Last active
February 7, 2024 21:34
-
-
Save brianfgonzalez/3d2bde697e05834f2e8970051d6f6e56 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Lock After Password Change System Scheduled Task System | |
| # Jacob Regruit | |
| # 08/12/2021 | |
| Start-Transcript c:\windows\temp\LockOnPasswordChangeSystem.log -Append | |
| # Set Paths | |
| $LockAfterPasswordChangePath = 'C:\ProgramData\adatum\LockOnPasswordChange' | |
| $PreToastPath = 'C:\ProgramData\adatum\LockOnPasswordChange\New-ToastNotification.ps1' | |
| $VBSToastPath = 'C:\ProgramData\adatum\LockOnPasswordChange\InstallToastHidden.vbs' | |
| # Misc Variables | |
| $Config = "LHX-LockOnPasswordChangeSystem.xml" | |
| $TempConfig = "C:\Windows\Temp\LHX-LockOnPasswordChangeSystem.xml" | |
| $ScriptPath = Split-Path $MyInvocation.MyCommand.Path | |
| ############################################################################# | |
| #If Powershell is running the 32-bit version on a 64-bit machine, we | |
| #need to force powershell to run in 64-bit mode . | |
| ############################################################################# | |
| if ($env:PROCESSOR_ARCHITEW6432 -eq "AMD64") { | |
| #write-warning "Y'arg Matey, we're off to 64-bit land....." | |
| if ($myInvocation.Line) { | |
| &"$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile $myInvocation.Line | |
| }else{ | |
| &"$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile -file "$($myInvocation.InvocationName)" $args | |
| } | |
| exit $lastexitcode | |
| } | |
| # Copy deployment to C drive | |
| If (Test-Path $LockAfterPasswordChangePath) | |
| { | |
| Remove-Item $LockAfterPasswordChangePath -Confirm:$False -Recurse -Force -Verbose | |
| } | |
| New-Item -Path $LockAfterPasswordChangePath -ItemType Directory -Force -Verbose | |
| Copy-Item -Path .\* -Destination $LockAfterPasswordChangePath -Recurse -Force -Verbose | |
| # Create Scheduled Task Folder | |
| $scheduleObject = New-Object -ComObject schedule.service | |
| $scheduleObject.connect() | |
| $rootFolder = $scheduleObject.GetFolder("\") | |
| $TaskFolder = $scheduleObject.GetFolder("\LHX-LockOnPasswordChange") | |
| If ($null -eq $TaskFolder) | |
| { | |
| $rootFolder.CreateFolder("LHX-LockOnPasswordChange") | |
| } | |
| # Create Scheduled Task | |
| If (Test-Path $PreToastPath) | |
| { | |
| # Copy Temp XML | |
| # Copy-Item $ScriptPath\$Config C:\Temp -Force -Verbose | |
| Copy-Item -Path .\LHX-LockOnPasswordChangeSystem.xml C:\Windows\Temp -Force -Verbose | |
| $SID = (New-Object System.Security.Principal.NTAccount($env:USERDOMAIN, $env:USERNAME)).Translate([System.Security.Principal.SecurityIdentifier]).value | |
| #$SID = (New-Object System.Security.Principal.NTAccount($_)).Translate([System.Security.Principal.SecurityIdentifier]).value | |
| If (Test-Path $LockAfterPasswordChangePath) | |
| { | |
| $Task = Get-ScheduledTask -TaskName "LHX-LockOnPasswordChange - $_" -Verbose | |
| If ($Task) | |
| { | |
| $Task | Unregister-ScheduledTask -Confirm:$False -Verbose | |
| } | |
| # Load XML | |
| $xmlDoc=New-Object XML | |
| $xmlDoc.Load("$TempConfig") | |
| # Change to user SID | |
| $node=$xmlDoc.Task.Principals.FirstChild | |
| $node.UserId = $SID | |
| # Save XML | |
| $xmlDoc.Save("$TempConfig") | |
| Register-ScheduledTask -xml (Get-Content "$TempConfig" | Out-String) -TaskName "LHX-LockOnPasswordChangeSystem" -TaskPath '\LHX-LockOnPasswordChange' -Force -Verbose | |
| Remove-Item $TempConfig -Force | |
| } | |
| } | |
| # Run Scheduled Task | |
| Start-ScheduledTask -TaskPath '\LHX-LockOnPasswordChange' -TaskName 'LHX-LockOnPasswordChangeSystem' -Verbose | |
| Stop-Transcript |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment