WAU daily updates apps as system and notify connected users. (Allowlist and Blocklist support)
 
Go to file
Fabian Seitz 39be9b2e60 Handle WAU-install symlinks in Updates and Uninstallations
#333
2023-05-03 08:13:58 +02:00
.github Remove useless regkeys 2023-04-22 14:00:07 +02:00
Policies Added AZBlob for Mods 2023-03-07 15:17:40 +00:00
Winget-AutoUpdate Handle WAU-install symlinks in Updates and Uninstallations 2023-05-03 08:13:58 +02:00
LICENSE Create LICENSE 2022-08-11 09:59:05 +02:00
README.md Handle WAU-install symlinks in Updates and Uninstallations 2023-05-03 08:13:58 +02:00
Winget-AutoUpdate-Install.ps1 Handle WAU-install symlinks in Updates and Uninstallations 2023-05-03 08:13:58 +02:00
excluded_apps.txt Update excluded_apps.txt 2022-03-21 16:30:52 +01:00
install.bat simplified install/uninstall batch files 2022-10-28 01:20:21 +02:00
uninstall.bat simplified install/uninstall batch files 2022-10-28 01:20:21 +02:00

README.md

Winget-AutoUpdate (WAU)

This project uses the Winget tool to daily update apps (with system context) and notify users when updates are available and installed.

image

Intallation

Just download latest release (WAU.zip), unzip, run "install.bat" as admin to install by default.

Configurations

Keep some apps out of Winget-AutoUpdate

  • BlockList

You can exclude apps from update job (for instance, apps you want to keep at a specific version or apps with built-in auto-update): Add (or remove) the apps' ID you want to disable autoupdate to 'excluded_apps.txt'. (File must be placed in WAU's installation folder, or re-run install.bat).

  • Or AllowList

From 1.7.0 version, you can update only pre-selected apps. To do so, create an "included_apps.txt" with the apps' ID of the apps you want to auto-update and run the Winget-AutoUpdate-Install.ps1 with -UseWhiteList parameter. Related post: https://github.com/Romanitho/Winget-AutoUpdate/issues/36

You can use WiGui to create these lists: https://github.com/Romanitho/Winget-Install-GUI

Notification Level

From version 1.9.0, you can choose which notification will be displayed: Full, Success only or none. Use -NotificationLevel parameter when you run Winget-AutoUpdate-Install.ps1.

Notification language

You can easily translate toast notifications by creating your locale xml config file (and share it with us :) ).

Default install location

By default, scripts and components will be placed in ProgramData location (inside a Winget-AutoUpdate folder). You can change this with script argument (Not Recommended).

When does the script run?

From version 1.9.0 (on new installations) WAU runs everyday at 6AM. You can now configure the frequency with -UpdatesInterval option (Daily, BiDaily, Weekly, BiWeekly or Monthly). You can also add -UpdatesAtLogon parameter to run at user logon and keep this option activated like previous versions (recommanded).

Log location

You can find logs in install location, in logs folder. If Intune Management Extension is installed, a SymLink (WAU-updates.log) is created under C:\ProgramData\Microsoft\IntuneManagementExtension\Logs If you are deploying winget Apps with Winget-Install a SymLink (WAU-install.log) is also created under C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

"Unknown" App version

As explained in this post, Winget cannot detect the current version of some installed apps. We decided to skip managing these apps with WAU to avoid retries each time WAU runs:

image

Eventually, try to reinstall or update app manually to see if new version is detected.

Handle metered connections

We might want to stop WAU on metered connection (to save cellular data on connection sharing for instance). That's why from v1.12.0 the default behavior will detect and stop WAU on limited connections (only for fresh install).

Previous installed versions will ignore this new setting on update to keep historical operation.

To force WAU to run on metered connections anyway, run new installation with -RunOnMetered parameter.

System & user context

From version 1.15.0, WAU run with system and user contexts. This way, even apps installed on User's scope are updated. Shorcuts for manually run can also be installed.

Update WAU

Manual Update

Same process as new installation : download, unzip and run install.bat.

Automatic Update

A new Auto-Update process has been released from version 1.5.0. By default, WAU AutoUpdate is enabled. It will not overwrite the configurations, icons (if personalised), excluded_apps list,... To disable WAU AutoUpdate, run the Winget-AutoUpdate-Install.ps1 with -DisableWAUAutoUpdate parameter.

Uninstall WAU

Simply uninstall it from your programs:

image

GUI installation

WiGui can be used to install WAU even easier:

Advanced installation

You can run the Winget-AutoUpdate-Install.ps1 script with parameters :

-Silent Install Winget-AutoUpdate and prerequisites silently.

-MaxLogFiles Specify number of allowed log files. Default is 3 out of 0-99: Setting MaxLogFiles to 0 don't delete any old archived log files. Setting it to 1 keeps the original one and just let it grow.

-MaxLogSize Specify the size of the log file in bytes before rotating. Default is 1048576 = 1 MB (ca. 7500 lines)

-WingetUpdatePath Specify Winget-AutoUpdate installation location. Default: C:\ProgramData\Winget-AutoUpdate (Recommended to leave default).

-DoNotUpdate Do not run Winget-AutoUpdate after installation. By default, Winget-AutoUpdate is run just after installation.

-DisableWAUAutoUpdate Disable Winget-AutoUpdate update checking. By default, WAU auto updates if new version is available on Github.

-UseWhiteList Use White List instead of Black List. This setting will not create the "excluded_apps.txt" but "included_apps.txt".

-ListPath Get Black/White List from external Path (URL/UNC/Local/GPO) - download/copy to Winget-AutoUpdate installation location if external list is newer. PATH must end with a Directory, not a File... ...if the external Path is an URL and the web host doesn't respond with a date/time header for the file (i.e GitHub) then the file is always downloaded!

If -ListPath is set to GPO the Black/White List can be managed from within the GPO itself under Application GPO Blacklist/Application GPO Whitelist. Thanks to Weatherlights in #256 (reply in thread)!

-ModsPath Get Mods from external Path (URL/UNC/Local/AzureBlob) - download/copy to mods in Winget-AutoUpdate installation location if external mods are newer.

For URL: This requires a site directory with Directory Listing Enabled and no index page overriding the listing of files (or an index page with href listing of all the Mods to be downloaded):

<ul>
<li><a  href="Adobe.Acrobat.Reader.32-bit-installed.ps1">Adobe.Acrobat.Reader.32-bit-installed.ps1</a></li>
<li><a  href="Adobe.Acrobat.Reader.64-bit-override.txt">Adobe.Acrobat.Reader.64-bit-override.txt</a></li>
<li><a  href="Notepad++.Notepad++-installed.ps1">Notepad++.Notepad++-installed.ps1</a></li>
<li><a  href="Notepad++.Notepad++-uninstalled.ps1">Notepad++.Notepad++-uninstalled.ps1</a></li>
</ul>

Validated on IIS/Apache.

Nota bene IIS :

  • The extension .ps1 must be added as MIME Types (text/powershell-script) otherwise it's displayed in the listing but can't be opened
  • Files with special characters in the filename can't be opened by default from an IIS server - config must be administrated: Enable Allow double escaping in 'Request Filtering'

For AzureBlob: This requires the parameter -AzureBlobURL to be set with an appropriate Azure Blob Storage URL including the SAS token. See -AzureBlobURL for more information.

-AzureBlobURL Used in conjunction with the -ModsPath parameter to provide the Azure Storage Blob URL with SAS token. The SAS token must, at a minimum, have 'Read' and 'List' permissions. It is recommended to set the permisions at the container level and rotate the SAS token on a regular basis. Ensure the container reflects the same structure as found under the initial mods folder. (From version 1.16.4).

-InstallUserContext Install WAU with system and user context executions (From version 1.15.3).

-BypassListForUsers Bypass Black/White list when run in user context (From version 1.15.0).

-NoClean Keep critical files when installing/uninstalling. This setting will keep "excluded_apps.txt", "included_apps.txt", "mods" and "logs" as they were.

-DesktopShortcut Create a shortcut for user interaction on the Desktop to run task Winget-AutoUpdate (From version 1.15.0).

-StartMenuShortcut Create shortcuts for user interaction in the Start Menu to run task Winget-AutoUpdate, open Logs and Web Help (From version 1.15.0).

-NotificationLevel Specify the Notification level: Full (Default, displays all notification), SuccessOnly (Only displays notification for success) or None (Does not show any popup).

-UpdatesAtLogon Set WAU to run at user logon.

-UpdatesInterval Specify the update frequency: Daily (Default), BiDaily, Weekly, BiWeekly, Monthly or Never. Can be set to 'Never' in combination with '-UpdatesAtLogon' for instance.

-UpdatesAtTime Specify the time of the update interval execution time. Default 6AM. (From version 1.15.0).

-RunOnMetered Run WAU on metered connection. Default No.

-Uninstall Remove scheduled tasks and scripts.

Intune/SCCM use

See https://github.com/Romanitho/Winget-AutoUpdate/discussions/88

Custom scripts (Mods feature)

From version 1.8.0, the Mods feature allows you to run additional scripts when upgrading or installing an app. Just put the scripts in question with the AppID followed by the -preinstall, -upgrade, -install or -installed suffix in the mods folder.

Runs before upgrade/install: AppID-preinstall.ps1 Runs during upgrade/install (before install check): AppID-upgrade.ps1/AppID-install.ps1 Runs after upgrade/install has been confirmed: AppID-installed.ps1

The -install mod will be used for upgrades too if -upgrade doesn't exist (WAU first tries & $Winget upgrade --id and if the app isn't detected after that & $Winget install --id is tried). AppID-install.ps1 is recommended because it's used in both scenarios.

Example: If you want to run a script that removes the shortcut from %PUBLIC%\Desktop (we don't want to fill the desktop with shortcuts our users can't delete) just after installing Acrobat Reader DC (32-bit), prepare a powershell script that removes the Public Desktop shortcut Acrobat Reader DC.lnk and name your script like this: Adobe.Acrobat.Reader.32-bit-installed.ps1 and put it in the mods folder.

You can find more information on Winget-Install Repo, as it's a related feature. Read more in the README.md under the directory mods.

Share your mods with the community: https://github.com/Romanitho/Winget-AutoUpdate/discussions/categories/mods

Winget native parameters

Another finess is the AppID followed by the -override suffix as a text file (.txt) that you can place under the mods folder.

Example: Canneverbe.CDBurnerXP-override.txt with the content ADDLOCAL=All REMOVE=Desktop_Shortcut /qn

This will use the content of the text file as a native winget --override parameter when upgrading (as proposed by JonNesovic in Mod for --override argument #244).

GPO Management

In an enterprise environment it's crucial that different groups can have different settings in applications etc. or to implement other mandatory settings, i.e for security/management reasons. WAU doesn't have any setting that can be changed except for when installing (or editing the registry/the task Winget-AutoUpdate as Admin). With the use of ADML/ADMX files you can manage every WAU setting from within GPO. They will be detected/evaluated during the next run of WAU (taking effect before any actions). The GPO ADMX/ADML validated with: Windows 10 - Validate ADMX for Ingestion Read more in the README.md under the directory Policies.

image

Help

In some cases, you need to "unblock" the install.bat file (Windows Defender SmartScreen). Right click, properties and unblock. Then, you'll be able to run it.

Known issues

Optimization

Feel free to give us any suggestions or optimizations in code and support us by adding a star :).