CUT-5158 - Remote Revert in EXE#258
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
I reformatted this file to use all single quote type here strings, escaping variable strings was cumbersome and added to the complexity of the template file for the EXE. What to look for here are changes to the parameter set, everything else should be the same
There was a problem hiding this comment.
added additional messaging to the throw message here to help me diagnose a bug resolved in start-migration
There was a problem hiding this comment.
added additional messaging to the throw message here to help me diagnose a bug resolved in start-migration
|
|
||
| # Validate JumpCloudSystemUserName to write to the GUI | ||
| $ret, $script:JumpCloudUserId, $JumpCloudSystemUserName = Test-JumpCloudUsername -JumpCloudApiKey $JumpCloudAPIKey -JumpCloudOrgID $JumpCloudOrgID -Username $JumpCloudUserName | ||
| if ($AutoBindJCUser -and (-not [string]::IsNullOrEmpty($JumpCloudAPIKey))) { |
There was a problem hiding this comment.
Previously this was an edge case bug which would error if using the GUI without an API key and the new changes to EU/IN regions.
There was a problem hiding this comment.
we only need to test for this username if we are using autoBindJCUser parameter and when the APIKey is present
| } | ||
|
|
||
| $profileSize = Get-ProfileSize -ProfilePath $TargetProfileImagePath | ||
| # Profile size is calculated in process after the profile path is resolved from the registry. |
There was a problem hiding this comment.
quick bug fix to address getting the targetProfileImagePath before it's set. It didn't break migration but left an error in logs which didn't make sense
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Reviewed by Cursor Bugbot for commit 65dade4. Configure here.
| if (-not $revertResult.Success) { | ||
| Write-ToLog -Message "JumpCloud ADMU was unable to revert UserSID: $UserSID. Errors: $($revertResult.Errors -join '; ')" -Level Error | ||
| exit 1 | ||
| } |
There was a problem hiding this comment.
Unhandled throw from Start-Reversion crashes EXE revert path
Medium Severity
The EXE template's revert path calls Start-Reversion @revertParams and then checks $revertResult.Success, but Start-Reversion can throw a terminating error from its begin block (e.g., when the user profile is currently loaded). In that case, $revertResult is never assigned, the friendly Write-ToLog error message and exit 1 never execute, and the script terminates with a raw unhandled exception instead of clean error output.
Reviewed by Cursor Bugbot for commit 65dade4. Configure here.
* CUT-5145 Device Query Updates (#255) * default query mode * profileSize/ lastWrite changes + tests * v2.13.0 * MTP Tests * define MTP as separate secret * update test description * device query tests * Revert "device query tests" This reverts commit 32286ac. * update device query tests * device query tests * changelog * ignore deviceQueryFunctions generated in tests * set default state * revert to previous test for CI null description systems * missing test variable assignment + resolving skip behavior * address issue for single users * V2.13.0 <- V2.12.3 (#256) * CUT-5052 V3 StatusReporting (#247) * invoke * char * tests first pass * update tests * update * date --------- Co-authored-by: Joe Workman <joe.workman@jumpcloud.com> * PSScriptAnalyzer Fix * Update PSScriptAnalyzerSettings.psd1 * skip for now * PSUseOutputTypeCorrectly * Do not analyze test directory for now * exclude state changing functions rule * AvoidUsingEmptyCatchBlock * PSUseOutputTypeCorrectly * PSAvoidUsingWMICmdlet * PSAvoidAssignmentToAutomaticVariable * PSAvoidUsingWMICmdlet * PSAvoidUsingWMICmdlet * PSUseOutputTypeCorrectly * PSUseProcessBlockForPipelineCommand * PSAvoidAssignmentToAutomaticVariable * PSReviewUnusedParameter false positive * PSUseOutputTypeCorrectly * PSAvoidUsingWMICmdlet * change to Invoke-CimMethod * Update PSScriptAnalyzerSettings.psd1 * Update Test-MigrationButton.Acceptance.Tests.ps1 * Get rid of homePath -it's not used * changelog * suppress PSScriptAnalyzer failure * version * Invoke-CimMethod to unjoin domain * adding Pester and PSScriptAnalyzer to required * Change output verbosity * Update New-LocalUserProfile.ps1 set as string * CUT-5119: ADMU Prd03 support * Skip WindowsMDM from PSScriptAnalyzer * Revert "Skip WindowsMDM from PSScriptAnalyzer" This reverts commit 883c71f. * Allow path exclusions PSScriptAnalyzer * match support repo * fix invoke * Update ModuleChangelog.md * fix dateTime parsing from updated CimInstance * CUT-5119: check region by array * fix: bugbot alerts * show logged in (#253) Co-authored-by: Joe Workman <54448601+jworkmanjc@users.noreply.github.com> * Cut 5083 admu exe upload to jc commands option (#249) * Initial hanges pushed - Added SHA validation and localEXE options enabled * changelog * Build updated * Copy uwp_jcadmu.exe to C:\windows if localexe = True * Build updated * $RetryDelaySeconds configured * download url for uwp_jcadmu.exe set to static * fixed "UWP exe copy skips update when destination already exists" * The fallback for AllowUnvalidatedOnApiFailure now handles all network or API failures (not just rate limiting) * cursor review fixes * Configured IsValid to be determined by only valid hash match * The UWP EXE validation now only requires a hash match for IsValid, not a version match * changelog updated * Changes made as per review comments. * Fixed: Historical release date for v2.12.2 incorrectly changed * Merge conflicts managed and Release date updated --------- Co-authored-by: Joe Workman <54448601+jworkmanjc@users.noreply.github.com> * test in IN region * test in EU * test in EU * MTP tests * explicitly test with orgID * "| Remove-JCAssociation" bug for dynamic user groups * Revert "explicitly test with orgID" This reverts commit 309bf83. * revert test lines --------- Co-authored-by: Ken Maranion <97972790+kmaranionjc@users.noreply.github.com> Co-authored-by: Geoffrey Wein <geoffrey.wein@jumpcloud.com> Co-authored-by: Geoffrey Wein <89030113+gweinjc@users.noreply.github.com> Co-authored-by: lucasmendes-jc <lucas.mendes@jumpcloud.com> Co-authored-by: shashisinghjc <shashi.singh@jumpcloud.com> * CUT-5158 - Remote Revert in EXE (#258) * revert via gui_admu.exe * resolve issue with test-jumpcloudusername halting migration without apikey * resolve issue with profilepath parameter during revert * formatting * prep for release * validate autobind + apikey * hide pwsh window * release date --------- Co-authored-by: Ken Maranion <97972790+kmaranionjc@users.noreply.github.com> Co-authored-by: Geoffrey Wein <geoffrey.wein@jumpcloud.com> Co-authored-by: Geoffrey Wein <89030113+gweinjc@users.noreply.github.com> Co-authored-by: lucasmendes-jc <lucas.mendes@jumpcloud.com> Co-authored-by: shashisinghjc <shashi.singh@jumpcloud.com>
2 participants
Issues
What does this solve?
Adds the option to remotely revert an account with the generated EXE, useful for remote scenarios where you may not want to remote into the machine to perform a GUI reversion.
New parameter sets added to the generated EXE to perform account reversion.
This does not change the existing behavior for the the EXE parameters, in other words when you migrate using the existing parameters, the "start-migration" parameter path is now default. No changes required to any of the remote migration scripts required, this is backwards compatible with existing scripts.
Is there anything particularly tricky?
NO
How should this be tested?
Screenshots
Note
Medium Risk
Medium risk because it changes the generated EXE’s CLI entrypoint/parameter parsing and invokes
Start-Reversion, which performs registry and profile-file operations that can impact user logon state if misused.Overview
Adds remote reversion support to the generated EXE.
New-ADMUTemplate.ps1now emits aCmdletBinding(DefaultParameterSetName='Migrate')param block with a newRevertparameter set (UserSID, optionalTargetProfileImagePath,DryRun,Force) and an execution branch that runsStart-Reversionnon-interactively and returns exit code1on failure.Improves reversion UX/robustness by updating
Start-Reversionhelp text and deferring profile-size calculation until after the profile path is resolved (with safe fallbacks), ensuring progress updates include the resolved path/size.Separately, JumpCloud API error messages in
Get-MtpOrganizationandTest-JumpCloudUsernamenow include the effectiveglobal:JCUrl, andStart-Migrationavoids callingTest-JumpCloudUsernameduring GUI init unlessAutoBindJCUseris enabled and an API key is provided. Release metadata/docs and the EXE build script are updated accordingly (template import path + changelog/manifest dates).Reviewed by Cursor Bugbot for commit 65dade4. Bugbot is set up for automated code reviews on this repo. Configure here.