backup/Backup-ReusableSettings.ps1
|
#Requires -Version 7.0 function Backup-ReusableSettings { [CmdletBinding()] param( [Parameter(Mandatory)] [string]$BackupPath, [Parameter(Mandatory)] [SecureString]$Token, [hashtable]$ScopeTagMap = @{} ) try { $folder = Join-Path $BackupPath 'Compliance Policies' 'Scripts' $scriptFolder = Join-Path $folder 'Script Data' $uri = '/beta/deviceManagement/reusablePolicySettings/?$select=id,settinginstance,displayname,description,settingDefinitionId,version' $items = Invoke-GraphRequest2 -Uri $uri -Token $Token foreach ($item in $items) { # filter: only items with settingDefinitionId eq 'linux_customcompliance_discoveryscript_reusablesetting' if ($item.settingDefinitionId -ne 'linux_customcompliance_discoveryscript_reusablesetting') { continue } # extract and decode script content if ($item.settingInstance.simpleSettingValue.value) { try { $scriptBytes = [System.Convert]::FromBase64String($item.settingInstance.simpleSettingValue.value) $scriptContent = [System.Text.Encoding]::UTF8.GetString($scriptBytes) $scriptFileName = ConvertTo-SanitizatedFileName -fileName "$($item.displayName).sh" $scriptPath = Join-Path $scriptFolder $scriptFileName New-Item -ItemType Directory -Path $scriptFolder -Force | Out-Null Set-Content -Path $scriptPath -Value $scriptContent -Encoding UTF8 } catch { Write-Verbose "failed to decode script for $($item.displayName): $_" } } # save metadata without the script content $clean = Remove-VolatileKeys -InputObject $item Save-BackupItem -Item $clean -Folder $folder -ScopeTagMap $ScopeTagMap } Write-Verbose "backed up reusable settings to $folder" } catch { Write-Error "failed to backup reusable settings: $_" return } } Export-ModuleMember -Function Backup-ReusableSettings |