This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
We have a slight issue and i'm a bit stuck.
We have a GPO that auto updates the MS Store apps.
This is fine.
However, if we have users that have previously logged onto a machine, it wont update the apps for those users (seemingly).
This means we have machines with out of date MS Store apps (who will never logon to that machine again) and updating them as a current user, doesn't update the app centrally.
Some of these are very old and when we are logged onto the machine, there are no updates awaiting installation.
It makes no sense that when an app is updated, its not update machine wide?!
Does anyone know of a way around this please as its flagging in our Qualys scans as high vulnerabilities
Some examples (which are flagging but are years old) - are:
Microsoft Windows Codecs Library Remote Code Execution (RCE) Vulnerability for March 2022
Microsoft Office app Remote Code Execution (RCE) Vulnerability
Microsoft Paint 3D Remote Code Execution (RCE) Vulnerability for March 2022
Microsoft Windows Codecs Library Remote Code Execution Vulnerabilities - November 2020
Microsoft 3D Viewer Remote Code Execution (RCE) Vulnerability - November 2021
Microsoft 3D Viewer Multiple Vulnerabilities - June 2021
My apology, I messed up the inside quotes.
powershell -nop -ep bypass -c "Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register \"$($_.InstallLocation)\AppXManifest.xml\"}"
Some packages will generate expected errors because they're are part of desktop (Windows.Search, StartMenuExperienceHost, Client.CBS).
Maybe you can explain this in better terms? Your GPO policy is enabling MS Store apps to auto-update and that works. But you have users who visit machines once in a while, and have outdated app provisioning profiles? And Qualsys is flagging the dormant user profiles, and not the installed app versions?
If that's what you mean, just run a PowerShell task to re-register apps for all user profiles.
powershell -nop -ep bypass -c "Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}"
Morning,
Yeah an odd one really.
About 10% of our machines are flagging one or more of the above vulnerabilities relating to old MS Store apps (Paint 3D, Codecs etc)
Google doesn't give up much, other than the suggestion that when MS Store apps are updated, they are only updated for the logged on user and not machine wise.
I'm wondering if its the case that users that may have logged on say a year ago to that/a machine, and never logged on again to that same machine, still have have an old version registered even though other user have been on that/those machines?
I can see these older versions in C:/Program Files/WindowsApps in the affected machines but obviously cant deal with them/delete them directly from there.
Ill try your script and see if that helps - thank you!
Hi again...
Am i missing something as it just pipes out the below
Hmm, i get this now!
If you're using PowerShell (shell):
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
You have to be careful with quotes.
So if we run this command Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
All vulnerabilities will be remediated?
So if we run this command Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
All vulnerabilities will be remediated?