Need help with a Deploy to add back the Windows Store
I have CMD and PS scripts that work when I run them on the local machine, but I cannot get them to work in Deploy.
- CMD1: Saves copy of current permissions
- CMD2: Takes folder ownership and grants full permission
- PS1: Removes old folder and copies new one from network share
- PS2: Add Appx Package and Get Appx Package for all users
- CMD3: Restore Permissions
Anyone willing to help me to get it working?
Issues:
-
sysvol permissions for saving a copy of the permissions
-
failures in PS script saying that access is denied to the appmanifest.xml file or folder not available because a user has
logged out.
I run them using my admin account on the local machine (remote desktop and sitting in front of it) and they work. Adminpdq has Domain Administrator permission
Comments
I am willing to share the xml file of my package, but I did not want to post the whole long thing here if it was not appropriate...
I do not think I would need the entire xml of the package, but could you copy the powershell for step 4 into a code block? I can take a look at it and see if I get a similar error.
One question I do have, Uninstalling the store in the first place should not remove the original manifest from WindowsApps. Is there a reason that you need to completely replace the existing manifest?
Start-Transcript -Path c:\users\adminpdq\ps2log.txt path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.VCLibs.140.00_14.0.26706.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
path = Get-ChildItem -Path “C:\Program Files\WindowsApps” | Where-Object {_.BaseName -like "Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe"} | select fullname $registerpath = $path.FullName + “\appxmanifest.xml” Add-AppxPackage -DisableDevelopmentMode -Register $registerpath
Get-AppXPackage Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”} Get-AppXPackage Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”} Get-AppXPackage Microsoft.VCLibs.140.00_14.0.26706.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”} Get-AppXPackage Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “(.InstallLocation)\AppXManifest.xml”}
##Remove Provisioned Packages
$appname = @(
"*BingWeather"
"*BingFinance"
"*BingFoodAndDrink"
"*BingHealthAndFitness"
"*BingMaps"
"*BingNews"
"*BingSports"
"*BingTravel"
)
ForEach($app in $appname){ Get-AppxProvisionedPackage -Online | where {$_.PackageName -like $app} | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction SilentlyContinue
}
This is the PS I ran. The trailing asterisk is missing just to make the code show more properly in this text block.
This actually deleted the whole app folder in the WindowsApps folder - I probably misplaced a quote, comma, or asterisk while adding app names. I grabbed the good folders from a machine that was untouched and the same version.
**edited to try to get the code to show correctly.
My best bet on why this is working when you run it locally but not from Deploy is Add-AppxPackage does not have an -alluser like remove does. So it is attempting to install for the Deploy user. For a quick test can I have you log into the computer you are testing on with any credentials and then deploy this package with the Run As set to "Logged on User"?
PS1 failed before it got to 4. Even with -ErrorAction Continue
Error: Remove-Item : Cannot find path 'C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe' because it does not exist. At C:\WINDOWS\AdminArsenal\PDQDeployRunner\service-1\exec\user.ps1:9 char:1
Remove-Item "c:\Program Files\WindowsApps\Microsoft.WindowsStore_1171 ...
Best way around that is to test if it is there first, then remove if it is found.
If(Test-Path "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe"){
Remove-Item "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe" -Recurse -Force
}
I am close! I rearranged a few things to run the Add-AppXPackage as logged in user. I am still having issues though with:
If(Test-Path "c:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_neutral_split.scale-100_8wekyb3d8bbwe") { Remove-Item "c:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_neutral_split.scale-100_8wekyb3d8bbwe" -Recurse -Force }
Half of the time it just tells me that permission is denied even though I have taken ownership and have no errors with this: takeown /f "c:\Program Files" /r /d y > NUL icacls "c:\Program Files" /INHERITANCE:e /GRANT:r "DOMAIN\adminpdq":(OI)(CI)F /T /GRANT:r "administrators":(OI)(CI)F /T > NUL
Is it possible that it is not elevating privilege enough?