cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Windows Policies: Manage Zoom with a Boom

JuergenKlaassen
Rising Star III
Rising Star III

Happy Friday

After introducing our ( @shawnsong and myself) PowerShell-based Bulk-Importer for GPO's and Registry-Keys I wanted another validation and did choose Zoom in this case. Read here as well about the construction of this script.

Zoom does provide Policy-Templates in various form - to be found here.

Screenshot 2022-12-03 at 07.42.44.png

I download one of the packages and found the right template scoped for HKLM:

Screenshot 2022-12-03 at 07.45.08.png

You can now import the template into Local Group Policy Editor (gpedit.msc) and start configuring your desired settings.

Screenshot 2022-12-02 at 18.01.22.png

After an gpupdate /force command you will see these results reflected in the Registry of your reference machine.

Screenshot 2022-12-02 at 18.15.36.png

Once you have a Policy configured in JumpCloud and you have loaded the script with your parameters (API-Key, Policy ID, Name etc. - as described in the script and article) you can fire it off.

Screenshot 2022-12-02 at 18.23.55.png

Screenshot 2022-12-02 at 19.05.04.png

Once completed, you can check the propagated values in the JumpCloud Policy and assigned it to a device or group of devices for further initial testing. (Important note, the Policy Template need to be distributed as well, ideally via Commands - to place them into the respective folder on the devices in scope)
Screenshot 2022-12-02 at 19.05.48.pngScreenshot 2022-12-02 at 19.31.34.pngScreenshot 2022-12-02 at 19.36.37.png

The policy was applied successfully to my target devices, Zoom itself was deployed using Software Management.

Thanks for reading/sharing.
Happy weekend ahead...

Juergen

11 REPLIES 11

Rcap
Novitiate II

Great tutorial! Anyway we can learn more on how to run the powershell commands? I have modified the powershell script, I get a message that states it exported the registry keys, but there's no CSV and the reg keys are not in my JC policy.
Thank you

 

Hey @Rcap 
Do you mind sharing with me what/how you change the script according to your needs? 

.EXAMPLE
1. $org_id: Your Organization ID from the JumpCloud Admin Console 
   (https://console.jumpcloud.com/#/settings/organization#general)
2. $apikey: Your API Key from the JumpCloud Admin Console 
   (https://console.jumpcloud.com/#/settings/apikeys)
3. $policyID: The ID of the Policy you want to import the registry keys into
4. $policyName: The name of the Policy you want to import the registry keys into
5. $csvPath: The path to the CSV file containing the registry keys to import
6. $path_to_export: The path in the registry to be exported and imported into JumpCloud

Above here is what needs to match to your custom settings. 
The $policyID is unique, the paths etc. need to match as well. 

Hi @JuergenKlaassen ,

Thank you so much for taking the time to reply back to me!
Here are the values we are using. I got the policy ID by looking up the policy in powershell. 

# Put in your JumpCloud org ID & API Key (Writeable):
$org_id = "6*******************************"
$apikey = "2*******************************"

# Change the policy ID & name accordingly:
$policyID = "5f********************f"
$policyName = "Zoom Settings" # e.g. "Advanced: Imported Custom Registry Keys"

# Specify the path to the CSV file including the filename:
$csvPath = "C:\Users\rcap\Documents\ZoomGeneralSettings.csv"

# Full Registry Path to be exported (e.g. HKLM:\SOFTWARE\Policies\Microsoft\Edge)
# Copy it from the registry editor
$path_to_export = "HKLM:\SOFTWARE\Policies\Zoom"

Hey

Looks good to me in the first place. The only thing I observed once in a while - and that might need more debugging - is that: 
If the root of the hive (i.e. \Software]Policies\Zoom) has no actual entry, the export can fail. So the recursive parsing through entries doesn't seem to be the most robust yet. 

I tried to replicate your scenario and it's actually the case right now (so I consider this as a bug). Instead I started from \SOFTWARE\Policies\Zoom\Zoom Meetings\General (where are actual values present) and the script works as intended. 

Maybe you can retry again with the adjusted hive and let me know. 
Will try to find some time to debug and get it fixed. 

Screenshot 2023-01-18 at 12.45.35.pngScreenshot 2023-01-18 at 12.48.37.png

Screenshot 2023-01-18 at 12.45.56.png

Thank you for the guidance. That inputing the full location of the registry hive allows the registry to export to CSV. The next hurdle I am getting stuck on is some error messages that appear to be working on getting the policies to JumpCloud:  

 Exporting the registry keys to the specified CSV file C:\Users\tmunley\Documents\ZoomGeneralSettings.csv

Constructing the request body containing existing and new registry keys...

Invoke-RestMethod : {"message":"Not Found"}

At C:\Users\rcap\Documents\3RCAP.ps1:244 char:13

+ $response = Invoke-RestMethod -Uri $url -Method GET -Headers $headers

+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod] 

   , WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm 

   and

Updating the policy with the new registry keys:

@{value=System.Object[]; configFieldID=; configFieldName=; sensitive=}

Invoke-RestMethod : {"message":"Error: Request validation failed: Parameter (body) failed schema validation: 

expected type boolean but found type null, expected type string but found type null"}

At C:\Users\rcap\Documents\3RCAP.ps1:300 char:12

+ $change  = Invoke-RestMethod -Uri $url -Method Put -Headers $headers  ...

+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod] 

   , WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm 

   and

Completed.

 

Hey

the only obvious right now to me is this: 

Invoke-RestMethod : {"message":"Error: Request validation failed: Parameter (body) failed schema validation:

expected type boolean but found type null, expected type string but found type null"}

-> one or some of your registry entries may not be correct or you may have an empty one on the existing policy before updating it maybe? 
A bit hard to debug with out having the full set of existing and to-be-updated registry keys


 

Thanks for the guidance. I manually went through and got the keys entered into the JC Policy. I believe the "HKLM:\" in the CSV was preventing it from uploading to JC.


My next conundrum is how did you get the ADMX or ADM group policy to the remote machines?

Hey
Glad to see that you're making progress. ๐Ÿ’ช

How to get the ADMX over: I wrote about here previously. In my case, I did put them on a S3 bucket (due to their size, instead of carrying them in a Command).

It can look similar to this then: 

### Policy Templates from: https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ ###
$URLadmx = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.admx"
$URLadml = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.adml" 

### Download the templates from a public S3-bucket ###
### Place them in the respective folders; reference: https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge#add-the-administrative-template-to-an-individual-computer ###
Invoke-WebRequest -Uri $URLadmx -OutFile "C:\Windows\PolicyDefinitions\msedge.admx" 
Invoke-WebRequest -Uri $URLadml -OutFile "C:\Windows\PolicyDefinitions\en-US\msedge.adml"


Does that help? Please let me know. 

Cheers
Juergen

Now we're cooking with fire! I was able to get the reg keys and group policy templates to the devices. Thank you so much, Juergen! 

Hey @Rcap , really happy to read that it's working now is intended. ๐Ÿ’ช
Are you looking at other policies to configure and rollout? 

Rcap
Novitiate II

Thank you for the guidance. That inputing the full location of the registry hive allows the registry to export to CSV. The next hurdle I am getting stuck on is some error messages that appear to be working on getting the policies to JumpCloud:  

 Exporting the registry keys to the specified CSV file C:\Users\tmunley\Documents\ZoomGeneralSettings.csv

Constructing the request body containing existing and new registry keys...

Invoke-RestMethod : {"message":"Not Found"}

At C:\Users\rcap\Documents\3RCAP.ps1:244 char:13

+ $response = Invoke-RestMethod -Uri $url -Method GET -Headers $headers

+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod] 

   , WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm 

   and

Updating the policy with the new registry keys:

@{value=System.Object[]; configFieldID=; configFieldName=; sensitive=}

Invoke-RestMethod : {"message":"Error: Request validation failed: Parameter (body) failed schema validation: 

expected type boolean but found type null, expected type string but found type null"}

At C:\Users\rcap\Documents\3RCAP.ps1:300 char:12

+ $change  = Invoke-RestMethod -Uri $url -Method Put -Headers $headers  ...

+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod] 

   , WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodComm 

   and

Completed.