Hello!
I decided it would be fun to start playing around with converting ADMX templates to fixlets and I wanted to share my progress here.
My current version of the ADMX to Fixlet converter is as follows:
Enable/Disable:
Dropdown Selection:
````("" & it & “”) of concatenations “” of ("" & item 5 of it & " - " & item 1 of it & " - " & item 2 of it & “<![CDATA[<" & escape of concatenations "
" of substrings separated by "%0a" of item 4 of it & "> ]]>not exists (key %22HKEY_LOCAL_MACHINE” & item 4 of it & “%22 of registry) whose (exists value %22” & item 1 of it & “%22 of it and value %22” & item 1 of it & "%22 of it = " & item 3 of it & “)Click here to deploy this action.” & “regset %22[HKEY_LOCAL_MACHINE” & item 4 of it & “]%22 %22” & item 1 of it & “%22=dword:” & item 3 of it & “”) of (item 0 of it, item 0 of item 1 of it, node value of child node of item 1 of (it,(selects “/policyDefinitionResources/resources/stringTable/string” of xml document of file “C:\Windows\PolicyDefinitions\en-US\WindowsUpdate.adml”)) whose ( node value of attribute “id” of item 1 of it = item 0 of it) of ((preceding text of first “)” of following text of first “.” of (item 0 of item 1 of item 1 of it))) | “None”, item 1 of item 1 of item 1 of it, item 2 of it, item 3 of it) of (attribute “name” of it as text, (attribute “valueName” of it as text, (attributes “displayName” of it as text, attributes “value” of selects “value/decimal” of it as text) of selects “item” of it) of (selects “elements/enum” of it), attribute “key” of it as text, node value of child node of item 1 of (it,(selects “/policyDefinitionResources/resources/stringTable/string” of xml document of file “C:\Windows\PolicyDefinitions\en-US\WindowsUpdate.adml”)) whose ( node value of attribute “id” of item 1 of it = item 0 of it) of ((preceding text of first “)” of following text of first “.” of (attribute “displayName” of it as text))) | “None”) of ((child nodes of selects “/policyDefinitions/policies” of xml document of file “C:\Windows\PolicyDefinitions\WindowsUpdate.admx”) whose (((attribute “class” of it as text) equals “Machine” or (attribute “class” of it as text) equals “Both”) and exists attribute “valueName” of it as text and exists selects “elements” of it))```
This will create a fixlet for each policy that has a drop-down. This will create a large number of fixlets depending on how many dropdown options there are.
To use the output copy it to a .bes file and import it into your console!
At the moment this has the following limitations:
- Only works for Enable/Disable and drop down security policies in Group Policy at the moment
- I might need to modify it to do x64 registry on x64 and x86 registry on x86…
The next steps I think will be to prompt the console operator for the name of the ADMX and ADML templates (or assume the ADML template from the name of the ADMX template) and then automatically upload the corresponding fixlets to BigFix automatically. Finally, support for non enable/disable fixlets would be cool too!