Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121
fleet/docs/solutions/windows/scripts/trigger scep enrollment.ps1
Dale Ribeiro 573d493bb5
Dale solutions cleanup 2 (#35108) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-11-03 11:30:04 -05:00

79 lines
2.7 KiB
PowerShell
Raw Blame History

# ----- USER SETTINGS -----
# FOR GUI USAGE:
# Add your secret (with FLEET_SECRET_ prefix) to Fleet Desktop's Controls > Variables
# Example: If you create a variable named "API", it becomes FLEET_SECRET_API
# Then update the variable name in the line below to match your Fleet secret name
# WARNING: Fleet will fail to upload this script if the variable name doesn't exist in your Fleet secrets
# FOR GITOPS USAGE:
# Add your GitHub secret to the workflow env section (see Fleet guide for details)
# Example: FLEET_SECRET_API: ${{ secrets.FLEET_API_TOKEN }}
# GitOps will automatically upload the variable to Fleet when syncing
#
# For complete documentation on Fleet variables, see:
# https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles
$NODE_NAME = "OKTA"
# Edit this to match your CSP node name
$FLEET_API = "$FLEET_SECRET_API"
# Update this to match your Fleet secret name
# -------------------------
$CmdId = [System.DateTimeOffset]::UtcNow.ToUnixTimeSeconds()
Write-Host "Current Date and Time (UTC - YYYY-MM-DD HH:MM:SS formatted): $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
Write-Host "Fleet URL: $env:FLEET_DESKTOP_FLEET_URL"
try {
$HostUUID = (Get-CimInstance Win32_ComputerSystemProduct).UUID
Write-Host "Host UUID: $HostUUID"
} catch {
$HostUUID = (Get-WmiObject Win32_ComputerSystemProduct).UUID
Write-Host "Host UUID (via WMI): $HostUUID"
}
Write-Host "Command ID: $CmdId"
Write-Host "Triggering SCEP enrollment..."
$SyncML = @"
<Exec>
<CmdID>$CmdId</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/$NODE_NAME/Install/Enroll</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">null</Format>
<Type>text/plain</Type>
</Meta>
<Data></Data>
</Item>
</Exec>
"@
$EncodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($SyncML))
$Body = @{
command = $EncodedCommand
host_uuids = @($HostUUID)
} | ConvertTo-Json
Write-Host "Sending MDM command to host: $HostUUID"
try {
$Response = Invoke-RestMethod -Uri "$env:FLEET_DESKTOP_FLEET_URL/api/v1/fleet/commands/run" `
-Method POST `
-Headers @{"Authorization"="Bearer $FLEET_API";"Content-Type"="application/json"} `
-Body $Body
$CommandUUID = $Response.command_uuid
Write-Host "PASS - SCEP enrollment command sent successfully!"
Write-Host "Command UUID: $CommandUUID"
Write-Host ""
Write-Host "To check results, copy and paste this command:"
Write-Host "fleetctl get mdm-command-results --id=$CommandUUID"
}
catch {
Write-Host "FAIL - SCEP enrollment failed: $($_.Exception.Message)"
if ($_.ErrorDetails) {
Write-Host "Error Details: $($_.ErrorDetails.Message)"
}
}
Reference in a new issue View git blame Copy permalink