From ea74566db2749c90169f91b3cc81c6ae3c1b4842 Mon Sep 17 00:00:00 2001 From: David Date: Mon, 18 Nov 2024 13:52:41 +0100 Subject: [PATCH 1/2] Clone template --- .../Get-ScheduledTasksActions.ps1 | 4 +++ .../Get-ScheduledTasksActions/README.md | 15 ++++++++++ .../Scan Profile.xml | 29 +++++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 create mode 100644 PowerShell Scanners/Get-ScheduledTasksActions/README.md create mode 100644 PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml diff --git a/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 b/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 new file mode 100644 index 0000000..05c178c --- /dev/null +++ b/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 @@ -0,0 +1,4 @@ +[CmdletBinding()] +param ( + +) \ No newline at end of file diff --git a/PowerShell Scanners/Get-ScheduledTasksActions/README.md b/PowerShell Scanners/Get-ScheduledTasksActions/README.md new file mode 100644 index 0000000..190b1c1 --- /dev/null +++ b/PowerShell Scanners/Get-ScheduledTasksActions/README.md @@ -0,0 +1,15 @@ +# Instructions +[How to use this repository](../../README.md) + +# Description +Describe what your script does, and share any important information about it. + +# Requirements +Optional section where you can list conditions that have to be met before running your script. + +# Parameters +## Parameter name +Describe what the parameter does. + +# Author +Your name (or username) here. \ No newline at end of file diff --git a/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml b/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml new file mode 100644 index 0000000..0800631 --- /dev/null +++ b/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml @@ -0,0 +1,29 @@ + + + + + + + 2024-11-18T13:52:01.7672096+01:00 + Get-ScheduledTasksActions + 4614b4ed4b734b14bb32b15df48937d4 + + C:\PowerShell-Scanners\PowerShell Scanners\Get-ScheduledTasksActions\Get-ScheduledTasksActions.ps1 + + + + + + PowerShell + + + + REPLACE ME with a brief description. + + PS - Get-ScheduledTasksActions + + + + + \ No newline at end of file From 21b969b11bb62aabb6d2674937cd10920a6981f2 Mon Sep 17 00:00:00 2001 From: David Date: Mon, 18 Nov 2024 14:17:53 +0100 Subject: [PATCH 2/2] Add Get-ScheduledTasksActions.ps1 Scanner --- .../Get-ScheduledTasksActions.ps1 | 63 ++++++++++++++++++- .../Get-ScheduledTasksActions/README.md | 15 ++--- .../Scan Profile.xml | 2 +- 3 files changed, 69 insertions(+), 11 deletions(-) diff --git a/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 b/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 index 05c178c..338a4e7 100644 --- a/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 +++ b/PowerShell Scanners/Get-ScheduledTasksActions/Get-ScheduledTasksActions.ps1 @@ -1,4 +1,61 @@ -[CmdletBinding()] -param ( +<# +.SYNOPSIS + PDQ Inventory Scanner to retrieve Scheduled Tasks including action(s) -) \ No newline at end of file +.PARAMETER TaskName + Specifies an array of one or more names of a scheduled task. You can use "*" for a wildcard character query. + +.PARAMETER TaskPath + Specifies an array of one or more paths for scheduled tasks in Task Scheduler namespace. You can use "*" for a wildcard character query. + You can use \* for the root folder. To specify a full TaskPath you need to include the leading and trailing \. + +.INPUTS + None. You can't pipe objects. + +.OUTPUTS + System.Management.Automation.PSCustomObject. + Get-ScheduledTasksActions.ps1 returns a PSCustomObject each action within a scheduled task. + Note that a single Scheduled Tasks can have multiple actions. + +.LINK + Parameters TaskName and TaskPath are the same as the built-in cmdlet `Get-ScheduledTask` + +.EXAMPLE + PS> .\Get-ScheduledTasksActions.ps1 -TaskName "Microsoft*" + TaskName : Microsoft Compatibility Appraiser + TaskPath : \Microsoft\Windows\Application Experience\ + TaskActionExe : %windir%\system32\compattelrunner.exe + [...] + +#> +param ( + [PSDefaultValue(Help = "Wildcard filter, display all Scheduled Tasks by name")] + [SupportsWildcards()] + [string[]]$TaskName = "*", + [PSDefaultValue(Help = "Wildcard filter, display all Scheduled Tasks by path")] + [SupportsWildcards()] + [string[]]$TaskPath = "\*" +) + +$tasks = Get-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -ErrorAction SilentlyContinue + +if (!$tasks) { + throw "No scheduled tasks found" +} + +foreach ($task in $tasks) { + foreach ($action in $task.Actions) { + [PSCustomObject]@{ + TaskName = $task.TaskName + TaskPath = $task.TaskPath + TaskURI = $task.URI + TaskAuthor = $task.Author + TaskRunAsUser = $task.Principal.UserId + TaskEnabled = $task.Settings.Enabled + TaskHidden = $task.Settings.Hidden + TaskActionExe = $action.Execute + TaskActionArgs = $action.Arguments + TaskActionWorkDir = $action.WorkingDirectory + } + } +} \ No newline at end of file diff --git a/PowerShell Scanners/Get-ScheduledTasksActions/README.md b/PowerShell Scanners/Get-ScheduledTasksActions/README.md index 190b1c1..afefe27 100644 --- a/PowerShell Scanners/Get-ScheduledTasksActions/README.md +++ b/PowerShell Scanners/Get-ScheduledTasksActions/README.md @@ -2,14 +2,15 @@ [How to use this repository](../../README.md) # Description -Describe what your script does, and share any important information about it. - -# Requirements -Optional section where you can list conditions that have to be met before running your script. +Retrieve Scheduled Tasks including action(s). Tasks can be filtered by TaskName and TaskPath. +Run `Get-Help Get-ScheduledTasksActions.ps1` for more information and examples. # Parameters -## Parameter name -Describe what the parameter does. +## TaskName +Specifies an array of one or more names of a scheduled task. You can use "*" for a wildcard character query. + +## TaskPath +Specifies an array of one or more paths for scheduled tasks in Task Scheduler namespace. You can use "*" for a wildcard character query. You can use \* for the root folder. To specify a full TaskPath you need to include the leading and trailing \. # Author -Your name (or username) here. \ No newline at end of file +David Bekker \ No newline at end of file diff --git a/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml b/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml index 0800631..cd1d301 100644 --- a/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml +++ b/PowerShell Scanners/Get-ScheduledTasksActions/Scan Profile.xml @@ -19,7 +19,7 @@ - REPLACE ME with a brief description. + Retrieve Scheduled Tasks including action(s) PS - Get-ScheduledTasksActions