import depuis ancien GitHub

2025-10-31 08:38:13 +01:00
parent 6f3aeedc93
commit 6a2f2de58e
745 changed files with 178444 additions and 0 deletions
--- a/schedule-install-agent-task/CreateTask.ps1
+++ b/schedule-install-agent-task/CreateTask.ps1
@@ -0,0 +1,51 @@
+<#
+.SYNOPSIS
+  Copies InstallIvantiAgent.ps1 to C:\Windows\Temp and creates a scheduled task to run it at startup with a small delay.
+
+.DESCRIPTION
+  1) Detects the script directory using $PSScriptRoot.
+  2) Copies InstallIvantiAgent.ps1 to C:\Windows\Temp.
+  3) Creates a scheduled task that runs at startup with a 2-minute delay.
+#>
+
+# 1) Define script paths
+$localScript = Join-Path -Path $PSScriptRoot -ChildPath "InstallIvantiAgent.ps1"
+$destination = "C:\Windows\Temp\InstallIvantiAgent.ps1"
+
+# 2) Copy script to C:\Windows\Temp
+Write-Host "Copying InstallIvantiAgent.ps1 to $destination"
+Copy-Item -Path $localScript -Destination $destination -Force
+
+# 3) Define the scheduled task name
+$taskName = "IvantiInstallAtStartup"
+
+Write-Host "Creating scheduled task '$taskName' to run at startup with a delay..."
+
+# 4) Define the action: Run the script silently with PowerShell
+$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$destination`""
+
+# 5) Run as SYSTEM with highest privileges
+$principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -RunLevel Highest
+
+# 6) Trigger: Run at startup with a 2-minute delay
+# Définir une valeur aléatoire entre 2 et 59 minutes
+$randomDelay = Get-Random -Minimum 2 -Maximum 60
+
+# Convertir en format ISO 8601 (PTXM)
+$delayString = "PT${randomDelay}M"
+
+# Créer le déclencheur avec un délai aléatoire
+$trigger = New-ScheduledTaskTrigger -AtStartup
+$trigger.Delay = $delayString  # Appliquer le délai aléatoire
+
+# 7) Check if the task already exists and remove it before creating a new one
+if (Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue) {
+    Write-Host "Task '$taskName' already exists. Deleting it..."
+    Unregister-ScheduledTask -TaskName $taskName -Confirm:$false
+}
+
+# 8) Create and register the scheduled task
+$scheduledTask = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal
+Register-ScheduledTask -TaskName $taskName -InputObject $scheduledTask | Out-Null
+
+Write-Host "Scheduled task '$taskName' created successfully. It will run at startup with a 2-minute delay."
--- a/schedule-install-agent-task/DeleteTask.ps1
+++ b/schedule-install-agent-task/DeleteTask.ps1
@@ -0,0 +1,37 @@
+# Define the task name
+$taskName = "IvantiInstallAtStartup"
+
+# Define log file path
+$logFile = "C:\Windows\Temp\TaskRemoval.log"
+
+# Function to log messages to both console and log file
+function Write-Log {
+    param([string]$message)
+    $timeStamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
+    $logMessage = "$timeStamp - $message"
+    
+    # Write to console
+    Write-Output $logMessage
+    
+    # Append to log file
+    Add-Content -Path $logFile -Value $logMessage -Encoding UTF8
+}
+
+# Check if the scheduled task exists
+if (Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue) {
+    Write-Log "Task '$taskName' found. Deleting..."
+    
+    # Remove the task
+    Unregister-ScheduledTask -TaskName $taskName -Confirm:$false
+
+    # Verify deletion
+    if (-not (Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue)) {
+        Write-Log "Task '$taskName' successfully deleted."
+    } else {
+        Write-Log "ERROR: Task '$taskName' could not be deleted."
+    }
+} else {
+    Write-Log "Task '$taskName' does not exist. No action needed."
+}
+
+Write-Log "Task removal script completed."
--- a/schedule-install-agent-task/InstallIvantiAgent.ps1
+++ b/schedule-install-agent-task/InstallIvantiAgent.ps1
@@ -0,0 +1,171 @@
+$StrComputer = $env:COMPUTERNAME
+$baseUrl = "http://epm2024.monlab.lan/share/ivanti/agent/"
+$fileNames = @(
+    "d3873a1c.0",
+    "EPM_Manifest",
+    "EPMAgentInstaller.exe",
+    "EPM2024Agent.txt"
+)
+$hostName = "epm2024.monlab.lan"
+$ports = @(80, 443, 9593, 9594, 9595)
+$destinationFolder = "C:\Windows\Temp\EBA"
+$logFile = "C:\Windows\Temp\IvantiAgentInstall.log"
+
+# Function to log messages to both console and log file
+function Write-Log {
+    param([string]$message)
+    $timeStamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
+    $logMessage = "$timeStamp - $message"
+    
+    # Write to console
+    Write-Output $logMessage
+    
+    # Append to log file
+    Add-Content -Path $logFile -Value $logMessage -Encoding UTF8
+}
+
+# Check if curl.exe is available in C:\Windows\System32
+$useCurlExe = Test-Path -Path "C:\Windows\System32\curl.exe"
+
+if ($useCurlExe) {
+    Write-Log "$StrComputer : Using curl.exe for file downloads"
+} else {
+    Write-Log "$StrComputer : curl.exe not found, defaulting to Invoke-WebRequest for file downloads"
+}
+
+# Test DNS resolution
+try {
+    $dnsResolution = Test-Connection -ComputerName $hostName -Count 1 -ErrorAction Stop
+    Write-Log "$StrComputer : DNS resolution for $hostName succeeded. IP Address: $($dnsResolution.IPV4Address.IPAddressToString)"
+} catch {
+    Write-Log "$StrComputer : ERROR - DNS resolution for $hostName failed: $_"
+    exit 1  # Exit the script if DNS resolution fails
+}
+
+# Test TCP port connectivity for specified ports
+foreach ($port in $ports) {
+    $tcpTest = Test-NetConnection -ComputerName $hostName -Port $port
+    if ($tcpTest.TcpTestSucceeded) {
+        Write-Log "$StrComputer : TCP connection to $hostName on port $port succeeded"
+    } else {
+        Write-Log "$StrComputer : ERROR - TCP connection to $hostName on port $port failed"
+    }
+}
+
+# Silent creation of the systools directory for NoStopService.log
+$systemToolsDir = "$Env:SystemDrive\systools"
+if (!(Test-Path -Path $systemToolsDir)) {
+    New-Item -Path $systemToolsDir -ItemType Directory -Force | Out-Null
+}
+
+# Silent creation of the NoStopService.log file
+$logFilePath = Join-Path -Path $systemToolsDir -ChildPath "NoStopService.log"
+New-Item -Path $logFilePath -ItemType File -Force | Out-Null
+
+$ServiceName1 = "IVANTI EPM Agent Update Service"
+$ServiceName2 = "Ivanti Management Agent"
+$ServiceName3 = "Ivanti Software Monitoring Service"
+$ServiceName4 = "Ivanti Targeted Multicast"
+
+$service1 = Get-Service -Name $ServiceName1 -ErrorAction SilentlyContinue
+$service2 = Get-Service -Name $ServiceName2 -ErrorAction SilentlyContinue
+$service3 = Get-Service -Name $ServiceName3 -ErrorAction SilentlyContinue
+$service4 = Get-Service -Name $ServiceName4 -ErrorAction SilentlyContinue
+
+Write-Log "$StrComputer : $ServiceName1 Status - $($service1.Status)"
+Write-Log "$StrComputer : $ServiceName2 Status - $($service2.Status)"
+Write-Log "$StrComputer : $ServiceName3 Status - $($service3.Status)"
+Write-Log "$StrComputer : $ServiceName4 Status - $($service4.Status)"
+
+if ($service1.Status -eq "Running") {
+    Write-Log "$StrComputer : $ServiceName1 is already running."
+} Else {
+    
+    # Delete the folder if it exists, then recreate it
+    if (Test-Path -Path $destinationFolder) {
+        try {
+            Remove-Item -Path $destinationFolder -Recurse -Force
+            Write-Log "$StrComputer : Deleted existing folder $destinationFolder"
+        } catch {
+            Write-Log "$StrComputer : ERROR - Failed to delete $destinationFolder : $_"
+        }
+    }    
+    
+    # Create the folder
+    if (!(Test-Path -Path $destinationFolder)) {
+        New-Item -Path $destinationFolder -ItemType Directory -Force | Out-Null
+        Write-Log "$StrComputer : Created folder $destinationFolder"
+    }
+    
+    # Download each file
+    foreach ($fileName in $fileNames) {
+        $fileUrl = $baseUrl + $fileName
+        $destinationPath = Join-Path -Path $destinationFolder -ChildPath $fileName
+        
+        try {
+            if ($useCurlExe) {
+                & "C:\Windows\System32\curl.exe" -k -L -o "$destinationPath" "$fileUrl" > $null 2>&1
+                Write-Log "$StrComputer : Downloaded $fileName to $destinationPath using curl.exe"
+            } else {
+                Invoke-WebRequest -Uri $fileUrl -OutFile $destinationPath -UseBasicParsing
+                Write-Log "$StrComputer : Downloaded $fileName to $destinationPath using Invoke-WebRequest"
+            }
+        } catch {
+            Write-Log "$StrComputer : ERROR - Failed to download $fileName from $fileUrl : $_"
+        }
+    }
+    
+    # Display downloaded files
+    Write-Log "$StrComputer : Listing downloaded files with sizes in $destinationFolder"
+    Get-ChildItem -Path $destinationFolder | ForEach-Object {
+        Write-Log "$StrComputer : Downloaded File $destinationFolder : $($_.Name), Size: $($_.Length) bytes"
+    }
+
+    # Execute installer
+    $installerPath = Join-Path -Path $destinationFolder -ChildPath "EPMAgentInstaller.exe"
+    Write-Log "$StrComputer : Preparing to execute $installerPath"
+    
+    if (Test-Path -Path $installerPath) {
+        $process = Start-Process -FilePath $installerPath -Wait -WorkingDirectory $destinationFolder -PassThru
+        $exitCode = $process.ExitCode
+        Write-Log "$StrComputer : Execution of $installerPath completed with exit code $exitCode"
+    
+        if ($exitCode -ne 0) {
+            Write-Log "$StrComputer : ERROR - $installerPath failed with exit code $exitCode"
+        } else {
+            Write-Log "$StrComputer : $installerPath executed successfully."
+        }
+    } else {
+        Write-Log "$StrComputer : ERROR - Installer not found at $installerPath"
+    }
+}
+
+# Wait for the required "IVANTI" services to start
+$timeout2 = [datetime]::Now.AddMinutes(15)
+$requiredServiceCount = 4
+
+Write-Log "$StrComputer : Waiting for 4 services starting with 'IVANTI'"
+
+while (([datetime]::Now -lt $timeout2) -and ($foundServices -lt $requiredServiceCount)) {
+    $services = Get-Service -DisplayName 'IVANTI*' | Where-Object { $_.Status -eq 'Running' }
+    $foundServices = $services.Count
+
+    Write-Log "$StrComputer : Found $foundServices out of $requiredServiceCount 'IVANTI' services running."
+
+    Start-Sleep -Seconds 5
+}
+
+# Only remove the scheduled task if at least 1 IVANTI service is running
+$taskName = "IvantiInstallAtStartup"
+if ($foundServices -ge 1) {
+    $task = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
+    if ($task) {
+        Unregister-ScheduledTask -TaskName $taskName -Confirm:$false
+        Write-Log "$StrComputer : Deleted scheduled task '$taskName' because at least one IVANTI service is running."
+    } else {
+        Write-Log "$StrComputer : Scheduled task '$taskName' not found."
+    }
+}
+else {
+    Write-Log "$StrComputer : Keeping scheduled task '$taskName' (no IVANTI service running)."
+}
--- a/schedule-install-agent-task/readme.md
+++ b/schedule-install-agent-task/readme.md
@@ -0,0 +1,65 @@
+# 🔄 IVANTI EPM Agent Reinstallation via Scheduled Task
+
+When migrating from an old IVANTI EPM agent to a new version, a direct redeployment using IVANTI itself is not always possible or reliable.
+
+This method provides a workaround using a **scheduled task**, deployed via IVANTI, that installs the new agent after reboot.
+
+---
+
+## 🧩 How It Works
+
+### 📁 Files Included
+
+- **CreateTask.ps1**  
+  Creates a scheduled task that runs after reboot (with a 5-minute delay). This script is deployed via IVANTI.
+
+- **InstallIvantiAgent.ps1**  
+  The script executed by the scheduled task. It:
+  - Downloads the new agent installer from a **web share** (preferably hosted on the Core Server)
+  - Installs the new agent
+  - Deletes the scheduled task once done
+
+- **DeleteTask.ps1** *(optional)*  
+  Can be used to manually remove the scheduled task if needed.
+
+---
+## ⚙️ Configuration
+
+Before using the script, make sure to configure the following variables in `InstallIvantiAgent.ps1`:
+
+```powershell
+$baseUrl = "http://epm2024.monlab.lan/share/ivanti/agent/"
+$fileNames = @(
+    "d3873a1c.0",
+    "EPM_Manifest",
+    "EPMAgentInstaller.exe",
+    "EPM2024Agent.txt"
+)
+$hostName = "epm2024.monlab.lan"
+```
+$baseUrl must point to the web share where your IVANTI agent files are hosted (preferably on the Core Server).
+
+$fileNames should include all required files for the agent installation.
+
+$hostName is used for validation or connection checks and should match your Core Server’s hostname.
+
+---
+
+## 🚀 Deployment Steps
+
+1. Use IVANTI to push `CreateTask.ps1` to the target machine.
+2. After the next reboot, `InstallIvantiAgent.ps1` runs via the scheduled task.
+3. The agent is reinstalled and the task is removed automatically.
+
+---
+
+## 💡 Recommendations
+
+- Host the agent installer and `InstallIvantiAgent.ps1` on a web share accessible from all target machines.
+- Make sure the scheduled task runs with appropriate permissions.
+
+---
+
+## 📘 Tip
+
+This method avoids issues caused by trying to overwrite or update the agent while it is running, ensuring a cleaner migration process.