Added scripts from https://github.com/ThatsNASt PR
Added all but the Reset-TSGracePeriod.ps1 script as it prompts for input.
This commit is contained in:
meyerje
GitHub
parent
752e5375b2
commit
a5efb4e16a
|
|
@ -0,0 +1,23 @@
|
|||
## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm
|
||||
#Returns basic information about BIOS
|
||||
#Test Passed on Windows 7 8 Workstations and Server 2008
|
||||
|
||||
Try {
|
||||
$colBios = Get-WmiObject -Class "Win32_BIOS"
|
||||
Foreach ($objBios in $colBios) {
|
||||
$rDate = [System.Management.ManagementDateTimeconverter]::ToDateTime($objBios.ReleaseDate)
|
||||
Write-Host "Status is" $objBios.Status
|
||||
Write-Host "Primary BIOS is" $objBios.PrimaryBIOS
|
||||
Write-Host "SMBIOS BIOS Version is" $objBios.SMBIOSBIOSVersion
|
||||
Write-Host "SMBIOS Major Version is" $objBios.SMBIOSMajorVersion
|
||||
Write-Host "SMBIOS Minor Version is" $objBios.SMBIOSMinorVersion
|
||||
Write-Host "Manufacturer is" $objBios.Manufacturer
|
||||
Write-Host "Release Date is" $rDate
|
||||
}
|
||||
Write-Host "Script Check passed"
|
||||
Exit 0
|
||||
}
|
||||
Catch {
|
||||
Write-Host "Script Check Failed"
|
||||
Exit 1001
|
||||
}
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm
|
||||
function Log-Message {
|
||||
Param
|
||||
(
|
||||
[Parameter(Mandatory = $true, Position = 0)]
|
||||
[string]$LogMessage,
|
||||
[Parameter(Mandatory = $false, Position = 1)]
|
||||
[string]$LogFile,
|
||||
[Parameter(Mandatory = $false, Position = 2)]
|
||||
$Echo
|
||||
)
|
||||
if ($LogFile) {
|
||||
Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage) | Out-File -Append $LogFile
|
||||
if ($Echo) {
|
||||
Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage)
|
||||
}
|
||||
}
|
||||
Else {
|
||||
Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage)
|
||||
}
|
||||
}
|
||||
$log = "BitlockerReport.txt"
|
||||
|
||||
#Find BL info
|
||||
$mbde = [string](manage-bde -status)
|
||||
$mbdeProt = (manage-bde -protectors -get c: | Select-Object -Skip 6)
|
||||
#Dig out the recovery password, check for PIN
|
||||
ForEach ($line in $mbdeProt) {
|
||||
if ($line -like "******-******-******-******-******-******-******-******") {
|
||||
$RecoveryPassword = $line.Trim()
|
||||
}
|
||||
if ($line -like "*TPM And PIN:*") {
|
||||
$PIN = $true
|
||||
}
|
||||
}
|
||||
#Determine BL status
|
||||
if ($mbde.Contains("Fully Decrypted")) {
|
||||
$Encrypted = "No"
|
||||
}
|
||||
if ($mbde.Contains("Fully Encrypted")) {
|
||||
$Encrypted = "Yes"
|
||||
}
|
||||
if ($mbde.Contains("Encryption in Progress")) {
|
||||
$Encrypted = "InProgress"
|
||||
}
|
||||
if ($mbde.Contains("Decryption in Progress")) {
|
||||
$Encrypted = "InProgressNo"
|
||||
}
|
||||
|
||||
#Check for recovery password, report if found.
|
||||
if ($RecoveryPassword) {
|
||||
Try {
|
||||
Log-Message "RP: $RecoveryPassword" $log e -ErrorAction Stop
|
||||
}
|
||||
#Catch for recovery password in place but encryption not active
|
||||
Catch {
|
||||
Log-Message "Could not retrieve recovery password, but it is enabled." $log e
|
||||
}
|
||||
}
|
||||
if (!$RecoveryPassword) {
|
||||
Log-Message "No Recovery Password found." $log e
|
||||
}
|
||||
|
||||
#Try to make a summary for common situations
|
||||
if ($Encrypted -eq "No" -and !$RecoveryPassword) {
|
||||
Log-Message "WARNING: Decrypted, no password." $log e
|
||||
exit 2001
|
||||
}
|
||||
if ($Encrypted -eq "No" -and $RecoveryPassword) {
|
||||
Log-Message "WARNING: Decrypted, password set. Interrupted process?" $log e
|
||||
exit 2002
|
||||
}
|
||||
if ($Encrypted -eq "Yes" -and !$RecoveryPassword) {
|
||||
Log-Message "WARNING: Encrypted, no password." $log e
|
||||
exit 2000
|
||||
}
|
||||
if ($Encrypted -eq "InProgress" -and $RecoveryPassword) {
|
||||
Log-Message "WARNING: Encryption in progress, password set." $log e
|
||||
exit 3000
|
||||
}
|
||||
if ($Encrypted -eq "InProgress" -and !$RecoveryPassword) {
|
||||
Log-Message "WARNING: Encryption in progress, no password." $log e
|
||||
exit 3001
|
||||
}
|
||||
if ($Encrypted -eq "InProgressNo") {
|
||||
Log-Message "WARNING: Decryption in progress" $log e
|
||||
exit 3002
|
||||
}
|
||||
if ($Encrypted -eq "Yes" -and $RecoveryPassword -and !$PIN) {
|
||||
Log-Message "WARNING: Encrypted, PIN DISABLED, password is set." $log e
|
||||
exit 3003
|
||||
}
|
||||
if ($Encrypted -eq "Yes" -and $RecoveryPassword -and $PIN -eq $true) {
|
||||
Log-Message "SUCCESS: Encrypted, PIN enabled, password is set." $log e
|
||||
Write-Host "Script check passed"
|
||||
exit 0
|
||||
}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm
|
||||
|
||||
$x = Get-WMIObject -Namespace "root/CIMV2/Security/MicrosoftVolumeEncryption" -query "SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'";
|
||||
$y = $x.GetProtectionStatus().ProtectionStatus
|
||||
if ($y -eq 1) {
|
||||
Write-Host "OK"; exit 0
|
||||
}
|
||||
else {
|
||||
Write-Host "FAIL $y"; exit 1
|
||||
}
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm
|
||||
## Remvoed the use of the alias sleep, replaced with Start-Sleep.
|
||||
$ErrorActionPreference = "Stop"
|
||||
$log = "BitlockerReport.txt"
|
||||
#Sleep to allow the report to run first as DSC
|
||||
Start-Sleep 20
|
||||
|
||||
#Function to archive old reports so that the Dash can read recent events
|
||||
$newlog = "BitlockerReportArchive.txt"
|
||||
$archived = ("{0}_{1}" -f (Get-Date -f d), $newlog)
|
||||
$archived = $archived.Replace("/", "-")
|
||||
$exists = Test-Path -Path $log
|
||||
$logsize = (Get-Item $log).length
|
||||
function RunArchive {
|
||||
if ($logsize -gt 100kb) {
|
||||
Rename-Item $log $archived
|
||||
Try {
|
||||
New-Item -ItemType directory -Path "Archive"
|
||||
}
|
||||
Catch {
|
||||
}
|
||||
Move-Item $archived -Destination "Archive" -Force
|
||||
Write-Host "Log file has been archived."
|
||||
Write-Host "Script Check Passed"
|
||||
exit 0
|
||||
if (!$exists) {
|
||||
Write-Host "Could not find log file to archive."
|
||||
exit 1001
|
||||
}
|
||||
}
|
||||
if ($logsize -lt 100kb) {
|
||||
Write-Host "Log size in bytes: $logsize"
|
||||
}
|
||||
}
|
||||
|
||||
#Actually retrieve the report and read it back
|
||||
Try {
|
||||
Write-Output ("`n{0} - {1}" -f (Get-Date), "Retrieving bitlocker report log....`n")
|
||||
Get-Content "BitlockerReport.txt" | Write-Host
|
||||
RunArchive
|
||||
Write-Host "Script Check Passed"
|
||||
exit 0
|
||||
}
|
||||
Catch {
|
||||
Write-Host "Could not get bitlocker report."
|
||||
Write-Host $Error[0]
|
||||
exit 1002
|
||||
}
|
||||
|
||||
exit $LASTEXITCODE
|
||||
Loading…
Reference in New Issue