Last active
July 20, 2023 13:26
-
-
Save merentitis/1ae6558814f24f79de6b1e8a4dbf94f0 to your computer and use it in GitHub Desktop.
Group Policy Software Deployment for VPN clients
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Remote Software Deployment script via GPO for VPN users | |
| #This scripts checks if VPN is UP or if user is connected to internal network by pinging an internal host. | |
| #Then, it checks if the Application file exists and runs the installation. | |
| #It also sends a slack notification and creates a custom event "12345" for logging purposes | |
| #version 1.1 | |
| #Konstantinos Merentitis 20.07.2023 | |
| #Scheduled Task example using "Rustdesk" software: | |
| #GPO - Create Following Group Policy and apply to computers: | |
| #a) | |
| #Computer, Preferences, Control Panel Settings, Scheduled Tasks: | |
| #Scheduled Task (At least Windows 7) - important! (Name: Rustdesk) | |
| #run as NT AUTHORITY\System | |
| #run weather user is logged on or not | |
| #Triggers on logon | |
| #Actions, Program/script: powershell.exe | |
| #arguments: -ExecutionPolicy Unrestricted -executionpolicy Bypass -F "C:\GPPDeploy\rustdesk-deploy.ps1" | |
| #b) | |
| #Computer, Preferences, Windows Settings, files: | |
| #Update or Replace this script from a shared target -> local (C:\GPPDeploy\): | |
| #eg: | |
| #Source file(s) \\server.local\deploy\rustdesk\rustdesk-deploy.ps1 | |
| #Destination file C:\GPPDeploy\rustdesk-deploy.ps1 | |
| $package = "Rustdesk" | |
| $logpath = "\\server.local\deploy\rustdesk\logs" | |
| $testhost = "internalhost.local" | |
| $testfile = "C:\Program Files\RustDesk\RustDesk.exe" | |
| $filepath = "\\server.local\deploy\rustdesk\rustdesk.exe" | |
| $hookUrl = "https://hooks.slack.com/services/xxx/yyy" | |
| #some installation command examples (set on line 46): | |
| # .msi: msiexec.exe /i "$filepath" /QN | |
| # .exe: start-process -FilePath $filepath -ArgumentList '--silent-install' | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $pingstatus = "" | |
| write-host "Waiting for internal host ping" | |
| do { | |
| sleep -seconds 30 | |
| $pingstatus = Test-Connection -BufferSize 32 -Count 1 -ComputerName $testhost -Quiet | |
| } while (!$pingstatus) | |
| write-host "`n" | |
| write-host "Ping OK" | |
| write-eventlog System -source Server -eventid 12345 -message "Internal Ping ok, VPN should be up, deploying $package" | |
| if (-not (Test-Path -Path $testfile)) { | |
| write-host "installing $package" | |
| start-process -FilePath $filepath -ArgumentList '--silent-install' | |
| #Slack alerts | |
| $payload = @{ | |
| "username" = "deploy-bot" | |
| "text" = "Succesfully Deployed $package on $env:COMPUTERNAME" | |
| } | |
| $payloadfail = @{ | |
| "username" = "deploy-bot" | |
| "text" = "Failed to Deploy $package on $env:COMPUTERNAME" | |
| } | |
| #give some time for the installation | |
| sleep -seconds 60 | |
| if (Test-Path -Path $testfile) { | |
| $today = Get-Date | |
| "Finished installing $package `t$today" | Out-File -FilePath $logpath\$env:COMPUTERNAME.txt -Append | |
| Invoke-WebRequest -UseBasicParsing -Body (ConvertTo-Json -Compress -InputObject $payload) -Method Post -Uri $hookUrl | |
| write-host "Slack alert sent" | |
| } | |
| else { | |
| $today = Get-Date | |
| "Failed to install $package `t$today" | Out-File -FilePath $logpath\$env:COMPUTERNAME.txt -Append | |
| Invoke-WebRequest -UseBasicParsing -Body (ConvertTo-Json -Compress -InputObject $payloadfail) -Method Post -Uri $hookUrl | |
| write-host "Slack alert sent" | |
| } | |
| } | |
| else { | |
| write-host "$package already installed" | |
| exit 0 | |
| } | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment