OIB-AutoTimezone Detection

1. <#
2. .SYNOPSIS
3. Detection script for OIB-AutoTimezone remediation.
4.  
5. .DESCRIPTION
6. Verifies the following settings:
7. - Location: Registry HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Value should be "Allow".
8. - Auto Timezone: Registry HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate\Start should be "3".
9. - lfsvc configuration: Registry HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration\Status should be "1".
10. - Geolocation service: The lfsvc service must be present and in the Running state.
11. - Sensor: Registry HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}\SensorPermissionState should be "1".
12. #>
13.  
14. try {
15. $errorMessages = @()
16.  
17. # Check location setting
18. $locationRegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location"
19. $expectedLocation = "Allow"
20. if (-not (Test-Path -Path $locationRegPath)) {
21. $errorMessages += "Registry key '$locationRegPath' does not exist. Expected property 'Value' with value '$expectedLocation'."
22. }
23. else {
24. $actualLocation = (Get-ItemProperty -Path $locationRegPath -Name "Value" -ErrorAction SilentlyContinue).Value
25. if ($null -eq $actualLocation) {
26. $errorMessages += "Registry property 'Value' does not exist in '$locationRegPath'. Expected '$expectedLocation'."
27. }
28. elseif ($actualLocation -ne $expectedLocation) {
29. $errorMessages += "Location setting is incorrect. Expected '$expectedLocation', got '$actualLocation'."
30. }
31. else {
32. Write-Host "Location setting is correctly set to '$expectedLocation'."
33. }
34. }
35.  
36. # Check Auto Timezone registry setting
37. $tzRegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate"
38. $expectedAutoTZ = "3"
39. if (-not (Test-Path -Path $tzRegPath)) {
40. $errorMessages += "Registry key '$tzRegPath' does not exist. Expected property 'Start' with value '$expectedAutoTZ'."
41. }
42. else {
43. $actualAutoTZ = (Get-ItemProperty -Path $tzRegPath -Name "Start" -ErrorAction SilentlyContinue).Start
44. if ($null -eq $actualAutoTZ) {
45. $errorMessages += "Registry property 'Start' does not exist in '$tzRegPath'. Expected '$expectedAutoTZ'."
46. }
47. elseif ($actualAutoTZ -ne $expectedAutoTZ) {
48. $errorMessages += "Auto Timezone setting is incorrect. Expected '$expectedAutoTZ', got '$actualAutoTZ'."
49. }
50. else {
51. Write-Host "Auto Timezone setting is correctly set to '$expectedAutoTZ'."
52. }
53. }
54.  
55. # Check lfsvc service configuration registry setting
56. $lfsvcRegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration"
57. $expectedLFSVC = "1"
58. if (-not (Test-Path -Path $lfsvcRegPath)) {
59. $errorMessages += "Registry key '$lfsvcRegPath' does not exist. Expected property 'Status' with value '$expectedLFSVC'."
60. }
61. else {
62. $actualLFSVC = (Get-ItemProperty -Path $lfsvcRegPath -Name "Status" -ErrorAction SilentlyContinue).Status
63. if ($null -eq $actualLFSVC) {
64. $errorMessages += "Registry property 'Status' does not exist in '$lfsvcRegPath'. Expected '$expectedLFSVC'."
65. }
66. elseif ($actualLFSVC -ne $expectedLFSVC) {
67. $errorMessages += "lfsvc configuration is incorrect. Expected '$expectedLFSVC', got '$actualLFSVC'."
68. }
69. else {
70. Write-Host "lfsvc configuration is correctly set to '$expectedLFSVC'."
71. }
72. }
73.  
74. # Check geolocation service (lfsvc) status
75. $lfsvcService = Get-Service -Name lfsvc -ErrorAction SilentlyContinue
76. if ($null -eq $lfsvcService) {
77. $errorMessages += "lfsvc service is not found."
78. }
79. elseif ($lfsvcService.Status -ne "Running") {
80. $errorMessages += "lfsvc service is not running. Current status: $($lfsvcService.Status)."
81. }
82. else {
83. Write-Host "lfsvc service is running."
84. }
85.  
86. # Check sensor registry value
87. $sensorRegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}"
88. $expectedSensor = "1"
89. if (-not (Test-Path -Path $sensorRegPath)) {
90. $errorMessages += "Registry key '$sensorRegPath' does not exist. Expected property 'SensorPermissionState' with value '$expectedSensor'."
91. }
92. else {
93. $actualSensor = (Get-ItemProperty -Path $sensorRegPath -Name "SensorPermissionState" -ErrorAction SilentlyContinue).SensorPermissionState
94. if ($null -eq $actualSensor) {
95. $errorMessages += "Registry property 'SensorPermissionState' does not exist in '$sensorRegPath'. Expected '$expectedSensor'."
96. }
97. elseif ($actualSensor -ne $expectedSensor) {
98. $errorMessages += "Sensor value is incorrect. Expected '$expectedSensor', got '$actualSensor'."
99. }
100. else {
101. Write-Host "Sensor value is correctly set to '$expectedSensor'."
102. }
103. }
104.  
105. # Evaluate detection result
106. if ($errorMessages.Count -gt 0) {
107. foreach ($msg in $errorMessages) {
108. Write-Host $msg
109. }
110. Exit 1
111. }
112. else {
113. Write-Host "All settings are correctly configured."
114. Exit 0
115. }
116. }
117. catch {
118. Write-Error "Detection encountered an error: $($_.Exception.Message)"
119. Exit 1
120. }