38 lines
1.4 KiB
PowerShell
38 lines
1.4 KiB
PowerShell
#requires -version 5.1
|
|
# Forced shutdown in 30 seconds with on-screen message.
|
|
# Works from 32-bit PowerShell on 64-bit Windows. Run as Administrator.
|
|
|
|
$Message = 'Shutdown by Tanium'
|
|
$TimeoutSeconds = 30
|
|
|
|
# Admin check
|
|
$principal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
|
|
if (-not $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) {
|
|
Write-Error 'Run this script as Administrator.'
|
|
exit 1
|
|
}
|
|
|
|
# Pick correct shutdown.exe (Sysnative when 32-bit PS on 64-bit OS)
|
|
function Get-ShutdownExePath {
|
|
$sysnative = Join-Path $env:WINDIR 'Sysnative\shutdown.exe'
|
|
$system32 = Join-Path $env:WINDIR 'System32\shutdown.exe'
|
|
if ([Environment]::Is64BitOperatingSystem -and -not [Environment]::Is64BitProcess -and (Test-Path $sysnative)) {
|
|
return $sysnative
|
|
} else {
|
|
return $system32
|
|
}
|
|
}
|
|
$exe = Get-ShutdownExePath
|
|
|
|
# Optional trace in Event Log
|
|
try {
|
|
$src = 'Tanium-Shutdown-PS'
|
|
if (-not [System.Diagnostics.EventLog]::SourceExists($src)) {
|
|
New-EventLog -LogName Application -Source $src -ErrorAction SilentlyContinue
|
|
}
|
|
Write-EventLog -LogName Application -Source $src -EntryType Information -EventId 10011 -Message $Message
|
|
} catch {}
|
|
|
|
# Schedule forced shutdown with 30s countdown and message
|
|
& $exe /s /f /t $TimeoutSeconds /c $Message
|