Public/New-SecureScriptTask.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Function New-SecureScriptTask {
    <#
.SYNOPSIS
This function registers a PowerShell script task in Windows Task Scheduler with added script security.
 
.DESCRIPTION
This function registers a PowerShell script task in Windows Task Scheduler with added script security by checking the file matches the original file.
 
.PARAMETER ScriptPath
Specify the full path of the PowerShell script file.
 
.PARAMETER TaskName
Specifies the name of a scheduled task.
 
.PARAMETER TaskDescription
Briefly describes the task. If not specified the TaskName will be used.
 
.PARAMETER UserID
Specifies the user ID that Task Scheduler uses to run the tasks that are associated with the principal.
 
.PARAMETER RunLevel
Specifies the level of user rights that Task Scheduler uses to run the tasks that are associated with the principal.
 
.EXAMPLE
New-SecureScriptTask -ScriptPath "C:\Scripts\Delete-User.ps1" -TaskName "Delete-User-Task"
 
.EXAMPLE
$Params = @{
    ScriptPath = "C:\Scripts\Delete-User.ps1";
    TaskName = "Delete-User-Task";
    TaskDescription = "Delete User Task";
    UserId = "Administrator";
    RunLevel = "Highest"
}
New-SecureScriptTask @Params
 
.NOTES
Developed by Nicholas Mangraviti
 
.LINK
https://virtuallywired.io
 
#>

    [CmdletBinding(PositionalBinding = $false)]
    param(
        [Parameter(Mandatory = $true)]
        [ValidateScript( { Test-Path $ScriptPath })]
        [String]$ScriptPath,
        [Parameter(Mandatory = $true)]
        [String]$TaskName,
        [Parameter(Mandatory = $false)]
        [String]$TaskDescription = $TaskName,
        [Parameter(Mandatory = $false)]
        [String]$UserID = "Administrator",
        [Parameter(Mandatory = $false)]
        [ValidateSet("Highest", "Limited")]
        [String]$RunLevel = "Highest"
    )
    ## Creating Task Argument String Using File Hash and Script Path.
    [string]$TaskArg = 'If ((Get-FileHash "{0}").Hash -eq "{1}") {{"{0}"}}' -f $ScriptPath, (Get-FileHash -Path $ScriptPath).Hash

    ## Creating New Task Action.
    $Params = @{
        Execute  = "powershell.exe";
        Argument = "$($TaskArg)"
    }

    $TaskAction = New-ScheduledTaskAction @Params

    ## Creating Task Principal.
    $Params = @{
        UserId   = "$($UserID)";
        RunLevel = "$($RunLevel)"
    }
    $TaskPrincipal = New-ScheduledTaskPrincipal @Params

    # Registering The Scheduled Task.
    $Params = @{
        TaskName    = $TaskName;
        Action      = $TaskAction;
        Description = $TaskDescription;
        Principal   = $TaskPrincipal
    }
    Register-ScheduledTask @Params
}