Update Copy-and-Sync-Folder-to-ADComputers-viaGPO.ps1

brazilianscriptguy · web-flow · commit 05cdf03f7ce3 · 2025-08-06T17:43:08.000-03:00
Signed-off-by: LUIZ HAMILTON ROBERTO DA SILVA &lt;luizhamilton.lhr@gmail.com&gt;
diff --git a/SysAdmin-Tools/SystemConfiguration-and-Deployment/Copy-and-Sync-Folder-to-ADComputers-viaGPO.ps1 b/SysAdmin-Tools/SystemConfiguration-and-Deployment/Copy-and-Sync-Folder-to-ADComputers-viaGPO.ps1
@@ -1,154 +1,141 @@
 <#
 .SYNOPSIS
-    PowerShell script to synchronize folders from a network share to Active Directory computers via GPO. 
+    PowerShell script to synchronize folders from a network share to Active Directory computers via GPO.
 
 .DESCRIPTION
-    This script synchronizes a folder from a network location (e.g. NETLOGON share)
-    to the local Administrator's desktop on AD workstations. It copies only new or updated files,
-    and removes obsolete files and folders that are no longer in the source.
+    This script synchronizes a folder from a network location (e.g., NETLOGON share)
+    to the local Administrator's desktop on AD workstations. It copies only new or updated files
+    and removes obsolete files and folders that no longer exist in the source.
     Intended for use as a machine-level GPO startup script.
 
 .AUTHOR
     Luiz Hamilton Silva - @brazilianscriptguy
 
 .VERSION
-    Updated: August 5, 2025 - Refactored for GPO startup context and system execution.
+    Updated: August 6, 2025 - Enhanced for PSSA compliance and state safety
 #>
 
 param (
     [string]$LogDirectory = "C:\Logs-TEMP"
 )
 
-# Get the script name and define the full log path
+# === LOGGING SETUP ===
 $scriptName = [System.IO.Path]::GetFileNameWithoutExtension($MyInvocation.MyCommand.Name)
-$logFileName = "${scriptName}.log"
-$logPath = Join-Path $LogDirectory $logFileName
+$logPath = Join-Path $LogDirectory "$scriptName.log"
 
-# Ensure the log directory exists
 if (-not (Test-Path $LogDirectory)) {
     try {
-        New-Item -Path $LogDirectory -ItemType Directory -ErrorAction Stop | Out-Null
-    }
-    catch {
-        Write-Error "Failed to create log directory at $LogDirectory. Logging will be disabled."
+        New-Item -Path $LogDirectory -ItemType Directory -Force -ErrorAction Stop | Out-Null
+    } catch {
+        Write-Error "Failed to create log directory at $LogDirectory. Logging disabled."
         exit 1
     }
 }
 
-# Logging function with timestamp and severity
 function Write-Log {
     param (
-        [Parameter(Mandatory = $true)][string]$Message,
-        [string]$Severity = "INFO"
+        [Parameter(Mandatory)][string]$Message,
+        [ValidateSet("INFO", "ERROR", "WARNING")] [string]$Severity = "INFO"
     )
     $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
-    $logEntry = "[$timestamp] [$Severity] $Message"
+    $entry = "[$timestamp] [$Severity] $Message"
+
     try {
-        Add-Content -Path $logPath -Value $logEntry -Encoding UTF8 -ErrorAction Stop
-    }
-    catch {
-        Write-Error "Failed to write to log: $_"
+        Add-Content -Path $logPath -Value $entry -Encoding UTF8
+    } catch {
+        Write-Error "Logging failed: $_"
     }
 }
 
-# === CONFIGURATION ===
+# === PATH SETUP ===
+$sourceFolderPath     = "\\forest-logonserver-name\NETLOGON\Source-Folder-Name"
+$adminProfilePath     = "$env:SystemDrive\Users\Administrator"
+$adminDesktopPath     = Join-Path $adminProfilePath "Desktop"
+$destinationFolderPath = Join-Path $adminDesktopPath "Destination-Folder-Name"
 
-# Source network folder (change as needed)
-$sourceFolderPath = "\\forest-logonserver-name\NETLOGON\Source-Folder-Name"
-
-# Determine Administrator profile path
-$adminProfilePath = "$env:SystemDrive\Users\Administrator"
-$adminDesktopPath = Join-Path $adminProfilePath "Desktop"
-
-# Check if desktop path exists
-if (-not (Test-Path -Path $adminDesktopPath)) {
-    Write-Log "Administrator desktop not found at: $adminDesktopPath" -Severity "ERROR"
+if (-not (Test-Path $adminDesktopPath)) {
+    Write-Log "Administrator desktop path not found: $adminDesktopPath" -Severity "ERROR"
     exit 1
 }
 
-# Define destination folder under Administrator desktop
-$destinationFolderPath = Join-Path -Path $adminDesktopPath -ChildPath "Destination-Folder-Name"
-
-# === FOLDER SYNC FUNCTION ===
-
+# === SYNC FUNCTION ===
 function Sync-Folders {
+    [CmdletBinding(SupportsShouldProcess = $true)]
     param (
-        [string]$sourceFolder,
-        [string]$destinationFolder
+        [Parameter(Mandatory)][string]$sourceFolder,
+        [Parameter(Mandatory)][string]$destinationFolder
     )
 
-    # Create destination folder if it doesn't exist
-    if (-not (Test-Path -Path $destinationFolder)) {
-        try {
-            New-Item -ItemType Directory -Path $destinationFolder -ErrorAction Stop | Out-Null
-            Write-Log "Created destination folder: $destinationFolder"
-        }
-        catch {
-            Write-Log "Failed to create destination folder: $destinationFolder. Error: $_" -Severity "ERROR"
-            return
+    # Create destination folder if needed
+    if (-not (Test-Path $destinationFolder)) {
+        if ($PSCmdlet.ShouldProcess($destinationFolder, "Create destination folder")) {
+            try {
+                New-Item -ItemType Directory -Path $destinationFolder -Force -ErrorAction Stop | Out-Null
+                Write-Log "Created destination folder: $destinationFolder"
+            } catch {
+                Write-Log "Failed to create destination folder: $destinationFolder. $_" -Severity "ERROR"
+                return
+            }
         }
     }
 
-    # Copy new or updated files from source to destination
+    # Sync files and folders
     $sourceItems = Get-ChildItem -Path $sourceFolder -Recurse -Force
     foreach ($item in $sourceItems) {
         $relativePath = $item.FullName.Substring($sourceFolder.Length).TrimStart('\')
-        $destinationPath = Join-Path $destinationFolder $relativePath
+        $destPath = Join-Path $destinationFolder $relativePath
 
         if ($item.PSIsContainer) {
-            if (-not (Test-Path -Path $destinationPath)) {
-                try {
-                    New-Item -ItemType Directory -Path $destinationPath -ErrorAction Stop | Out-Null
-                    Write-Log "Created directory: $destinationPath"
-                }
-                catch {
-                    Write-Log "Failed to create directory: $destinationPath. Error: $_" -Severity "ERROR"
+            if (-not (Test-Path $destPath)) {
+                if ($PSCmdlet.ShouldProcess($destPath, "Create directory")) {
+                    try {
+                        New-Item -ItemType Directory -Path $destPath -Force -ErrorAction Stop | Out-Null
+                        Write-Log "Created directory: $destPath"
+                    } catch {
+                        Write-Log "Failed to create directory: $destPath. $_" -Severity "ERROR"
+                    }
                 }
             }
-        }
-        else {
+        } else {
             try {
-                $destItem = Get-Item -Path $destinationPath -ErrorAction SilentlyContinue
+                $destItem = Get-Item -Path $destPath -ErrorAction SilentlyContinue
                 if ((-not $destItem) -or ($item.LastWriteTime -gt $destItem.LastWriteTime)) {
-                    Copy-Item -Path $item.FullName -Destination $destinationPath -Force -ErrorAction Stop
-                    Write-Log "Copied/Updated file: $destinationPath"
-                }
-                else {
-                    Write-Log "Skipped (already up-to-date): $destinationPath"
+                    if ($PSCmdlet.ShouldProcess($destPath, "Copy file")) {
+                        Copy-Item -Path $item.FullName -Destination $destPath -Force -ErrorAction Stop
+                        Write-Log "Copied/Updated: $destPath"
+                    }
+                } else {
+                    Write-Log "Skipped (up-to-date): $destPath"
                 }
-            }
-            catch {
-                Write-Log "Failed to copy file: $destinationPath. Error: $_" -Severity "ERROR"
+            } catch {
+                Write-Log "Failed to copy: $destPath. $_" -Severity "ERROR"
             }
         }
     }
 
-    # Remove obsolete files/folders in destination that don't exist in source
+    # Remove orphaned files/folders
     $destItems = Get-ChildItem -Path $destinationFolder -Recurse -Force
     foreach ($item in $destItems) {
         $relativePath = $item.FullName.Substring($destinationFolder.Length).TrimStart('\')
         $sourcePath = Join-Path $sourceFolder $relativePath
 
-        if (-not (Test-Path -Path $sourcePath)) {
-            try {
-                Remove-Item -Path $item.FullName -Recurse -Force -ErrorAction Stop
-                Write-Log "Removed obsolete item: $($item.FullName)"
-            }
-            catch {
-                Write-Log "Failed to remove obsolete item: $($item.FullName). Error: $_" -Severity "ERROR"
+        if (-not (Test-Path $sourcePath)) {
+            if ($PSCmdlet.ShouldProcess($item.FullName, "Remove obsolete item")) {
+                try {
+                    Remove-Item -Path $item.FullName -Recurse -Force -ErrorAction Stop
+                    Write-Log "Removed obsolete: $($item.FullName)"
+                } catch {
+                    Write-Log "Failed to remove obsolete: $($item.FullName). $_" -Severity "ERROR"
+                }
             }
         }
     }
 }
 
 # === EXECUTION ===
-
-if (Test-Path -Path $sourceFolderPath) {
+if (Test-Path $sourceFolderPath) {
     Sync-Folders -sourceFolder $sourceFolderPath -destinationFolder $destinationFolderPath
-    Write-Log "Synchronization completed successfully to $destinationFolderPath."
+    Write-Log "Synchronization completed to $destinationFolderPath"
+} else {
+    Write-Log "Source folder missing: $sourceFolderPath" -Severity "ERROR"
 }
-else {
-    Write-Log "Source folder not found: $sourceFolderPath" -Severity "ERROR"
-}
-
-# End of script
