API tools faq
paste
Guest User

Untitled

a guest
Feb 17th, 2018
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.45 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. .Synopsis
  3. Provide temporary access to a local group for specified period of time
  4. .DESCRIPTION
  5. Provide temporary access to a local group for specified period of time
  6. .EXAMPLE
  7. Add-TempLocalGroupMember
  8. .INPUTS
  9. Group - Name of the group to add the user to
  10. Member - Username that should be provided temporary access
  11. RequestNumber - Number of the request ticket that relates to the temporary privileges
  12. Until - Date that the user should be removed from the group
  13. .FUNCTIONALITY
  14. Retrieves from a ARN the details of the AWS service
  15. #>
  16. Function Add-TempLocalGroupMember
  17. {
  18. [CmdletBinding()]
  19. Param(
  20. $Group = "Administrators",
  21. [Parameter(Mandatory=$true)]
  22. [ValidateNotNullOrEmpty()]
  23. $Member,
  24. [Parameter(Mandatory=$true)]
  25. [ValidateNotNullOrEmpty()]
  26. $RequestNumber,
  27. [datetime]$Until = $(Get-Date).AddDays(1),
  28. [PSCredential]$Credential,
  29. [switch]$RemoveTask
  30. )
  31.  
  32. Add-LocalGroupMember -Group $Group -Member $Member
  33. $schTaskName = "$RequestNumber Remove Local Group Membership"
  34. $taskCommand = "`"&{Remove-LocalGroupMember -Group $Group -Member $Member}`""
  35.  
  36. If(!$Credential)
  37. {
  38. $Credential = Get-Credential -Message "Please supply credentials to run the scheduled task"
  39. }
  40. else
  41. {
  42. $username = $Credential.UserName
  43. $password = $Credential.GetNetworkCredential().Password
  44. }
  45.  
  46. #Build scheduled task definition
  47. $schTaskAction = New-ScheduledTaskAction -Execute 'Powershell.exe' `
  48. -Argument "-NoProfile -WindowStyle Hidden -command $taskCommand"
  49. $schTaskTrigger = New-ScheduledTaskTrigger -At $Until -Once
  50. $schTaskUser = New-ScheduledTaskPrincipal -UserId $username -RunLevel Highest
  51. $schTask = New-ScheduledTask -Action $schTaskAction `
  52. -Trigger $schTaskTrigger `
  53. -Description "Remove Local Group Membership for [$Member] from [$Group] on [$Until]" `
  54. -Principal $schTaskUser
  55. #Add task to scheduler
  56. $scheduledTask = Register-ScheduledTask -TaskName $schTaskName -InputObject $schTask
  57.  
  58. if(!$RemoveTask)
  59. { #Set task to expire for cleanup
  60. $expireTask = Get-ScheduledTask -TaskName $schTaskName
  61. $expireTask.Triggers[0].EndBoundary = $Until.AddMinutes(5).ToString('s')
  62. $expireTask.Settings.DeleteExpiredTaskAfter = 'PT0S'
  63. $scheduledTask = $expireTask | Set-ScheduledTask -User $username -Password $password
  64. }
  65. $scheduledTask
  66. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!