JumpCloud Community

Hello

I had this on my bucket list for a long time and now we (as in @shawnsong and myself) came up with a first version of a script to:

• Export an existing Windows Registry Hive from a Windows device (reference machine) and
• Import these into the JumpCloud Policy "Windows - Advanced: Custom Registry Keys Policy"

Why?

• It's nearly impossible to have pre-configured policies for all kinds of scenarios
• The existing policy for custom registry keys can't be treated via PS-Module as of now and larger sets can turn out to be cumbersome via the UI.
• Being able to cover a huge variety of scenarios and make excessive use of Custom Policies. This includes use cases like policies for Microsoft Edge (which I covered here earlier), or Security Baselines, or AppLocker, or Zoom Meetings

How?

Note: @shawnsong will provide a deep dive on the intricacies of constructing the right response body.

• Currently the only method to create/update this policy besides using the UI is the REST-API.
• The PUT operation for policies is the entry point and allows to update values
• Our script does
  • Export a given Registry Hive into a CSV-file
  • Transforms the line items to be suitable for a PUT-operation via JumpCloud-API
  • Combines them with existing Registry-Keys in the polices
  • Invokes the updated set of Registry-Keys within the body of the PUT operation

Where to find it?
The initial public version of this script can be found here.

How to run it?

• You will need a Windows-devices, basically your reference machine
• You will need ADMX-templates if it's an 'out of band' configuration imported into your reference machine as well as on the target devices
• Other ingredients as mentioned in the script (Org-ID, API-key etc.)
• All settings configured as desired and validated
• The Custom Registry Policy you want to use and its name (please create this policy beforehand as this version of the script doesn't create the policy itself)

<#
##############################################################################################################################
.FUNCTIONALITY
This script will export an existing registry keys from a reference machine and import them to a JumpCloud Policy.

.DESCRIPTION 
...

Authors: Juergen Klaassen & Shawn Song
Version: 1.1
Date: 2022-12-01

.NOTES
This script is provided as-is without any warranty. Use at your own risk.
This script was tested on Windows 10 and Windows 11 as well as on macOS (without the registry export).

.INPUTS
- PowerShell 5.1
- JumpCloud API Key
- JumpCloud Organization ID
- JumpCloud Policy ID (please create the policy in advance  and use the policy ID)
- JumpCloud Policy Name (please create the policy in advance and use the policy name)
- A reference machine (Windows only) with the registry keys configured you want to import
- Policy Templates must be deployed to the reference and target machines

.EXAMPLE
1. $org_id: Your Organization ID from the JumpCloud Admin Console 
   (https://console.jumpcloud.com/#/settings/organization#general)
2. $apikey: Your API Key from the JumpCloud Admin Console 
   (https://console.jumpcloud.com/#/settings/apikeys)
3. $policyID: The ID of the Policy you want to import the registry keys into
4. $policyName: The name of the Policy you want to import the registry keys into
5. $csvPath: The path to the CSV file containing the registry keys to import
6. $path_to_export: The path in the registry to be exported and imported into JumpCloud

.KEYWORDS JumpCloud, Policy, Registry, Import, Export, Registry-Importer

Known Issues:
- none so far
##############################################################################################################################
#>

Disclaimer: