mirror of
https://github.com/Icinga/icinga-powershell-framework.git
synced 2026-02-02 19:59:31 -05:00
Merge pull request #838 from Icinga:fix/ensure_ifw_never_loads_user_profiles
Fix: Never load user PowerShell profiles To enhance compatibility and reduce the overall impact during certain tasks run by Icinga for Windows, ensure we never load any user PowerShell profiles
This commit is contained in:
Lord Hepipud
GitHub
commit
72be26f129
16 changed files with 28 additions and 22 deletions
|
|
@ -11,9 +11,15 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
|
|||
|
||||
[Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/38)
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* [#835](https://github.com/Icinga/icinga-powershell-framework/pull/835) Fixes JEA compiler to always enforce a rebuild of the Framework to ensure integrity of JEA profiles
|
||||
* [#836](https://github.com/Icinga/icinga-powershell-framework/issues/836) Fixes Metric over Time collector not working on Windows 2012 R2 and older
|
||||
|
||||
### Enhancements
|
||||
|
||||
* [#838](https://github.com/Icinga/icinga-powershell-framework/pull/838) Enhances Icinga for Windows to never load and user PowerShell profiles
|
||||
|
||||
## 1.13.4 (tbd)
|
||||
|
||||
[Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/42)
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ Update-IcingaJEAProfile -IcingaUser 'MyOwnIcingaUser';
|
|||
If you used `TestEnv` to create a test environment for JEA for the current user, you can simply enter the PowerShell JEA session with this command:
|
||||
|
||||
```powershell
|
||||
powershell.exe -ConfigurationName 'IcingaForWindowsTest';
|
||||
powershell.exe -NoProfile -ConfigurationName 'IcingaForWindowsTest';
|
||||
```
|
||||
|
||||
This will open a new `remote` PowerShell session over `WinRM` on the local machine with the provided JEA profile 'IcingaForWindowsTest'.
|
||||
|
|
|
|||
|
|
@ -340,7 +340,7 @@ function Invoke-IcingaCommand()
|
|||
# Ensure we set the path to another folder to prevent locking the Framework Root Folder
|
||||
Set-Location (Get-IcingaForWindowsRootPath);
|
||||
|
||||
powershell.exe -NoExit -Command {
|
||||
powershell.exe -NoProfile -NoExit -Command {
|
||||
$Script = $args[0];
|
||||
$RootPath = $args[1];
|
||||
$Version = $args[2];
|
||||
|
|
@ -427,7 +427,7 @@ function Start-IcingaShellAsUser()
|
|||
-Verb RunAs `
|
||||
-ArgumentList (
|
||||
[string]::Format(
|
||||
"-Command `"Start-Process -FilePath `"powershell.exe`" -WorkingDirectory `"{0}`" -Credential (Get-Credential -UserName '{1}' -Message 'Please enter your credentials to open an Icinga Shell with') -ArgumentList icinga`"",
|
||||
"-NoProfile -Command `"Start-Process -FilePath `"powershell.exe`" -WorkingDirectory `"{0}`" -Credential (Get-Credential -UserName '{1}' -Message 'Please enter your credentials to open an Icinga Shell with') -ArgumentList icinga`"",
|
||||
$PSHOME,
|
||||
$User
|
||||
)
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ function Install-IcingaFrameworkComponent()
|
|||
|
||||
if ([string]::IsNullOrEmpty((Get-IcingaJEAContext)) -eq $FALSE) {
|
||||
Write-IcingaConsoleNotice 'Updating Icinga JEA profile';
|
||||
& powershell.exe -Command { Use-Icinga -Minimal; Install-IcingaJEAProfile; } | Out-Null;
|
||||
& powershell.exe -NoProfile -Command { Use-Icinga -Minimal; Install-IcingaJEAProfile; } | Out-Null;
|
||||
}
|
||||
|
||||
# Unload the module if it was loaded before
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ function Install-IcingaFrameworkUpdate()
|
|||
if ([string]::IsNullOrEmpty((Get-IcingaJEAContext)) -eq $FALSE) {
|
||||
Remove-IcingaFrameworkDependencyFile;
|
||||
Write-IcingaConsoleNotice 'Updating Icinga JEA profile';
|
||||
& powershell.exe -Command { Use-Icinga -Minimal; Install-IcingaJEAProfile; } | Out-Null;
|
||||
& powershell.exe -NoProfile -Command { Use-Icinga -Minimal; Install-IcingaJEAProfile; } | Out-Null;
|
||||
}
|
||||
|
||||
Write-IcingaConsoleNotice 'Framework update has been completed. Please start a new PowerShell instance now to complete the update';
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ function Restart-IcingaService()
|
|||
if (Get-Service "$Service" -ErrorAction SilentlyContinue) {
|
||||
Write-IcingaConsoleNotice ([string]::Format('Restarting service "{0}"', $Service));
|
||||
|
||||
& powershell.exe -Command {
|
||||
& powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$Service = $args[0];
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ function Start-IcingaService()
|
|||
if (Get-Service $Service -ErrorAction SilentlyContinue) {
|
||||
Write-IcingaConsoleNotice -Message 'Starting service "{0}"' -Objects $Service;
|
||||
|
||||
& powershell.exe -Command {
|
||||
& powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$Service = $args[0];
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ function Stop-IcingaService()
|
|||
if (Get-Service "$Service" -ErrorAction SilentlyContinue) {
|
||||
Write-IcingaConsoleNotice -Message 'Stopping service "{0}"' -Objects $Service;
|
||||
|
||||
& powershell.exe -Command {
|
||||
& powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$Service = $args[0];
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ function Install-IcingaAgent()
|
|||
}
|
||||
}
|
||||
|
||||
$InstallProcess = & powershell.exe -Command {
|
||||
$InstallProcess = & powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$IcingaInstaller = $args[0];
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ function Uninstall-IcingaAgent()
|
|||
|
||||
Stop-IcingaService -Service 'icinga2';
|
||||
|
||||
$Uninstaller = & powershell.exe -Command {
|
||||
$Uninstaller = & powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$IcingaData = $args[0];
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ function Show-IcingaForWindowsMenuManageViewLogs()
|
|||
'AdminMenu' = $TRUE;
|
||||
'Action' = @{
|
||||
'Command' = 'Start-Process';
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-Command `"&{ icinga { Read-IcingaAgentLogFile; }; }`"" };
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-NoProfile -Command `"&{ icinga { Read-IcingaAgentLogFile; }; }`"" };
|
||||
}
|
||||
},
|
||||
@{
|
||||
|
|
@ -24,7 +24,7 @@ function Show-IcingaForWindowsMenuManageViewLogs()
|
|||
'AdminMenu' = $TRUE;
|
||||
'Action' = @{
|
||||
'Command' = 'Start-Process';
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-Command `"&{ icinga { Read-IcingaAgentDebugLogFile; }; }`"" };
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-NoProfile -Command `"&{ icinga { Read-IcingaAgentDebugLogFile; }; }`"" };
|
||||
}
|
||||
},
|
||||
@{
|
||||
|
|
@ -34,7 +34,7 @@ function Show-IcingaForWindowsMenuManageViewLogs()
|
|||
'AdminMenu' = $TRUE;
|
||||
'Action' = @{
|
||||
'Command' = 'Start-Process';
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-Command `"&{ icinga { Read-IcingaForWindowsLog; }; }`"" };
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-NoProfile -Command `"&{ icinga { Read-IcingaForWindowsLog; }; }`"" };
|
||||
}
|
||||
},
|
||||
@{
|
||||
|
|
@ -44,7 +44,7 @@ function Show-IcingaForWindowsMenuManageViewLogs()
|
|||
'AdminMenu' = $TRUE;
|
||||
'Action' = @{
|
||||
'Command' = 'Start-Process';
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-Command `"&{ icinga { Read-IcingaWindowsEventLog -LogName 'Icinga for Windows' -Source 'IfW::Debug'; }; }`"" };
|
||||
'Arguments' = @{ '-FilePath' = 'powershell.exe'; '-ArgumentList' = "-NoProfile -Command `"&{ icinga { Read-IcingaWindowsEventLog -LogName 'Icinga for Windows' -Source 'IfW::Debug'; }; }`"" };
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -358,7 +358,7 @@ function Install-IcingaComponent()
|
|||
}
|
||||
}
|
||||
|
||||
$MSIData = & powershell.exe -Command {
|
||||
$MSIData = & powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$DownloadDestination = $args[0];
|
||||
|
|
@ -380,7 +380,7 @@ function Install-IcingaComponent()
|
|||
}
|
||||
}
|
||||
|
||||
$InstallProcess = & powershell.exe -Command {
|
||||
$InstallProcess = & powershell.exe -NoProfile -Command {
|
||||
Use-Icinga -Minimal;
|
||||
|
||||
$DownloadDestination = $args[0];
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ function Invoke-IcingaWindowsScheduledTask()
|
|||
$TaskData = Invoke-IcingaWindowsServiceHandlerTask -ScriptPath 'jobs\GetWindowsService.ps1' -ServiceName $ObjectName -TmpFile $TmpFile.FullName -TaskName $TaskName -TaskPath $TaskPath;
|
||||
};
|
||||
'UninstallAgent' {
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format('-WindowStyle Hidden -Command &{{ Use-Icinga -Minimal; Write-IcingaFileSecure -File {0}{1}{0} -Value (Start-IcingaProcess -Executable {0}MsiExec.exe{0} -Arguments {0}"{2}" /q{0} -FlushNewLines | ConvertTo-Json -Depth 100); }}', "'", $TmpFile.FullName, $FilePath, $TargetPath))
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format('-NoProfile -WindowStyle Hidden -Command &{{ Use-Icinga -Minimal; Write-IcingaFileSecure -File {0}{1}{0} -Value (Start-IcingaProcess -Executable {0}MsiExec.exe{0} -Arguments {0}"{2}" /q{0} -FlushNewLines | ConvertTo-Json -Depth 100); }}', "'", $TmpFile.FullName, $FilePath, $TargetPath))
|
||||
Register-ScheduledTask -User 'System' -TaskName $TaskName -Action $WinAction -TaskPath $TaskPath | Out-Null;
|
||||
|
||||
Start-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath;
|
||||
|
|
@ -54,7 +54,7 @@ function Invoke-IcingaWindowsScheduledTask()
|
|||
'ReadMSIPackage' {
|
||||
if (Test-Path $FilePath) {
|
||||
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format('-WindowStyle Hidden -Command &{{ Use-Icinga -Minimal; Write-IcingaFileSecure -File {0}{1}{0} -Value (Read-IcingaMSIMetadata -File {0}{2}{0} | ConvertTo-Json -Depth 100); }}', "'", $TmpFile.FullName, $FilePath))
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format('-NoProfile -WindowStyle Hidden -Command &{{ Use-Icinga -Minimal; Write-IcingaFileSecure -File {0}{1}{0} -Value (Read-IcingaMSIMetadata -File {0}{2}{0} | ConvertTo-Json -Depth 100); }}', "'", $TmpFile.FullName, $FilePath))
|
||||
Register-ScheduledTask -TaskName $TaskName -Action $WinAction -RunLevel Highest -TaskPath $TaskPath | Out-Null;
|
||||
|
||||
Start-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath;
|
||||
|
|
@ -68,7 +68,7 @@ function Invoke-IcingaWindowsScheduledTask()
|
|||
}
|
||||
};
|
||||
'InstallJEA' {
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format('-Command &{{ Use-Icinga -Minimal; Install-IcingaJEAProfile; Restart-IcingaForWindows; }}', "'", $TmpFile.FullName, $FilePath))
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format('-NoProfile -Command &{{ Use-Icinga -Minimal; Install-IcingaJEAProfile; Restart-IcingaForWindows; }}', "'", $TmpFile.FullName, $FilePath))
|
||||
Register-ScheduledTask -User 'System' -TaskName $TaskName -Action $WinAction -TaskPath $TaskPath | Out-Null;
|
||||
Start-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath;
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ function Invoke-IcingaWindowsServiceHandlerTask()
|
|||
return $null;
|
||||
}
|
||||
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format("-WindowStyle Hidden -Command &{{ & '{0}' -ServiceName '{1}' -TmpFilePath '{2}' }}", $ScriptPath, $ServiceName, $TmpFile));
|
||||
$WinAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument ([string]::Format("-NoProfile -WindowStyle Hidden -Command &{{ & '{0}' -ServiceName '{1}' -TmpFilePath '{2}' }}", $ScriptPath, $ServiceName, $TmpFile));
|
||||
$TaskSettings = New-ScheduledTaskSettingsSet -DontStopIfGoingOnBatteries -AllowStartIfOnBatteries -StartWhenAvailable;
|
||||
# We need to schedule this task as LocalSystem to ensure we can fetch the information while connected over WinRM/SSH
|
||||
# We require high admin privilleges anyway, therefor this shouldn't hurt
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ function Register-IcingaWindowsScheduledTaskProcessPriority()
|
|||
}
|
||||
|
||||
$ScriptPath = Join-Path -Path (Get-IcingaFrameworkRootPath) -ChildPath '\jobs\SetProcessPriority.ps1';
|
||||
$TaskAction = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument ([string]::Format("-WindowStyle Hidden -Command &{{ & '{0}' }}", $ScriptPath));
|
||||
$TaskAction = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument ([string]::Format("-NoProfile -WindowStyle Hidden -Command &{{ & '{0}' }}", $ScriptPath));
|
||||
$TaskPrincipal = New-ScheduledTaskPrincipal -UserId 'S-1-5-18' -RunLevel 'Highest' -LogonType ServiceAccount;
|
||||
$TaskSettings = New-ScheduledTaskSettingsSet -DontStopIfGoingOnBatteries -AllowStartIfOnBatteries -StartWhenAvailable;
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ function Register-IcingaWindowsScheduledTaskRenewCertificate()
|
|||
|
||||
$ScriptPath = Join-Path -Path (Get-IcingaFrameworkRootPath) -ChildPath '\jobs\RenewCertificate.ps1';
|
||||
$TaskTrigger = New-ScheduledTaskTrigger -Daily -DaysInterval 1 -At '1am';
|
||||
$TaskAction = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument ([string]::Format("-WindowStyle Hidden -Command &{{ & '{0}' }}", $ScriptPath));
|
||||
$TaskAction = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument ([string]::Format("-NoProfile -WindowStyle Hidden -Command &{{ & '{0}' }}", $ScriptPath));
|
||||
$TaskPrincipal = New-ScheduledTaskPrincipal -UserId 'S-1-5-18' -RunLevel 'Highest' -LogonType ServiceAccount;
|
||||
$TaskSettings = New-ScheduledTaskSettingsSet -DontStopIfGoingOnBatteries -AllowStartIfOnBatteries -StartWhenAvailable;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue