mirror of
https://github.com/bunny-lab-io/Borealis.git
synced 2025-09-11 01:48:42 -06:00
Consolidated UAC Prompts in Agent Deployment
This commit is contained in:
@@ -3,7 +3,12 @@ param(
|
||||
[Parameter(Mandatory=$true)] [string]$PythonExe,
|
||||
[Parameter(Mandatory=$true)] [string]$SupScript,
|
||||
[Parameter(Mandatory=$true)] [string]$WdName,
|
||||
[Parameter(Mandatory=$true)] [string]$WdSource
|
||||
[Parameter(Mandatory=$true)] [string]$WdSource,
|
||||
# Optional per-user logon task (to avoid a second UAC prompt elsewhere)
|
||||
[string]$UserTaskName = 'Borealis Agent',
|
||||
[string]$UserExe = $null,
|
||||
[string]$UserScript = $null,
|
||||
[string]$UserPrincipal = $null
|
||||
)
|
||||
|
||||
$ErrorActionPreference = 'Continue'
|
||||
@@ -17,7 +22,7 @@ try {
|
||||
$supArg = ('-W ignore::SyntaxWarning "{0}"' -f $SupScript)
|
||||
$supAction = New-ScheduledTaskAction -Execute $PythonExe -Argument $supArg
|
||||
$supTrigger = New-ScheduledTaskTrigger -AtStartup
|
||||
$supSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Hidden -RestartCount 3 -RestartInterval (New-TimeSpan -Minutes 1)
|
||||
$supSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Hidden -RestartCount 3 -RestartInterval (New-TimeSpan -Minutes 1) -ExecutionTimeLimit ([TimeSpan]::Zero)
|
||||
Register-ScheduledTask -TaskName $SupName -Action $supAction -Trigger $supTrigger -Settings $supSettings -Principal $principal -Force | Out-Null
|
||||
|
||||
# Watchdog script deployment
|
||||
@@ -30,12 +35,32 @@ try {
|
||||
$wdArg = ('-NoProfile -ExecutionPolicy Bypass -File "{0}" -SupervisorTaskName "{1}"' -f $wdDest, $SupName)
|
||||
$wdAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument $wdArg
|
||||
$wdTrigger = New-ScheduledTaskTrigger -Once -At ([datetime]::Now.AddMinutes(1)) -RepetitionInterval (New-TimeSpan -Minutes 5) -RepetitionDuration (New-TimeSpan -Days 365)
|
||||
$wdSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Hidden
|
||||
$wdSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Hidden -ExecutionTimeLimit ([TimeSpan]::Zero)
|
||||
Register-ScheduledTask -TaskName $WdName -Action $wdAction -Trigger $wdTrigger -Settings $wdSettings -Principal $principal -Force | Out-Null
|
||||
|
||||
# Ensure supervisor is running
|
||||
Start-ScheduledTask -TaskName $SupName | Out-Null
|
||||
|
||||
# Optionally ensure a per-user logon task for the tray helper without a separate elevation
|
||||
if ($UserExe -and $UserScript) {
|
||||
try {
|
||||
$targetUser = $UserPrincipal
|
||||
if (-not $targetUser -or $targetUser -eq '') {
|
||||
$targetUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
|
||||
}
|
||||
try { Unregister-ScheduledTask -TaskName $UserTaskName -Confirm:$false -ErrorAction SilentlyContinue } catch {}
|
||||
$usrArg = ('-W ignore::SyntaxWarning "{0}"' -f $UserScript)
|
||||
$usrAction = New-ScheduledTaskAction -Execute $UserExe -Argument $usrArg
|
||||
$usrTrig = New-ScheduledTaskTrigger -AtLogOn
|
||||
$usrSet = New-ScheduledTaskSettingsSet -Hidden -ExecutionTimeLimit ([TimeSpan]::Zero)
|
||||
$usrPrin = New-ScheduledTaskPrincipal -UserId $targetUser -LogonType Interactive -RunLevel Limited
|
||||
Register-ScheduledTask -TaskName $UserTaskName -Action $usrAction -Trigger $usrTrig -Settings $usrSet -Principal $usrPrin -Force | Out-Null
|
||||
Start-ScheduledTask -TaskName $UserTaskName | Out-Null
|
||||
} catch {
|
||||
Write-Warning "Failed to register per-user logon task '$UserTaskName': $_"
|
||||
}
|
||||
}
|
||||
|
||||
} catch {
|
||||
Write-Error $_
|
||||
exit 1
|
||||
|
||||
@@ -126,7 +126,7 @@ $arg = "-W ignore::SyntaxWarning {paths['agent_script']}"
|
||||
try {{ Unregister-ScheduledTask -TaskName $task -Confirm:$false -ErrorAction SilentlyContinue }} catch {{}}
|
||||
$action = New-ScheduledTaskAction -Execute $py -Argument $arg
|
||||
$trigger= New-ScheduledTaskTrigger -AtLogOn
|
||||
$settings = New-ScheduledTaskSettingsSet -Hidden
|
||||
$settings = New-ScheduledTaskSettingsSet -Hidden -ExecutionTimeLimit ([TimeSpan]::Zero)
|
||||
Register-ScheduledTask -TaskName $task -Action $action -Trigger $trigger -Settings $settings -Force | Out-Null
|
||||
Start-ScheduledTask -TaskName $task | Out-Null
|
||||
"""
|
||||
|
||||
Reference in New Issue
Block a user