forked from nexxai/CryptoBlocker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDeployCryptoBlocker.ps1
More file actions
138 lines (115 loc) · 5 KB
/
DeployCryptoBlocker.ps1
File metadata and controls
138 lines (115 loc) · 5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# DeployCryptoBlocker.ps1
#
################################ Functions ################################
function ConvertFrom-Json20([Object] $obj)
{
Add-Type -AssemblyName System.Web.Extensions
$serializer = New-Object System.Web.Script.Serialization.JavaScriptSerializer
return ,$serializer.DeserializeObject($obj)
}
Function New-CBArraySplit {
param(
$extArr,
$depth = 1
)
$extArr = $extArr | Sort-Object -Unique
# Concatenate the input array
$conStr = $extArr -join ','
$outArr = @()
# If the input string breaks the 4Kb limit
If ($conStr.Length -gt 4096) {
# Pull the first 4096 characters and split on comma
$conArr = $conStr.SubString(0,4096).Split(',')
# Find index of the last guaranteed complete item of the split array in the input array
$endIndex = [array]::IndexOf($extArr,$conArr[-2])
# Build shorter array up to that indexNumber and add to output array
$shortArr = $extArr[0..$endIndex]
$outArr += [psobject] @{
index = $depth
array = $shortArr
}
# Then call this function again to split further
$newArr = $extArr[($endindex + 1)..($extArr.Count -1)]
$outArr += New-CBArraySplit $newArr -depth ($depth + 1)
return $outArr
}
# If the concat string is less than 4096 characters already, just return the input array
Else {
return [psobject] @{
index = $depth
array = $extArr
}
}
}
################################ Functions ################################
# Add to all drives
$drivesContainingShares = Get-WmiObject Win32_Share | Select Name,Path,Type | Where-Object { $_.Type -eq 0 } | Select -ExpandProperty Path | % { "$((Get-Item -ErrorAction SilentlyContinue $_).Root)" } | Select -Unique
if ($drivesContainingShares -eq $null -or $drivesContainingShares.Length -eq 0)
{
Write-Host "No drives containing shares were found. Exiting.."
exit
}
Write-Host "The following shares needing to be protected: $($drivesContainingShares -Join ",")"
$majorVer = [System.Environment]::OSVersion.Version.Major
$minorVer = [System.Environment]::OSVersion.Version.Minor
Write-Host "Checking File Server Resource Manager.."
Import-Module ServerManager
if ($majorVer -ge 6)
{
$checkFSRM = Get-WindowsFeature -Name FS-Resource-Manager
if ($minorVer -ge 2 -and $checkFSRM.Installed -ne "True")
{
# Server 2012
Write-Host "FSRM not found.. Installing (2012).."
Install-WindowsFeature -Name FS-Resource-Manager -IncludeManagementTools
}
elseif ($minorVer -ge 1 -and $checkFSRM.Installed -ne "True")
{
# Server 2008 R2
Write-Host "FSRM not found.. Installing (2008 R2).."
Add-WindowsFeature FS-FileServer, FS-Resource-Manager
}
elseif ($checkFSRM.Installed -ne "True")
{
# Server 2008
Write-Host "FSRM not found.. Installing (2008).."
&servermanagercmd -Install FS-FileServer FS-Resource-Manager
}
}
else
{
# Assume Server 2003
Write-Host "Other version of Windows detected! Quitting.."
return
}
$fileGroupName = "CryptoBlockerGroup"
$fileTemplateName = "CryptoBlockerTemplate"
$fileScreenName = "CryptoBlockerScreen"
$webClient = New-Object System.Net.WebClient
$jsonStr = $webClient.DownloadString("https://fsrm.experiant.ca/api/v1/get")
$monitoredExtensions = @(ConvertFrom-Json20($jsonStr) | % { $_.filters })
# Split the $monitoredExtensions array into fileGroups of less than 4kb to allow processing by filescrn.exe
$fileGroups = New-CBArraySplit $monitoredExtensions
ForEach ($group in $fileGroups) {
$group | Add-Member -MemberType NoteProperty -Name fileGroupName -Value "$FileGroupName$($group.index)"
}
# Perform these steps for each of the 4KB limit split fileGroups
ForEach ($group in $fileGroups) {
Write-Host "Adding/replacing File Group [$($group.fileGroupName)] with monitored file [$($group.array -Join ",")].."
&filescrn.exe filegroup Delete "/Filegroup:$($group.fileGroupName)" /Quiet
&filescrn.exe Filegroup Add "/Filegroup:$($group.fileGroupName)" "/Members:$($group.array -Join '|')"
}
Write-Host "Adding/replacing File Screen Template [$fileTemplateName] with Event Notification [$eventConfFilename] and Command Notification [$cmdConfFilename].."
&filescrn.exe Template Delete /Template:$fileTemplateName /Quiet
# Build the argument list with all required fileGroups
$screenArgs = 'Template','Add',"/Template:$fileTemplateName"
ForEach ($group in $fileGroups) {
$screenArgs += "/Add-Filegroup:$($group.fileGroupName)"
}
&filescrn.exe $screenArgs
Write-Host "Adding/replacing File Screens.."
$drivesContainingShares | % {
Write-Host "`tAdding/replacing File Screen for [$_] with Source Template [$fileTemplateName].."
&filescrn.exe Screen Delete "/Path:$_" /Quiet
&filescrn.exe Screen Add "/Path:$_" "/SourceTemplate:$fileTemplateName"
}