Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update user template, adding WIP scripts #240

Merged
merged 4 commits into from
Jul 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 6 additions & 12 deletions scripts/Win_RunAsUser_Example.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@
.NOTES
Change Log
V1.0 6/25/2022 Initial release by silversword411
v1.1 6/14/2024 silversword411 Adding -CaptureOutput
#>

# Make sure RunAsUser is installed
if (Get-Module -ListAvailable -Name RunAsUser) {
# Write-Output "RunAsUser Already Installed"
Write-Output "RunAsUser Already Installed"
}
else {
Write-Output "Installing RunAsUser"
Expand All @@ -29,25 +30,18 @@ Write-Output "Hello from Systemland"

Invoke-AsCurrentUser -ScriptBlock {
# Put all Userland code here
$raulogPath = "c:\ProgramData\TacticalRMM\temp\raulog.txt"
$exit1Path = "c:\ProgramData\TacticalRMM\temp\exit1.txt"

Write-Output "Hello from Userland" | Out-File -append -FilePath $raulogPath
Write-Output "Hello from Userland"
If (test-path "c:\temp\") {
Write-Output "Test for c:\temp\ folder passed which is Exit 0" | Out-File -append -FilePath $raulogPath
Write-Output "Test for c:\temp\ folder passed which is Exit 0"
}
else {
Write-Output "Test for c:\temp\ folder failed which is Exit 1" | Out-File -append -FilePath $raulogPath
Write-Output "Test for c:\temp\ folder failed which is Exit 1"
# Writing exit1.txt for Userland Exit 1 passing to Systemland for returning to Tactical
Write-Output "Exit 1" | Out-File -append -FilePath $exit1Path
}
}

# Get userland return info for Tactical Script History
$exitdata = Get-Content -Path "c:\ProgramData\TacticalRMM\temp\raulog.txt" -ErrorAction SilentlyContinue
Write-Output $exitdata
# Cleanup raulog.txt File
Remove-Item -Path "c:\ProgramData\TacticalRMM\temp\raulog.txt" -ErrorAction SilentlyContinue
} -CaptureOutput

# Checking for Userland Exit 1
If (Test-Path -Path "c:\ProgramData\TacticalRMM\temp\exit1.txt" -PathType Leaf) {
Expand Down
110 changes: 110 additions & 0 deletions scripts_wip/Win_3rdparty_Urbackup_Monitor.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
<#
.SYNOPSIS
Script to check the status of Urbackup file backup and log events.

.DESCRIPTION
This script checks the status of Urbackup file backup and logs events in the Windows Event Log. It performs the following steps:
- Checks if the UrbackupCheck parameter is enabled. If enabled, the script exits.
- Checks if the UrBackup client is installed. If not installed, the script exits.
- Checks if the Urbackup postfile exists. If not, it creates the file.
- Checks if the "Write event to Event Log" line already exists in the file. If not, it adds the line.
- Retrieves Urbackup events from the Application event log that match a specific description.
- Determines the days elapsed since the latest event and compares it with the NumberOfDaysBeforeError parameter.
- Displays the relevant event log information if the event is found and within the specified number of days.
- Exits with a status code of 1 if the event is older than the specified number of days.

.PARAMETER UrbackupCheck
Specifies whether Urbackup check is enabled or disabled. Use Custom Fields to enable or disable as needed

.PARAMETER NumberOfDaysBeforeError
Specifies the number of days before considering an event as an error.

.EXAMPLE
-UrbackupCheck {{agent.UrbackupDisableCheck}} -NumberOfDaysBeforeError 30

.NOTES
Version: 1.5 6/20/2024 silversword411
#>

param (
[Int]$UrbackupCheck,
[Int]$NumberOfDaysBeforeError
)



#Write-Output "NumberOfDaysBeforeError: $NumberOfDaysBeforeError"

# See if Custom Field has disabled VeeamCheck
#Write-Output "VeeamCheck: $VeeamCheck"
if ($UrbackupCheck) {
Write-Output "Urbackup check disabled."
Exit 0
}

# Stop if Urbackup is not installed
$clientExecutable = 'C:\Program Files\UrBackup\UrBackupClient.exe'
if (-not (Test-Path -Path $clientExecutable)) {
Write-Output "UrBackup client is not installed. Quitting"
exit 0
}

function UpdateUrbackupPostFile {
$file = 'C:\Program Files\UrBackup\postfilebackup.bat'
$lineToAdd = 'EVENTCREATE /T SUCCESS /L APPLICATION /SO URBACKUP /ID 100 /D "File backup succeeded."'

# Check if the Urbackup postfile exists
if (-not (Test-Path -Path $file)) {
# Create the file if it doesn't exist
New-Item -Path $file -ItemType File | Out-Null
Write-Output "Post backup .bat file has been created."
}

# Check if the line already exists in the file
$lineExists = Get-Content -Path $file | Select-String -Pattern $lineToAdd

if ($lineExists) {
Write-Output "Write event to Event Log already exists in the file."
}
else {
# Add the line to the file
Add-Content -Path $file -Value $lineToAdd
Write-Output "Write event to Event Log line has been added to the file."
}
}

UpdateUrbackupPostFile

#########################################################################
Write-Output "------------ CHECK FOR LOG ------------"
$source = "URBACKUP"
$logName = "Application"
$eventID = 100
$description = "File backup succeeded."

$UrbackupEvents = Get-WinEvent -FilterHashtable @{
LogName = $logName
ProviderName = $source
ID = $eventID
} | Where-Object { $_.Message -like "*$description*" } | Sort-Object TimeCreated -Descending

if ($UrbackupEvents -ne $null) {
$latestEvent = $UrbackupEvents[0]
$daysSinceEvent = (Get-Date) - $latestEvent.TimeCreated
if ($daysSinceEvent.Days -gt $NumberOfDaysBeforeError) {
Write-Output "WARNING: The last event is older than $NumberOfDaysBeforeError days."
Write-Output "Last Backup: $($latestEvent.TimeCreated)"
exit 1
}
else {
Write-Output "ALL GOOD: The last event is newer than $NumberOfDaysBeforeError days."
#Write-Output "Event Log found:"
#Write-Output "Source: $($latestEvent.ProviderName)"
#Write-Output "Event ID: $($latestEvent.Id)"
#Write-Output "Message: $($latestEvent.Message)"
Write-Output "Last Backup: $($latestEvent.TimeCreated)"
}
}
else {
Write-Output "Event Log not found."
}
1 change: 1 addition & 0 deletions scripts_wip/Win_3rdparty_Urbackup_Uninstall.bat
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
"C:\Program Files\UrBackup\Uninstall.exe" /S
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#Uses MDM features of windows to perform a Windows Reset clearing all data
# Uses MDM features of windows to perform a Windows Reset clearing all data

$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
Expand All @@ -10,12 +10,10 @@ $params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersColl
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)

try
{
try {
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)
}
catch [Exception]
{
catch [Exception] {
write-host $_ | out-string
}
Loading