Before rolling the Velatir browser extension out to a Windows fleet, run this script on a representative test box to see what is already configured in the registry and which deployment path will work cleanly. It is read-only — no registry writes, no network calls, no MSI invocations. The script emits a markdown report — saved to the Desktop and copied to the clipboard — that can be sent to your Velatir customer success manager ahead of the rollout call, or read live during one.Documentation Index
Fetch the complete documentation index at: https://docs.velatir.com/llms.txt
Use this file to discover all available pages before exploring further.
Download and run
Test-VelatirRollout.ps1 Open an elevated PowerShell (right-click → Run as Administrator),cd to the folder containing the downloaded script, and run:
-ExecutionPolicy Bypass is needed because PowerShell otherwise refuses to run scripts downloaded from the internet under default RemoteSigned policy. The bypass applies only to this invocation; it does not change the machine’s policy.
You can also start it in a non-elevated PowerShell — stage 1 (user-scope inspection) will run first, then the script offers to re-launch elevated for stage 2 (HKLM). This is the recommended flow when the user logged into the box isn’t a local administrator.
What it inspects
The script runs in two stages:- Stage 1 (no admin needed) — inspects the interactive user’s hive (forcelist entries, per-user Velatir installs). Always runs first.
- Stage 2 (admin required) — inspects
HKLM(machine-scope forcelist, per-machine Velatir installs, Chrome / Edge cloud management). The script offers to re-launch elevated if you didn’t start it that way.
HKU\<interactive-user-SID> directly rather than from the current process’s HKCU, so the two stages see the same user even when stage 2 elevates with different admin credentials (the credential UAC prompt, common in enterprise environments where users are not local admins).
Recommendations
Combined across both stages, the script prints one of these recommendations:- Greenfield — no existing forcelist. Use the per-machine MSI as documented.
- Per-user GPO already manages a forcelist — don’t use the MSI for force-install. Add Velatir’s IDs to your existing per-user GPO; optionally deploy the MSI with
LDAP_ONLY=1for directory context only. - Per-machine forcelist already populated — per-machine MSI will coexist (it uses a high-numbered entry to avoid collisions). Worth a test deploy on one box.
- Prior Velatir install present — uninstall first; otherwise the MSI runs in maintenance mode and skips component writes.
Interpreting the output
The script prints findings and a recommendation to the console, then writes a markdown report to your Desktop (velatir-preflight-<machine>-<timestamp>.md) and copies the same content to the clipboard. The report mirrors the console output and is designed to be readable as plain text — safe to email, paste into a ticket, or share in chat with your Velatir customer success manager.
If a prior Velatir install is detected, the recommendation starts with an uninstall step before the rollout itself.
If you copy a recommended command, remember to replace API_TOKEN="..." and ORGANIZATION_NAME="..." with your real values before running it.
What the report contains
- Machine name, interactive user, runtime elevation, timestamp.
- Forcelist entry counts per browser, stage 1 (HKCU) and stage 2 (HKLM).
- Detected Velatir installs (per-user and per-machine) with product codes.
- Browser cloud management state (Chrome CBCM, Edge management).
- The recommended rollout path and the exact
msiexec/ GPO actions for it.
What to do next
Pick the path the script recommended:Per-machine MSI
Standard rollout for greenfield or HKLM-only fleets
Add Velatir to your GPO
Recommended when per-user GPO already manages the forcelist