-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCheckIfApprovedWPD.ps1
126 lines (97 loc) · 4.79 KB
/
CheckIfApprovedWPD.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# Unregister this event only
Unregister-Event RemovableWPDDetection -Force
# $query = "SELECT * FROM __InstanceOperationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_LogicalDisk' AND TargetInstance.DriveType=2"
$query = "SELECT * From __InstanceOperationEvent WITHIN 5 Where TargetInstance ISA 'Win32_PNPEntity' And TargetInstance.Service='WUDFWpdMtp' "
$action = {
$strUSBSerialFilename = "C:\programdata\usbcontrol\wpd_serial.json"
$strClass = $eventArgs.NewEvent.__CLASS
$strPNPdeviceID = $eventArgs.NewEvent.TargetInstance.DeviceID
$arraySplitPNPdeviceID = $strPNPdeviceID.split("\")
$strConnectedUSBSerial = $arraySplitPNPdeviceID[-1]
$strlogfile = 'c:\programdata\usbcontrol\wpdcontrol.log'
$strdatetime = Get-Date
$strdatetime = $strdatetime.GetDateTimeFormats()[19]
function Read-approved-USB($strFileWithPath) {
if(Test-Path $strFileWithPath) {
$tempObj = $null
try {
$tempObj = Get-Content -Raw -Path $strFileWithPath | ConvertFrom-Json
Write-Output $tempObj # Return powershell representation of JSON file back . Must have this line.
}
catch {
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
$strMessageToSend = "WPD [$strdatetime] Error: $ErrorMessage for $FailedItem"
Write-Host " $strMessageToSend "
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
Write-Error $StrMessageToSend -ErrorAction Stop
}
}
}
function Check-for-approved-USB ($strSerialFileName, $strConUSBSerial) {
$IntReturnValue = 0
$objSerials = Read-approved-USB $strSerialFileName
$objSerials.ValidSerialNumbers | foreach {
$ApprovedSN = $_; if ($ApprovedSN.USBSerial -eq $strConUSBSerial) {
#The USB serial is on the approved list, indicate that by setting IntReturnValue to 1
$IntReturnValue = 1
$strMessageToSend = "WPD [$strdatetime]JSON value: " + $ApprovedSN.USBSerial + " Equals " + $USBSerialNumber
Write-Host "$strMessageToSend"
Write-Output "$strMessageToSend " | Out-File $strlogfile -Append
}
else {
$strMessageToSend = "WPD [$strdatetime] JSON value: " + $ApprovedSN.USBSerial + " Not equals " + $USBSerialNumber
Write-Host " $strMessageToSend"
Write-Output "$strMessageToSend " | Out-File $strlogfile -Append
}
}
Write-Output $IntReturnValue
}
switch($strClass)
{
__InstanceCreationEvent {
$intApprovedUSB = 0
Disable-PnpDevice -InstanceId $strPNPdeviceID -Confirm:$false
$intApprovedUSB = Check-for-approved-USB $strUSBSerialFilename $strConnectedUSBSerial
$strMessageToSend = "WPD [$strdatetime] Insertion event for $strPNPdeviceID. Check if approved returned: $intApprovedUSB"
Write-Host $strMessageToSend
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
if ($intApprovedUSB -eq 1 ) {
$strMessageToSend = "WPD [$strdatetime] Inserted, device id: $strPNPdeviceID with serial: $strConnectedUSBSerial on approved list."
Write-Host $strMessageToSend
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
Enable-PnpDevice -InstanceId $strPNPdeviceID -Confirm:$false
}
else {
$strMessageToSend = "WPD [$strdatetime] Inserted, device id: $strPNPdeviceID with serial: $strConnectedUSBSerial not on approved list."
Write-Host $strMessageToSend
Write-Output "$strMessageToSend " | Out-File $strlogfile -Append
}
}
__InstanceDeletionEvent {
$strMessageToSend = "WPD [$strdatetime] Removed, device id: $strPNPdeviceID with serial: $strConnectedUSBSerial"
Write-Host $strMessageToSend
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
}
__InstanceModificationEvent {
$intApprovedUSB = 0
Disable-PnpDevice -InstanceId $strPNPdeviceID -Confirm:$false
$intApprovedUSB = Check-for-approved-USB $strUSBSerialFilename $strConnectedUSBSerial
$strMessageToSend = "WPD [$strdatetime] Modification event for $strPNPdeviceID. Check if approved returned: $intApprovedUSB"
Write-Host $strMessageToSend
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
if ($intApprovedUSB -eq 1 ) {
$strMessageToSend = "WPD [$strdatetime] Inserted, device id: $strPNPdeviceID with serial: $strConnectedUSBSerial on approved list."
Write-Host $strMessageToSend
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
Enable-PnpDevice -InstanceId $strPNPdeviceID -Confirm:$false
}
else {
$strMessageToSend = "WPD [$strdatetime] Inserted, device id: $strPNPdeviceID with serial: $strConnectedUSBSerial not on approved list."
Write-Host $strMessageToSend
Write-Output " $strMessageToSend " | Out-File $strlogfile -Append
}
}
}
}
Register-WmiEvent -Query $query -SourceIdentifier RemovableWPDDetection -Action $action -computername $ENV:COMPUTERNAME