Some users expressed appreciation for recent changes to ControlUp Workflows, and asked where to find a script for Grant Temporary Device Admin Access. @member stated they have the script, and @member offered to review it. They also mentioned an issue with removing a scheduled task, and suggested using a scheduled task in the Workflow instead. The script is given at the end of the input.
Read the entire ‘Collaboration and Suggestions for ControlUp Workflow Scripts’ thread below:
Good Morning All
LOVE LOVE the new changes to workflows and the new templates
And thank you for the run script and User and System – will be testing that you today
with regards to the Grant Temporary Device Admin Access – where can we get the script ?
i also have a similar script for macOS that also could be cool to run from Workflows
@member the teams are doing awesome work
Thanks @member shared with the Workflows team
@member so great to hear! Coming from you? This means a lot to ControlUp and @member, the man behind the curtain.
Please! Keep us honest and informed on how we can help you and make the product better and better! Your feedback is priceless!
Thanks!
I woke up, had a morning call and now I read this! What a wonderful day it is starting off to be 🙂
@member has the script I think
I would review the script though 🙂
Issue: You cannot remove a scheduled task from that scheduled task.
Suggestion: Check if the task is already there and if yes, change the time when the user needs to be removed.
I can Upload the JSON for the worklflow as well if you want @member
“`[Console]::OutputEncoding = [System.Text.Encoding]::UTF8 # This line is added automatically to help with Unicode characters. Please add your code below
Get the locally logged on user
$localUser = (Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty UserName)
if (-not $localUser) {
Write-Verbose "No user is currently logged on locally."
return
}
Extract username (domain\username or just username)
if ($localUser -match ‘\’) {
$Username = $localUser.Split(‘\’)[1]
} else {
$Username = $localUser
}
$result = [PSCustomObject]@{
success = $false
details = @()
}
function Add-Detail {
param([string]$Message)
$timestamp = (Get-Date).ToString("yyyy-MM-dd HH:mm:ss")
$result.details += "$timestamp $Message"
}
Add user to local Administrators group
try {
Add-LocalGroupMember -Group "Administrators" -Member $Username -ErrorAction Stop
$result.success = $true
Add-Detail "User $Username added to Administrators group."
} catch {
$result.success = $false
Add-Detail "Failed to add user: $_"
Write-Output("### SIP EVENT BEGINS ###")
Write-Output "Result of admin by request script:"
$result.success
$result.details | ForEach-Object { Write-Output $_ }
Write-Output("### SIP EVENT ENDS ###")
return
}
Prepare scheduled task to remove user in 4 hours
$Action = New-ScheduledTaskAction -Execute ‘PowerShell.exe’ -Argument "-NoProfile -WindowStyle Hidden -Command "Remove-LocalGroupMember -Group ‘Administrators’ -Member ‘$Username’; Unregister-ScheduledTask -TaskName ‘RemoveAdmin_$Username’ -Confirm:\$false""
$TriggerTime = (Get-Date).AddHours(4)
$Trigger = New-ScheduledTaskTrigger -Once -At $TriggerTime
$TaskName = "RemoveAdmin_$Username"
try {
Register-ScheduledTask -TaskName $TaskName -Action $Action -Trigger $Trigger -RunLevel Highest -User "SYSTEM" -Force
$result.success = $true
Add-Detail "Scheduled task ‘$TaskName’ created to remove $Username from Administrators group at $TriggerTime."
} catch {
$result.success = $false
Add-Detail "Failed to create scheduled task: $_"
$result
}
Write-Output("### SIP EVENT BEGINS ###")
Write-Output "Result of admin by request script:"
$result.success
$result.details | ForEach-Object { Write-Output $_ }
Write-Output("### SIP EVENT ENDS ###")
Write-Output("### SIP DATA BEGINS ###")
$result | ConvertTo-JSON
Write-Output("### SIP DATA ENDS ###") “`
This is the flow:
I used a scheduled task and not another flow step to remove the user because of 2 reasons.
- We cannot wait 4 hours (yet) in workflows
- When the device goes offline before the removal is done, we will miss that step and the scheduled task will continue anyway
Continue reading and comment on the thread ‘Collaboration and Suggestions for ControlUp Workflow Scripts’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers