-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Welcome to the gamUploader wiki!
The Google Workspace superadmin needs to prepare the gamUploader package before distributing to users.
You must already have a working GAMADV-XTD3 setup, with at least version 5.25.xx. It doesn't matter if you run your admin GAMADV-XTD3 in Windows, Linux, Mac or Cloud Shell, but the compiled/gamUploader.exe is built for 64-bit Windows 10, so your users need to be on a recent Windows 10, unless another version of gamUploader is released, compatible with other OSs.
-
Create a new dir in $HOME/.gam/ (%USERPROFILE%.gam\ in Windows, or wherever you have your .gam dir) for your limited service account.
Call it "limited". For example /Users/YourName/.gam/limited. One of these example commands should work.
mkdir $HOME/.gam/limited
OR
mkdir %USERPROFILE%\.gam\limited
-
Open .gam/gam.cfg (not the one here in the gamUploader dir!) and create a new section [limited] in your .gam/gam.cfg with references to your main account, but pointing to the limited dir. Save.
customer_id = YourCustomerId domain = YourDomain config_dir = limited
-
Then put COPIES of your current gam files in the limited dir. They are needed there initially so you can use gam to create the lesser access.
client_secrets.json oauth2.txt
-
Select and save the new section. This is important! So you don't accidentally overwrite your main files. (I always recommend having a backup of your main files.)
gam select limited save
-
Create a separate service account to run the gamUploader function. This will create a new oauth2service.json file in the limited dir. Make the name obvious, so you know what it is for. Follow the instructions on screen.
gam add svcacct admin YourAdmin@EmailAddress saname "xyz-limited" sadisplayname "XYZ Limited"
-
Update the service accounts's access. Follow the instructions on screen. Authorise the account in your browser.
gam user [email protected] update serviceaccount scope https://www.googleapis.com/auth/drive
-
To create the limited oauth2.txt we run the oauth create process and select only the scope we want. It can be done by using this oneliner. Follow the instructions on screen. This will overwrite your oauth2.txt, keeping only limited access.
gam oauth create admin YourAdmin@EmailAddress scopes https://www.googleapis.com/auth/admin.directory.user.readonly
-
Verify the service account is working as intended. You should see PASS on the scopes.
gam user [email protected] check serviceaccount
-
Create a C:\gamUploader folder on your disk. Download the content of the setup dir, from here, to your local C:\gamUploader folder.
-
Copy the newly created limited oauth2.txt and oauth2service.json files to the C:\gamUploader folder.
-
Download the compiled/gamUploader.exe file to the C:\gamUploader folder. Or compile your own version, from these instructions.
-
You are now ready to distribute the gamUploader folder, and you can either push the Office file association through the MDM of your choice, or instruct the user to run the .reg file in the association dir after editing C:\gamUploader\gamUploader.bat, according to these instructions.
-
Screenshotted versions of the Office file icons are included with the package in the dir gamUploader\icons, and referred to in the .reg file.
-
I have found it easy to use the SFX feature of WinRAR to create an installable package for users, as it will allow me to open the gamUploader.bat after copying the files to C:\gamUploader, so the user can set the proper email address, and then auto-run the .reg file to associate the file types with gamUploader.bat. You may of course choose any tool you wish.
-
You will most likely need to provide some instructions for your users, and I have included my default instructions in the file WinRAR-SFX-Instructions_for_users-Must_be_edited_if_used.txt, which is actually a copy of the RAR SFX command script, and can be inserted there in its entirety. Use and edit as you like, but keep the licence content referring to me as is. Do edit the last bit which refers to your organisation.
-
It's perfectly fine to give your users less information, as some of what I have included is fairly technical, and mainly for your purposes.
-
Do note that the code is only verified to work on recent Windows 10, and will not necessarily work on other versions of Windows. Also, MS Windows Defender doesn't like Python exe-files, so it will most definitely warn and try to quarantine the file. :-)