-
Notifications
You must be signed in to change notification settings - Fork 27
/
RegistryPolicies.schema.psm1
86 lines (76 loc) · 2.54 KB
/
RegistryPolicies.schema.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
configuration RegistryPolicies {
param (
[Parameter(Mandatory = $true)]
[hashtable[]]
$Values,
[Parameter()]
[int]
$GpUpdateInterval = 20
)
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName GPRegistryPolicyDsc
[string]$executionName = $null
[int]$refreshCounter = 0
# Set default gpupdate interval if necessary
if (($null -eq $GpUpdateInterval) -or ($GpUpdateInterval -le 0))
{
$GpUpdateInterval = 20
}
foreach ($value in $values)
{
if (-not $value.ContainsKey('Ensure'))
{
$value.Ensure = 'Present'
}
if (-not $value.ContainsKey('TargetType'))
{
$value.TargetType = 'ComputerConfiguration'
}
if ([String]::IsNullOrEmpty($value.ValueName))
{
$value.ValueName = ''
}
if ([String]::IsNullOrEmpty($value.ValueData) -and ($value.Ensure -eq 'Present'))
{
$value.ValueData = ''
}
if ([string]::IsNullOrEmpty($executionName) -eq $false)
{
# set dependency to previous policy
$value.DependsOn = "[RegistryPolicyFile]$executionName"
}
if ($value.ContainsKey('Force'))
{
if ( $value.Force -eq 'True')
{
# set counter threshold so that RefreshRegistryPolicy will be generated after this value
$refreshCounter = $GpUpdateInterval
}
$value.Remove('Force')
}
$executionName = "$($value.Key)\$($value.ValueName)" -replace "[\s\\:*-+/{}```"']", '_'
(Get-DscSplattedResource -ResourceName RegistryPolicyFile -ExecutionName $executionName -Properties $value -NoInvoke).Invoke($value)
$refreshCounter += 1
if ( $refreshCounter -ge $GpUpdateInterval )
{
$refreshCounter = 0
# update policies after set of 10 policy values
RefreshRegistryPolicy "$($executionName)_Refresh"
{
IsSingleInstance = 'Yes'
DependsOn = "[RegistryPolicyFile]$executionName"
}
# clear gpupdate dependency
$executionName = $null
}
}
# update policies after set of the last policy value
if ($refreshCounter -gt 0)
{
RefreshRegistryPolicy 'RefreshLastRegistryPolicies'
{
IsSingleInstance = 'Yes'
DependsOn = "[RegistryPolicyFile]$executionName"
}
}
}