From dde9299aeb2bd99c9780478a9cca6ca25c163ec3 Mon Sep 17 00:00:00 2001
From: romanitho <96626929+Romanitho@users.noreply.github.com>
Date: Thu, 5 Oct 2023 17:51:41 +0200
Subject: [PATCH] New adjustments for GPO optimisation

---
 Winget-AutoUpdate-Install.ps1                 | 45 ++++++++++++-------
 Winget-AutoUpdate/Winget-Upgrade.ps1          | 25 +++++------
 .../functions/Invoke-PostUpdateActions.ps1    | 22 +++++++++
 3 files changed, 61 insertions(+), 31 deletions(-)

diff --git a/Winget-AutoUpdate-Install.ps1 b/Winget-AutoUpdate-Install.ps1
index 6ab9df9..71fec3b 100644
--- a/Winget-AutoUpdate-Install.ps1
+++ b/Winget-AutoUpdate-Install.ps1
@@ -315,7 +315,7 @@ function Install-WingetAutoUpdate {
         & reg add "HKCR\AppUserModelId\Windows.SystemToast.Winget.Notification" /v DisplayName /t REG_EXPAND_SZ /d "Application Update" /f | Out-Null
         & reg add "HKCR\AppUserModelId\Windows.SystemToast.Winget.Notification" /v IconUri /t REG_EXPAND_SZ /d %SystemRoot%\system32\@WindowsUpdateToastIcon.png /f | Out-Null
 
-        # Settings for the scheduled task for Updates
+        # Settings for the scheduled task for Updates (System)
         $taskAction = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$($WingetUpdatePath)\winget-upgrade.ps1`""
         $taskTriggers = @()
         if ($UpdatesAtLogon) {
@@ -338,7 +338,6 @@ function Install-WingetAutoUpdate {
         }
         $taskUserPrincipal = New-ScheduledTaskPrincipal -UserId S-1-5-18 -RunLevel Highest
         $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -StartWhenAvailable -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00
-
         # Set up the task, and register it
         if ($taskTriggers) {
             $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings -Trigger $taskTriggers
@@ -346,28 +345,23 @@ function Install-WingetAutoUpdate {
         else {
             $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings
         }
-        
-        Register-ScheduledTask -TaskName 'Winget-AutoUpdate' -InputObject $task -Force | Out-Null
+        Register-ScheduledTask -TaskName 'Winget-AutoUpdate' -TaskPath 'WAU' -InputObject $task -Force | Out-Null
 
-        if ($InstallUserContext) {
-            # Settings for the scheduled task in User context
-            $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-upgrade.ps1`"`""
-            $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11
-            $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00
-
-            # Set up the task for user apps
-            $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings
-            Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -InputObject $task -Force | Out-Null
-        }
+        # Settings for the scheduled task in User context
+        $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-upgrade.ps1`"`""
+        $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11
+        $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00
+        # Set up the task for user apps
+        $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings
+        Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -TaskPath 'WAU' -InputObject $task -Force | Out-Null
 
         # Settings for the scheduled task for Notifications
         $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-notify.ps1`"`""
         $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11
         $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 00:05:00
-
         # Set up the task, and register it
         $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings
-        Register-ScheduledTask -TaskName 'Winget-AutoUpdate-Notify' -InputObject $task -Force | Out-Null
+        Register-ScheduledTask -TaskName 'Winget-AutoUpdate-Notify' -TaskPath 'WAU' -InputObject $task -Force | Out-Null
 
         #Set task readable/runnable for all users
         $scheduler = New-Object -ComObject "Schedule.Service"
@@ -391,7 +385,7 @@ function Install-WingetAutoUpdate {
         New-ItemProperty $regPath -Name Publisher -Value "Romanitho" -Force | Out-Null
         New-ItemProperty $regPath -Name URLInfoAbout -Value "https://github.com/Romanitho/Winget-AutoUpdate" -Force | Out-Null
         New-ItemProperty $regPath -Name WAU_NotificationLevel -Value $NotificationLevel -Force | Out-Null
-        if ($WAUVersion -match "-"){
+        if ($WAUVersion -match "-") {
             New-ItemProperty $regPath -Name WAU_UpdatePrerelease -Value 1 -PropertyType DWord -Force | Out-Null
         }
         else {
@@ -400,6 +394,10 @@ function Install-WingetAutoUpdate {
         New-ItemProperty $regPath -Name WAU_PostUpdateActions -Value 0 -PropertyType DWord -Force | Out-Null
         New-ItemProperty $regPath -Name WAU_MaxLogFiles -Value $MaxLogFiles -PropertyType DWord -Force | Out-Null
         New-ItemProperty $regPath -Name WAU_MaxLogSize -Value $MaxLogSize -PropertyType DWord -Force | Out-Null
+        New-ItemProperty $regPath -Name WAU_UpdatesAtTime -Value $UpdatesAtTime -PropertyType DWord -Force | Out-Null
+        if ($UpdatesAtLogon) {
+            New-ItemProperty $regPath -Name WAU_UpdatesAtLogon -Value 1 -PropertyType DWord -Force | Out-Null
+        }
         if ($DisableWAUAutoUpdate) {
             New-ItemProperty $regPath -Name WAU_DisableAutoUpdate -Value 1 -Force | Out-Null
         }
@@ -421,6 +419,19 @@ function Install-WingetAutoUpdate {
         if ($BypassListForUsers) {
             New-ItemProperty $regPath -Name WAU_BypassListForUsers -Value 1 -PropertyType DWord -Force | Out-Null
         }
+        if ($InstallUserContext) {
+            New-ItemProperty $regPath -Name WAU_UserContext -Value 1 -PropertyType DWord -Force | Out-Null
+        }
+        else {
+            New-ItemProperty $regPath -Name WAU_UserContext -Value 0 -PropertyType DWord -Force | Out-Null
+        }
+        if ($DesktopShortcut) {
+            New-ItemProperty $regPath -Name WAU_DesktopShortcut -Value 1 -PropertyType DWord -Force | Out-Null
+        }
+        if ($StartMenuShortcut) {
+            New-ItemProperty $regPath -Name WAU_StartMenuShortcut -Value 1 -PropertyType DWord -Force | Out-Null
+        }
+
 
         #Log file and symlink initialization
         . "$WingetUpdatePath\functions\Start-Init.ps1"
diff --git a/Winget-AutoUpdate/Winget-Upgrade.ps1 b/Winget-AutoUpdate/Winget-Upgrade.ps1
index 25cfbc7..5ef5bf6 100644
--- a/Winget-AutoUpdate/Winget-Upgrade.ps1
+++ b/Winget-AutoUpdate/Winget-Upgrade.ps1
@@ -305,30 +305,27 @@ if (Test-Network) {
             Write-ToLog "No new update." "Green"
         }
 
-        #Check if any user is logged on if System and run User task (if installed)
+        #Check if user context is activated during system run
         if ($IsSystem) {
-            #User check routine from: https://stackoverflow.com/questions/23219718/powershell-script-to-see-currently-logged-in-users-domain-and-machine-status
-            $explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
-            If ($explorerprocesses.Count -eq 0) {
-                Write-ToLog "No explorer process found / Nobody interactively logged on..."
-            }
-            Else {
-                #Run WAU in user context if the user task exist
-                $UserScheduledTask = Get-ScheduledTask -TaskName "Winget-AutoUpdate-UserContext" -ErrorAction SilentlyContinue
-                if ($UserScheduledTask) {
 
+            #Run WAU in user context if feature is activated
+            if ($WAUConfig.WAU_UserContext -eq 1) {
+
+                #User check routine from: https://stackoverflow.com/questions/23219718/powershell-script-to-see-currently-logged-in-users-domain-and-machine-status
+                $explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
+                If ($explorerprocesses.Count -eq 0) {
+                    Write-ToLog "No explorer process found / Nobody interactively logged on..."
+                }
+                Else {
                     #Get Winget system apps to excape them befor running user context
                     Write-ToLog "User logged on, get a list of installed Winget apps in System context..."
                     Get-WingetSystemApps
 
                     #Run user context scheduled task
-                    Write-ToLog "Starting WAU in User context"
+                    Write-ToLog "Starting WAU in User context..."
                     Start-ScheduledTask $UserScheduledTask.TaskName -ErrorAction SilentlyContinue
                     Exit 0
                 }
-                elseif (!$UserScheduledTask) {
-                    Write-ToLog "User context execution not installed..."
-                }
             }
         }
     }
diff --git a/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1 b/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
index b001bd8..e0c70cd 100644
--- a/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
+++ b/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
@@ -186,6 +186,28 @@ function Invoke-PostUpdateActions {
         }
     }
 
+    #Create User context task if not existing and manage its activation
+    $UserContextTask = Get-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -ErrorAction SilentlyContinue
+    if (!$UserContextTask) {
+        #Create the scheduled task in User context
+        $taskAction = New-ScheduledTaskAction -Execute "wscript.exe" -Argument "`"$($WingetUpdatePath)\Invisible.vbs`" `"powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"`"`"$($WingetUpdatePath)\winget-upgrade.ps1`"`""
+        $taskUserPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-11
+        $taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 03:00:00
+        $task = New-ScheduledTask -Action $taskAction -Principal $taskUserPrincipal -Settings $taskSettings
+        Register-ScheduledTask -TaskName 'Winget-AutoUpdate-UserContext' -TaskPath 'WAU' -InputObject $task -Force | Out-Null
+
+        #If scheduled task didn't exist, user context was not activated. Set it in registry.
+        New-ItemProperty $regPath -Name WAU_UserContext -Value 0 -PropertyType DWord -Force | Out-Null
+        Write-ToLog "-> User Context task created and set to 'disabled' in registry."
+    }
+    #If scheduled task exists but no WAU_UserContext setting, user context was activated. Set it in registry.
+    elseif (!($WAUConfig.WAU_UserContext)) {
+        New-ItemProperty $regPath -Name WAU_UserContext -Value 1 -PropertyType DWord -Force | Out-Null
+        Write-ToLog "-> User Context task existes and set to 'enabled' in registry."
+    }
+
+    ### End of post update actions ###
+
     #Reset WAU_UpdatePostActions Value
     $WAUConfig | New-ItemProperty -Name WAU_PostUpdateActions -Value 0 -Force