Auto-commit: 2025-10-31 08:59:02

Packages/shutdown.ps1

@@ -0,0 +1,37 @@
+#requires -version 5.1
+# Forced shutdown in 30 seconds with on-screen message.
+# Works from 32-bit PowerShell on 64-bit Windows. Run as Administrator.
+
+$Message        = 'Shutdown by Tanium'
+$TimeoutSeconds = 30
+
+# Admin check
+$principal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
+if (-not $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) {
+    Write-Error 'Run this script as Administrator.'
+    exit 1
+}
+
+# Pick correct shutdown.exe (Sysnative when 32-bit PS on 64-bit OS)
+function Get-ShutdownExePath {
+    $sysnative = Join-Path $env:WINDIR 'Sysnative\shutdown.exe'
+    $system32  = Join-Path $env:WINDIR 'System32\shutdown.exe'
+    if ([Environment]::Is64BitOperatingSystem -and -not [Environment]::Is64BitProcess -and (Test-Path $sysnative)) { 
+        return $sysnative 
+    } else { 
+        return $system32 
+    }
+}
+$exe = Get-ShutdownExePath
+
+# Optional trace in Event Log
+try {
+    $src = 'Tanium-Shutdown-PS'
+    if (-not [System.Diagnostics.EventLog]::SourceExists($src)) {
+        New-EventLog -LogName Application -Source $src -ErrorAction SilentlyContinue
+    }
+    Write-EventLog -LogName Application -Source $src -EntryType Information -EventId 10011 -Message $Message
+} catch {}
+
+# Schedule forced shutdown with 30s countdown and message
+& $exe /s /f /t $TimeoutSeconds /c $Message