Leave a comment

Combining secRMM with Windows Remote Management and Powershell

01/14/2020 – secRMM is tightly integrated into most all of the Microsoft enterprise security tools:  SCCM, Intune (now combined into Microsoft Endpoint Manager [MEM]), Active Directory Group Policy Objects (AD GPO), Azure Sentinel and Security Center via Azure Log Analytics, etc.

However, some environments may not have these enterprise tools at their disposal.  After all, one of the main points about secRMM is that it is fully functional on a standalone Windows computer (from XP up to W10 and all server versions).  So if I were an IT admin in a small networked environment, I would still desire to be able to manage secRMM on multiple computers from a central location just like SCCM, Intune and Active Directory provide.  The way to do this is to use “Windows Remote Management” (WinRM).

Powershell and WinRM are integrated and combined, it lets you run scripts on one or more remote computers.  This is the perfect technology to “roll our own” SCCM or Intune or AD GPO functionality for secRMM!

Watch the youtube video at : https://youtu.be/05U8Zw2NBdU.

So, here is an example of how we can do this.  Below are 2 powershell scripts named RemoteSecRMMDriver.ps1 and SetSecRMMProperty.ps1.  As the name implies, RemoteSecRMMDriver.ps1 will be our driver program and it will call SetSecRMMProperty.ps1 via the Invoke-Command so that SetSecRMMProperty.ps1 will be executed on the remote computer(s).

The relevant PowerShell command to make note of are:
New-PSSession
Invoke-Command
Remove-PSSession

RemoteSecRMMDriver.ps1:

$RemoteComputerNames=”Computer1, Computer2″; 

$secRMMProperties = @{
   “BlockProgramsOnDevice” = “$TRUE”;
   “AllowedSerialNumbers” = “123;ABC”;
   “RequireSmartPhoneLogin” = “$TRUE”;
};

$ScriptToRun=”SetSecRMMProperty.ps1″;
$AdditionalData = -join(“ran remote script “,
   $PSCommandPath,
   ” from “,
   $env:computername,
   ” on target computer(s): “,
   $RemoteComputerNames);

$PSSession = New-PSSession -ComputerName $RemoteComputerNames;

If ($PSSession.State -eq ‘Opened’)
{
   $RemoteCommand = -join($PSScriptRoot,”\”,$ScriptToRun);

   foreach ($secRMMProperty in $secRMMProperties.GetEnumerator()) {
      $PropertyName = $secRMMProperty.Name;
      $PropertyValue = $secRMMProperty.Value;
      Invoke-Command -Session $PSSession -FilePath $RemoteCommand `
      -ArgumentList $PropertyName, $PropertyValue, $AdditionalData;
}

   Remove-PSSession $PSSession;
}
else
{
   Write-Host “Error opening remote session to $RemoteComputerNames”;
}

SetSecRMMProperty.ps1:

param([string]$PropertyName_in,
[string]$PropertyValue_in,
[string]$AdditionalData_in=””,
[string]$UserSID_in=””)

$PropertyName = $PropertyName_in;

if ($PropertyValue_in -eq “$TRUE”) {
   $PropertyValue = $TRUE;
} elseif ($PropertyValue_in -eq “$FALSE”) {
   $PropertyValue = $FALSE;
} else {
   $PropertyValue = $PropertyValue_in;
}

$AdditionalData = $AdditionalData_in;

$objSecRMM = new-object -comobject secRMMInterface;
$objSecRMM.SetProperty($PropertyName, $PropertyValue, $AdditionalData);

Write-Host “$PropertyName set to $PropertyValue”;

We hope these secRMM Powershell scripts help you easily manage your USB security data when you may not have the luxury of using enterprise management tools.  Please let us know if you have any questions.  You can reach us at: support@squadratechnologies.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: