ページ概要
本ページでは、Microsoft Intuneを利用してWindowsデバイスに対してJOSYSブラウザ拡張機能をサイレントインストール/アクティベーションする際に必要となるスクリプトのサンプルを掲示しております。
Intuneを使ってWindowsデバイスに拡張機能をサイレントインストール・アクティベーションする方法(2/2)にて、ケースE(各ユーザーがデバイスの管理者権限を持っておらずUSERNAMEが、メールアドレスのローカルパートと同じ場合)だった方向けです。
想定読者
JOSYSブラウザ拡張機能の一括展開を計画・実施されるご担当者様。
ブラウザ拡張機能について
ブラウザ拡張機能に関する情報は、下記のページをお先にご覧ください。
1.ブラウザ拡張機能について
2.ブラウザ拡張機能のご利用方法
スクリプト
下記のスクリプトをユーザーコンテキストで実施するため、保存してください。
- 下記のスクリプトをコピーし、メモ帳などに貼り付けてください。
- 3行目の example.com を貴社のメールアドレスのドメインに変更してください。
例)josys.com - 5行目の YOUR_ORGANIZATION_KEY をジョーシス上で確認した自社の組織IDに変更してください。
- ファイル名を「josys-extension-config.ps1」として保存してください。
- ファイルの種類が「Windows PowerShellスクリプト」となっていることを確認してください。
- Intuneを使ってWindowsデバイスに拡張機能をサイレントインストール・アクティベーションする方法(2/2) - 1-5.<ケースB/D/Fの場合のみ>紐付けIDの登録に戻って作業を進めてください。
# --- Configuration Settings ---
# Set your organization's email domain here (Mandatory)
$emailDomain = "example.com" # ★★★★★ここにあなたの会社のメールドメインを入力してください(例: "example.co.jp")
# Set the OrganizationKey value here (Mandatory)
$organizationKey = "YOUR_ORGANIZATION_KEY" # Replace with your actual key
# Relative registry key paths under HKCU for the specific extensions
$chromeRelativePath = "Software\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf\policy"
$edgeRelativePath = "SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy"
# --- End of Configuration Settings ---
# --- Script Body ---
Write-Host "Script started for Chrome and Edge extension policies. OrganizationKey: '${organizationKey}'"
# Basic check if configuration values are set
if ([string]::IsNullOrWhiteSpace($organizationKey) -or $organizationKey -eq "YOUR_ORGANIZATION_KEY_HERE") {
Write-Error "Please set a valid value for the `${organizationKey}` variable at the top of the script."
exit 1
}
if ([string]::IsNullOrWhiteSpace($emailDomain) -or $emailDomain -eq "your-domain.com") {
Write-Error "Please set a valid value for the `${emailDomain}` variable at the top of the script."
exit 1
}
# Function to get the active user session username
function Get-ActiveUserSessionInfo {
try {
$queryOutput = query user
$activeSessionLine = $queryOutput | Select-String -Pattern '^\s*>' | Select-Object -First 1
if ($activeSessionLine) {
$sessionInfo = $activeSessionLine.Line -split '\s+' | Where-Object {$_}
if ($sessionInfo.Count -ge 2) {
$userName = $sessionInfo[1]
Write-Host "Detected active user '${userName}' using query user."
return $userName
} else {
Write-Warning "Unexpected output format from query user. Line: $($activeSessionLine.Line)"
}
} else {
Write-Warning "Could not find an active session using query user."
}
} catch {
Write-Warning "Failed to execute query user command: $($_.Exception.Message)"
}
try {
Write-Host "Fallback: Attempting to get username from Win32_ComputerSystem..."
$computerSystem = Get-CimInstance -ClassName Win32_ComputerSystem
if ($computerSystem.UserName) {
Write-Host "Retrieved username '$($computerSystem.UserName)' from Win32_ComputerSystem."
if ($computerSystem.UserName -like "*\*" -or $computerSystem.UserName -like "*@*") {
return $computerSystem.UserName
} else {
Write-Warning "Username from Win32_ComputerSystem ('$($computerSystem.UserName)') is not in the expected format (Domain\User or user@domain)."
}
} else {
Write-Warning "Could not retrieve username from Win32_ComputerSystem."
}
} catch {
Write-Error "Error retrieving username from Win32_ComputerSystem: $($_.Exception.Message)"
}
Write-Error "Could not determine the active user session username."
return $null
}
# Get the active username
$activeUserName = Get-ActiveUserSessionInfo
if (-not $activeUserName) {
Write-Error "No target user found. Exiting script."
exit 1
}
# Get SID and construct the UserEmail value
$userEmail = $null
$userSid = $null
try {
$ntAccount = New-Object System.Security.Principal.NTAccount($activeUserName)
$userSid = $ntAccount.Translate([System.Security.Principal.SecurityIdentifier]).Value
Write-Host "Retrieved SID for user '${activeUserName}': ${userSid}"
$localUsernamePart = $null
if ($activeUserName -like '*@*') {
$potentialLocalPart = $activeUserName.Split('@')[0]
if ($potentialLocalPart -like '*\*') {
$localUsernamePart = $potentialLocalPart.Split('\')[1]
} else {
$localUsernamePart = $potentialLocalPart
}
} elseif ($activeUserName -like '*\*') {
$localUsernamePart = $activeUserName.Split('\')[1]
} else {
Write-Warning "Username '${activeUserName}' does not contain '@' or '\'. Using the full username."
$localUsernamePart = $activeUserName
}
if ($localUsernamePart) {
Write-Host "Determined local username part for user '${activeUserName}': ${localUsernamePart}"
# Construct the full email address
$userEmail = "${localUsernamePart}@${emailDomain}"
Write-Host "Constructed email address for registry: ${userEmail}"
} else {
Write-Error "Failed to determine local username part for user '${activeUserName}'."
exit 1
}
} catch {
Write-Error "Failed to retrieve SID or construct email for user '${activeUserName}': $($_.Exception.Message)"
exit 1
}
# Proceed with registry operations only if SID and userEmail were obtained
if ($userSid -and $userEmail) {
# --- Process Chrome Path ---
$chromeRegistryPath = "Registry::HKEY_USERS\${userSid}\${chromeRelativePath}"
Write-Host "--- Processing Chrome Path: ${chromeRegistryPath} ---"
try {
if (-not (Test-Path -Path $chromeRegistryPath)) {
Write-Host "Chrome registry key does not exist. Creating..."
New-Item -Path $chromeRegistryPath -Force -ErrorAction Stop | Out-Null
Write-Host "Successfully created Chrome registry key '${chromeRegistryPath}'."
} else {
Write-Host "Chrome registry key already exists."
}
$CurrentErrorActionPreference = $ErrorActionPreference
$ErrorActionPreference = "SilentlyContinue"
New-ItemProperty -Path $chromeRegistryPath -Name "UserEmail" -Value $userEmail -PropertyType String -Force
if ($?) { Write-Host "Successfully set Chrome 'UserEmail' to '${userEmail}'." }
else { Write-Error "Failed to set Chrome 'UserEmail'. Last Error: $($error[0].Exception.Message)" }
New-ItemProperty -Path $chromeRegistryPath -Name "OrganizationKey" -Value $organizationKey -PropertyType String -Force
if ($?) { Write-Host "Successfully set Chrome 'OrganizationKey' to '${organizationKey}'." }
else { Write-Error "Failed to set Chrome 'OrganizationKey'. Last Error: $($error[0].Exception.Message)" }
$ErrorActionPreference = $CurrentErrorActionPreference
} catch {
Write-Error "Failed processing Chrome registry path '${chromeRegistryPath}': $($_.Exception.Message)"
}
Write-Host "--- Finished Processing Chrome Path ---"
# --- Process Edge Path ---
$edgeRegistryPath = "Registry::HKEY_USERS\${userSid}\${edgeRelativePath}"
Write-Host "--- Processing Edge Path: ${edgeRegistryPath} ---"
try {
if (-not (Test-Path -Path $edgeRegistryPath)) {
Write-Host "Edge registry key does not exist. Creating..."
New-Item -Path $edgeRegistryPath -Force -ErrorAction Stop | Out-Null
Write-Host "Successfully created Edge registry key '${edgeRegistryPath}'."
} else {
Write-Host "Edge registry key already exists."
}
$CurrentErrorActionPreference = $ErrorActionPreference
$ErrorActionPreference = "SilentlyContinue"
New-ItemProperty -Path $edgeRegistryPath -Name "UserEmail" -Value $userEmail -PropertyType String -Force
if ($?) { Write-Host "Successfully set Edge 'UserEmail' to '${userEmail}'." }
else { Write-Error "Failed to set Edge 'UserEmail'. Last Error: $($error[0].Exception.Message)" }
New-ItemProperty -Path $edgeRegistryPath -Name "OrganizationKey" -Value $organizationKey -PropertyType String -Force
if ($?) { Write-Host "Successfully set Edge 'OrganizationKey' to '${organizationKey}'." }
else { Write-Error "Failed to set Edge 'OrganizationKey'. Last Error: $($error[0].Exception.Message)" }
$ErrorActionPreference = $CurrentErrorActionPreference
} catch {
Write-Error "Failed processing Edge registry path '${edgeRegistryPath}': $($_.Exception.Message)"
}
Write-Host "--- Finished Processing Edge Path ---"
} else {
Write-Error "Cannot perform registry operations because SID or UserEmail could not be obtained."
exit 1
}
Write-Host "Script execution finished."