デバイス(ドメイン)にログインしているIDが、ジョーシスに登録しているメールアドレスのローカルパート(@の左側)と同じ
スクリプトの概要
システム権限で実行します。デバイス上のユーザープロファイルリストから、ユーザーのSIDを取得し各ユーザーのHKUの指定したChromeとEdge用のレジストリに、ジョーシスの組織IDとUSERNAME+@メールドメインを書き込みます。
エラーがあった場合のみ、$logFilePath 変数で指定している場所(サンプル内では、 C:\Windows\Temp\Set-BrowserExtensionPolicy_UserEmail_Error.log)にログが出力されます。
利用にあたって変更が必要な箇所
$organizationKey = "YOUR_ORGANIZATION_KEY_HERE" の YOUR_ORGANIZATION_KEY_HERE をお客様の組織IDに変更してください。
$emailDomain = "YOUR_DOMAIN.COM"の YOUR_DOMAIN.COM をお客様のメールアドレスドメインに変更してください。(@は入れないでください。@の右側だけ。)
$logFilePath = "C:\Windows\Temp\Set-BrowserExtensionPolicy_UserEmail_Error.log" ログが出力されるフォルダパスを必要に応じて変更して下さい。
利用方法
以下のスクリプトをコピーし、メモ帳などに貼り付け「名前を付けて保存」してください。ファイルの拡張子は、.ps1 とし、文字コードはUTF-8(BOM付)を選択してください。
その後 SKYSEA Client View でのソフトウェア配布の方法 をご参照の上設定を続けてください。
<#
.SYNOPSIS
Finds all user profiles on the device, and writes specified policy values to each user's HKCU registry hive for both Chrome and Edge extensions.
ERROR LOGGING ENABLED: Writes a log file only if an error occurs.
.DESCRIPTION
This script runs as the SYSTEM account, finds all user profiles by scanning the registry's ProfileList, and excludes system accounts.
For each user found, it resolves the SID to a username, and extracts the local part of the username.
It then constructs a 'UserEmail' (username@domain.com) and writes this value along with a fixed OrganizationKey to the specified Chrome AND Edge extension policy paths within each user's registry hive (HKEY_USERS\<SID>).
#>
# --- Configuration Settings ---
# Set the OrganizationKey value here (Mandatory)
$organizationKey = "YOUR_ORGANIZATION_KEY_HERE" # Replace with your actual key
# Set the Email Domain here (Mandatory)
$emailDomain = "YOUR_DOMAIN.COM" # Replace with your actual domain
# Relative registry key paths under HKCU for the specific extensions
$chromeRelativePath = "Software\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf\policy"
$edgeRelativePath = "SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy"
# Log settings
$logFilePath = "C:\Windows\Temp\Set-BrowserExtensionPolicy_UserEmail_Error.log" # エラー時に出力されるログのパス
# --- End of Configuration Settings ---
# --- Logging Setup ---
# メッセージをメモリに蓄積するためのリスト
$logBuffer = New-Object System.Collections.Generic.List[string]
# エラーが発生したかどうかを判定するフラグ
$errorOccurred = $false
# ログ記録用関数(画面出力の代わりにバッファに記録)
function Add-Log {
param (
[string]$Message,
[string]$Type = "INFO"
)
$timestamp = Get-Date -Format "yyyy/MM/dd HH:mm:ss"
$logEntry = "[$timestamp] [$Type] $Message"
$script:logBuffer.Add($logEntry)
# エラータイプの場合はフラグを立てる
if ($Type -eq "ERROR") {
$script:errorOccurred = $true
}
}
# --- Script Body ---
Add-Log "Script started. Processing all user profiles for Chrome and Edge extension policies (UserEmail version)."
# Basic check if OrganizationKey is set
if ([string]::IsNullOrWhiteSpace($organizationKey) -or $organizationKey -eq "YOUR_ORGANIZATION_KEY_HERE") {
Add-Log "Please set a valid value for the `$organizationKey variable at the top of the script." -Type "ERROR"
$logBuffer | Out-File -FilePath $logFilePath -Encoding UTF8
exit 1
}
# Basic check if EmailDomain is set
if ([string]::IsNullOrWhiteSpace($emailDomain) -or $emailDomain -eq "YOUR_DOMAIN.COM") {
Add-Log "Please set a valid value for the `$emailDomain variable at the top of the script." -Type "ERROR"
$logBuffer | Out-File -FilePath $logFilePath -Encoding UTF8
exit 1
}
# Get all user profiles from the registry, excluding system accounts
$profileListPath = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
# Filter for regular user SIDs.
$userProfiles = Get-ChildItem -Path $profileListPath |
Where-Object { $_.PSChildName -like "S-1-5-21-*" -or $_.PSChildName -like "S-1-12-1-*" }
if (-not $userProfiles) {
Add-Log "No target user profiles found. Exiting script." -Type "WARNING"
exit 0
}
# Loop through each found user profile
foreach ($profile in $userProfiles) {
$userSid = $profile.PSChildName
Add-Log "------------------------------------------------------------"
Add-Log "Processing SID: $userSid"
$localUserName = $null
$userName = $null
try {
# Translate SID to NTAccount object to get the username
$ntAccount = New-Object System.Security.Principal.NTAccount("S-1-0-0") # Dummy account for Translate method
$userAccount = (New-Object System.Security.Principal.SecurityIdentifier($userSid)).Translate([System.Security.Principal.NTAccount])
$userName = $userAccount.Value
# Extract the local part of username
if ($userName -like '*\*') {
# Handles DOMAIN\user format
$localUserName = $userName.Split('\')[1]
} else {
# Handles simple username format
$localUserName = $userName
}
Add-Log "Resolved User: '$userName'. Determined local username: '$localUserName'"
} catch {
Add-Log "Could not resolve SID '$userSid' to a username. Skipping this profile. Error: $($_.Exception.Message)" -Type "WARNING"
continue # Move to the next profile in the loop
}
# Proceed with registry operations only if SID and localUserName were obtained
if ($userSid -and $localUserName) {
# Construct the UserEmail value
$userEmailValue = "$($localUserName)@$($emailDomain)"
Add-Log "Constructed UserEmail: '$userEmailValue'"
# --- Process Chrome Path ---
$chromeRegistryPath = "Registry::HKEY_USERS\$userSid\$chromeRelativePath"
Add-Log "--- Processing Chrome Path for '$userName' ---"
try {
# Ensure the Chrome registry key exists, create if not
if (-not (Test-Path -Path $chromeRegistryPath)) {
Add-Log "Chrome registry key does not exist. Creating..."
New-Item -Path $chromeRegistryPath -Force -ErrorAction Stop | Out-Null
}
# Set UserEmail for Chrome
New-ItemProperty -Path $chromeRegistryPath -Name "UserEmail" -Value $userEmailValue -PropertyType String -Force -ErrorAction SilentlyContinue
if ($?) { Add-Log "Successfully set Chrome 'UserEmail'." }
else { Add-Log "Failed to set Chrome 'UserEmail'. Last Error: $($error[0].Exception.Message)" -Type "ERROR" }
# Set OrganizationKey for Chrome
New-ItemProperty -Path $chromeRegistryPath -Name "OrganizationKey" -Value $organizationKey -PropertyType String -Force -ErrorAction SilentlyContinue
if ($?) { Add-Log "Successfully set Chrome 'OrganizationKey'." }
else { Add-Log "Failed to set Chrome 'OrganizationKey'. Last Error: $($error[0].Exception.Message)" -Type "ERROR" }
} catch {
Add-Log "An error occurred while processing Chrome registry for '$userName': $($_.Exception.Message)" -Type "ERROR"
}
# --- Process Edge Path ---
$edgeRegistryPath = "Registry::HKEY_USERS\$userSid\$edgeRelativePath"
Add-Log "--- Processing Edge Path for '$userName' ---"
try {
# Ensure the Edge registry key exists, create if not
if (-not (Test-Path -Path $edgeRegistryPath)) {
Add-Log "Edge registry key does not exist. Creating..."
New-Item -Path $edgeRegistryPath -Force -ErrorAction Stop | Out-Null
}
# Set UserEmail for Edge
New-ItemProperty -Path $edgeRegistryPath -Name "UserEmail" -Value $userEmailValue -PropertyType String -Force -ErrorAction SilentlyContinue
if ($?) { Add-Log "Successfully set Edge 'UserEmail'." }
else { Add-Log "Failed to set Edge 'UserEmail'. Last Error: $($error[0].Exception.Message)" -Type "ERROR" }
# Set OrganizationKey for Edge
New-ItemProperty -Path $edgeRegistryPath -Name "OrganizationKey" -Value $organizationKey -PropertyType String -Force -ErrorAction SilentlyContinue
if ($?) { Add-Log "Successfully set Edge 'OrganizationKey'." }
else { Add-Log "Failed to set Edge 'OrganizationKey'. Last Error: $($error[0].Exception.Message)" -Type "ERROR" }
} catch {
Add-Log "An error occurred while processing Edge registry for '$userName': $($_.Exception.Message)" -Type "ERROR"
}
}
}
Add-Log "------------------------------------------------------------"
Add-Log "Script execution finished."
# --- Final Check: Save Log if Error Occurred ---
if ($errorOccurred) {
try {
$logBuffer | Out-File -FilePath $logFilePath -Encoding UTF8 -Force
} catch {
# 万が一ログファイルの書き込み自体に失敗した場合の最終手段
}
}