Created
February 15, 2025 21:06
-
-
Save daisyUniverse/5a0a0f01e58d167bd91877c897ea6be5 to your computer and use it in GitHub Desktop.
Powershell script that interfaces with SCCM to wipe out faulty Sophos installs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nuke-Sophos | |
| # obliterate all sophos installations in a specified SCCM device group | |
| # Robin Universe [D] | |
| # 02 . 14 . 25 | |
| param ( | |
| [string]$collectionName, | |
| [string[]]$TestComputers | |
| ) | |
| $Cred = Get-Credential -Message "Tech Credentials required for PSRemote Shell" | |
| # Get all computer names in the sccm collection | |
| function Get-SCCMCollection($collectionName) { | |
| $loc = Get-Location | |
| Set-Location "7DC:\\" | |
| $collection = Get-CMCollectionMember -CollectionName $collectionName | Select-Object Name | |
| Set-Location $loc | |
| return $collection.Name | |
| } | |
| # Tries to get this party started by using SCCM to wakeup those computers | |
| function Wake-Collection($collectionName) { | |
| $loc = Get-Location | |
| Set-Location "7DC:\\" | |
| Invoke-CMClientAction -ActionType ClientNotificationWakeUpClientNow -CollectionName $collectionName | |
| Set-Location $loc | |
| } | |
| # Verifies we are indeed ready to party by checking which computers have woken up | |
| Function Ping-Computer($com){ | |
| $Online = Test-Connection $com -Count 1 -Quiet | |
| return $Online | |
| } | |
| # Check if a user is logged in so we dont accidentally restart a computer while someone is using it | |
| function Get-LoggedInUser($comp) { | |
| try { | |
| $output = (Get-WmiObject -Class win32_computersystem -ComputerName $comp).UserName | |
| } catch { | |
| Write-Host " [ $comp ] FAILED TO DETECT USER " -ForegroundColor Red | |
| $output = $Null | |
| } | |
| if ($Null -ne $output) { $output = ($output).split("\")[1] } | |
| return $output | |
| } | |
| # Fuck it up | |
| Function Nuke($OnlineComputers) { | |
| if ($Null -ne $TestComputers) { $OnlineComputers = $TestComputers } | |
| foreach ($com in $OnlineComputers){ | |
| Write-Host "`r [ $com ] Checking if computer is online... " -ForegroundColor Yellow -NoNewline | |
| if (Ping-Computer $com) { | |
| Write-Host "`r [ $com ] Checking for logged in user... " -ForegroundColor Yellow -NoNewline | |
| $User = Get-LoggedInUser $com | |
| if ( $Null -ne $User ) { Write-Host "`r [ $com ] $User is currently logged in! skipping... " -ForegroundColor Red } | |
| else { | |
| Write-Host "`r [ $com ] Attempting PSRemote Connection..." -ForegroundColor Yellow -NoNewline | |
| try { | |
| $session = New-PSSession -ComputerName $com -Credential $Cred | |
| Invoke-Command -Session $session -ScriptBlock { | |
| $ver = [System.Environment]::OSVersion.Version.Build | |
| $com = $env:COMPUTERNAME | |
| if ($ver -eq 19045){ | |
| Write-Host "`r [ $com ] VERSION MATCH! " -ForegroundColor Green -NoNewline; Start-Sleep 1 | |
| Write-Host "`r [ $com ] Attempting to run Uninstaller... " -ForegroundColor Green -NoNewline; Start-Sleep 1 | |
| Start-Process "C:\Program Files\Sophos\Sophos Endpoint Agent\SophosUninstall.exe" -ArgumentList "--quiet" -Wait | |
| Write-Host "`r [ $com ] Removing TaskSeq Flag... " -ForegroundColor Green -NoNewline; Start-Sleep 1 | |
| if (Test-Path "C:\TaskSequenceRunning.flg") { Remove-Item -Path "C:\TaskSequenceRunning.flg" -Force } | |
| } else { | |
| Write-Host "`r [ $com ] VERSION MISMATCH ($ver) " -ForegroundColor Red; Start-Sleep 1 | |
| } | |
| } | |
| Write-Host "`r [ $com ] Rebooting system and bailing... " -ForegroundColor Green ; Start-Sleep 1 | |
| Restart-Computer -ComputerName $com -Force -Credential $Cred | |
| Remove-PSSession -Session $session | |
| Wake-Collection $collectionName | |
| } | |
| catch { | |
| Write-Host "`r [ $com ] CONNECTION FAILED. OFFLINE? " -ForegroundColor Red | |
| } | |
| } | |
| } else { Write-Host "`r [ $com ] not online! " -ForegroundColor Red | |
| } | |
| } | |
| } | |
| Write-Host " [ $collectionName ] Collecting all computer names in group from SCCM... " -ForegroundColor Yellow | |
| $sccmcollection = Get-SCCMCollection $collectionName | |
| foreach ($com in $sccmcollection){ Write-Host "`r [ $com ] " -ForegroundColor Green -NoNewline; Start-Sleep -Milliseconds 25} | |
| Write-Host ( "`r [ $collectionName ] " + $sccmcollection.Count + " computers detected. " )-ForegroundColor Green | |
| Write-Host " [ $collectionName ] Invoking WoL on computer group... " -ForegroundColor Yellow | |
| Wake-Collection $collectionName | |
| $t = 0; while ($t -lt 60) { | |
| Write-Host "`r [ $t ] Waiting 1 Minute to let computers wake up... (press Q to skip)" -ForegroundColor Yellow -NoNewline; Start-Sleep 1; $t++ | |
| if ([System.Console]::KeyAvailable) {$key = [System.Console]::ReadKey($true); if ($key.KeyChar -eq 'q'){$t=59}} | |
| } | |
| Write-Host "`n [ FLIGHT CHECK PASSED - LETS FUCK IT UP ] " -ForegroundColor Green; Start-Sleep 1 | |
| #foreach ($com in $sccmcollection) {$status = (Ping-Computer $com); Write-Host $com - Online? $status } | |
| Nuke $sccmcollection |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment