Xeckt/adobe.ps1

## adobe.ps1
#Requires -Version 7.3

Write-Host -ForegroundColor Red -BackgroundColor Black @'
              _       _             _____           _       _
     /\      | |     | |           / ____|         (_)     | |
    /  \   __| | ___ | |__   ___  | (___   ___ _ __ _ _ __ | |_
   / /\ \ / _` |/ _ \| '_ \ / _ \  \___ \ / __| '__| | '_ \| __|
  / ____ \ (_| | (_) | |_) |  __/  ____) | (__| |  | | |_) | |_
 /_/    \_\__,_|\___/|_.__/ \___| |_____/ \___|_|  |_| .__/ \__|
                                                | |
                                                |_|
'@

$FirewallProfile = @{
    'DisplayName' = ''
    'Program' = ''
    'Direction' = 'Outbound'
    'Action' = 'Block'
    'Profile' = 'Private, Domain, Public'
    'Protocol' = 'TCP'
}

$AcrobatPrograms = @(
    'C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api',
    'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater).exe',
    'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe',
    'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updatercorehelper.exe',
    'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe'
)

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) # Get the current Powershell privilege stream
$FirewallNamePrefix = 'AdobeAcrobat'
$NamingIncrement = 0


function Write-Info ([String]$message) {"[",  "INFO", "] -> ", $message}
function Write-Success([String]$message) {"[",  "SUCCESS", "] -> ", $message}
function Write-Warning([String]$message) {"[",  "WARNING", "] -> ", $message}
function Write-Error([String]$message) {"[",  "ERROR", "] -> ", $message}
function Write-Debug([String]$message) {"[",  "DEBUG", "] -> ", $message}


function CreateUpdaterRegistryEntries() {
    $TestPaths = @(
        'HKLM:\SOFTWARE\WOW6432Node\Policies\Adobe\Adobe Acrobat\10.0\FeatureLockDown',
        'HKLM:\SOFTWARE\WOW6432Node\Policies\Adobe\Adobe Acrobat\11.0\FeatureLockDown'
    )
    $Entry = "bUpdater"
    $EntryValue = 0
    $EntryDataType = "Dword"
    Write-Info("Checking registry entries to disable Acrobat updater")
    foreach ($Path in $TestPaths) {
        $TestPath = Test-Path -Path $Path
        if (-Not $TestPath) {
            Write-Error("Unable to find registry path -> " + $path)
        } else {
            Write-Success("Registry key found! -> $path")
            New-ItemProperty -Path $Path -Name $Entry -Value $EntryValue -PropertyType $EntryDataType -Force | Out-Null
            if ($?) {
                Write-Success("Registry entry $Entry added to key with value $EntryValue to $Path")
            }
        }
    }
}
function Set-FirewallRules() {
    Write-Info("Checking if firewall rules already exist")
    if (CheckExistingFirewallRules -eq 1) {
        return;
    }
    foreach ( $program in $AcrobatPrograms ) {
        $FirewallProfile['Program'] = $program
        $FirewallProfile['DisplayName'] = $FirewallNamePrefix + "-" + $([io.path]::GetFileNameWithoutExtension($program))
        $FirewallAdd = New-NetFirewallRule @FirewallProfile
        if ( $null -ne $FirewallAdd ) {  # I would use Netsh but that is going to be deprecated and obsolete soon. Better to stay with the standards.
            Write-Success("Firewall rule $($FirewallProfile['DisplayName']) successfully added!")
        }
    }
}

function Disable-AdobeTasks() {
    foreach ($Task in Get-ScheduledTask -TaskName '*Adobe*') {
        Unregister-ScheduledTask -TaskName $Task.TaskName -Confirm:$false
        if ($?) {
            Write-Host("Sucessfully removed task $($Task.TaskName)")
        }
    }
}

function Remove-AdobeServices() {
    Write-Info("Checking for existing Adobe services")
    $ServiceNames = Get-Service -DisplayName '*Adobe*' | Select-Object -ExpandProperty Name
    foreach ($Service in $ServiceNames) {
        if ($Service) {
            Stop-Service -Name $Service
            Remove-Service -Name $Service
        } else {
          Write-Warning("Couldn't find Adobe services")
        }
    }
}

function Disable-NetworkCard() {
    Write-Info("Disabling network cards")
    GetNetworkAdapters | Disable-NetAdapter -Confirm:$false
    if ($?) {
        Write-Success("Network cards disabled")
    } else {
        Write-Error("Unable to disable network cards!")
    }
}

function Enable-NetworkCard() {
    Write-Info("Enabling network cards")
    GetNetworkAdapters | Enable-NetAdapter -Confirm:$false
    if ($?) {
        Write-Success("Network cards enabled")
    } else {
        Write-Error("Unable to enable network cards!")
    }
}

function GetNetworkAdapters() {
    Get-NetAdapter -Name * -Physical
}

function CheckExistingFirewallRules() {
    $GetCurrentRules = Get-NetFirewallRule -DisplayName 'AdobeAcrobat*'

    if ($null -ne $GetCurrentRules) {
        Write-Info("Firewall rules already exist!")
        return 1;
    } else {
        Write-Info("Firewall rules do not exist. Creating.")
    }
}


function Start-Program() {

    $ProceedChoice = Read-Host "`nProceed with complete Adobe Patch? This will disable all network cards whilst running! [y/n] "
    $CurrentExecutionPolicy = Get-ExecutionPolicy

    if ($ProceedChoice -eq 'y') {
        if ($CurrentExecutionPolicy -ne "Unrestricted") {
            Write-Info("Current execution policy is: $CurrentExecutionPolicy")
            Write-Error("Cannot run with current policy! Make sure LocalMachine is unrestricted!")
            Write-Error("Use: Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine")
            pause
            return
        }
        if (!$currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
            Write-Error("Insufficient privileges to run script")
            pause
            return
        }
        Disable-NetworkCard
        CreateUpdaterRegistryEntries
        Set-FirewallRules
        Remove-AdobeServices
        Disable-AdobeTasks
        Enable-NetworkCard
        Write-Info("`nDone!")
    }
}

Start-Program
	#Requires -Version 7.3

	Write-Host -ForegroundColor Red -BackgroundColor Black @'
	_ _ _____ _ _
	/\ \| \| \| \| / ____\| (_) \| \|
	/ \ __\| \| ___ \| \|__ ___ \| (___ ___ _ __ _ _ __ \| \|_
	/ /\ \ / _` \|/ _ \\| '_ \ / _ \ \___ \ / __\| '__\| \| '_ \\| __\|
	/ ____ \ (_\| \| (_) \| \|_) \| __/ ____) \| (__\| \| \| \| \|_) \| \|_
	/_/ \_\__,_\|\___/\|_.__/ \___\| \|_____/ \___\|_\| \|_\| .__/ \__\|
	\| \|
	\|_\|
	'@

	$FirewallProfile = @{
	'DisplayName' = ''
	'Program' = ''
	'Direction' = 'Outbound'
	'Action' = 'Block'
	'Profile' = 'Private, Domain, Public'
	'Protocol' = 'TCP'
	}

	$AcrobatPrograms = @(
	'C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api',
	'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater).exe',
	'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe',
	'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updatercorehelper.exe',
	'C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe'
	)

	$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) # Get the current Powershell privilege stream
	$FirewallNamePrefix = 'AdobeAcrobat'
	$NamingIncrement = 0


	function Write-Info ([String]$message) {"[", "INFO", "] -> ", $message}
	function Write-Success([String]$message) {"[", "SUCCESS", "] -> ", $message}
	function Write-Warning([String]$message) {"[", "WARNING", "] -> ", $message}
	function Write-Error([String]$message) {"[", "ERROR", "] -> ", $message}
	function Write-Debug([String]$message) {"[", "DEBUG", "] -> ", $message}


	function CreateUpdaterRegistryEntries() {
	$TestPaths = @(
	'HKLM:\SOFTWARE\WOW6432Node\Policies\Adobe\Adobe Acrobat\10.0\FeatureLockDown',
	'HKLM:\SOFTWARE\WOW6432Node\Policies\Adobe\Adobe Acrobat\11.0\FeatureLockDown'
	)
	$Entry = "bUpdater"
	$EntryValue = 0
	$EntryDataType = "Dword"
	Write-Info("Checking registry entries to disable Acrobat updater")
	foreach ($Path in $TestPaths) {
	$TestPath = Test-Path -Path $Path
	if (-Not $TestPath) {
	Write-Error("Unable to find registry path -> " + $path)
	} else {
	Write-Success("Registry key found! -> $path")
	New-ItemProperty -Path $Path -Name $Entry -Value $EntryValue -PropertyType $EntryDataType -Force \| Out-Null
	if ($?) {
	Write-Success("Registry entry $Entry added to key with value $EntryValue to $Path")
	}
	}
	}
	}
	function Set-FirewallRules() {
	Write-Info("Checking if firewall rules already exist")
	if (CheckExistingFirewallRules -eq 1) {
	return;
	}
	foreach ( $program in $AcrobatPrograms ) {
	$FirewallProfile['Program'] = $program
	$FirewallProfile['DisplayName'] = $FirewallNamePrefix + "-" + $([io.path]::GetFileNameWithoutExtension($program))
	$FirewallAdd = New-NetFirewallRule @FirewallProfile
	if ( $null -ne $FirewallAdd ) { # I would use Netsh but that is going to be deprecated and obsolete soon. Better to stay with the standards.
	Write-Success("Firewall rule $($FirewallProfile['DisplayName']) successfully added!")
	}
	}
	}

	function Disable-AdobeTasks() {
	foreach ($Task in Get-ScheduledTask -TaskName 'Adobe') {
	Unregister-ScheduledTask -TaskName $Task.TaskName -Confirm:$false
	if ($?) {
	Write-Host("Sucessfully removed task $($Task.TaskName)")
	}
	}
	}

	function Remove-AdobeServices() {
	Write-Info("Checking for existing Adobe services")
	$ServiceNames = Get-Service -DisplayName 'Adobe' \| Select-Object -ExpandProperty Name
	foreach ($Service in $ServiceNames) {
	if ($Service) {
	Stop-Service -Name $Service
	Remove-Service -Name $Service
	} else {
	Write-Warning("Couldn't find Adobe services")
	}
	}
	}

	function Disable-NetworkCard() {
	Write-Info("Disabling network cards")
	GetNetworkAdapters \| Disable-NetAdapter -Confirm:$false
	if ($?) {
	Write-Success("Network cards disabled")
	} else {
	Write-Error("Unable to disable network cards!")
	}
	}

	function Enable-NetworkCard() {
	Write-Info("Enabling network cards")
	GetNetworkAdapters \| Enable-NetAdapter -Confirm:$false
	if ($?) {
	Write-Success("Network cards enabled")
	} else {
	Write-Error("Unable to enable network cards!")
	}
	}

	function GetNetworkAdapters() {
	Get-NetAdapter -Name * -Physical
	}

	function CheckExistingFirewallRules() {
	$GetCurrentRules = Get-NetFirewallRule -DisplayName 'AdobeAcrobat*'

	if ($null -ne $GetCurrentRules) {
	Write-Info("Firewall rules already exist!")
	return 1;
	} else {
	Write-Info("Firewall rules do not exist. Creating.")
	}
	}


	function Start-Program() {

	$ProceedChoice = Read-Host "`nProceed with complete Adobe Patch? This will disable all network cards whilst running! [y/n] "
	$CurrentExecutionPolicy = Get-ExecutionPolicy

	if ($ProceedChoice -eq 'y') {
	if ($CurrentExecutionPolicy -ne "Unrestricted") {
	Write-Info("Current execution policy is: $CurrentExecutionPolicy")
	Write-Error("Cannot run with current policy! Make sure LocalMachine is unrestricted!")
	Write-Error("Use: Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine")
	pause
	return
	}
	if (!$currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	Write-Error("Insufficient privileges to run script")
	pause
	return
	}
	Disable-NetworkCard
	CreateUpdaterRegistryEntries
	Set-FirewallRules
	Remove-AdobeServices
	Disable-AdobeTasks
	Enable-NetworkCard
	Write-Info("`nDone!")
	}
	}

	Start-Program