Announcement

Collapse
No announcement yet.

Script Requests - Itarian team will write the scripts for you :) for FREE.

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hi Walsh1,

    If you are in need of the script, please try this JSON file and let us know your feedback
    20210303-windows_hosts.json

    Kind Regards,
    PremJK

    Comment


    • I am looking for a script to do the following.

      Create Folder
      Download A file or Multiple Files into this folder (i may have 1-5 files)
      Install 2 Different font files (These will likely be in the previously downloaded files in the folder created, for ease of use, or can be seperate)

      Also in addition to fully automate this process, Add the Folder Created to the Trusted Locations in excel.

      Comment


      • Originally posted by Cronus View Post
        I am looking for a script to do the following.

        Create Folder
        Download A file or Multiple Files into this folder (i may have 1-5 files)
        Install 2 Different font files (These will likely be in the previously downloaded files in the folder created, for ease of use, or can be seperate)

        Also in addition to fully automate this process, Add the Folder Created to the Trusted Locations in excel.
        Hi Cronus

        Hmmm... Have you considered packing those files into a single zip file and then using the following script?

        Download zip file from Google Drive, unzip it, run CMD script
        https://forum.itarian.com/forum/scri...run-cmd-script

        We are using this one for distributing fonts to the endpoints and it's working pretty fine for us: we just pack the fonts along with a cmd script that just copies the fonts to the C:\Windows\Fonts folder and then adds the fonts to the registry at both "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Fonts" and "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Micro soft \Windows NT\CurrentVersion\Fonts". As this adds the fonts to the system for all the users on the computer, you would not need to add the new fonts folder to the Trusted Folder.

        Worth a try, I think.

        Hope this will help. Have a nice day!
        -- Javier Llorente
        Endpoint Security - Devoteam

        Comment


        • This might work and I"ll try it out. Do you have the exact batch script to install a font? That would save me some time researching that.

          As far as Trusted Folder, thats still needed as im putting an excel file somewhere thats not already trusted. But I think I'll just install that to a trusted location and then make a shortcut for it.

          Comment


          • Can you "convert" this PowerShell? It will enable BitLocker on the system drive and backup the key to Azure AD

            Code:
            <#
            DESCRIPTION
            This script will enable bitlocker on the systemdrive and backup the key to Azure AD.
            #>
            
            
            
            [cmdletbinding()]
            param(
            [Parameter()]
            [ValidateNotNullOrEmpty()]
            [string] $OSDrive = $env:SystemDrive
            )
            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
            
            #Create directory is not exist
            $psdirectory = "$osdrive\Program Files (x86)\Scripts\Bitlocker"
            If(!(test-path $psdirectory))
            {
            New-Item -ItemType Directory -Force -Path $psdirectory
            }
            
            #Start session log
            Start-Transcript -Path $psdirectory\pslogmainscript.txt -Append
            
            try
            {
            
            #Check if bitlocker already have a recoverykey, if it dosent it will enable bitlocker and create new recoverykey
            $checkifexist = (Get-BitLockerVolume -MountPoint $OSDrive).KeyProtector | Where-Object {$_.KeyProtectorType -eq 'RecoveryPassword'}
            if($checkifexist) {
            Write-host "Bitlocker is already enabled and have recoverykey"
            }
            else{
            
            $bdeProtect = Get-BitLockerVolume $OSDrive | Select-Object -Property VolumeStatus
            if ($bdeProtect.VolumeStatus -eq "FullyDecrypted")
            {
            # Enable Bitlocker using TPM
            Enable-BitLocker -MountPoint $OSDrive -TpmProtector -ErrorAction Continue
            Enable-BitLocker -MountPoint $OSDrive -RecoveryPasswordProtector
            
            }
            }
            
            #Check if we can use BackupToAAD-BitLockerKeyProtector commandlet
            $cmdName = "BackupToAAD-BitLockerKeyProtector"
            if (Get-Command $cmdName -ErrorAction SilentlyContinue)
            {
            #BackupToAAD-BitLockerKeyProtector commandlet exists
            $BLK = (Get-BitLockerVolume -MountPoint $OSDrive).KeyProtector | Where-Object {$_.KeyProtectorType -eq 'RecoveryPassword'}
            if ($BLK.count -gt 1){
            Write-Host "There are multiple recovery keys, will backup key number 1 to AzureAD"
            $key = $BLK[0]
            BackupToAAD-BitLockerKeyProtector -MountPoint $OSDrive -KeyProtectorId $key.KeyProtectorId
            }
            
            else {
            Write-Host "There are only one recovery key, will start to backup to AzureAD"
            BackupToAAD-BitLockerKeyProtector -MountPoint $OSDrive -KeyProtectorId $BLK.KeyProtectorId
            }
            
            }
            else{
            
            # BackupToAAD-BitLockerKeyProtector commandlet not available, using other mechanisme
            # Get the AAD Machine Certificate
            $cert = Get-ChildItem Cert:\LocalMachine\My\ | Where-Object { $_.Issuer -match "CN=MS-Organization-Access" }
            
            # Obtain the AAD Device ID from the certificate
            $id = $cert.Subject.Replace("CN=","")
            
            # Get the tenant name from the registry
            $tenant = (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomain Join\JoinInfo\$($id)).UserEmail.Split('@')[1]
            
            # Generate the body to send to AAD containing the recovery information
            # Get the BitLocker key information from WMI
            (Get-BitLockerVolume -MountPoint $OSDrive).KeyProtector| Where-Object {$_.KeyProtectorType -eq 'RecoveryPassword'} | ForEach-Object{
            $key = $_
            write-verbose "kid : $($key.KeyProtectorId) key: $($key.RecoveryPassword)"
            $body = "{""key"":""$($key.RecoveryPassword)"",""kid"":""$ ($key.KeyProtectorId.replace('{','').Replace('}',' '))"",""vol"":""OSV""}"
            
            # Create the URL to post the data to based on the tenant and device information
            $url = "https://enterpriseregistration.windows.net/manage/$tenant/device/$($id)?api-version=1.0"
            
            # Post the data to the URL and sign it with the AAD Machine Certificate
            $req = Invoke-WebRequest -Uri $url -Body $body -UseBasicParsing -Method Post -UseDefaultCredentials -Certificate $cert
            $req.RawContent
            
            }
            }
            #>
            
            } catch
            {
            write-error "Error while setting up AAD Bitlocker, make sure that you are AAD joined and are running the cmdlet as an admin: $_"
            }
            
            Stop-Transcript

            Comment


            • Originally posted by Cronus View Post
              This might work and I"ll try it out. Do you have the exact batch script to install a font? That would save me some time researching that.

              As far as Trusted Folder, thats still needed as im putting an excel file somewhere thats not already trusted. But I think I'll just install that to a trusted location and then make a shortcut for it.
              Hi Cronus,

              It's quite easy, in fact. You will need two files, the .cmd script and the .reg file with the font names. And, of course, a folder with all the font files.

              The .cmd script file is quite simple. Our internal script is way more complex because it includes logging and error handling routines, but the basic installation process is the following:

              Code:
              echo Copying Montserrat font family to system font folder
              xcopy %~dp0Montserrat\*.otf "%SystemRoot%\Fonts" /V /C /I /F /Y
              echo Importing Montserrat font family information to the registry.
              reg import "%~dp0Montserrat_FontFamily.reg"
              The registry file just contains the necessary entries to tell the system the associated font name for each font file. To create the .reg file, we just install the fonts manually on a testing computer and then we export the required branches. This is a sample .reg file for the Montserrat font family:

              Code:
              Windows Registry Editor Version 5.00
              
              [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Fonts]
              "Montserrat Bold (TrueType)"="Montserrat-Bold.otf"
              "Montserrat Bold Italic (TrueType)"="Montserrat-BoldItalic.otf"
              "Montserrat Italic (TrueType)"="Montserrat-Italic.otf"
              "Montserrat Light (TrueType)"="Montserrat-Light.otf"
              "Montserrat Light Italic (TrueType)"="Montserrat-LightItalic.otf"
              "Montserrat Medium (TrueType)"="Montserrat-Medium.otf"
              "Montserrat Medium Italic (TrueType)"="Montserrat-MediumItalic.otf"
              "Montserrat Regular (TrueType)"="Montserrat-Regular.otf"
              
              [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Fonts]
              "Montserrat Bold (TrueType)"="Montserrat-Bold.otf"
              "Montserrat Bold Italic (TrueType)"="Montserrat-BoldItalic.otf"
              "Montserrat Italic (TrueType)"="Montserrat-Italic.otf"
              "Montserrat Light (TrueType)"="Montserrat-Light.otf"
              "Montserrat Light Italic (TrueType)"="Montserrat-LightItalic.otf"
              "Montserrat Medium (TrueType)"="Montserrat-Medium.otf"
              "Montserrat Medium Italic (TrueType)"="Montserrat-MediumItalic.otf"
              "Montserrat Regular (TrueType)"="Montserrat-Regular.otf"
              This way the installation is done of all the users on the computer and it's completely silent and unattended. The only drawback is that the fonts will only be available to be used after the next reboot, so you might want to add a "shutdown" command to your script.

              That's all so far. Let me know if it works fine for you.

              Have a nice day!

              -- Javier Llorente
              Endpoint Security - Devoteam

              Comment


              • Can someone assist me in combining two scripts?
                1. Execute Batch commands
                2. Download files

                I want to kill a process running
                Transfer new File(s)
                Start a program back up with specific start directory

                Basically...
                taskill /f /im app.exe
                -Transfer New file or Files-
                cd c:\App && app.exe

                Another option is a script to download an installer.exe I can create with NSIS. and then have the script execute it, it can do all the commands i need. It can run silent

                Code:
                Batch Script
                #To define a particular parameter, replace the 'parameterName' inside itsm.getParameter('variableName') with that parameter's name
                BAT=r'''
                taskill /f /im app.exe
                cd c:\App && app.exe
                '''
                import os
                import sys
                import platform
                import subprocess
                import ctypes
                
                class disable_file_system_redirection:
                _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirect ion
                _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirecti on
                def __enter__(self):
                self.old_value = ctypes.c_long()
                self.success = self._disable(ctypes.byref(self.old_value))
                def __exit__(self, type, value, traceback):
                if self.success:
                self._revert(self.old_value)
                
                path=os.environ['programdata']+"\Sample.bat"
                with open(path,"w") as f:
                f.write(BAT)
                try:
                with disable_file_system_redirection():
                print "Excuting Bat File"
                process = subprocess.Popen([path],stdout=subprocess.PIPE)
                stdout = process.communicate()[0]
                print "---------------------------"
                print stdout
                
                except:
                print "Excuting Bat File"
                process = subprocess.Popen([path],stdout=subprocess.PIPE)
                stdout = process.communicate()[0]
                print "---------------------------"
                print stdout
                
                
                if os.path.exists(path):
                try:
                os.remove(path)
                except:
                pass

                Code:
                Download files
                url=r'https://example.conf/font.txt' #Provide the website url which you need to install as a font
                fileName='free3of9.ttf' # Provide the filename of the font
                
                import os
                import ssl
                import urllib2
                import shutil
                import ctypes
                
                ssl._create_default_https_context = ssl._create_unverified_context
                temp=os.environ['PROGRAMDATA']+r'\c1_temp'
                
                if not os.path.exists(temp):
                os.makedirs(temp)
                
                
                
                vbs=r'''
                Set objShellApp = CreateObject("Shell.Application")
                Set objFSO = CreateObject("Scripting.FileSystemObject")
                Const FONTS = &H14&
                Set objFolder = objShellApp.Namespace(FONTS)
                strNewFontsFolder = "%s"
                If objFSO.FolderExists(strNewFontsFolder) = True Then
                For Each objFile In objFSO.GetFolder(strNewFontsFolder).Files
                If LCase(right(objFile,4)) = ".ttf" OR LCase(right(objFile,4)) = ".otf" Then
                If objFSO.FileExists(objFolder.Self.Path & "\" & objFile.Name) = False Then objFolder.CopyHere objFile.Path
                Wscript.Echo "Installed " & objFile.Name
                End If
                Next
                Else
                Wscript.Echo "Unable to find " & strWindowsFonts
                End If
                
                '''
                
                def Download(temp,url):
                fp = os.path.join(temp, fileName)
                request = urllib2.Request(url, headers={'User-Agent' : "Magic Browser"})
                parsed = urllib2.urlopen(request)
                if os.path.exists(temp):
                pass
                if not os.path.exists(temp):
                os.makedirs(temp)
                with open(fp, 'wb') as f:
                while True:
                chunk=parsed.read(100*1000*1000)
                if chunk:
                f.write(chunk)
                else:
                break
                return fp
                
                Fontpath=Download(temp,url)
                
                class disable_file_system_redirection:
                _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirect ion
                _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirecti on
                def __enter__(self):
                self.old_value = ctypes.c_long()
                self.success = self._disable(ctypes.byref(self.old_value))
                def __exit__(self, type, value, traceback):
                if self.success:
                self._revert(self.old_value)
                
                
                def runvbs(vbs,Fontpath):
                if not os.path.isdir(temp):
                os.mkdir(workdir)
                vbs_script= vbs % (temp)
                with open(temp+r'\temprun.vbs',"w") as f :
                f.write(vbs_script)
                with disable_file_system_redirection():
                print os.popen('cscript.exe "'+temp+r'\temprun.vbs"').read()
                print('Script execution completed successfully')
                if os.path.isfile(temp+r'\temprun.vbs'):
                os.remove(temp+r'\temprun.vbs')
                
                try:
                shutil.rmtree(temp)
                
                except:
                pass
                
                runvbs(vbs,Fontpath)

                Comment


                • I changed my mind... Now I just need a script to download a file and run it. I got the installer working. I'll look in the script repo for such a script. if someone already has one that would be great to share

                  I got this script below working, if anyone needs to download an exe and just run it.

                  Code:
                  DownTo='C:\Updates' ## Here mention the path where the application to download
                  fromURL='https://example.com/file.exe' ## Here mention the download Link
                  
                  
                  import ctypes
                  
                  class disable_file_system_redirection:
                  _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirect ion
                  _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirecti on
                  def __enter__(self):
                  self.old_value = ctypes.c_long()
                  self.success = self._disable(ctypes.byref(self.old_value))
                  def __exit__(self, type, value, traceback):
                  if self.success:
                  self._revert(self.old_value)
                  
                  import subprocess
                  with disable_file_system_redirection():
                  import urllib
                  import os
                  #Download File
                  def downloadFile(DownTo, fromURL):
                  try:
                  fileName = fromURL.split('/')[-1]
                  DownTo = os.path.join(DownTo, fileName)
                  with open(DownTo, 'wb') as f:
                  f.write(urllib.urlopen(fromURL).read())
                  if os.path.isfile(DownTo):
                  return '{} - {}KB'.format(DownTo, os.path.getsize(DownTo)/1000)
                  except:
                  return 'Please Check URL or Download Path!'
                  
                  if __name__=='__main__':
                  print downloadFile(DownTo, fromURL )
                  
                  #Run File
                  out=os.popen('C:\FilePathHere\App.exe').read();
                  print(out);
                  Last edited by Cronus; 07-29-2021, 06:54 PM.

                  Comment


                  • I could really use a script to delete a specific file from Mac computers.
                    Last edited by keith.ketcher@aisle7.com; 08-05-2021, 02:39 PM.

                    Comment


                    • Hi,
                      I am looking for a script to disable IPv6 in a Network Connection (ncpa.cpl) named "Ethernet"

                      Comment


                      • Hi keith.ketcher@aisle7.com,

                        Thanks for your script request. We have asked our script developers to check and provide feedback.

                        Kind Regards,
                        PremJK

                        Comment


                        • Hi josuefpcb@gmail.com,

                          Thanks for your script request. We have asked our script developers to analyze your request.

                          Kind Regards,
                          PremJK

                          Comment


                          • Hi josuefpcb@gmail.com,

                            Please run this script prepared by our script developers and provide feedback
                            https://scripts.itarian.com/frontend...-ipv6-ethernet

                            Kind Regards,
                            PremJK

                            Comment


                            • Originally posted by Cronus View Post
                              I changed my mind... Now I just need a script to download a file and run it. I got the installer working. I'll look in the script repo for such a script. if someone already has one that would be great to share
                              Hi Cronus


                              The following script from the repository is working fine for us:

                              Download and install any application from the URL
                              https://scripts.itarian.com/frontend...n-from-the-url

                              We just clone the script and modify the parameters as many times as we need. It works with both EXE and MSI installers, you only have to enter the necessary parameters for running the installer silently.

                              Hope this will work for you, too.

                              Have a nice day!

                              -- Javier Llorente
                              Endpoint Security - Devoteam

                              Comment


                              • Please write a script to change the value of the following registry key: HKLM\System\CurrentControlSet\Services\NlaSvc\Depe ndOnService

                                I want to add DNS and Netlogon to the existing list of values, which are: NSI RpcSs TcpIp Dhcp Eventlog

                                After running the script, the DependOnService should value should be: NSI RpcSs TcpIp Dhcp Eventlog DNS Netlogon

                                Comment

                                Working...
                                X