paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source 
Sends Windows 10 Toast alert when password expiration reaches 7, 3, 2, and 1 days.  Works with both local and domain accounts.  Best to setup as a scheduled task, but can also be run manually.  On 1 day alert, an "Urgent" BurntToastLogo is downloaded and used instead of the regular logo to indicate importance.  These files are hosted on a site you have access to.
This commit is contained in:
Christopher Phillips
2022-01-13 11:42:26 -07:00
committed by GitHub
parent 4f672c736b
commit a63001f17c
1 changed files with 70 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
scripts_wip/Win_Toast_Password_Expiration.ps1
View File

@@ -4,13 +4,25 @@
#BurntToast Module Source and Examples: https://github.com/Windos/BurntToast #BurntToast Module Source and Examples: https://github.com/Windos/BurntToast
#RunAsUser Module Source and Examples: https://github.com/KelvinTegelaar/RunAsUser #RunAsUser Module Source and Examples: https://github.com/KelvinTegelaar/RunAsUser
# Assign last logged in user from TRMM to variable
# Set parameters
param ( param (
[string] $lastLoggedIn [int[]] $expiryDaysToAlert=@(1,2,3,7)
) )
# Will exit when a user is not logged in
try{
$loggedInUser = ((Get-WMIObject -ClassName Win32_ComputerSystem).Username).Split('\')[1]
}catch{
Write-Host "No logged in user. Exiting"
Exit 0
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Check for, and install pre-reqs if not found. # Check for, and install pre-reqs if not found.
if (Get-PackageProvider -Name NuGet) { if (Get-PackageProvider -Name NuGet) {
#Write-Host "NuGet Already Added" #Write-Host "NuGet Already Added"
@@ -36,26 +48,23 @@ else {
Install-Module -Name RunAsUser -Force Install-Module -Name RunAsUser -Force
} }
# Check to confirm temporary directory is present, and if not, create.
$directoryPath = "C:\ProgramData\TRMM\temp"
if(!(test-path $directoryPath))
{
New-Item -ItemType Directory -Force -Path $directoryPath
}
# Get password expiration date with NET USER command. If returned output is null, then run command again for local user. # Get password expiration date with NET USER command. If returned output is null, then run command again for local user.
$output = net user $lastLoggedIn /domain | find 'Password expires' $output = net user $LoggedInUser /domain | find 'Password expires'
if ($output -eq $null) if ($output -eq $null)
{ {
$output = net user $lastLoggedIn | find 'Password expires' $output = net user $LoggedInUser | find 'Password expires'
} }
# Parse output to only show expiration date # Parse output to only show expiration date
$passwordExpiry = $output -replace ".* " $passwordExpiry = $output -replace ".* "
# TESTING - UNCOMMENT AND MANUALLY SET PASSWORD EXPIRY TO TEST SCRIPT AND ALERTS # TESTING - UNCOMMENT AND MANUALLY SET PASSWORD EXPIRY TO TEST SCRIPT AND ALERTS
# $passwordExpiry = "1/14/2022 12:00:00" # $passwordExpiry = "1/14/2022 12:00:00"
# Check if password is set to never expire. # Check if password is set to never expire.
if ($passwordExpiry -eq "Never") if ($passwordExpiry -eq "Never")
{ {
@@ -72,77 +81,74 @@ if ($passwordExpiry -eq "Never")
$expiryDays = $expiryDetails.Days $expiryDays = $expiryDetails.Days
} }
# Set messagetext variable depending on how soon the password expires. # Set messagetext variable depending on how soon the password expires.
if ($expiryDays -eq 7) if ($expiryDays -le 1)
{
$messagetext = "Your password is going to expire! To ensure you are not blocked from logging into your PC or online services, you must update your password immediately."
$urgentFlag = 1
}
elseif ($expiryDays -le 2)
{
$messagetext = "Your password will expire in 2 days or less. It is important that you change your password as soon as possible."
$urgentFlag = 0
}
elseif ($expiryDays -le 3)
{
$messagetext = "Your password will expire in 3 days or less. Please change your password."
$urgentFlag = 0
}
elseif ($expiryDays -le 7)
{ {
$messagetext = "Your password will expire in 7 days or less. You should consider changing your password." $messagetext = "Your password will expire in 7 days or less. You should consider changing your password."
$urgentFlag = 0 $urgentFlag = 0
} }
if ($expiryDays -eq 3)
{
$messagetext = "Your password will expire in 3 days or less. Please change your password."
$urgentFlag = 0
}
if ($expiryDays -eq 2) # Download Regular and Urgent Image files
{ $regDownloadPath = "https://YOURDOMAIN.COM/BurntToastLogo.png"
$messagetext = "Your password will expire in 2 days or less. It is important that you change your password as soon as possible." Invoke-WebRequest $regDownloadPath -OutFile "C:\Program Files\TacticalAgent\BurntToastLogo.png"
$urgentFlag = 0 $urgentDownloadPath = "https://YOURDOMAIN.COM/BurntToastLogoUrgent.png"
} Invoke-WebRequest $urgentDownloadPath -OutFile "C:\Program Files\TacticalAgent\BurntToastLogoUrgent.png"
if ($expiryDays -eq 1)
{
$messagetext = "Your password is going to expire! To ensure you are not blocked from logging into your PC or online services, you must update your password immediately."
$urgentFlag = 1
}
# Check if URGENT BurntToastLogo.png file is required and download appropriate image. # Check if URGENT BurntToastLogo.png file is required and set variable path
if ($urgentFlag -eq 1) if ($urgentFlag -eq 1)
{ {
Write-Output "Downloading URGENT Logo" $popupImage = "C:\Program Files\TacticalAgent\BurntToastLogoUrgent.png"
$urgentDownloadPath = "https://YOURDOMAIN.COM/BurntToastLogoUrgent.png"
Invoke-WebRequest $urgentDownloadPath -OutFile "C:\Program Files\TacticalAgent\BurntToastLogo.png"
} }
else else
{ {
Write-Output "Downloading Regular Logo" $popupImage = "C:\Program Files\TacticalAgent\BurntToastLogo.png"
$regDownloadPath = "https://YOURDOMAIN.COM/BurntToastLogo.png"
Invoke-WebRequest $regDownloadPath -OutFile "C:\Program Files\TacticalAgent\BurntToastLogo.png"
} }
# Write message text to file on disk
Set-Content -Path c:\ProgramData\TRMM\temp\message.txt -Value $messagetext
# If password expires within either 7, 3, 2, or 1 days, send popup to user. # If password expires is in $expiryDaystAlert days, send popup to user.
if ($expiryDays -eq 7 -or $expiryDays -eq 3 -or $expiryDays -eq 2 -or $expiryDays -eq 1) if ($expiryDays -in $expiryDaysToAlert)
{ {
$command = @"
`$HeroImage = New-BTImage -Source "${popupImage}" -HeroImage
`$Text1 = New-BTText -Content "*** IMPORTANT Alert from IT Department ***"
`$Text2 = New-BTText -Content "${messagetext}"
`$Button = New-BTButton -Content "Snooze" -snooze -id 'SnoozeTime'
`$Button2 = New-BTButton -Content "Dismiss" -dismiss
`$5Min = New-BTSelectionBoxItem -Id 5 -Content '5 minutes'
`$10Min = New-BTSelectionBoxItem -Id 10 -Content '10 minutes'
`$1Hour = New-BTSelectionBoxItem -Id 60 -Content '1 hour'
`$4Hour = New-BTSelectionBoxItem -Id 240 -Content '4 hours'
`$1Day = New-BTSelectionBoxItem -Id 1440 -Content '1 day'
`$Items = `$5Min, `$10Min, `$1Hour, `$4Hour, `$1Day
`$SelectionBox = New-BTInput -Id 'SnoozeTime' -DefaultSelectionBoxItemId 10 -Items `$Items
`$Action = New-BTAction -Buttons `$Button, `$Button2 -inputs `$SelectionBox
`$Binding = New-BTBinding -Children `$Text1, `$Text2 -HeroImage `$HeroImage
`$Visual = New-BTVisual -BindingGeneric `$Binding
`$Audio = New-BTAudio -Source ms-winsoundevent:Notification.Looping.Alarm4
`$Content = New-BTContent -Visual `$Visual -Actions `$Action -Audio `$Audio
Submit-BTNotification -Content `$Content
"@
Invoke-AsCurrentUser -scriptblock { $scriptblock = [scriptblock]::Create($command)
Invoke-AsCurrentUser -ScriptBlock $scriptblock
$messageContent = Get-Content -Path c:\ProgramData\TRMM\temp\message.txt
$heroimage = New-BTImage -Source 'C:\Program Files\TacticalAgent\BurntToastLogo.png' -HeroImage
$Text1 = New-BTText -Content "*** IMPORTANT Alert from IT Department ***"
$Text2 = New-BTText -Content "$messageContent"
$Button = New-BTButton -Content "Snooze" -snooze -id 'SnoozeTime'
$Button2 = New-BTButton -Content "Dismiss" -dismiss
$5Min = New-BTSelectionBoxItem -Id 5 -Content '5 minutes'
$10Min = New-BTSelectionBoxItem -Id 10 -Content '10 minutes'
$1Hour = New-BTSelectionBoxItem -Id 60 -Content '1 hour'
$4Hour = New-BTSelectionBoxItem -Id 240 -Content '4 hours'
$1Day = New-BTSelectionBoxItem -Id 1440 -Content '1 day'
$Items = $5Min, $10Min, $1Hour, $4Hour, $1Day
$SelectionBox = New-BTInput -Id 'SnoozeTime' -DefaultSelectionBoxItemId 10 -Items $Items
$action = New-BTAction -Buttons $Button, $Button2 -inputs $SelectionBox
$Binding = New-BTBinding -Children $Text1, $Text2 -HeroImage $heroimage
$Visual = New-BTVisual -BindingGeneric $Binding
$Content = New-BTContent -Visual $Visual -Actions $action
Submit-BTNotification -Content $Content
}
# Cleanup temp file for message variables
Remove-Item -Path C:\ProgramData\TRMM\temp\message.txt
} }
else else