Need help with a Deploy to add back the Windows Store
I have CMD and PS scripts that work when I run them on the local machine, but I cannot get them to work in Deploy.
- CMD1: Saves copy of current permissions
- CMD2: Takes folder ownership and grants full permission
- PS1: Removes old folder and copies new one from network share
- PS2: Add Appx Package and Get Appx Package for all users
- CMD3: Restore Permissions
Anyone willing to help me to get it working?
Issues:
-
sysvol permissions for saving a copy of the permissions
-
failures in PS script saying that access is denied to the appmanifest.xml file or folder not available because a user has
logged out.
I run them using my admin account on the local machine (remote desktop and sitting in front of it) and they work. Adminpdq has Domain Administrator permission
-
I do not think I would need the entire xml of the package, but could you copy the powershell for step 4 into a code block? I can take a look at it and see if I get a similar error.
One question I do have, Uninstalling the store in the first place should not remove the original manifest from WindowsApps. Is there a reason that you need to completely replace the existing manifest?
-
Start-Transcript -Path c:\users\adminpdq\ps2log.txt path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.VCLibs.140.00_14.0.26706.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
Get-AppXPackage Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”} Get-AppXPackage Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”} Get-AppXPackage Microsoft.VCLibs.140.00_14.0.26706.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”} Get-AppXPackage Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”}
-
##Remove Provisioned Packages
$appname = @(
"*BingWeather"
"*BingFinance"
"*BingFoodAndDrink"
"*BingHealthAndFitness"
"*BingMaps"
"*BingNews"
"*BingSports"
"*BingTravel"
)
ForEach($app in $appname){ Get-AppxProvisionedPackage -Online | where {$_.PackageName -like $app} | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction SilentlyContinue
}
This is the PS I ran. The trailing asterisk is missing just to make the code show more properly in this text block.
This actually deleted the whole app folder in the WindowsApps folder - I probably misplaced a quote, comma, or asterisk while adding app names. I grabbed the good folders from a machine that was untouched and the same version.
**edited to try to get the code to show correctly.
-
My best bet on why this is working when you run it locally but not from Deploy is Add-AppxPackage does not have an -alluser like remove does. So it is attempting to install for the Deploy user. For a quick test can I have you log into the computer you are testing on with any credentials and then deploy this package with the Run As set to "Logged on User"?
-
PS1 failed before it got to 4. Even with -ErrorAction Continue
Error: Remove-Item : Cannot find path 'C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe' because it does not exist. At C:\WINDOWS\AdminArsenal\PDQDeployRunner\service-1\exec\user.ps1:9 char:1
Remove-Item "c:\Program Files\WindowsApps\Microsoft.WindowsStore_1171 ...
- CategoryInfo : ObjectNotFound: (C:\Program File...__8wekyb3d8bbwe:String) [Remove-Item], ItemNotFoundEx ception
- FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand
-
Best way around that is to test if it is there first, then remove if it is found.
If(Test-Path "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe"){
Remove-Item "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe" -Recurse -Force
}
-
I am close! I rearranged a few things to run the Add-AppXPackage as logged in user. I am still having issues though with:
If(Test-Path "c:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_neutral_split.scale-100_8wekyb3d8bbwe") { Remove-Item "c:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_neutral_split.scale-100_8wekyb3d8bbwe" -Recurse -Force }
Half of the time it just tells me that permission is denied even though I have taken ownership and have no errors with this: takeown /f "c:\Program Files" /r /d y > NUL icacls "c:\Program Files" /INHERITANCE:e /GRANT:r "DOMAIN\adminpdq":(OI)(CI)F /T /GRANT:r "administrators":(OI)(CI)F /T > NUL
Is it possible that it is not elevating privilege enough?
Please sign in to leave a comment.
Comments
8 comments