protected override void EndProcessing() { if (this.shellsToEnable.Count == 0) { this.shellsToEnable.Add("Microsoft.PowerShell"); } base.WriteVerbose(StringUtil.Format(RemotingErrorIdStrings.EcsScriptMessageV, "\r\nfunction Enable-PSSessionConfiguration\r\n{{\r\n[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact=\"High\")]\r\nparam(\r\n [Parameter(Position=0, ValueFromPipeline=$true)]\r\n [System.String]\r\n $Name,\r\n\r\n [Parameter()]\r\n [bool]\r\n $Force,\r\n \r\n [Parameter()]\r\n [string]\r\n $sddl,\r\n \r\n [Parameter()]\r\n [bool]\r\n $isSDDLSpecified,\r\n \r\n [Parameter()]\r\n [string]\r\n $queryForSet,\r\n \r\n [Parameter()]\r\n [string]\r\n $captionForSet,\r\n \r\n [Parameter()]\r\n [string]\r\n $queryForQC,\r\n \r\n [Parameter()]\r\n [string]\r\n $captionForQC,\r\n\r\n [Parameter()]\r\n [string]\r\n $shouldProcessDescForQC,\r\n\r\n [Parameter()]\r\n [string]\r\n $setEnabledTarget,\r\n\r\n [Parameter()]\r\n [string]\r\n $setEnabledAction,\r\n\r\n [Parameter()]\r\n [bool]\r\n $skipNetworkProfileCheck\r\n )\r\n \r\n begin\r\n {{\r\n $needWinRMRestart = $false\r\n if ($force -or $pscmdlet.ShouldProcess($shouldProcessDescForQC, $queryForQC, $captionForQC))\r\n {{\r\n # get the status of winrm before Quick Config. if it is already\r\n # running..restart the service after Quick Config.\r\n $svc = get-service winrm\r\n if ($skipNetworkProfileCheck)\r\n {{\r\n {0} -force -SkipNetworkProfileCheck\r\n }}\r\n else\r\n {{\r\n {0} -force\r\n }}\r\n if ($svc.Status -match \"Running\")\r\n {{\r\n Restart-Service winrm -force -confirm:$false\r\n }}\r\n }}\r\n }} #end of Begin block \r\n \r\n process\r\n {{\r\n Get-PSSessionConfiguration $name | % {{\r\n\r\n if ($_.Enabled -eq $false -and ($force -or $pscmdlet.ShouldProcess($setEnabledTarget, $setEnabledAction)))\r\n {{\r\n Set-Item -WarningAction SilentlyContinue -Path \"WSMan:\\localhost\\Plugin\\$name\\Enabled\" -Value $true -confirm:$false\r\n $needWinRMRestart = $true\r\n }}\r\n\r\n if (!$isSDDLSpecified)\r\n {{\r\n $sddlTemp = $null\r\n if ($_.psobject.members[\"SecurityDescriptorSddl\"])\r\n {{\r\n $sddlTemp = $_.psobject.members[\"SecurityDescriptorSddl\"].Value\r\n }}\r\n\r\n $securityIdentifierToPurge = $null\r\n # strip out Disable-Everyone DACL from the SDDL\r\n if ($sddlTemp)\r\n {{\r\n # construct SID for \"EveryOne\"\r\n [system.security.principal.wellknownsidtype]$evst = \"worldsid\"\r\n $everyOneSID = new-object system.security.principal.securityidentifier $evst,$null\r\n \r\n $sd = new-object system.security.accesscontrol.commonsecuritydescriptor $false,$false,$sddlTemp \r\n $sd.DiscretionaryAcl | % {{\r\n if (($_.acequalifier -eq \"accessdenied\") -and ($_.securityidentifier -match $everyOneSID))\r\n {{\r\n $securityIdentifierToPurge = $_.securityidentifier\r\n }}\r\n }}\r\n \r\n if ($securityIdentifierToPurge)\r\n {{\r\n $sd.discretionaryacl.purge($securityIdentifierToPurge)\r\n\r\n # if there is no discretionaryacl..add Builtin Administrators and Remote Management Users\r\n # to the DACL group as this is the default WSMan behavior\r\n if ($sd.discretionaryacl.count -eq 0)\r\n {{\r\n # Built-in administrators\r\n [system.security.principal.wellknownsidtype]$bast = \"BuiltinAdministratorsSid\"\r\n $basid = new-object system.security.principal.securityidentifier $bast,$null\r\n $sd.DiscretionaryAcl.AddAccess('Allow',$basid, 268435456, 'none', 'none')\r\n\r\n # Remote Management Users, Win8+ only\r\n if ([System.Environment]::OSVersion.Version.Major -ge 6 -and [System.Environment]::OSVersion.Version.Minor -ge 2)\r\n {{\r\n $rmSidId = new-object system.security.principal.securityidentifier \"{1}\"\r\n $sd.DiscretionaryAcl.AddAccess('Allow', $rmSidId, 268435456, 'none', 'none')\r\n }}\r\n }}\r\n\r\n $sddl = $sd.GetSddlForm(\"all\")\r\n }}\r\n }} # if ($sddlTemp)\r\n }} # if (!$isSDDLSpecified) \r\n \r\n $qMessage = $queryForSet -f $_.name,$sddl\r\n if (($sddl -or $isSDDLSpecified) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForSet)))\r\n {{\r\n $null = Set-PSSessionConfiguration -Name $_.Name -SecurityDescriptorSddl $sddl -NoServiceRestart -force -WarningAction 0\r\n }}\r\n }} #end of Get-PSSessionConfiguration | foreach\r\n }} # end of Process block\r\n\r\n # restart the winrm to make the config change takes effect immediately\r\n End\r\n {{\r\n if ($needWinRMRestart)\r\n {{\r\n Restart-Service winrm -force -confirm:$false\r\n }}\r\n }}\r\n}}\r\n\r\n$_ | Enable-PSSessionConfiguration -force $args[0] -sddl $args[1] -isSDDLSpecified $args[2] -queryForSet $args[3] -captionForSet $args[4] -queryForQC $args[5] -captionForQC $args[6] -whatif:$args[7] -confirm:$args[8] -shouldProcessDescForQC $args[9] -setEnabledTarget $args[10] -setEnabledAction $args[11] -skipNetworkProfileCheck $args[12]\r\n")); bool whatIf = false; bool confirm = true; PSSessionConfigurationCommandUtilities.CollectShouldProcessParameters(this, out whatIf, out confirm); string str = StringUtil.Format(RemotingErrorIdStrings.EcsWSManQCCaption, new object[0]); string str2 = StringUtil.Format(RemotingErrorIdStrings.EcsWSManQCQuery, "Set-WSManQuickConfig"); string str3 = StringUtil.Format(RemotingErrorIdStrings.EcsWSManShouldProcessDesc, "Set-WSManQuickConfig"); string str4 = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, "Set-PSSessionConfiguration"); string ecsShouldProcessTarget = RemotingErrorIdStrings.EcsShouldProcessTarget; string str6 = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, "Set-Item"); string setEnabledTrueTarget = RemotingErrorIdStrings.SetEnabledTrueTarget; enablePluginSb.InvokeUsingCmdlet(this, true, ScriptBlock.ErrorHandlingBehavior.WriteToCurrentErrorPipe, this.shellsToEnable, new object[0], AutomationNull.Value, new object[] { this.force, this.sddl, this.isSddlSpecified, ecsShouldProcessTarget, str4, str2, str, whatIf, confirm, str3, setEnabledTrueTarget, str6, this.skipNetworkProfileCheck }); Tracer tracer = new Tracer(); StringBuilder builder = new StringBuilder(); foreach (string str8 in this.Name ?? new string[0]) { builder.Append(str8); builder.Append(", "); } if (builder.Length > 0) { builder.Remove(builder.Length - 2, 2); } tracer.EndpointEnabled(builder.ToString(), WindowsIdentity.GetCurrent().Name); }
protected override void EndProcessing() { if (this.shellsToDisable.Count == 0) { this.shellsToDisable.Add("Microsoft.PowerShell"); } base.WriteWarning(StringUtil.Format(RemotingErrorIdStrings.DcsWarningMessage, new object[0])); base.WriteVerbose(StringUtil.Format(RemotingErrorIdStrings.EcsScriptMessageV, "\r\nfunction Disable-PSSessionConfiguration\r\n{{\r\n[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact=\"High\")]\r\nparam(\r\n [Parameter(Position=0, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]\r\n [System.String]\r\n $Name,\r\n\r\n [Parameter()]\r\n [bool]\r\n $Force,\r\n\r\n [Parameter()]\r\n [string]\r\n $restartWinRMMessage,\r\n\r\n [Parameter()]\r\n [string]\r\n $setEnabledTarget,\r\n\r\n [Parameter()]\r\n [string]\r\n $setEnabledAction\r\n)\r\n \r\n begin\r\n {{\r\n $needWinRMRestart = $false\r\n if ($force -or $pscmdlet.ShouldProcess($restartWinRMMessage))\r\n {{\r\n $svc = get-service winrm\r\n if ($svc.Status -match \"Stopped\")\r\n {{\r\n Restart-Service winrm -force -confirm:$false\r\n }}\r\n }} \r\n }} #end of Begin block \r\n\r\n process\r\n {{\r\n Get-PSSessionConfiguration $name | % {{\r\n \r\n if ($_.Enabled -and ($force -or $pscmdlet.ShouldProcess($setEnabledTarget, $setEnabledAction)))\r\n {{\r\n Set-Item -WarningAction SilentlyContinue -Path \"WSMan:\\localhost\\Plugin\\$name\\Enabled\" -Value $false -confirm:$false\r\n $needWinRMRestart = $true\r\n }}\r\n }} # end of foreach block\r\n }} #end of process block\r\n\r\n # restart the winrm to make the config change takes effect immediately\r\n End\r\n {{\r\n if ($needWinRMRestart)\r\n {{\r\n Restart-Service winrm -force -confirm:$false\r\n }}\r\n }}\r\n}}\r\n\r\n$_ | Disable-PSSessionConfiguration -force $args[0] -whatif:$args[1] -confirm:$args[2] -restartWinRMMessage $args[3] -setEnabledTarget $args[4] -setEnabledAction $args[5]\r\n")); bool whatIf = false; bool confirm = true; PSSessionConfigurationCommandUtilities.CollectShouldProcessParameters(this, out whatIf, out confirm); string restartWinRMMessage = RemotingErrorIdStrings.RestartWinRMMessage; string setEnabledFalseTarget = RemotingErrorIdStrings.SetEnabledFalseTarget; string str3 = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, "Set-Item"); disablePluginSb.InvokeUsingCmdlet(this, true, ScriptBlock.ErrorHandlingBehavior.WriteToCurrentErrorPipe, this.shellsToDisable, new object[0], AutomationNull.Value, new object[] { this.force, whatIf, confirm, restartWinRMMessage, setEnabledFalseTarget, str3 }); Tracer tracer = new Tracer(); StringBuilder builder = new StringBuilder(); foreach (string str4 in this.Name ?? new string[0]) { builder.Append(str4); builder.Append(", "); } if (builder.Length > 0) { builder.Remove(builder.Length - 2, 2); } tracer.EndpointDisabled(builder.ToString(), WindowsIdentity.GetCurrent().Name); }
protected override void EndProcessing() { PSSessionConfigurationCommandUtilities.RestartWinRMService(this, this.shouldOfferRestart ? this.isErrorReported : true, (bool)this.Force, this.shouldOfferRestart ? this.noRestart : true); if (!this.isErrorReported && this.noRestart) { string o = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, base.CommandInfo.Name); base.WriteWarning(StringUtil.Format(RemotingErrorIdStrings.WinRMRequiresRestart, o)); } new Tracer().EndpointUnregistered(this.Name, WindowsIdentity.GetCurrent().Name); }
protected override void EndProcessing() { bool whatIf = false; bool confirm = true; PSSessionConfigurationCommandUtilities.CollectShouldProcessParameters(this, out whatIf, out confirm); string eRemotingCaption = RemotingErrorIdStrings.ERemotingCaption; string eRemotingQuery = RemotingErrorIdStrings.ERemotingQuery; string str3 = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, "Set-PSSessionConfiguration"); string ecsShouldProcessTarget = RemotingErrorIdStrings.EcsShouldProcessTarget; enableRemotingSb.InvokeUsingCmdlet(this, true, ScriptBlock.ErrorHandlingBehavior.WriteToCurrentErrorPipe, AutomationNull.Value, new object[0], AutomationNull.Value, new object[] { this.force, eRemotingQuery, eRemotingCaption, ecsShouldProcessTarget, str3, whatIf, confirm, this.skipNetworkProfileCheck }); }
protected override void EndProcessing() { base.WriteWarning(StringUtil.Format(RemotingErrorIdStrings.DcsWarningMessage, new object[0])); base.WriteVerbose(StringUtil.Format(RemotingErrorIdStrings.EcsScriptMessageV, "\r\nfunction Disable-PSRemoting\r\n{{\r\n[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact=\"High\")]\r\nparam(\r\n [Parameter()]\r\n [switch]\r\n $force,\r\n\r\n [Parameter()]\r\n [string]\r\n $queryForSet,\r\n \r\n [Parameter()]\r\n [string]\r\n $captionForSet,\r\n\r\n [Parameter()]\r\n [string]\r\n $restartWinRMMessage\r\n)\r\n\r\n begin\r\n {{\r\n if ($force -or $pscmdlet.ShouldProcess($restartWinRMMessage))\r\n {{\r\n $svc = get-service winrm\r\n if ($svc.Status -match \"Stopped\")\r\n {{\r\n Restart-Service winrm -force -confirm:$false\r\n }}\r\n }}\r\n }} # end of begin block\r\n\r\n end\r\n {{\r\n # Disable the network for all Session Configurations\r\n Get-PSSessionConfiguration | % {{\r\n \r\n if ($_.Enabled)\r\n {{\r\n $sddl = $null\r\n if ($_.psobject.members[\"SecurityDescriptorSddl\"])\r\n {{\r\n $sddl = $_.psobject.members[\"SecurityDescriptorSddl\"].Value\r\n }}\r\n\r\n if (!$sddl)\r\n {{\r\n # Disable network users from accessing this configuration\r\n $sddl = \"{0}\"\r\n }}\r\n else\r\n {{\r\n # Construct SID for network users\r\n [system.security.principal.wellknownsidtype]$evst = \"NetworkSid\"\r\n $networkSID = new-object system.security.principal.securityidentifier $evst,$null\r\n \r\n # Add disable network to the existing sddl\r\n $sd = new-object system.security.accesscontrol.commonsecuritydescriptor $false,$false,$sddl\r\n $disableNetworkExists = $false\r\n $sd.DiscretionaryAcl | % {{\r\n if (($_.acequalifier -eq \"accessdenied\") -and ($_.securityidentifier -match $networkSID) -and ($_.AccessMask -eq 268435456))\r\n {{\r\n $disableNetworkExists = $true \r\n }}\r\n }}\r\n\r\n if (!$disableNetworkExists)\r\n {{\r\n $sd.DiscretionaryAcl.AddAccess(\"deny\", $networkSID, 268435456, \"None\", \"None\")\r\n $sddl = $sd.GetSddlForm(\"all\")\r\n }}\r\n else\r\n {{\r\n # since disable network GA already exists, we dont need to change anything.\r\n $sddl = $null\r\n }}\r\n }} ## end of if(!$sddl)\r\n\r\n $qMessage = $queryForSet -f $_.name,$sddl\r\n if (($sddl) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForSet)))\r\n {{\r\n $null = Set-PSSessionConfiguration -Name $_.Name -SecurityDescriptorSddl $sddl -NoServiceRestart -force -WarningAction 0\r\n }}\r\n }} ## end of if($_.Enabled)\r\n }} ## end of %\r\n }} ## end of Process block\r\n}}\r\n\r\nDisable-PSRemoting -force:$args[0] -queryForSet $args[1] -captionForSet $args[2] -restartWinRMMessage $args[3] -whatif:$args[4] -confirm:$args[5]\r\n")); bool whatIf = false; bool confirm = true; PSSessionConfigurationCommandUtilities.CollectShouldProcessParameters(this, out whatIf, out confirm); string str = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, "Set-PSSessionConfiguration"); string disableRemotingShouldProcessTarget = RemotingErrorIdStrings.DisableRemotingShouldProcessTarget; string restartWinRMMessage = RemotingErrorIdStrings.RestartWinRMMessage; disableRemotingSb.InvokeUsingCmdlet(this, true, ScriptBlock.ErrorHandlingBehavior.WriteToCurrentErrorPipe, AutomationNull.Value, new object[0], AutomationNull.Value, new object[] { this.force, disableRemotingShouldProcessTarget, str, restartWinRMMessage, whatIf, confirm }); }
protected override void ProcessRecord() { base.WriteVerbose(StringUtil.Format(RemotingErrorIdStrings.RcsScriptMessageV, "\r\nfunction Unregister-PSSessionConfiguration\r\n{{\r\n [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact=\"High\")]\r\n param(\r\n $filter,\r\n $action,\r\n $targetTemplate,\r\n $shellNotErrMsgFormat,\r\n [bool]$force,\r\n [bool]$serviceRestart,\r\n [string]$serviceRestartWarning)\r\n\r\n begin\r\n {{\r\n $RestartWarningShown = $false\r\n }}\r\n\r\n process\r\n {{\r\n $shellsFound = 0\r\n dir 'WSMan:\\localhost\\Plugin\\' | ? {{ $_.Name -like \"$filter\" }} | % {{\r\n $pluginFileNamePath = join-path \"$($_.pspath)\" 'FileName'\r\n if (!(test-path \"$pluginFileNamePath\"))\r\n {{\r\n return\r\n }}\r\n\r\n $pluginFileName = get-item -literalpath \"$pluginFileNamePath\"\r\n if ((!$pluginFileName) -or ($pluginFileName.Value -notmatch '{0}'))\r\n {{\r\n return \r\n }}\r\n \r\n $shellsFound++\r\n\r\n $shouldProcessTargetString = $targetTemplate -f $_.Name\r\n if ($serviceRestart -and !$force -and !$RestartWarningShown) {{\r\n Write-Warning $serviceRestartWarning \r\n $RestartWarningShown = $true \r\n }}\r\n\r\n $DISCConfigFilePath = [System.IO.Path]::Combine($_.PSPath, \"InitializationParameters\")\r\n $DISCConfigFile = get-childitem -literalpath \"$DISCConfigFilePath\" | ? {{$_.Name -like \"configFilePath\"}}\r\n \r\n if($DISCConfigFile -ne $null)\r\n {{\r\n if(test-path -LiteralPath \"$($DISCConfigFile.Value)\") {{ \r\n remove-item -literalpath \"$($DISCConfigFile.Value)\" -recurse -force -confirm:$false\r\n }}\r\n }}\r\n \r\n if($force -or $pscmdlet.ShouldProcess($shouldProcessTargetString, $action))\r\n {{\r\n remove-item -literalpath \"$($_.pspath)\" -recurse -force\r\n }}\r\n }}\r\n\r\n if (!$shellsFound)\r\n {{\r\n $errMsg = $shellNotErrMsgFormat -f $filter\r\n Write-Error $errMsg \r\n }}\r\n }} # end of Process block\r\n}}\r\n\r\nUnregister-PSSessionConfiguration -filter $args[0] -whatif:$args[1] -confirm:$args[2] -action $args[3] -targetTemplate $args[4] -shellNotErrMsgFormat $args[5] -force $args[6] -serviceRestart $args[7] -serviceRestartWarning $args[8]\r\n")); string o = StringUtil.Format(RemotingErrorIdStrings.CSShouldProcessAction, base.CommandInfo.Name); string cSShouldProcessTarget = RemotingErrorIdStrings.CSShouldProcessTarget; string customShellNotFound = RemotingErrorIdStrings.CustomShellNotFound; bool whatIf = false; bool confirm = true; PSSessionConfigurationCommandUtilities.CollectShouldProcessParameters(this, out whatIf, out confirm); ArrayList dollarErrorVariable = (ArrayList)base.Context.DollarErrorVariable; int count = dollarErrorVariable.Count; removePluginSb.InvokeUsingCmdlet(this, true, ScriptBlock.ErrorHandlingBehavior.WriteToCurrentErrorPipe, AutomationNull.Value, new object[0], AutomationNull.Value, new object[] { this.shellName, whatIf, confirm, o, cSShouldProcessTarget, customShellNotFound, this.force, !this.noRestart, StringUtil.Format(RemotingErrorIdStrings.WinRMRestartWarning, o) }); dollarErrorVariable = (ArrayList)base.Context.DollarErrorVariable; this.isErrorReported = dollarErrorVariable.Count > count; this.shouldOfferRestart = true; }
protected override void BeginProcessing() { RemotingCommandUtil.CheckRemotingCmdletPrerequisites(); PSSessionConfigurationCommandUtilities.ThrowIfNotAdministrator(); }