Implement Group Policy settings for PSResource Repository (#1730)

Author: adityapatwardhan

doBuild.ps1

@@ -34,9 +34,19 @@ function DoBuild
     Copy-Item -Path "./LICENSE" -Dest "$BuildOutPath"
 
     # Copy notice
-    Write-Verbose -Verbose -Message "Copying ThirdPartyNotices.txt to '$BuildOutPath'"
+    Write-Verbose -Verbose -Message "Copying Notice.txt to '$BuildOutPath'"
     Copy-Item -Path "./Notice.txt" -Dest "$BuildOutPath"
 
+    # Copy Group Policy files
+    Write-Verbose -Verbose -Message "Copying InstallPSResourceGetPolicyDefinitions.ps1 to '$BuildOutPath'"
+    Copy-Item -Path "${SrcPath}/InstallPSResourceGetPolicyDefinitions.ps1" -Dest "$BuildOutPath" -Force
+
+    Write-Verbose -Verbose -Message "Copying PSResourceRepository.adml to '$BuildOutPath'"
+    Copy-Item -Path "${SrcPath}/PSResourceRepository.adml" -Dest "$BuildOutPath" -Force
+
+    Write-Verbose -Verbose -Message "Copying PSResourceRepository.admx to '$BuildOutPath'"
+    Copy-Item -Path "${SrcPath}/PSResourceRepository.admx" -Dest "$BuildOutPath" -Force
+
     # Build and place binaries
     if ( Test-Path "${SrcPath}/code" ) {
         Write-Verbose -Verbose -Message "Building assembly and copying to '$BuildOutPath'"

global.json

@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "8.0.400"
+        "version": "8.0.403"
     }
 }

src/InstallPSResourceGetPolicyDefinitions.ps1

@@ -0,0 +1,88 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+<#
+.Synopsis
+    Group Policy tools use administrative template files (.admx, .adml) to populate policy settings in the user interface.
+    This allows administrators to manage registry-based policy settings.
+    This script installs PSResourceGet Administrative Templates for Windows.
+.Notes
+    The PSResourceRepository.admx and PSResourceRepository.adml files are
+    expected to be at the location specified by the Path parameter with default value of the location of this script.
+#>
+[CmdletBinding()]
+param
+(
+    [ValidateNotNullOrEmpty()]
+    [string] $Path = $PSScriptRoot
+)
+Set-StrictMode -Version 3.0
+$ErrorActionPreference = 'Stop'
+
+function Test-Elevated
+{
+    [CmdletBinding()]
+    [OutputType([bool])]
+    Param()
+
+    # if the current Powershell session was called with administrator privileges,
+    # the Administrator Group's well-known SID will show up in the Groups for the current identity.
+    # Note that the SID won't show up unless the process is elevated.
+    return (([Security.Principal.WindowsIdentity]::GetCurrent()).Groups -contains "S-1-5-32-544")
+}
+$IsWindowsOs = $PSHOME.EndsWith('\WindowsPowerShell\v1.0', [System.StringComparison]::OrdinalIgnoreCase) -or $IsWindows
+
+if (-not $IsWindowsOs)
+{
+    throw 'This script must be run on Windows.'
+}
+
+if (-not (Test-Elevated))
+{
+    throw 'This script must be run from an elevated process.'
+}
+
+if ([System.Management.Automation.Platform]::IsNanoServer)
+{
+    throw 'Group policy definitions are not supported on Nano Server.'
+}
+
+$admxName = 'PSResourceRepository.admx'
+$admlName = 'PSResourceRepository.adml'
+$admx = Get-Item -Path (Join-Path -Path $Path -ChildPath $admxName)
+$adml = Get-Item -Path (Join-Path -Path $Path -ChildPath $admlName)
+$admxTargetPath = Join-Path -Path $env:WINDIR -ChildPath "PolicyDefinitions"
+$admlTargetPath = Join-Path -Path $admxTargetPath -ChildPath "en-US"
+
+$files = @($admx, $adml)
+foreach ($file in $files)
+{
+    if (-not (Test-Path -Path $file))
+    {
+        throw "Could not find $($file.Name) at $Path"
+    }
+}
+
+Write-Verbose "Copying $admx to $admxTargetPath"
+Copy-Item -Path $admx -Destination $admxTargetPath -Force
+$admxTargetFullPath = Join-Path -Path $admxTargetPath -ChildPath $admxName
+if (Test-Path -Path $admxTargetFullPath)
+{
+    Write-Verbose "$admxName was installed successfully"
+}
+else
+{
+    Write-Error "Could not install $admxName"
+}
+
+Write-Verbose "Copying $adml to $admlTargetPath"
+Copy-Item -Path $adml -Destination $admlTargetPath -Force
+$admlTargetFullPath = Join-Path -Path $admlTargetPath -ChildPath $admlName
+if (Test-Path -Path $admlTargetFullPath)
+{
+    Write-Verbose "$admlName was installed successfully"
+}
+else
+{
+    Write-Error "Could not install $admlName"
+}

src/PSGet.Format.ps1xml

@@ -94,6 +94,7 @@
                     <TableColumnHeader><Label>Uri</Label></TableColumnHeader>
                     <TableColumnHeader><Label>Trusted</Label></TableColumnHeader>
                     <TableColumnHeader><Label>Priority</Label></TableColumnHeader>
+                    <TableColumnHeader><Label>IsAllowedByPolicy</Label></TableColumnHeader>
                 </TableHeaders>
                 <TableRowEntries>
                     <TableRowEntry>
@@ -102,6 +103,7 @@
                             <TableColumnItem><PropertyName>Uri</PropertyName></TableColumnItem>
                             <TableColumnItem><PropertyName>Trusted</PropertyName></TableColumnItem>
                             <TableColumnItem><PropertyName>Priority</PropertyName></TableColumnItem>
+                            <TableColumnItem><PropertyName>IsAllowedByPolicy</PropertyName></TableColumnItem>
                         </TableColumnItems>
                     </TableRowEntry>
                 </TableRowEntries>

src/PSResourceRepository.adml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--  (c) 2006 Microsoft Corporation  -->
+<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
+    <displayName>PSResourceGet Repository Policy</displayName>
+    <description>This creates an allow list of repositories for PSResourceGet.</description>
+    <resources>
+        <stringTable>
+            <string id="SUPPORTED_Windows11">At least Windows 11*</string>
+            <string id="PSResourceGetRepository">PSResourceGet Repository Policy</string>
+            <string id="PSResourceGetRepository_Help">This creates an allow list of repositories for PSResourceGet.</string>
+            <string id="PSResourceGetRepository_Cat">PSResourceGet Repository Policies</string>
+        </stringTable>
+        <presentationTable>
+            <presentation id="PSResourceGetRepository">
+              <text>Please create an allow list of repositories using a name value pair like following: Name=PSGallery;Uri=https://www.powershellgallery.com/api/v2</text>
+              <listBox refId="PSResourceGetRepository_Listbox"/>
+            </presentation>
+        </presentationTable>
+    </resources>
+</policyDefinitionResources>

src/PSResourceRepository.admx

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--  (c) 2006 Microsoft Corporation  -->
+<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
+
+  <policyNamespaces>
+    <target prefix="PSResourceRepository" namespace="Microsoft.PoliciesContentPSResourceRepository" />
+    <using prefix="windows" namespace="Microsoft.Policies.Windows" />
+    <using prefix="products" namespace="Microsoft.Policies.Products" />
+  </policyNamespaces>
+
+  <resources minRequiredRevision="1.0" />
+
+  <supportedOn>
+    <definitions>
+      <definition name="SUPPORTED_Windows11" displayName="$(string.SUPPORTED_Windows11)">
+        <or>
+          <reference ref="windows:SUPPORTED_Windows11"/>
+        </or>
+      </definition>
+    </definitions>
+  </supportedOn>
+
+  <categories>
+    <category name="PSResourceGetRepository" displayName="$(string.PSResourceGetRepository_Cat)">
+      <parentCategory ref="windows:WindowsComponents" />
+    </category>
+  </categories>
+
+  <policies>
+
+    <policy name="PSResourceGetRepository" 
+            class="User" 
+            displayName="$(string.PSResourceGetRepository)" 
+            explainText="$(string.PSResourceGetRepository_Help)" 
+            presentation="$(presentation.PSResourceGetRepository)" 
+            key="SOFTWARE\Policies\Microsoft\PSResourceGetRepository">
+        <parentCategory ref="PSResourceGetRepository"/>
+        <supportedOn ref="windows:SUPPORTED_Windows11" />
+        <elements>
+            <list id="PSResourceGetRepository_Listbox" key="SOFTWARE\Policies\Microsoft\PSResourceGetRepository" valuePrefix=""/>
+        </elements>
+    </policy>
+
+  </policies>
+</policyDefinitions>