ページ概要
本ページでは、Microsoft Intuneを利用してWindowsデバイスに対してJOSYSブラウザ拡張機能をサイレントインストール/アクティベーションする際に必要となるスクリプトのサンプルを掲示しております。
Intuneを使ってWindowsデバイスに拡張機能をサイレントインストール・アクティベーションする方法(2/2)にて、ケースB(各ユーザーがデバイスの管理者権限を持っていてUPNがジョーシス上のメールアドレスと異なる)だった方向けです。
想定読者
JOSYSブラウザ拡張機能の一括展開を計画・実施されるご担当者様。
ブラウザ拡張機能について
ブラウザ拡張機能に関する情報は、下記のページをお先にご覧ください。
1.ブラウザ拡張機能について
2.ブラウザ拡張機能のご利用方法
スクリプト
下記のスクリプトをユーザーコンテキストで実施するため、保存してください。
- 下記のスクリプトをコピーし、メモ帳などに貼り付けてください。
- 3行目の YOUR_ORGANIZATION_KEY をジョーシス上で確認した自社の組織IDに変更してください。
- ファイル名を「josys-extension-config.ps1」として保存してください。
- ファイルの種類が「Windows PowerShellスクリプト」となっていることを確認してください。
-
Intuneを使ってWindowsデバイスに拡張機能をサイレントインストール・アクティベーションする方法(2/2) - 1-5.<ケースB/D/Fの場合のみ>紐付けIDの登録に戻って作業を進めてください。
# --- Configuration Section ---
# Please replace with your company's Organization Key
$organizationKey = "YOUR_ORGANIZATION_KEY" # Replace with your actual Organization Key
# --- Script Body ---
# Definition of registry paths (Array)
$registryPaths = @(
# Google Chrome
"HKCU:\Software\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf\policy",
# Microsoft Edge
"HKCU:\Software\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy"
)
# Get Username (Run only once)
$username = $null
try {
# Use the environment variable for the current username
$username = $env:USERNAME.Trim() # Trim potential whitespace
if ([string]::IsNullOrWhiteSpace($username)) {
Write-Warning "Could not retrieve Username. 'DeviceIdentity' will not be set."
# Consider exiting with code 1 here if Username is mandatory.
} else {
Write-Host "Retrieved Username: $username"
}
} catch {
# Catch potential errors, although accessing $env:USERNAME is usually safe
Write-Warning "Failed to retrieve Username. 'DeviceIdentity' will not be set. Error: $($_.Exception.Message)"
# Similarly, consider exiting with code 1 here.
}
# Function to create registry keys and write values
function Set-ExtensionPolicyRegistry {
param(
[Parameter(Mandatory=$true)]
[string]$Path,
[Parameter(Mandatory=$true)]
[string]$OrgKey,
[Parameter(Mandatory=$false)] # Optional, considering Username might not be available
[string]$IdentityValue # Changed parameter name from $Email to $IdentityValue
)
Write-Host "Processing registry path: $Path"
$operationSuccess = $true # Success flag for processing this specific path
# Check and create parent path
$parentPath = Split-Path -Path $Path -Parent
if (!(Test-Path $parentPath)) {
try {
New-Item -Path $parentPath -Force -ItemType Directory -ErrorAction Stop | Out-Null
Write-Host " Created parent registry key structure: $parentPath"
} catch {
Write-Error " Failed to create parent registry key: $parentPath. Error: $($_.Exception.Message)"
$operationSuccess = $false
}
}
# Check and create the policy key (Attempt only if parent key creation was successful)
if ($operationSuccess -and !(Test-Path $Path)) {
try {
New-Item -Path $Path -Force -ItemType Directory -ErrorAction Stop | Out-Null
Write-Host " Created registry key: $Path"
} catch {
Write-Error " Failed to create registry key: $Path. Error: $($_.Exception.Message)"
$operationSuccess = $false
}
}
# 1. Write OrganizationKey (Attempt only if key creation was successful)
if ($operationSuccess) {
try {
Set-ItemProperty -Path $Path -Name "OrganizationKey" -Value $OrgKey -Type String -Force -ErrorAction Stop
Write-Host " Successfully set 'OrganizationKey' to '$OrgKey'"
} catch {
Write-Error " Failed to set 'OrganizationKey'. Error: $($_.Exception.Message)"
$operationSuccess = $false
}
}
# 2. Write DeviceIdentity (Attempt only if Username was retrieved and key creation was successful)
if ($operationSuccess -and (-not [string]::IsNullOrWhiteSpace($IdentityValue))) {
try {
# Changed Name to "DeviceIdentity" and Value to $IdentityValue
Set-ItemProperty -Path $Path -Name "DeviceIdentity" -Value $IdentityValue -Type String -Force -ErrorAction Stop
Write-Host " Successfully set 'DeviceIdentity' to '$IdentityValue'" # Updated log message
} catch {
# Updated error message
Write-Error " Failed to set 'DeviceIdentity'. Error: $($_.Exception.Message)"
$operationSuccess = $false
}
} elseif ($operationSuccess -and [string]::IsNullOrWhiteSpace($IdentityValue)) {
# Updated warning message
Write-Host " Skipping 'DeviceIdentity' setting because Username was not available."
}
# Return the result of processing for this path
return $operationSuccess
}
# --- Main Processing ---
$overallSuccess = $true # Overall success flag
Write-Host "Starting registry setting process..."
# Execute the function for each registry path
foreach ($regPath in $registryPaths) {
# Pass $username to the $IdentityValue parameter when calling the function
if (-not (Set-ExtensionPolicyRegistry -Path $regPath -OrgKey $organizationKey -IdentityValue $username)) {
$overallSuccess = $false
Write-Warning "An error occurred while processing path '$regPath'."
# Processing continues to the next path even if an error occurs
} else {
Write-Host "Processing for path '$regPath' completed successfully."
}
Write-Host "---" # Separator for each path
}
# Set the exit code based on the final result
if ($overallSuccess) {
Write-Host "Processing completed successfully for all specified registry paths."
exit 0
} else {
Write-Error "Script completed with one or more errors. Please check the logs above."
exit 1
}