Update-SecureMfaThreatDetectionModuleConfig.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<#
     .SYNOPSIS
        Update SecureMfaThreatDetection Module Configuration for ADFS server.
    .DESCRIPTION
        Updates SecureMfaThreatDetectionModule with a new SecureMfaThreatDetectionModule.json setting without restarting ADFS service. New settings are activated immediately on ADFS server. You need to run it on all ADFS nodes (not web application proxy servers).
        This command must be executed using an elevated PowerShell command window on your federation server(s)
        If you are using a federation server farm that uses Windows Internal Database, you must execute commands on the primary federation server first
 
    .PARAMETER Force
        Force parameter suspends prompt message.
 
    .NOTES
        Version: 2.0.0.4
        Author: SecureMfa.com
        Creation Date: 02/08/2021
        Purpose/Change: Incorporated into PS module
   
    .EXAMPLE
        C:\PS> Update-SecureMfaThreatDetectionModuleConfig
 
        This command will update SecureMfaThreatDetectionModule configuration for a ADFS node.
 
    .EXAMPLE
        C:\PS> Update-SecureMfaThreatDetectionModuleConfig -Force
          
        This command will update SecureMfaThreatDetectionModule configuration from a ADFS node without any prompts.
#>


$configpath = (Join-Path -Path $PSScriptRoot -ChildPath SecureMfaThreatDetectionModule.json)

#Check if windows events source for application log exist, if not create one.
if ([System.Diagnostics.EventLog]::SourceExists("Secure MFA TDM") -eq $False) {New-EventLog -LogName "Application" -Source "Secure MFA TDM"; Write-Host "Secure MFA TDM Log Source Created."}

#Check if ADFS service is available
if((Get-Service adfssrv -ErrorAction SilentlyContinue).Status -eq "Stopped") {Start-Service adfssrv ; write-host "Starting ADFS Service on $env:COMPUTERNAME" -ForegroundColor Yellow;}

Function Update-SecureMfaThreatDetectionModuleConfig {
Param
(
    [Parameter(Mandatory=$false, ParameterSetName="Default")]
    [Switch]$Force
)

    #Confirm unisntall
    $message  = "Do you want to update SecureMfaThreatDetectionModule using $configpath on $env:computername ?"            
    $question = 'Please confirm?'
    $choices = New-Object Collections.ObjectModel.Collection[Management.Automation.Host.ChoiceDescription]
    $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&Yes'))
    $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&No'))
    if(!($force)) {$decision_option = $Host.UI.PromptForChoice($message, $question, $choices, 0)}

    if ($decision_option -eq 0 -or $Force) 
        {
        try
        {
            $Error.Clear()
            if (!(Test-Path $configpath -Type Leaf) ) { throw "The config $configpath does not exist" }
            Write-Host "Updating SecureMfaThreatDetectionModule configuration on $env:computername" -ForegroundColor Yellow 

            #Unregister SecureMfaThreatDetectionModule from ADFS
            Import-AdfsThreatDetectionModuleConfiguration -Name "SecureMfaThreatDetectionModule" -ConfigurationFilePath $configpath            

            #Remove SecureMfaThreatDetectionModule DLL from GAC assembly
            Write-Host "Update completed using $configpath" -ForegroundColor yellow;
            Get-Content $configpath
        
        }
        catch
        {
            Write-Host "$($MyInvocation.InvocationName): $_" -ForegroundColor red
        }     

        } 
    else {Write-Host "Skiping SecureMfaThreatDetectionModule unistall from $env:computername" -ForegroundColor Yellow }     

}