cancel
Showing results for 
Search instead for 
Did you mean: 

Script: Bulk-Importer for the "Windows - Advanced: Custom Registry Keys Policy"

JuergenKlaassen
Rising Star III
Rising Star III

Hello

Shopping-List.gif

I had this on my bucket list for a long time and now we (as in @shawnsong and myself) came up with a first version of a script to:

Why?

  • It's nearly impossible to have pre-configured policies for all kinds of scenarios
  • The existing policy for custom registry keys can't be treated via PS-Module as of now and larger sets can turn out to be cumbersome via the UI.
  • Being able to cover a huge variety of scenarios and make excessive use of Custom Policies. This includes use cases like policies for Microsoft Edge (which I covered here earlier), or Security Baselines, or AppLocker, or Zoom Meetings

How?

Note: @shawnsong will provide a deep dive on the intricacies of constructing the right response body.

  • Currently the only method to create/update this policy besides using the UI is the REST-API.
  • The PUT operation for policies is the entry point and allows to update values
  • Our script does
    • Export a given Registry Hive into a CSV-file
    • Transforms the line items to be suitable for a PUT-operation via JumpCloud-API
    • Combines them with existing Registry-Keys in the polices
    • Invokes the updated set of Registry-Keys within the body of the PUT operation

Screen Recording 2022-12-01 at 5.55.22 PM.gif

Screenshot 2022-12-01 at 16.55.52.png

Where to find it?
The initial public version of this script can be found here.

How to run it?

  • You will need a Windows-devices, basically your reference machine
  • You will need ADMX-templates if it's an 'out of band' configuration imported into your reference machine as well as on the target devices
  • Other ingredients as mentioned in the script (Org-ID, API-key etc.)
  • All settings configured as desired and validated
  • The Custom Registry Policy you want to use and its name (please create this policy beforehand as this version of the script doesn't create the policy itself)

<#
##############################################################################################################################
.FUNCTIONALITY
This script will export an existing registry keys from a reference machine and import them to a JumpCloud Policy.

.DESCRIPTION 
...

Authors: Juergen Klaassen & Shawn Song
Version: 1.1
Date: 2022-12-01

.NOTES
This script is provided as-is without any warranty. Use at your own risk.
This script was tested on Windows 10 and Windows 11 as well as on macOS (without the registry export).

.INPUTS
- PowerShell 5.1
- JumpCloud API Key
- JumpCloud Organization ID
- JumpCloud Policy ID (please create the policy in advance  and use the policy ID)
- JumpCloud Policy Name (please create the policy in advance and use the policy name)
- A reference machine (Windows only) with the registry keys configured you want to import
- Policy Templates must be deployed to the reference and target machines

.EXAMPLE
1. $org_id: Your Organization ID from the JumpCloud Admin Console 
   (https://console.jumpcloud.com/#/settings/organization#general)
2. $apikey: Your API Key from the JumpCloud Admin Console 
   (https://console.jumpcloud.com/#/settings/apikeys)
3. $policyID: The ID of the Policy you want to import the registry keys into
4. $policyName: The name of the Policy you want to import the registry keys into
5. $csvPath: The path to the CSV file containing the registry keys to import
6. $path_to_export: The path in the registry to be exported and imported into JumpCloud

.KEYWORDS JumpCloud, Policy, Registry, Import, Export, Registry-Importer

Known Issues:
- none so far
##############################################################################################################################
#>

Disclaimer:

This script is provided as-is without any warranty. Use at your own risk.

...and as usual: As policies can be very power- and impactful -> testing testing testing before going broad.

Lastly, we'd really like to get your feedback on this (up- and downsides of course).
We're curious which Custom Policy you create and roll out.
0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.