@echo off rem EnableDelayedExpansion: same-block set/read (e.g. TempUser then UserEmail) needs !var! syntax. setlocal EnableDelayedExpansion rem ============================================================ rem Constants: edit here only rem ============================================================ set "DomainPart=autoset.example.com" rem UserEmailMode: rem DIRECT = resolve email in this script (whoami /upn, USERNAME, ...) rem and write the resolved address into registry. rem ENV_REF = write literal %%USEREMAIL%% into registry; each user sets their rem USEREMAIL env var via set_useremail_env.bat at logon. rem rem IMPORTANT: DIRECT only produces a correct email when this script runs AS the rem target user. In typical remote deployment scenarios (GPO/MDM/SCCM), the script rem runs under SYSTEM or an admin service account - whoami/USERNAME return that rem account, not the end user. For remote deployment, always use ENV_REF. rem DIRECT is viable only when the target user runs this script in person with rem their own local admin rights (standalone use case). set "UserEmailMode=ENV_REF" set "ApiKey=YOUR_API_KEY" set "CreatedDate=2025-12-11T00:00:00Z" set "OrganizationID=YOUR_ORG_ID" rem Registry roots: each accepts HKLM or HKCU. rem ExtSettingsRoot: where ExtensionSettings (force-install) is written. rem PolicyRoot : where 3rdparty/extensions//policy values are written. rem Recommended default split (per setup guide 2.1): rem ExtSettingsRoot=HKLM (machine-wide force install) rem PolicyRoot=HKCU (user-scoped parameters incl. %%USEREMAIL%% expansion) rem Standalone (one-user PC): PolicyRoot must still be HKCU (not HKLM), but DIRECT is allowed. rem rem Valid combinations: rem PolicyRoot=HKCU + UserEmailMode=ENV_REF - recommended for GPO/MDM deployment rem PolicyRoot=HKCU + UserEmailMode=DIRECT - only for standalone, run by target user rem Invalid (rejected by this script): rem PolicyRoot=HKLM + UserEmailMode=DIRECT - writes one user's resolved email rem into a machine-wide hive; no use case. rem PolicyRoot=HKLM + UserEmailMode=ENV_REF - HKLM is applied under SYSTEM context, rem so %%USEREMAIL%% is not expanded and rem the literal string reaches the browser. set "ExtSettingsRoot=HKLM" set "PolicyRoot=HKCU" rem ============================================================ rem Extension IDs (Chrome and Edge have different IDs for same extension) set "ExtensionIdChrome=bdeanmdeckegmfjpbnngomallcedjold" set "ExtensionIdEdge=flggmhlpipcopffjfkpgkoljghfkmfcg" rem Update URLs set "ChromeUpdateUrl=https://clients2.google.com/service/update2/crx" set "EdgeUpdateUrl=https://edge.microsoft.com/extensionwebstorebase/v1/crx" rem ============================================================ rem Validate ExtSettingsRoot and PolicyRoot if /i "%ExtSettingsRoot%"=="HKCU" set "ExtSettingsRootFull=HKEY_CURRENT_USER" if /i "%ExtSettingsRoot%"=="HKLM" set "ExtSettingsRootFull=HKEY_LOCAL_MACHINE" if not defined ExtSettingsRootFull ( echo [ERROR] ExtSettingsRoot must be HKCU or HKLM. Got: %ExtSettingsRoot% rem pause exit /b 1 ) if /i "%PolicyRoot%"=="HKCU" set "PolicyRootFull=HKEY_CURRENT_USER" if /i "%PolicyRoot%"=="HKLM" set "PolicyRootFull=HKEY_LOCAL_MACHINE" if not defined PolicyRootFull ( echo [ERROR] PolicyRoot must be HKCU or HKLM. Got: %PolicyRoot% rem pause exit /b 1 ) rem Reject invalid combinations of PolicyRoot and UserEmailMode if /i "%PolicyRoot%"=="HKLM" if /i "%UserEmailMode%"=="DIRECT" ( echo [ERROR] Invalid combination: PolicyRoot=HKLM with UserEmailMode=DIRECT. echo A single user's resolved email does not belong in a machine-wide hive. echo Use PolicyRoot=HKCU with DIRECT ^(standalone, run by target user^), echo or PolicyRoot=HKCU with ENV_REF ^(remote deployment^). rem pause exit /b 1 ) if /i "%PolicyRoot%"=="HKLM" if /i "%UserEmailMode%"=="ENV_REF" ( echo [ERROR] Invalid combination: PolicyRoot=HKLM with UserEmailMode=ENV_REF. echo HKLM is applied under SYSTEM context at deploy time, so %%USEREMAIL%% echo will NOT be expanded - the literal string reaches the browser. echo Use PolicyRoot=HKCU with ENV_REF for remote deployment. rem pause exit /b 1 ) rem Registry keys (ExtensionSettings uses ExtSettingsRoot; 3rdparty policy uses PolicyRoot) set "ChromeExtSettingsKey=%ExtSettingsRootFull%\Software\Policies\Google\Chrome\ExtensionSettings\%ExtensionIdChrome%" set "ChromePolicyKey=%PolicyRootFull%\Software\Policies\Google\Chrome\3rdparty\extensions\%ExtensionIdChrome%\policy" set "EdgeExtSettingsKey=%ExtSettingsRootFull%\Software\Policies\Microsoft\Edge\ExtensionSettings\%ExtensionIdEdge%" set "EdgePolicyKey3rd=%PolicyRootFull%\Software\Policies\Microsoft\Edge\3rdparty\extensions\%ExtensionIdEdge%\policy" echo ============================== echo Edge + Chrome Extension Initializer echo ============================== echo ExtensionSettings root: %ExtSettingsRoot% (%ExtSettingsRootFull%) echo 3rdparty policy root : %PolicyRoot% (%PolicyRootFull%) echo. rem ============================================================ rem 1. UserEmail for registry (DIRECT: resolve here; ENV_REF: literal env reference) rem ============================================================ if /i "%UserEmailMode%"=="ENV_REF" ( echo [1] UserEmail mode: ENV_REF - registry will store literal %%USEREMAIL%% . echo Run set_useremail_env.bat once per user so USEREMAIL is defined in the user environment. set "UserEmailRegValue=%%USEREMAIL%%" goto UserEmail_SectionDone ) echo [1] Generating UserEmail ^(whoami /upn, then fallbacks^) ... echo Priority: whoami /upn, USERNAME, COMPUTERNAME, HOSTNAME, LOGONSERVER set "UserEmail=" for /f "usebackq delims=" %%i in (`whoami /upn 2^>nul`) do set "UserEmail=%%i" if defined UserEmail ( echo Got from whoami /upn ) else if defined USERNAME ( set "UserEmail=%USERNAME%@%DomainPart%" echo whoami /upn failed, using USERNAME. ) else ( echo USERNAME not defined. Trying hostname... if defined COMPUTERNAME ( set "TempUser=%COMPUTERNAME%" ) else if defined HOSTNAME ( set "TempUser=%HOSTNAME%" ) else ( echo COMPUTERNAME, HOSTNAME not defined. Trying LOGONSERVER... if defined LOGONSERVER ( set "TempUser=%LOGONSERVER%" ) else ( echo LOGONSERVER not defined. Using unknown. set "TempUser=unknown" ) ) set "UserEmail=!TempUser!@%DomainPart%" ) echo UserEmail = %UserEmail% echo. set "UserEmailRegValue=%UserEmail%" :UserEmail_SectionDone rem ============================================================ rem 2. Get UserPc (hostname) not persisted rem ============================================================ echo [2] Reading hostname for UserPc ... set "UserPc=" if defined COMPUTERNAME ( set "UserPc=%COMPUTERNAME%" echo Got from COMPUTERNAME ) else ( echo COMPUTERNAME not defined. Trying hostname command... for /f "usebackq delims=" %%i in (`hostname 2^>nul`) do set "UserPc=%%i" if not defined UserPc ( if defined HOSTNAME ( set "UserPc=%HOSTNAME%" echo Got from HOSTNAME ) else ( echo HOSTNAME not defined. Trying LOGONSERVER... if defined LOGONSERVER ( for /f "tokens=2 delims=\" %%i in ("%LOGONSERVER%") do set "UserPc=%%i" if not defined UserPc set "UserPc=%LOGONSERVER%" echo Got from LOGONSERVER ) else ( set "UserPc=unknown" echo All failed. Using unknown. ) ) ) ) echo UserPc = %UserPc% echo. rem ============================================================ rem 3. Chrome extension forced install + policy rem ============================================================ echo [3] Writing Chrome ExtensionSettings (%ExtSettingsRoot%) and 3rdparty policy (%PolicyRoot%)... rem Chrome ExtensionSettings subkey per extension reg add "%ChromeExtSettingsKey%" /v "installation_mode" /t REG_SZ /d "force_installed" /f /reg:64 reg add "%ChromeExtSettingsKey%" /v "update_url" /t REG_SZ /d "%ChromeUpdateUrl%" /f /reg:64 rem Chrome 3rdparty extension policy reg add "%ChromePolicyKey%" /v "ApiKey" /t REG_SZ /d "%ApiKey%" /f /reg:64 >nul 2>&1 reg add "%ChromePolicyKey%" /v "CreatedDate" /t REG_SZ /d "%CreatedDate%" /f /reg:64 >nul 2>&1 reg add "%ChromePolicyKey%" /v "OrganizationID" /t REG_SZ /d "%OrganizationID%" /f /reg:64 >nul 2>&1 reg add "%ChromePolicyKey%" /v "UserEmail" /t REG_SZ /d "%UserEmailRegValue%" /f /reg:64 >nul 2>&1 reg add "%ChromePolicyKey%" /v "UserPc" /t REG_SZ /d "%UserPc%" /f /reg:64 >nul 2>&1 echo Chrome extension and policy applied. echo. rem ============================================================ rem 4. Edge extension forced install + policy rem ============================================================ echo [4] Writing Edge ExtensionSettings (%ExtSettingsRoot%) and 3rdparty policy (%PolicyRoot%)... rem Edge ExtensionSettings subkey per extension reg add "%EdgeExtSettingsKey%" /v "installation_mode" /t REG_SZ /d "force_installed" /f /reg:64 reg add "%EdgeExtSettingsKey%" /v "update_url" /t REG_SZ /d "%EdgeUpdateUrl%" /f /reg:64 rem Edge 3rdparty extension policy reg add "%EdgePolicyKey3rd%" /v "ApiKey" /t REG_SZ /d "%ApiKey%" /f /reg:64 >nul 2>&1 reg add "%EdgePolicyKey3rd%" /v "CreatedDate" /t REG_SZ /d "%CreatedDate%" /f /reg:64 >nul 2>&1 reg add "%EdgePolicyKey3rd%" /v "OrganizationID" /t REG_SZ /d "%OrganizationID%" /f /reg:64 >nul 2>&1 reg add "%EdgePolicyKey3rd%" /v "UserEmail" /t REG_SZ /d "%UserEmailRegValue%" /f /reg:64 >nul 2>&1 reg add "%EdgePolicyKey3rd%" /v "UserPc" /t REG_SZ /d "%UserPc%" /f /reg:64 >nul 2>&1 echo Edge extension and policy applied. echo. rem ============================================================ rem 5. Output all Registry values (read from Reg) rem ============================================================ echo [5] Registry values written: echo. echo [3] Chrome ExtensionSettings: reg query "%ChromeExtSettingsKey%" /reg:64 2>nul echo. echo [3] Chrome 3rdparty extension policy: reg query "%ChromePolicyKey%" /reg:64 2>nul echo. echo [4] Edge ExtensionSettings: reg query "%EdgeExtSettingsKey%" /reg:64 2>nul echo. echo [4] Edge 3rdparty extension policy: reg query "%EdgePolicyKey3rd%" /reg:64 2>nul echo. echo regedit: %ExtSettingsRoot% ^> Software ^> Policies ^> ... ^> ExtensionSettings echo %PolicyRoot% ^> Software ^> Policies ^> ... ^> 3rdparty ^> extensions echo. echo ============================== echo FINISHED echo ============================== if /i "%UserEmailMode%"=="ENV_REF" ( echo UserEmailMode = ENV_REF ^(registry UserEmail value is literal %%USEREMAIL%%^) ) else ( echo UserEmail = %UserEmail% ) echo UserPc = %UserPc% echo. rem echo Press any key to exit... rem pause endlocal exit /b 0