Skip to content

Instantly share code, notes, and snippets.

@machv

machv/Create-AllUsersTask.ps1

Last active September 25, 2020 10:23
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save machv/42d7ec8b1125758d2e9316c9c2b729af to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save machv/42d7ec8b1125758d2e9316c9c2b729af to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Create-AllUsersTask.ps1
$ps1Content = @'
$vpnProfiles = "Litware VPN Auto"
function Set-VpnStrategy {
[cmdletbinding()]
param(
[Parameter(Mandatory = $true, ParameterSetName = "Connection", ValueFromPipeline = $true)]
$VpnConnection,
[Parameter(Mandatory = $true, ParameterSetName = "Name")]
[string]$ProfileName,
[Parameter(Mandatory = $true)]
[ValidateSet(5, 6, 7, 8, 14)]
[int]$Strategy,
[switch]$RestartService,
[string]$RasphonePath = $null
)
<#
5 { "Only SSTP is attempted" }
6 { "SSTP is attempted first" }
7 { "Only IKEv2 is attempted" }
8 { "IKEv2 is attempted first" }
14 { "IKEv2 is attempted followed by SSTP" }
#>
process {
if($PSCmdlet.ParameterSetName -eq "Connection") {
$ProfileName = $vpnConnection.Name
}
if(-not $RasphonePath) {
$RasphonePath = "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk"
}
if (-not (Test-Path $rasphonePath)) {
return
}
$lines = Get-Content $rasphonePath
$newContent = @()
$inSection = $false
$sectionFound = $false
$updated = $false
foreach($line in $lines) {
if($line -eq "[$profileName]") {
Write-Verbose -Message "VPN profile $profileName found"
$inSection = $true
$sectionFound = $true
}
elseif($line -match "\[([^]]+)\]") {
Write-Verbose -Message "Skipping VPN profile $($Matches[1])"
$inSection = $false
}
if(-not $inSection) {
$newContent += $line
continue
}
if($line -match "VpnStrategy") {
$values = $line -split "="
if($values[1].Trim() -ne $Strategy) {
Write-Verbose -Message " * VPN strategy changed to $strategy from $($values[1])"
$updated = $true
$line = "VpnStrategy=$Strategy"
} else {
Write-Verbose -Message " * VPN strategy is already configured."
}
}
$newContent += $line
}
if(-not $sectionFound) {
Write-Warning "VPN Profile $ProfileName was not found."
}
if($updated) {
Write-Verbose -Message "Updating $rasphonePath with new content"
Set-Content -Path $rasphonePath -Value $newContent
if($RestartService) {
Write-Verbose -Message "Restarting RasMan service"
Restart-Service RasMan
}
}
return $updated
}
}
$users = Get-ChildItem -Path "C:\Users" | Where-Object { $_.PSIsContainer }
foreach($user in $users) {
Write-Verbose -Verbose -Message "Processing user $($user.Name)"
$rasphonePath = Join-Path $user.FullName "AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk"
if(-not (Test-Path $rasphonePath)) {
continue
}
$vpnProfiles | ForEach-Object {
$result = Set-VpnStrategy -ProfileName $_ -Strategy 14 -RasphonePath $rasphonePath -Verbose
}
}
'@
$path = $(Join-Path $env:ProgramData "VpnStrategy")
if (!(Test-Path $path))
{
New-Item -Path $path -ItemType Directory -Force -Confirm:$false
}
Out-File -FilePath $(Join-Path $env:ProgramData "VpnStrategy\Set-VpnStrategy.ps1") -Encoding utf8 -Force -InputObject $ps1Content -Confirm:$false
$trigger = New-ScheduledTaskTrigger -AtLogOn
$user = "NT AUTHORITY\SYSTEM"
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-ExecutionPolicy Bypass -File C:\ProgramData\VpnStrategy\Set-VpnStrategy.ps1"
Register-ScheduledTask -TaskName "Set-VpnStrategy" -Trigger $trigger -User $user -Action $action –Force
Raw
Create-Task.ps1
$ps1Content = @'
function Set-VpnStrategy {
[cmdletbinding()]
param(
[Parameter(Mandatory = $true, ParameterSetName = "Connection", ValueFromPipeline = $true)]
$VpnConnection,
[Parameter(Mandatory = $true, ParameterSetName = "Name")]
[string]$ProfileName,
[Parameter(Mandatory = $true)]
[ValidateSet(5, 6, 7, 8, 14)]
[int]$Strategy,
[switch]$RestartService
)
<#
5 { "Only SSTP is attempted" }
6 { "SSTP is attempted first" }
7 { "Only IKEv2 is attempted" }
8 { "IKEv2 is attempted first" }
14 { "IKEv2 is attempted followed by SSTP" }
#>
process {
if($PSCmdlet.ParameterSetName -eq "Connection") {
$ProfileName = $vpnConnection.Name
}
$rasphonePath = "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk"
if (-not (Test-Path $rasphonePath)) {
return
}
$lines = Get-Content $rasphonePath
$newContent = @()
$inSection = $false
$sectionFound = $false
$updated = $false
foreach($line in $lines) {
if($line -eq "[$profileName]") {
Write-Verbose -Message "VPN profile $profileName found"
$inSection = $true
$sectionFound = $true
}
elseif($line -match "\[([^]]+)\]") {
Write-Verbose -Message "Skipping VPN profile $($Matches[1])"
$inSection = $false
}
if(-not $inSection) {
$newContent += $line
continue
}
if($line -match "VpnStrategy") {
$values = $line -split "="
if($values[1].Trim() -ne $Strategy) {
Write-Verbose -Message " * VPN strategy changed to $strategy from $($values[1])"
$updated = $true
$line = "VpnStrategy=$Strategy"
} else {
Write-Verbose -Message " * VPN strategy is already configured."
}
}
$newContent += $line
}
if(-not $sectionFound) {
Write-Warning "VPN Profile $ProfileName was not found."
}
if($updated) {
Write-Verbose -Message "Updating $rasphonePath with new content"
Set-Content -Path $rasphonePath -Value $newContent
if($RestartService) {
Write-Verbose -Message "Restarting RasMan service"
Restart-Service RasMan
}
}
return $updated
}
}
Get-VpnConnection | Set-VpnStrategy -Strategy 14 -Verbose
'@
$vbsContent = @'
command = "powershell.exe -nologo -ExecutionPolicy Bypass -File C:\ProgramData\VpnStrategy\Set-VpnStrategy.ps1"
set shell = CreateObject("WScript.Shell")
shell.Run command, 0
'@
# create custom folder and write PS script
$path = $(Join-Path $env:ProgramData "VpnStrategy")
if (!(Test-Path $path))
{
New-Item -Path $path -ItemType Directory -Force -Confirm:$false
}
Out-File -FilePath $(Join-Path $env:ProgramData "VpnStrategy\Set-VpnStrategy.ps1") -Encoding utf8 -Force -InputObject $ps1Content -Confirm:$false
Out-File -FilePath $(Join-Path $env:ProgramData "VpnStrategy\Set-VpnStrategy.vbs") -Encoding ascii -Force -InputObject $vbsContent -Confirm:$false
# Register service to run as logged user
$shedService = New-Object -comobject 'Schedule.Service'
$shedService.Connect()
$task = $shedService.NewTask(0)
$task.RegistrationInfo.Description = 'Set VPN Connection strategy to prefer IKEv2 on all VPN profiles.'
$task.Settings.Enabled = $true
$task.Settings.AllowDemandStart = $true
$trigger = $task.triggers.Create(9)
$trigger.Enabled = $true
$action = $Task.Actions.Create(0)
$action.Path = 'wscript.exe'
$action.Arguments = 'C:\ProgramData\VpnStrategy\Set-VpnStrategy.vbs'
$taskFolder = $shedService.GetFolder("\")
$taskFolder.RegisterTaskDefinition('Set-VpnStrategy', $task , 6, 'Users', $null, 4)
Raw
Set-VpnStrategy.ps1
function Set-VpnStrategy {
[cmdletbinding()]
param(
[Parameter(Mandatory = $true, ParameterSetName = "Connection", ValueFromPipeline = $true)]
$VpnConnection,
[Parameter(Mandatory = $true, ParameterSetName = "Name")]
[string]$ProfileName,
[Parameter(Mandatory = $true)]
[ValidateSet(5, 6, 7, 8, 14)]
[int]$Strategy,
[switch]$RestartService
)
<#
5 { "Only SSTP is attempted" }
6 { "SSTP is attempted first" }
7 { "Only IKEv2 is attempted" }
8 { "IKEv2 is attempted first" }
14 { "IKEv2 is attempted followed by SSTP" }
#>
process {
if($PSCmdlet.ParameterSetName -eq "Connection") {
$ProfileName = $vpnConnection.Name
}
$rasphonePath = "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk"
if (-not (Test-Path $rasphonePath)) {
return
}
$lines = Get-Content $rasphonePath
$newContent = @()
$inSection = $false
$sectionFound = $false
$updated = $false
foreach($line in $lines) {
if($line -eq "[$profileName]") {
Write-Verbose -Message "VPN profile $profileName found"
$inSection = $true
$sectionFound = $true
}
elseif($line -match "\[([^]]+)\]") {
Write-Verbose -Message "Skipping VPN profile $($Matches[1])"
$inSection = $false
}
if(-not $inSection) {
$newContent += $line
continue
}
if($line -match "VpnStrategy") {
$values = $line -split "="
if($values[1].Trim() -ne $Strategy) {
Write-Verbose -Message " * VPN strategy changed to $strategy from $($values[1])"
$updated = $true
$line = "VpnStrategy=$Strategy"
} else {
Write-Verbose -Message " * VPN strategy is already configured."
}
}
$newContent += $line
}
if(-not $sectionFound) {
Write-Warning "VPN Profile $ProfileName was not found."
}
if($updated) {
Write-Verbose -Message "Updating $rasphonePath with new content"
Set-Content -Path $rasphonePath -Value $newContent
if($RestartService) {
Write-Verbose -Message "Restarting RasMan service"
Restart-Service RasMan
}
}
return $updated
}
}
Get-VpnConnection | Set-VpnStrategy -Strategy 14 -Verbose
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment