44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

win: fix, improve and unify Windows version logic

Browse Source 
This commit centralizes Windows version constraints through a new
function for improved clarity, maintainability and reusability.

Changes:

- Add `RunPowerShellWithWindowsVersionConstraints` function
- Support specifying minimum and maximum Windows versions
- Introduce user-friendly tags like `Windows11-FirstRelease`
- Fix version logic by correcting incorrect block syntax in various
  functions.
This commit is contained in:
undergroundwires
2024-08-04 15:29:29 +02:00
parent ded55a66d6
commit f89c2322b0
1 changed files with 56 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
src/application/collections/windows.yaml
View File

@@ -12157,7 +12157,7 @@ actions:
function: EnableTLSProtocol function: EnableTLSProtocol
parameters: parameters:
protocolName: TLS 1.3 protocolName: TLS 1.3
minimumWindowsVersion: Windows11 minimumWindowsVersion: Windows11-FirstRelease
- -
name: Enable secure connections for legacy .NET apps name: Enable secure connections for legacy .NET apps
recommend: strict # Default since .NET 4.6 and above, but can still break legacy apps recommend: strict # Default since .NET 4.6 and above, but can still break legacy apps
@@ -24167,11 +24167,9 @@ actions:
[1]: https://web.archive.org/web/20231002162808/https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds_vdi-recommendations-1909#remove-onedrive-components "Optimizing Windows 10, version 1909, for a Virtual Desktop Infrastructure (VDI) role | Microsoft Learn" [1]: https://web.archive.org/web/20231002162808/https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds_vdi-recommendations-1909#remove-onedrive-components "Optimizing Windows 10, version 1909, for a Virtual Desktop Infrastructure (VDI) role | Microsoft Learn"
call: call:
function: RunPowerShellWithWindowsVersionSpecificSetup function: RunPowerShellWithWindowsVersionConstraints
parameters: parameters:
windows11SpecificSetupCode: |- maximumWindowsVersion: Windows10-MostRecent
Write-Host 'Skipping, no action needed on Windows 11.'
Exit 0
code: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f 2>$null code: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f 2>$null
revertCode: |- revertCode: |-
if([Environment]::Is64BitOperatingSystem) { if([Environment]::Is64BitOperatingSystem) {
@@ -25722,7 +25720,7 @@ actions:
function: ShowMessage function: ShowMessage
parameters: parameters:
message: Disabling Network settings on Windows 10 is known to break Network settings. message: Disabling Network settings on Windows 10 is known to break Network settings.
ignoreWindows11: 'true' maximumWindowsVersion: Windows10-MostRecent
warn: 'true' warn: 'true'
- -
function: DisableService function: DisableService
@@ -26856,17 +26854,17 @@ functions:
- name: code # Batchfile code to execute with TrustedInstaller privileges. - name: code # Batchfile code to execute with TrustedInstaller privileges.
- name: revertCode # Optional batchfile code to revert changes. This code also runs with TrustedInstaller privileges. - name: revertCode # Optional batchfile code to revert changes. This code also runs with TrustedInstaller privileges.
optional: true optional: true
- name: minimumWindowsVersion # Optionally specify the minimum Windows version required to execute the script. - name: minimumWindowsVersion # See `RunPowerShellWithWindowsVersionConstraints`
optional: true # Allowed values: Windows11, Windows10-1607 optional: true
docs: |- docs: |-
This function executes PowerShell code with TrustedInstaller privileges, which may be required for performing system-level tasks This function executes PowerShell code with TrustedInstaller privileges, which may be required for performing system-level tasks
that require the highest permission levels. that require the highest permission levels.
This function is designed to handle tasks that cannot be completed under normal user or administrator privileges, This function is designed to handle tasks that cannot be completed under normal user or administrator privileges,
such as modifying protected registry keys or system files. such as modifying protected registry keys or system files.
call: call:
function: RunPowerShellWithMinimumWindowsVersion function: RunPowerShellWithWindowsVersionConstraints
parameters: parameters:
minimumWindowsVersion: '{{ with $minimumWindowsVersion }}.{{ end }}' minimumWindowsVersion: '{{ with $minimumWindowsVersion }}{{ . }}{{ end }}'
# PowerShell commands (`Unregister-ScheduledTask` and `Get-ScheduledTask`) sometimes fail to find existing tasks. # PowerShell commands (`Unregister-ScheduledTask` and `Get-ScheduledTask`) sometimes fail to find existing tasks.
# Seen e.g. on Windows 11 when reverting scripts after executing them and reboot. # Seen e.g. on Windows 11 when reverting scripts after executing them and reboot.
# They are seen to throw different exceptions: # They are seen to throw different exceptions:
@@ -27545,27 +27543,19 @@ functions:
name: ShowMessage name: ShowMessage
parameters: parameters:
- name: message - name: message
- name: ignoreWindows11 # Ignores warning message on Windows 11, allowed values: true | false, default: false - name: minimumWindowsVersion # See `RunPowerShellWithWindowsVersionConstraints`
optional: true optional: true
- name: ignoreWindows10 # Ignores warning message on Windows 10, allowed values: true | false, default: false - name: maximumWindowsVersion # See `RunPowerShellWithWindowsVersionConstraints`
optional: true optional: true
- name: showOnRevert - name: showOnRevert
optional: true optional: true
- name: warn - name: warn
optional: true optional: true
call: call:
function: RunPowerShellWithWindowsVersionSpecificSetup function: RunPowerShellWithWindowsVersionConstraints
parameters: parameters:
windows10SpecificSetupCode: |- minimumWindowsVersion: '{{ with $minimumWindowsVersion }}{{ . }}{{ end }}'
$ignoreWindows10 = {{ with $ignoreWindows10 }} $true # {{ end }} $false maximumWindowsVersion: '{{ with $maximumWindowsVersion }}{{ . }}{{ end }}'
if ($ignoreWindows10) {
Exit 0 # Skip
}
windows11SpecificSetupCode: |-
$ignoreWindows11 = {{ with $ignoreWindows11 }} $true # {{ end }} $false
if ($ignoreWindows11) {
Exit 0 # Skip
}
code: |- code: |-
$message = '{{ $message }}' $message = '{{ $message }}'
$warn = {{ with $warn }} $true # {{ end }} $false $warn = {{ with $warn }} $true # {{ end }} $false
@@ -28938,16 +28928,16 @@ functions:
- name: data # Data for the new registry entry. - name: data # Data for the new registry entry.
- name: deleteOnRevert # Set to 'true' to revert to the initial state by deleting the registry key. - name: deleteOnRevert # Set to 'true' to revert to the initial state by deleting the registry key.
optional: true optional: true
- name: minimumWindowsVersion # Ensures the script executes only on specified Windows versions or newer. - name: minimumWindowsVersion # See `RunPowerShellWithWindowsVersionConstraints`
optional: true # Allowed values: Windows11, Windows10-1607 optional: true
docs: |- docs: |-
This function creates or modifies a registry entry at a specified path. This function creates or modifies a registry entry at a specified path.
> 💡 Use this function for a consistent approach instead of directly using `reg add` or `reg delete` commands. > 💡 Use this function for a consistent approach instead of directly using `reg add` or `reg delete` commands.
call: call:
function: RunPowerShellWithMinimumWindowsVersion function: RunPowerShellWithWindowsVersionConstraints
parameters: parameters:
minimumWindowsVersion: '{{ with $minimumWindowsVersion }}.{{ end }}' minimumWindowsVersion: '{{ with $minimumWindowsVersion }}{{ . }}{{ end }}'
code: |- code: |-
reg add '{{ $keyPath }}' ` reg add '{{ $keyPath }}' `
/v '{{ $valueName }}' ` /v '{{ $valueName }}' `
@@ -28964,8 +28954,8 @@ functions:
name: EnableTLSProtocol name: EnableTLSProtocol
parameters: parameters:
- name: protocolName - name: protocolName
- name: minimumWindowsVersion # Defines the minimum Windows version required to support this protocol. The script will not execute on unsupported versions. - name: minimumWindowsVersion # See `RunPowerShellWithWindowsVersionConstraints`
optional: true # Allowed values: Windows11, Windows10-1607 optional: true
docs: |- docs: |-
This function enables of specific TLS protocols by modifying registry entries at This function enables of specific TLS protocols by modifying registry entries at
`HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols` [1] [2]. `HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols` [1] [2].
@@ -29678,67 +29668,53 @@ functions:
data: "{{ $dwordData }}" data: "{{ $dwordData }}"
deleteOnRevert: 'true' # Missing by default since Windows 10 Pro (≥ 22H2) and Windows 11 Pro (≥ 23H2) | Tested since EdgeUpdate ≥ 1.3.187.41 deleteOnRevert: 'true' # Missing by default since Windows 10 Pro (≥ 22H2) and Windows 11 Pro (≥ 23H2) | Tested since EdgeUpdate ≥ 1.3.187.41
- -
name: RunPowerShellWithWindowsVersionSpecificSetup name: RunPowerShellWithWindowsVersionConstraints
# 💡 Purpose:
# Executes PowerShell code conditionally based on the Windows version.
# This function allows for running different PowerShell commands specifically tailored
# for different Windows versions, alongside universal PowerShell code.
parameters:
- name: code # PowerShell code executed on all Windows versions
- name: revertCode # Optional PowerShell code to revert changes on all Windows versions
optional: true
- name: windows10SpecificSetupCode # Optional PowerShell code executed only on Windows 10 before the main code
optional: true
- name: windows11SpecificSetupCode # Optional PowerShell code executed only on Windows 11 before the main code
optional: true
call:
function: RunPowerShellWithSetup
parameters:
setupCode: |-
{{ with $windows11SpecificSetupCode }}
$osVersion = [System.Environment]::OSVersion.Version
function Test-IsWindows11 { ($osVersion.Major -gt 10) -or (($osVersion.Major -eq 10) -and ($osVersion.Build -ge 22000)) }
if (Test-IsWindows11) {
{{ . }}
}
{{ end }}
{{ with $windows10SpecificSetupCode }}
$osVersion = [System.Environment]::OSVersion.Version
function Test-IsWindows10 { ($osVersion.Major -eq 10) -and ($osVersion.Build -lt 22000) }
if (Test-IsWindows10) {
{{ . }}
}
{{ end }}
code: '{{ $code }}'
revertCode: '{{ with $revertCode }}{{ . }}{{ end }}'
-
name: RunPowerShellWithMinimumWindowsVersion
docs: |- docs: |-
This function executes PowerShell code on Windows systems that meet a specified minimum version requirement. This function executes PowerShell code on Windows systems that meet specified Windows version requirements.
It ensures the script runs only on the specified Windows versions or newer. It ensures the script runs only on Windows versions within the specified range.
parameters: parameters:
- name: code # The main PowerShell code to execute. - name: code # The main PowerShell code to execute.
- name: revertCode # Optional PowerShell code to revert any changes. Executed only if provided. - name: revertCode # Optional PowerShell code to revert any changes. Executed only if provided.
optional: true optional: true
- name: minimumWindowsVersion # Specifies the minimum Windows version for executing the PowerShell script. - name: minimumWindowsVersion # Specifies the minimum Windows version for executing the PowerShell script.
optional: true # Allowed values: Windows11, Windows10-1607 optional: true # Allowed values: Windows11-FirstRelease (First Windows 11), Windows10-1607
- name: maximumWindowsVersion # Specifies the maximum Windows version for executing the PowerShell script.
optional: true # Allowed values: Windows10-MostRecent (most recent Windows)
call: call:
function: RunPowerShellWithSetup function: RunPowerShellWithSetup
parameters: parameters:
# Marked: refactor-with-if-syntax # Marked: refactor-with-if-syntax
# If checks can be handled during compile time. # If checks can be handled during compile time.
setupCode: |- setupCode: |- # See: Find build numbers: https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions
{{ with $minimumWindowsVersion }} {{ with $minimumWindowsVersion }}
$targetWindowsVersion = '{{ . }}' $minimumVersionName = '{{ . }}'
$parsedVersion=$null $buildNumber=$null
if ($targetWindowsVersion -eq 'Windows11') { $buildNumber = switch ($minimumVersionName) {
$parsedVersion=[System.Version]::Parse('10.0.22000') 'Windows11-FirstRelease' { '10.0.22000' }
} elseif ($targetWindowsVersion -eq 'Windows10-1607') { 'Windows10-1607' { '10.0.14393' }
$parsedVersion=[System.Version]::Parse('10.0.14393') default {
Write-Error "Internal privacy.sexy error: Failed to find build number for minimum allowed Windows version: `"$minimumVersionName`"."
Exit 1
}
} }
if ([System.Environment]::OSVersion.Version -lt $parsedVersion) { $parsedMinimumVersion=[System.Version]::Parse($buildNumber)
Write-Output "Skipping, versions before $parsedVersion are not supported." if ([System.Environment]::OSVersion.Version -lt $parsedMinimumVersion) {
exit 0 Write-Output "Skipping: Current Windows version ($([System.Environment]::OSVersion.Version)) is below the minimum required version ($parsedMinimumVersion - $minimumVersionName)."
Exit 0
}
{{ end }}{{ with $maximumWindowsVersion }}
$maximumVersionName = '{{ . }}'
$buildNumber = switch ($maximumVersionName) {
'Windows10-MostRecent' { '10.0.19045' }
default {
Write-Error "Internal privacy.sexy error: Failed to find build number for maximum allowed Windows version: `"$maximumVersionName`"."
Exit 1
}
}
$parsedMaximumVersion=[System.Version]::Parse($buildNumber)
if ([System.Environment]::OSVersion.Version -gt $parsedMaximumVersion) {
Write-Output "Skipping: Current Windows version ($([System.Environment]::OSVersion.Version)) is above the maximum allowed version ($parsedMaximumVersion - $maximumVersionName)."
Exit 0
} }
{{ end }} {{ end }}
code: '{{ $code }}' code: '{{ $code }}'
@@ -29754,8 +29730,8 @@ functions:
optional: true optional: true
- name: dataOnRevert # Specifies the value to restore when reverting the registry change, instead of deleting the entry. - name: dataOnRevert # Specifies the value to restore when reverting the registry change, instead of deleting the entry.
optional: true optional: true
- name: minimumWindowsVersion # Ensures the script executes only on specified Windows versions or newer. - name: minimumWindowsVersion # See `RunPowerShellWithWindowsVersionConstraints`
optional: true # Allowed values: Windows11, Windows10-1607 optional: true
docs: >- docs: >-
Sets registry value using TrustedInstaller privileges. Sets registry value using TrustedInstaller privileges.
@@ -29774,7 +29750,7 @@ functions:
{{ with $dataOnRevert }} {{ with $dataOnRevert }}
reg add "{{ $keyPath }}" /v "{{ $valueName }}" /t "{{ $dataType }}" /d "{{ . }}" /f reg add "{{ $keyPath }}" /v "{{ $valueName }}" /t "{{ $dataType }}" /d "{{ . }}" /f
{{ end }} {{ end }}
minimumWindowsVersion: '{{ with $minimumWindowsVersion }}.{{ end }}' minimumWindowsVersion: '{{ with $minimumWindowsVersion }}{{ . }}{{ end }}'
- -
name: DeleteVisualStudioLicense name: DeleteVisualStudioLicense
parameters: parameters: