-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathInvoke-ChromeOMAURIParse.ps1
86 lines (71 loc) · 3.88 KB
/
Invoke-ChromeOMAURIParse.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#Script that will parse the Chrome ADMX files from your domains sysvol folder, and give you the OMA URI values.
#Script found on Reddit by https://www.reddit.com/user/ginolard/
$Domain = (Get-WmiObject Win32_ComputerSystem).Domain
Write-Host "Searching for Chrome policy files in $domain"
$PolSource = "filesystem::\\$domain\sysvol\$domain\Policies\"
$ChromeADMX = Get-ChildItem -Path $PolSource -Filter "chrome.admx" -Recurse
$ChromeADML = Get-ChildItem -Path $PolSource -Filter "chrome.adml" -Recurse
$results = @()
If ($ChromeADMX -and $ChromeADML) {
#Read ADMX into an XML object
Write-Host "Parsing $ChromeADMX"
[xml]$admx_xmlContent = Get-Content "filesystem::$($ChromeADMX.FullName)"
[System.Xml.XmlElement] $admx_xmlroot = $admx_xmlContent.get_DocumentElement()
#Read ADML into an XML object
Write-Host "Parsing $ChromeADML"
[xml]$adml_xmlContent = Get-Content "filesystem::$($ChromeADML.FullName)"
[System.Xml.XmlElement] $adml_xmlroot = $adml_xmlContent.get_DocumentElement()
$StringHashTable = $adml_xmlroot.resources.stringTable.string |group-object id -AsHashTable
#Set some top-level variables we'll need throughout
$GPOname = $ChromeADMX.BaseName
$CategoryHashTable = $admx_xmlroot.categories.category|Group-Object name -AsHashTable
$Policies = $admx_xmlroot.policies.policy
#Loop through every Policy element in the the ADMX and try to get the setting
Write-Host "Extracting policy settings"
ForEach ($p in $policies) {
Switch ($p.class) {
Machine {$PolicyClass = "Computer Configuration"}
User {$PolicyClass = "User Configuration"}
Both {$PolicyClass = "Both Configurations"}
}
#Try to determine the data type of the setting (this may not be 100% accurate!)
Switch ($false) {
$([string]::IsNullOrEmpty($p.enabledValue.decimal)) {$ValueType = 'Boolean'}
$([string]::IsNullOrEmpty($p.elements.boolean)) {$ValueType = 'Boolean'}
$([string]::IsNullOrEmpty($p.elements.decimal)) {$ValueType = 'Decimal'}
$([string]::IsNullOrEmpty($p.elements.enum)) {$ValueType = 'Decimal'}
$([string]::IsNullOrEmpty($p.elements.text)) {$ValueType = 'String'}
$([string]::IsNullOrEmpty($p.elements.list)) {$ValueType = 'String'}
$([string]::IsNullOrEmpty($p.elements.multiText)) {$ValueType = 'String'}
default {$ValueType = $p.elements}
}
$PolicyParent = $p.parentcategory.ref
$PolicySetting = $p.Name
$GPOSettingText = $StringHashTable.Get_Item($PolicySetting).InnerXML
$PolicyParentCategory = $CategoryHashTable.Get_Item($PolicyParent)
$PolicyParentCategoryName = $PolicyParentCategory.Name
$PolicyParentCategoryDisplayName = $PolicyParentCategory.displayName.Substring(9).Replace(')','')
$GPOSection = $StringHashTable.Get_Item($PolicyParentCategoryDisplayName).InnerXML
#Create OMA-URI and equivalent GPO Path variables
If ($GPOSection -eq "Google Chrome") {
$GPOPath = "$PolicyClass/$GPOSection/$GPOSettingText"
} Else {
$GPOPath = "$PolicyClass/Google Chrome/$GPOSection/$GPOSettingText"
}
If ($PolicyParentCategoryName -eq 'googlechrome') {
$OMAURIPrefix = "./Device/Vendor/MSFT/Policy/Config/$GPOName~Policy~$PolicyParentCategoryName/$PolicySetting"
} Else {
$OMAURIPrefix = "./Device/Vendor/MSFT/Policy/Config/$GPOName~Policy~googlechrome~$PolicyParentCategoryName/$PolicySetting"
}
#Add entry to results
$results += [pscustomobject] @{
'GPO Setting' = $GPOPath
'OMA-URI' = $OMAURIPrefix
'Value Type' = $ValueType
}
}
Write-Host "Displaying results"
$results|Out-GridView
} Else {
Write-Error "Could not find one of $ADMXFile or $ADMLFile"
}