Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Revert "Add Windows scripts and set scripts table width" (#15590)

Browse source
This commit is contained in:
Luke Heath 2023-12-12 12:20:41 -06:00 committed by GitHub
parent 8c548afe31
commit 47e8e57d5a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 0 additions and 226 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
frontend/pages/hosts/details/cards/Scripts/_styles.scss
View file

@ -9,18 +9,6 @@
line-height: 1.5;
}
.table-container {
.name__header {
width: 50%;
}
.last_execution__header {
width: 25%;
}
.actions__header {
width: 25%;
}
}
.table-container__header-left {
display: block;
}

52
scripts/mdm/windows/windows-change-password.ps1
View file

@ -1,52 +0,0 @@
# PowerShell script to log off all users and change their passwords
# Function to generate a random password
function Generate-Password {
param (
[int]$length = 12
)
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-+=<>?/"
$password = -join ((1..$length) | ForEach-Object { Get-Random -Maximum $chars.length } | ForEach-Object { $chars[$_]} )
return $password
}
# Log off all non-administrative users
$loggedOffUsers = @{}
Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } | ForEach-Object {
$username = $_.LocalPath.Split('\')[-1]
if ($username -ne "Administrator" -and $username -ne $env:USERNAME -and -not $loggedOffUsers.ContainsKey($username)) {
try {
$userSessions = query user | Where-Object { $_ -match "\b$username\b" }
foreach ($session in $userSessions) {
if ($session -match "\s+(\d+)\s+Disc\s+") {
# Disconnected sessions can't be logged off
continue
}
elseif ($session -match "\s+(\d+)\s+") {
$sessionID = $matches[1]
logoff $sessionID
$loggedOffUsers[$username] = $true
Write-Host "Logged out user: $username"
}
}
} catch {
Write-Host "Could not log off user: $username. Error: $($_.Exception.Message)"
}
}
}
# Get all local user accounts except built-in accounts like 'Administrator'
$users = Get-LocalUser | Where-Object { $_.Name -notlike "Administrator" -and $_.PrincipalSource -eq "Local" }
# Change password for each user and output the new password
foreach ($user in $users) {
$newPassword = Generate-Password -length 12
$securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force
try {
Set-LocalUser -Name $user.Name -Password $securePassword
Write-Host "Password for user $($user.Name) changed successfully. New Password: $newPassword"
} catch {
Write-Host "Failed to change password for user $($user.Name)"
}
}

8
scripts/mdm/windows/windows-disable-administrator.ps1
View file

@ -1,8 +0,0 @@
# PowerShell script to disable the Administrator account
# Run this script as an administrator
# Disable the Administrator account
Disable-LocalUser -Name "Administrator"
Write-Host "Administrator account has been disabled."

29
scripts/mdm/windows/windows-enable-administrator.ps1
View file

@ -1,29 +0,0 @@
# PowerShell script to enable the Administrator account and set a random, secure password
# Run this script as an administrator
# Function to generate a random password
function Generate-Password {
param (
[int]$length = 12
)
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-+=<>?/"
$password = -join ((1..$length) | ForEach-Object { Get-Random -Maximum $chars.length } | ForEach-Object { $chars[$_]} )
return $password
}
# Generate a random password
$password = Generate-Password -length 12
# Convert the password to a SecureString
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
# Enable the Administrator account
Enable-LocalUser -Name "Administrator"
# Set the generated password for the Administrator account
Set-LocalUser -Name "Administrator" -Password $securePassword
# Output the password
Write-Host "Administrator account has been enabled."
Write-Host "Generated Password: $password"

35
scripts/mdm/windows/windows-lock.ps1
View file

@ -1,35 +0,0 @@
# PowerShell script to log off all non-administrative users and disable their accounts
# Log off all non-administrative users
$loggedOffUsers = @{}
Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } | ForEach-Object {
$username = $_.LocalPath.Split('\')[-1]
if ($username -ne "Administrator" -and $username -ne $env:USERNAME -and -not $loggedOffUsers.ContainsKey($username)) {
try {
$userSessions = query user | Where-Object { $_ -match "\b$username\b" }
foreach ($session in $userSessions) {
if ($session -match "\s+(\d+)\s+Disc\s+") {
# Disconnected sessions can't be logged off
continue
}
elseif ($session -match "\s+(\d+)\s+") {
$sessionID = $matches[1]
logoff $sessionID
$loggedOffUsers[$username] = $true
Write-Host "Logged out user: $username"
}
}
} catch {
Write-Host "Could not log off user: $username. Error: $($_.Exception.Message)"
}
}
}
# Disable all non-administrative local user accounts
Get-LocalUser | Where-Object { $_.Enabled -eq $true -and $_.Name -ne "Administrator" } | ForEach-Object {
$username = $_.Name
Disable-LocalUser -Name $username
Write-Host "Disabled account for $username"
}
Write-Host "All non-administrative users have been logged out and their accounts disabled."

14
scripts/mdm/windows/windows-unlock.ps1
View file

@ -1,14 +0,0 @@
# PowerShell script to enable all disabled local user accounts
# Get all local user accounts
$localUsers = Get-LocalUser
# Enable each disabled user account
foreach ($user in $localUsers) {
if ($user.Enabled -eq $false) {
Enable-LocalUser -Name $user.Name
Write-Host "Enabled user account: $($user.Name)"
}
}
Write-Host "All disabled user accounts have been enabled."

76
scripts/mdm/windows/windows-wipe.ps1
View file

@ -1,76 +0,0 @@
# PowerShell script to wipe user data and then make the Windows system inoperable
# Function to delete user data
function Wipe-UserData {
$userFolders = Get-ChildItem C:\Users -Directory
foreach ($folder in $userFolders) {
if ($folder.Name -notlike "Public" -and $folder.Name -notlike "Default*" -and $folder.Name -notlike "Administrator") {
$path = $folder.FullName
Write-Host "Wiping user data in $path"
Remove-Item -Path $path -Recurse -Force
}
}
}
# Function to delete critical system files and directories
function Wipe-SystemFiles {
$criticalPaths = @(
"C:\Program Files",
"C:\Program Files (x86)",
"C:\Windows\System32",
"C:\Windows\SysWOW64"
# Add other critical paths as necessary
)
foreach ($path in $criticalPaths) {
if (Test-Path $path) {
try {
Takeown /f $path /r /d y
Icacls $path /grant administrators:F /t
Remove-Item -Path $path -Recurse -Force
Write-Host "Wiped $path"
} catch {
Write-Host "Failed to wipe $path"
}
}
}
}
# Log off all non-administrative users
$loggedOffUsers = @{}
Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } | ForEach-Object {
$username = $_.LocalPath.Split('\')[-1]
if ($username -ne "Administrator" -and $username -ne $env:USERNAME -and -not $loggedOffUsers.ContainsKey($username)) {
try {
$userSessions = query user | Where-Object { $_ -match "\b$username\b" }
foreach ($session in $userSessions) {
if ($session -match "\s+(\d+)\s+Disc\s+") {
# Disconnected sessions can't be logged off
continue
}
elseif ($session -match "\s+(\d+)\s+") {
$sessionID = $matches[1]
logoff $sessionID
$loggedOffUsers[$username] = $true
Write-Host "Logged out user: $username"
}
}
} catch {
Write-Host "Could not log off user: $username. Error: $($_.Exception.Message)"
}
}
}
# Disable all non-administrative local user accounts
Get-LocalUser | Where-Object { $_.Enabled -eq $true -and $_.Name -ne "Administrator" } | ForEach-Object {
$username = $_.Name
Disable-LocalUser -Name $username
Write-Host "Disabled account for $username"
}
# Start the wiping process
Wipe-UserData
Wipe-SystemFiles
Write-Host "Wiping process completed."