorkingDir\excluded_apps.txt")) {
Write-Log "List (black) is up to date." "Green"
}
else {
Write-Log "Critical: White/Black List doesn't exist, exiting..." "Red"
New-Item "$WorkingDir\logs\error.txt" -Value "White/Black List doesn't exist!" -Force
Exit 1
}
} }
} }
} }
@ -176,6 +182,10 @@ if (Test-Network) {
} }
} }
if ($($WAUConfig.WAU_ListPath) -eq "GPO") {
$Script:GPOList = $True
}
#Get White or Black list #Get White or Black list
if ($WAUConfig.WAU_UseWhiteList -eq 1) { if ($WAUConfig.WAU_UseWhiteList -eq 1) {
Write-Log "WAU uses White List config" Write-Log "WAU uses White List config"
@ -221,7 +231,7 @@ if (Test-Network) {
if ($UseWhiteList) { if ($UseWhiteList) {
#For each app, notify and update #For each app, notify and update
foreach ($app in $outdated) { foreach ($app in $outdated) {
if (($toUpdate -contains $app.Id) -and $($app.Version) -ne "Unknown") { if (($toUpdate -match $app.Id) -and $($app.Version) -ne "Unknown") {
Update-App $app Update-App $app
} }
#if current app version is unknown #if current app version is unknown
@ -238,7 +248,7 @@ if (Test-Network) {
else { else {
#For each app, notify and update #For each app, notify and update
foreach ($app in $outdated) { foreach ($app in $outdated) {
if (-not ($toSkip -contains $app.Id) -and $($app.Version) -ne "Unknown") { if (-not ($toSkip -match $app.Id) -and $($app.Version) -ne "Unknown") {
Update-App $app Update-App $app
} }
#if current app version is unknown #if current app version is unknown

View File

@ -2,7 +2,11 @@
function Get-ExcludedApps { function Get-ExcludedApps {
if (Test-Path "$WorkingDir\excluded_apps.txt") { if ($GPOList) {
return Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\BlackList"
}
elseif (Test-Path "$WorkingDir\excluded_apps.txt") {
return (Get-Content -Path "$WorkingDir\excluded_apps.txt").Trim() | Where-Object { $_.length -gt 0 } return (Get-Content -Path "$WorkingDir\excluded_apps.txt").Trim() | Where-Object { $_.length -gt 0 }

View File

@ -2,7 +2,12 @@
function Get-IncludedApps { function Get-IncludedApps {
if (Test-Path "$WorkingDir\included_apps.txt") { if ($GPOList) {
return Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Romanitho\Winget-AutoUpdate\WhiteList"
}
elseif (Test-Path "$WorkingDir\included_apps.txt") {
return (Get-Content -Path "$WorkingDir\included_apps.txt").Trim() | Where-Object { $_.length -gt 0 } return (Get-Content -Path "$WorkingDir\included_apps.txt").Trim() | Where-Object { $_.length -gt 0 }