-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnewProfile.ps1
279 lines (254 loc) · 6.35 KB
/
newProfile.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
<# NEWPROFILE.PS1
Synopsis
Newprofile.ps1 runs after the user signs in with their target account.
DESCRIPTION
This script is used to capture the SID of the destination user account after sign in. The SID is then written to the registry.
USE
This script is intended to be run as a scheduled task. The task is created by the startMigrate.ps1 script and is disabled by this script.
.OWNER
Steve Weiner
.CONTRIBUTORS
Logan Lautt
Jesse Weimer
#>
$ErrorActionPreference = "SilentlyContinue"
# CMDLET FUNCTIONS
# set log function
function log()
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[string]$message
)
$ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss tt"
Write-Output "$ts $message"
}
# CMDLET FUNCTIONS
# START SCRIPT FUNCTIONS
# get json settings
function getSettingsJSON()
{
param(
[string]$json = "settings.json"
)
$global:settings = Get-Content -Path "$($PSScriptRoot)\$($json)" | ConvertFrom-Json
return $settings
}
# initialize script
function initializeScript()
{
Param(
[string]$logPath = $settings.logPath,
[string]$logName = "newProfile.log",
[string]$localPath = $settings.localPath
)
Start-Transcript -Path "$logPath\$logName" -Verbose
log "Initializing script..."
if(!(Test-Path $localPath))
{
mkdir $localPath
log "Local path created: $localPath"
}
else
{
log "Local path already exists: $localPath"
}
$global:localPath = $localPath
$context = whoami
log "Running as $($context)"
log "Script initialized"
return $localPath
}
# get new user SID
function getNewUserSID()
{
Param(
[string]$regPath = $settings.regPath,
[string]$newUser = (Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty UserName),
[string]$newUserSID = (New-Object System.Security.Principal.NTAccount($newUser)).Translate([System.Security.Principal.SecurityIdentifier]).Value
)
log "New user: $newUser"
if(![string]::IsNullOrEmpty($newUserSID))
{
reg.exe add $regPath /v "NewUserSID" /t REG_SZ /d $newUserSID /f | Out-Host
log "SID written to registry"
}
else
{
log "New user SID not found"
}
}
# disable newProfile task
function disableNewProfileTask()
{
Param(
[string]$taskName = "newProfile"
)
Disable-ScheduledTask -TaskName $taskName -ErrorAction Stop
log "newProfile task disabled"
}
# revoke logon provider
function revokeLogonProvider()
{
Param(
[string]$logonProviderPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}",
[string]$logonProviderName = "Disabled",
[int]$logonProviderValue = 1
)
reg.exe add $logonProviderPath /v $logonProviderName /t REG_DWORD /d $logonProviderValue /f | Out-Host
log "Revoked logon provider."
}
# set lock screen caption
function setLockScreenCaption()
{
Param(
[string]$targetTenantName = $settings.targetTenant.tenantName,
[string]$legalNoticeRegPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System",
[string]$legalNoticeCaption = "legalnoticecaption",
[string]$legalNoticeCaptionValue = "Almost there...",
[string]$legalNoticeText = "legalnoticetext",
[string]$legalNoticeTextValue = "Your PC will restart one more time to join the $($targetTenantName) environment."
)
log "Setting lock screen caption..."
reg.exe add $legalNoticeRegPath /v $legalNoticeCaption /t REG_SZ /d $legalNoticeCaptionValue /f | Out-Host
reg.exe add $legalNoticeRegPath /v $legalNoticeText /t REG_SZ /d $legalNoticeTextValue /f | Out-Host
log "Set lock screen caption."
}
# enable auto logon
function enableAutoLogon()
{
Param(
[string]$autoLogonPath = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon",
[string]$autoLogonName = "AutoAdminLogon",
[string]$autoLogonValue = 1
)
log "Enabling auto logon..."
reg.exe add $autoLogonPath /v $autoLogonName /t REG_SZ /d $autoLogonValue /f | Out-Host
log "Auto logon enabled."
}
# set finalBoot task
function setFinalBootTask()
{
Param(
[string]$taskName = "finalBoot",
[string]$taskXML = "$($localPath)\$($taskName).xml"
)
log "Setting $($taskName) task..."
if($taskXML)
{
schtasks.exe /Create /TN $taskName /XML $taskXML
log "$($taskName) task set."
}
else
{
log "Failed to set $($taskName) task: $taskXML not found"
}
}
# END SCRIPT FUNCTIONS
# START SCRIPT
# get settings
try
{
getSettingsJSON
log "Settings retrieved"
}
catch
{
$message = $_.Exception.Message
log "Settings not loaded: $message"
log "Exiting script"
Exit 1
}
# initialize script
try
{
initializeScript
log "Script initialized"
}
catch
{
$message = $_.Exception.Message
log "Failed to initialize script: $message"
log "Exiting script"
Exit 1
}
# get new user SID
try
{
getNewUserSID
log "New user SID retrieved"
}
catch
{
$message = $_.Exception.Message
log "Failed to get new user SID: $message"
log "Exiting script"
Exit 1
}
# disable newProfile task
try
{
disableNewProfileTask
log "newProfile task disabled"
}
catch
{
$message = $_.Exception.Message
log "Failed to disable newProfile task: $message"
log "Exiting script"
Exit 1
}
# revoke logon provider
try
{
revokeLogonProvider
log "Logon provider revoked"
}
catch
{
$message = $_.Exception.Message
log "Failed to revoke logon provider: $message"
log "WARNING: Logon provider not revoked"
}
# set lock screen caption
try
{
setLockScreenCaption
log "Lock screen caption set"
}
catch
{
$message = $_.Exception.Message
log "Failed to set lock screen caption: $message"
log "WARNING: Lock screen caption not set"
}
# enable auto logon
try
{
enableAutoLogon
log "Auto logon enabled"
}
catch
{
$message = $_.Exception.Message
log "Failed to enable auto logon: $message"
log "WARNING: Auto logon not enabled"
}
# set finalBoot task
try
{
setFinalBootTask
log "finalBoot task set"
}
catch
{
$message = $_.Exception.Message
log "Failed to set finalBoot task: $message"
log "Exiting script"
Exit 1
}
Start-Sleep -Seconds 2
log "rebooting computer"
shutdown -r -t 00
Stop-Transcript