Add an Exception to Applocker Policy - Intune - powershell

My Client has an Applocker Policy in place to block Powershell
I have an issue where we are unable to deploy Intune Apps, built using PSADT and deployed under the User Context. I believe this Policy is blocking the scripts from running.
Is there a way to add an Exception to the code below to allow PowerShell to run from this location?
C:\Program Files (x86)\Microsoft Intune Management Extension\Content\Staging\
This is the current AppLocker Config
<RuleCollection Type="Exe" EnforcementMode="Enabled">
<FilePathRule Id="e16ce5e4-67f2-4ebf-ad01-c81fc8f28cd5" Name="All Files" Description="" UserOrGroupSid="S-1-5-32-544" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="9eb15b2e-f9c2-42d4-8692-ad1a0f6a0722" Name="All files" Description="Allows user to run files execpt powershell" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="POWERSHELL.EXE">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="POWERSHELL_ISE.EXE">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePathRule> <!-- This is a test to block python from running --> <FilePublisherRule Id="3d6ce594-1cc7-4870-b839-48c43a8954c0" Name="Signed by O=PYTHON SOFTWARE FOUNDATION, L=WOLFEBORO, S=NEW HAMPSHIRE, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=PYTHON SOFTWARE FOUNDATION, L=WOLFEBORO, S=NEW HAMPSHIRE, C=US" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule> </RuleCollection>

Related

Notepad++ | Show macro script

Is it possible to show the script of a macro to learn what it actually does?
Where are the macros stored so I can inspect the files, maybe they are human readable.
Once macro is saved, and Notepad++ is closed, macro will be saved to:
%USERPROFILE%\AppData\Roaming\Notepad++\shortcuts.xml
(c:\Users\%your user%\AppData\Roaming\Notepad++\shortcuts.xml)
Into <Macros> tag. It's sort of human readable: as each step is an <Action> tag, so steps could be deleted/copy-pasted, but to create a new steps it's much easier to record a new macro.
The default path of shortcuts.xml is C:\Users\%YOUR USERNAME%\AppData\Roaming\Notepad++ Here’s an simple RegEx replacement example of some of mine:
<Macro name="SO-Test" Ctrl="yes" Alt="no" Shift="yes" Key="112">
<Action type="3" message="1700" wParam="0" lParam="0" sParam="" />
<Action type="3" message="1601" wParam="0" lParam="0" sParam="(.+)" />
<Action type="3" message="1625" wParam="0" lParam="2" sParam="" />
<Action type="3" message="1602" wParam="0" lParam="0" sParam="\1 \1" />
<Action type="3" message="1702" wParam="0" lParam="768" sParam="" />
<Action type="3" message="1701" wParam="0" lParam="1609" sParam="" />
</Macro>
There are 2 locations that the shortcuts.xml file resides in. Notepad++ could be using either one, depending on how it was installed. Try the C:\Program Files\Notepad++ folder or C:\Program Files (x86)\Notepad++ folder.
Depending on whether you installed the 32bit or 64bit Notepad++ program it could be in either of the 2 Program Files folders (you can only install 64bit version if Windows is also 64bit).

Controlling the sequence of events in a Wixtoolset (.msi) installer

I am creating a Microsoft Installer (.msi file) using the Wixtoolset (Windows Installer XML). This installer must automate the installation of an existing .exe program (named installer.exe below) and copy a custom configuration file (named settings.conf below) to the target directory. In addition the installer must modify the configuration file using the InstallFiles command below. But the timing of events is critical. If the executable installer runs too early, it fails or exhibits strange behavior. And if the executable installer run too late in the install sequence, it overwrites my modified configuration file with the generic values. I believe this can be done by assigning a string to the Before or After property value. What Before or After property assignment will allow the executable to run properly but not overwrite the configuration file I moved by the CopyFile element? Here is my Wixtoolset XML code.
<Property Id="CONFIGFOLDER" Value="C:\acme\config" >
<Feature
Id="ConfigurationFile"
Title="Configuration File"
Level="1"
<ComponentRef Id="CMP_ACME_Config_File" />
</Feature>
<DirectoryRef Id="TARGETDIR">
<Component Id="CMP_ACME_Config_File" Guid="">
<File
Id="ACME_Config"
Source="MySettings.conf"
KeyPath="yes"
<CopyFile Id="Copy_ACME_Config"
DestinationProperty="CONFIGFOLDER"
DestinationName="settings.conf" />
</File>
</Component>
</DirectoryRef>
<Binary
Id="InstallerEXE"
SourceFile="installer.exe" />
<CustomAction
Id="Launch_Installer"
BinaryKey="InstallerEXE"
Impersonate="yes"
Execute="deferred"
ExeCommand=""
Return="check" />
<InstallExecuteSequence>
<Custom Action="Launch_Installer"
Before="InstallFiles">
</Custom>
</InstallExecuteSequence>
</Property>
I can't explain exactly why this works but assigning "InstallFiles" to the "After" property in the "Custom" element seems to do the trick.
<InstallExecuteSequence>
<Custom Action="Launch_Installer"
After="InstallFiles">
</Custom>
</InstallExecuteSequence>

Error: Need to specify the physical directory for the virtual path 'Web/' of role

I'm following the answer at the bottom of this question here: ASP.NET 5 web application as Azure Web Role? as I am trying to build an azure web role for asp.net core.
When I run the powershell script I get the error:
Error CloudServices077: Need to specify the physical directory for the virtual path 'Web/' of role
If anyone knows another way to use azure web roles in asp.net core then I am all for that too.
I'm using CSPack to try and configure this.
Powershell Script:
# path to cspack
$cspackPath = Join-Path $env:ProgramFiles 'Microsoft SDKs\Azure\.NET SDK\v2.8\bin\cspack.exe'
$PackagePath = 'I:\Users\MyUserName\Documents\visual studio 2015\Projects\SoundVast\SoundVast.Azure\SoundVast.cspkg'
$serviceDefinitionFile = 'I:\Users\MyUserName\Documents\visual studio 2015\Projects\SoundVast\SoundVast.Azure\ServiceDefinition.csdef'
$webRoleName = 'WebRole1'
$webRolePath = 'I:\Users\MyUserName\Documents\visual studio 2015\Projects\SoundVast\SoundVast.Azure'
# define the cspack parameters
$cspackParameter = #(
$serviceDefinitionFile,
"/role:$webRoleName;$webRolePath;",
"/sites:$webRoleName;SoundVast;$webRolePath",
"/out:$PackagePath"
)
# execute cspack
& $cspackPath #cspackParameter
ServiceDefinition.csdef
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="SoundVast.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="WebRole1" vmsize="Small">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
</WebRole>
</ServiceDefinition>
ServiceConfiguration.Cloud & ServiceConfiguration.Local
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="SoundVast.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2015-04.2.6">
<Role name="WebRole1">
<Instances count="1" />
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
</ConfigurationSettings>
</Role>
</ServiceConfiguration>
Folder structure (if it makes a difference...)
I was missing the phsycial directory on this line: <Site name="Web" physicalDirectory="../SoundVast">. After this I ran the script and it created a package for me. The documentation on this is really not good.
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="SoundVast.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="WebRole1" vmsize="Small">
<Sites>
<Site name="Web" physicalDirectory="../SoundVast">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
</WebRole>
</ServiceDefinition>
I encountered this issue and resolved it by deleting the web role from my cloud service (it was an MVC) and generating a new one. I had made so many modifications it had become messy, so making a new one from scratch solved the issue

Wix Burn Bootstrapper Uninstalling Crystal Report on Major Upgrade

I am using wix burn for my bootstrapper and every time I have upgrade to my application Crystal Reports runtime gets uninstalled. Can someone please help me fix this?
Bundle.wxs
<?xml version="1.0" encoding="UTF-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
xmlns:bal="http://schemas.microsoft.com/wix/BalExtension"
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
<?include Variables.wxi ?>
<Bundle Name="!(loc.BundleName)"
Version="$(var.Version)"
Manufacturer="!(loc.Manufacturer)"
HelpTelephone="!(loc.HelpPhone)"
Copyright="!(loc.Copyright)"
UpgradeCode="$(var.UpgradeCode)"
IconSourceFile="$(var.MainApplicationImagesFolder)\Car_Count_Report_Flat.ico" >
<!--SplashScreenSourceFile="$(var.MainApplicationImagesFolder)\BurnSplashScreen.bmp" >-->
<bal:Condition Message="This install requires Windows 7 Service Pack 1 or Higher">
((VersionNT >= v6.1) AND (ServicePackLevel >= 1) OR (VersionNT >= v6.3))
</bal:Condition>
<BootstrapperApplicationRef Id="WixStandardBootstrapperApplication.RtfLicense" />
<WixVariable Id="WixStdbaLicenseRtf" Value="$(var.EULAFolder)\EULA_en-US.rtf" />
<WixVariable Id="WixStdbaLogo" Value="$(var.MainApplicationImagesFolder)\car_counter_report_icon_64.png" />
<!-- Checks the Crystal Reports Registry Values -->
<!--<util:RegistrySearch Root="HKLM" Key="SOFTWARE\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Crystal Reports"
Value="CRRuntime64Version" Format="raw" Variable="CRRuntime64Version" Result="value" Win64="yes"/>-->
<util:RegistrySearch Root="HKLM" Key="SOFTWARE\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Crystal Reports"
Value="CRRuntime32Version" Format="raw" Variable="CRRuntime32Version" Result="value"/>
<!-- Checks the Main Application Registry Values -->
<!--<util:RegistrySearch Root="HKLM" Key="Software\Saunders Creative Strategies\Kaady\Car Count Report"
Value="Version" Format="raw" Variable="x64Version" Result="value" Win64="yes"/>-->
<util:RegistrySearch Root="HKLM" Key="Software\Saunders Creative Strategies\Kaady\Car Count Report"
Value="Version" Format="raw" Variable="x86Version" Result="value"/>
<!-- Adds Local Variables -->
<Variable Name="CRRUNTIMEUPGRADE" bal:Overridable="yes" Type="numeric" Value="1" />
<Chain>
<!-- TODO: Define the list of chained packages. -->
<!-- <MsiPackage SourceFile="path\to\your.msi" /> -->
<PackageGroupRef Id="NetFx45Redist"/>
<PackageGroupRef Id ="CrystalReportsRuntime"/>
<PackageGroupRef Id="MainApplicationFile"/>
</Chain>
</Bundle>
</Wix>
InstallationFiles.wxs
<?xml version="1.0" encoding="UTF-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
<?include Variables.wxi ?>
<Fragment>
<!-- Crystal Reports Runtime -->
<PackageGroup Id="CrystalReportsRuntime">
<!--<?if $(var.Platform) = x64 ?>--><!--
--><!--<MsiPackage Id ="CRRuntime64"
DownloadUrl="$(var.CRHttp)/$(var.CRx64Msi)"
SourceFile="$(var.3rdPartyApplicationFiles)\$(var.CRx64Msi)"
Name="$(var.CRx64Msi)"
Vital ="yes"
Compressed="no"
ForcePerMachine="yes"
InstallCondition="NOT CRRuntime64Version OR (CRRuntime64Version < "$(var.CRVersion)")" >
<MsiProperty Name="UPGRADE" Value="[CRRUNTIMEUPGRADE]" />
</MsiPackage>--><!--
--><!--<?else ?>-->
<MsiPackage Id ="CRRuntime32"
DownloadUrl="$(var.CRHttp)/$(var.CRx86Msi)"
SourceFile="$(var.3rdPartyApplicationFiles)\$(var.CRx86Msi)"
Name="$(var.CRx86Msi)"
Vital ="yes"
Compressed="no"
ForcePerMachine="yes"
Visible="yes"
Permanent="yes"
InstallCondition="NOT CRRuntime32Version AND (NOT (CRRuntime32Version = "$(var.CRVersion)"))" >
<MsiProperty Name="UPGRADE" Value="[CRRUNTIMEUPGRADE]" />
</MsiPackage>
<!--<?endif ?>-->
</PackageGroup>
<PackageGroup Id="MainApplicationFile">
<!--<MsiPackage Id="MainApplicationx64Msi" Vital="yes" Compressed="yes" ForcePerMachine="yes" Cache="yes"
Name="$(var.Mainx64Msi)"
InstallCondition="NOT x64Version OR (x64Version < "$(var.Version)")"
SourceFile="$(var.MainApplicationx64MsiFile)\$(var.Mainx64Msi)"/>-->
<MsiPackage Id="MainApplicationx86Msi" Vital="yes" Compressed="yes" ForcePerMachine="yes" Cache="yes"
Name="$(var.Mainx86Msi)"
Visible="no"
InstallCondition="NOT x86Version OR (x86Version < "$(var.Version)")"
SourceFile="$(var.MainApplicationx86MsiFile)\$(var.Mainx86Msi)"/>
</PackageGroup>
</Fragment>
</Wix>
Thank you
Shane
If you look at the install log in the user's temp directory, you would see that the upgrade bundle doesn't think it should install the CRRuntime32 because the InstallCondition is false. Burn uses the MSI's upgrade table to do the same logic that you're trying to do. If the Crystal Reports MSI is authored correctly, you should be able to just drop your install condition and let Burn decide whether it needs to be installed.
You should use DetectCondition instead of InstallCondition. The first answers: Is it installed?; The second: For a bundle installation, is it wanted?
The way you have it, burn removes CR when it is present during installation because the logic says it's not wanted.

x64 Word 2010 Add In registration using WiX

I' deploying a Word Add in using WiX, regarding x84 target Platforms (at least the Office installation has to be x86, never the less which OS Platform is used) everything is working well, my COM Interop registration of the Word Add In works and the add in auto-starts the first time I start word afer I installed the Add In.
I'm doing following registration stuff to the registry (cut from output of heat.exe)
I've created an intermediate file, helping me out for the COM Interop registration using this heat command:
"C:\Program Files\Windows Installer XML v3.5\bin\heat.exe" file MyAddin.dll -ag -template fragment -out MyAddin.wxs
The output of interesst looks like: (I know using RegistryValue this way has been deprecated)
<Class Id="{10BC65F1-32C0-3ED4-98A0-17661A8C4455}" Context="InprocServer32" Description="MyAddin.MyAddinClass" ThreadingModel="both" ForeignServer="mscoree.dll">
<ProgId Id="MyAddin.MyAddinClass" Description="MyAddin.MyAddinClass" />
</Class>
<File Id="filCC4172BEC1312562EDEF49648E45AE0D" KeyPath="yes" Source="..\MyAddin\bin\Debug\MyAddin.dll" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}" Value="" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32\1.0.0.0" Name="Class" Value="MyAddin.MyAddinClass" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32\1.0.0.0" Name="Assembly" Value="MyAddin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32\1.0.0.0" Name="RuntimeVersion" Value="v4.0.30319" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32\1.0.0.0" Name="CodeBase" Value="file:///[#filCC4172BEC1312562EDEF49648E45AE0D]" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32" Name="Class" Value="MyAddin.MyAddinClass" Type="string"Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32" Name="Assembly" Value="MyAddin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32" Name="RuntimeVersion" Value="v4.0.30319" Type="string" Action="write" />
<RegistryValue Root="HKCR" Key="CLSID\{10BC65F1-32C0-3ED4-98A0-17661A8C4455}\InprocServer32" Name="CodeBase" Value="file:///[#filCC4172BEC1312562EDEF49648E45AE0D]" Type="string" Action="write" />
The component including this stuff has the Win64Flag tag set to yes. Therefore I thought things will be written to the x64 part of the registry. Until this, i read following article about registry reflection telling this:
For example, the 32-bit InprocServer32 key is not relevant for 64-bit applications, so the InprocServer32 key is not reflected to the 64-bit registry view.
Furthermore:
However, 64-bit applications can use the 32-bit LocalServer32 key and the LocalServer32 key gets reflected.
But I already tried to use LocalServer32 instead of InprocServer32, but doing this, won't let my add in start on both platforms.
Will I have to use a call to RegAsm Tool or I'm missing a some tag or Interop registration option for x64 Platforms? Can anybody help?
With wix you need to do two things to disable registry reflection:
Mark your component as 64 bit component (attribute Win64="yes") (as you did)
Build your package as 64 bit package (Platform = x64)
This package won't be usable on x86 systems. So you will need two packages, one for x86 and one for x64. You can use the same source file for both packages as the Win64 attribute is ignored by the x86 package.

Categories