12-02-2022 06:58 PM
Happy Friday
After introducing our ( @shawnsong and myself) PowerShell-based Bulk-Importer for GPO's and Registry-Keys I wanted another validation and did choose Zoom in this case. Read here as well about the construction of this script.
Zoom does provide Policy-Templates in various form - to be found here.
I download one of the packages and found the right template scoped for HKLM:
You can now import the template into Local Group Policy Editor (gpedit.msc) and start configuring your desired settings.
After an gpupdate /force command you will see these results reflected in the Registry of your reference machine.
Once you have a Policy configured in JumpCloud and you have loaded the script with your parameters (API-Key, Policy ID, Name etc. - as described in the script and article) you can fire it off.
Once completed, you can check the propagated values in the JumpCloud Policy and assigned it to a device or group of devices for further initial testing. (Important note, the Policy Template need to be distributed as well, ideally via Commands - to place them into the respective folder on the devices in scope)
The policy was applied successfully to my target devices, Zoom itself was deployed using Software Management.
Thanks for reading/sharing.
Happy weekend ahead...
Juergen
01-13-2023 04:32 PM
Great tutorial! Anyway we can learn more on how to run the powershell commands? I have modified the powershell script, I get a message that states it exported the registry keys, but there's no CSV and the reg keys are not in my JC policy.
Thank you
01-15-2023 08:54 PM
Hey @Rcap
Do you mind sharing with me what/how you change the script according to your needs?
.EXAMPLE
1. $org_id: Your Organization ID from the JumpCloud Admin Console
(https://console.jumpcloud.com/#/settings/organization#general)
2. $apikey: Your API Key from the JumpCloud Admin Console
(https://console.jumpcloud.com/#/settings/apikeys)
3. $policyID: The ID of the Policy you want to import the registry keys into
4. $policyName: The name of the Policy you want to import the registry keys into
5. $csvPath: The path to the CSV file containing the registry keys to import
6. $path_to_export: The path in the registry to be exported and imported into JumpCloud
Above here is what needs to match to your custom settings.
The $policyID is unique, the paths etc. need to match as well.
01-17-2023 11:15 AM
Hi @JuergenKlaassen ,
Thank you so much for taking the time to reply back to me!
Here are the values we are using. I got the policy ID by looking up the policy in powershell.
# Put in your JumpCloud org ID & API Key (Writeable):
$org_id = "6*******************************"
$apikey = "2*******************************"
# Change the policy ID & name accordingly:
$policyID = "5f********************f"
$policyName = "Zoom Settings" # e.g. "Advanced: Imported Custom Registry Keys"
# Specify the path to the CSV file including the filename:
$csvPath = "C:\Users\rcap\Documents\ZoomGeneralSettings.csv"
# Full Registry Path to be exported (e.g. HKLM:\SOFTWARE\Policies\Microsoft\Edge)
# Copy it from the registry editor
$path_to_export = "HKLM:\SOFTWARE\Policies\Zoom"
01-17-2023 11:58 PM
Hey
Looks good to me in the first place. The only thing I observed once in a while - and that might need more debugging - is that:
If the root of the hive (i.e. \Software]Policies\Zoom) has no actual entry, the export can fail. So the recursive parsing through entries doesn't seem to be the most robust yet.
I tried to replicate your scenario and it's actually the case right now (so I consider this as a bug). Instead I started from \SOFTWARE\Policies\Zoom\Zoom Meetings\General (where are actual values present) and the script works as intended.
Maybe you can retry again with the adjusted hive and let me know.
Will try to find some time to debug and get it fixed.
01-24-2023 11:09 AM
Thank you for the guidance. That inputing the full location of the registry hive allows the registry to export to CSV. The next hurdle I am getting stuck on is some error messages that appear to be working on getting the policies to JumpCloud:
Exporting the registry keys to the specified CSV file C:\Users\tmunley\Documents\ZoomGeneralSettings.csv
Constructing the request body containing existing and new registry keys...
Invoke-RestMethod : {"message":"Not Found"}
At C:\Users\rcap\Documents\3RCAP.ps1:244 char:13
+ $response = Invoke-RestMethod -Uri $url -Method GET -Headers $headers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod]
, WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm
and
Updating the policy with the new registry keys:
@{value=System.Object[]; configFieldID=; configFieldName=; sensitive=}
Invoke-RestMethod : {"message":"Error: Request validation failed: Parameter (body) failed schema validation:
expected type boolean but found type null, expected type string but found type null"}
At C:\Users\rcap\Documents\3RCAP.ps1:300 char:12
+ $change = Invoke-RestMethod -Uri $url -Method Put -Headers $headers ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod]
, WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm
and
Completed.
01-24-2023 06:55 PM
Hey
the only obvious right now to me is this:
Invoke-RestMethod : {"message":"Error: Request validation failed: Parameter (body) failed schema validation:
expected type boolean but found type null, expected type string but found type null"}
-> one or some of your registry entries may not be correct or you may have an empty one on the existing policy before updating it maybe?
A bit hard to debug with out having the full set of existing and to-be-updated registry keys
01-27-2023 09:47 AM
Thanks for the guidance. I manually went through and got the keys entered into the JC Policy. I believe the "HKLM:\" in the CSV was preventing it from uploading to JC.
My next conundrum is how did you get the ADMX or ADM group policy to the remote machines?
01-27-2023 07:19 PM
Hey
Glad to see that you're making progress. 💪
How to get the ADMX over: I wrote about here previously. In my case, I did put them on a S3 bucket (due to their size, instead of carrying them in a Command).
It can look similar to this then:
### Policy Templates from: https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ ###
$URLadmx = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.admx"
$URLadml = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.adml"
### Download the templates from a public S3-bucket ###
### Place them in the respective folders; reference: https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge#add-the-administrative-template-to-an-individual-computer ###
Invoke-WebRequest -Uri $URLadmx -OutFile "C:\Windows\PolicyDefinitions\msedge.admx"
Invoke-WebRequest -Uri $URLadml -OutFile "C:\Windows\PolicyDefinitions\en-US\msedge.adml"
Does that help? Please let me know.
Cheers
Juergen
01-31-2023 04:21 PM
Now we're cooking with fire! I was able to get the reg keys and group policy templates to the devices. Thank you so much, Juergen!
01-31-2023 07:59 PM
Hey @Rcap , really happy to read that it's working now is intended. 💪
Are you looking at other policies to configure and rollout?
01-18-2023 11:04 AM
Thank you for the guidance. That inputing the full location of the registry hive allows the registry to export to CSV. The next hurdle I am getting stuck on is some error messages that appear to be working on getting the policies to JumpCloud:
Exporting the registry keys to the specified CSV file C:\Users\tmunley\Documents\ZoomGeneralSettings.csv
Constructing the request body containing existing and new registry keys...
Invoke-RestMethod : {"message":"Not Found"}
At C:\Users\rcap\Documents\3RCAP.ps1:244 char:13
+ $response = Invoke-RestMethod -Uri $url -Method GET -Headers $headers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod]
, WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm
and
Updating the policy with the new registry keys:
@{value=System.Object[]; configFieldID=; configFieldName=; sensitive=}
Invoke-RestMethod : {"message":"Error: Request validation failed: Parameter (body) failed schema validation:
expected type boolean but found type null, expected type string but found type null"}
At C:\Users\rcap\Documents\3RCAP.ps1:300 char:12
+ $change = Invoke-RestMethod -Uri $url -Method Put -Headers $headers ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod]
, WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm
and
Completed.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.