impact/Add-ImpactLogonTask.ps1
|
function Add-ImpactLogonTask { # This function is used for building Scheduled Tasks. At minimum, it requires the filename of the script and the content encoded as base64. param ( [parameter (Mandatory=$true)] [string] $Name, [parameter (Mandatory=$true)] [string] $Command, [parameter (Mandatory=$false)] [string] $Argument, [parameter (Mandatory=$false)] [string] $WorkingDir, [parameter (Mandatory=$false)] [switch] $OnLogon=$True, [parameter (Mandatory=$false)] [switch] $OnUnlock=$False, [parameter (Mandatory=$false)] [switch] $CommandIsImpactPS=$False ) If (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { If (($OnLogon -eq $false) -and ($OnUnlock -eq $false)) { Write-Error "No Triggers Defined" Return } If ($CommandIsImpactPS) { $LatestImpactPSModule = (Get-Module ImpactPartnership-PS -ListAvailable | Where-Object -Property ModuleBase -Like "$env:ProgramFiles\WindowsPowerShell\Modules\ImpactPartnership-PS\*" |Sort-Object -Descending -Property Version | Select -First 1).ModuleBase $PSRun = "$LatestImpactPSModule\lib\PSRun.vbs" $Argument = "`"$PSRun`" `"$Command`"" $Command = "C:\WINDOWS\System32\wscript.exe" $WorkingDir = "$LatestImpactPSModule\lib" } # Build the Task $TaskActionParameters = @{ Execute = "$Command" } If ($Argument -ne "") { $TaskActionParameters += @{ Argument = "$Argument" } } If ($WorkingDir -ne "") { $TaskActionParameters += @{ WorkingDirectory = "$WorkingDir" } } $TaskAction = New-ScheduledTaskAction @TaskActionParameters $TaskTriggers = @() If ($OnLogon) {$TaskTriggers += $(New-ScheduledTaskTrigger -AtLogon)} If ($OnUnlock) { $stateChangeTrigger = Get-CimClass ` -Namespace ROOT\Microsoft\Windows\TaskScheduler ` -ClassName MSFT_TaskSessionStateChangeTrigger $TaskTriggers += $(New-CimInstance ` -CimClass $stateChangeTrigger ` -Property @{ StateChange = 8 # TASK_SESSION_STATE_CHANGE_TYPE.TASK_SESSION_UNLOCK (taskschd.h) } ` -ClientOnly) } $TaskPrincipal = New-ScheduledTaskPrincipal -GroupId S-1-5-32-545 -Id "User" -RunLevel Limited # Register the task Register-ScheduledTask -Action $TaskAction -Trigger $TaskTriggers -Principal $TaskPrincipal -TaskName "$Name" -TaskPath "Impact Tasks" -Force } else { Write-Host "This Impact Partnership command requires elevation." -ForegroundColor Red } } |