Merge pull request #101 from TheJumpCloud/SA-3471-ADMU-Disable-Schedu…

…led-Tasks

Sa 3471 admu disable scheduled tasks

.circleci/config.yml

@@ -2,13 +2,13 @@ version: 2.1
 parameters:
   buildReleaseType:
     description: "Semantic Version increment type of the release. Valid values: major, minor, patch"
-    default: "patch"
+    default: "minor"
     type: enum
     enum: ["major", "minor", "patch"]
   PublishToPSGallery:
     description: "When `true` and when run against Master branch, this workflow will publish the latest code to PSGallery"
     type: boolean
-    default: false
+    default: true
   ManualModuleVersion:
     description: "When `true` the pipeline will use the Module Version specified in JumpCloud Module JumpCloud.psd1 file"
     type: boolean

ModuleChangelog.md

@@ -1,3 +1,13 @@
+## 2.5.0
+
+Release Date: August 30, 2023
+
+#### RELEASE NOTES
+
+```
+* The ADMU now checks for scheduled tasks before migration and attempts to disable any non-microsoft task. Scheduled tasks which load a user's registry into memory have been reported to have locked a user's registry into memory which will prevent the ADMU from functioning. This release of ADMU will attempt to disable any root level scheduled tasks and will re-enable these tasks after migration or if the ADMU fails to migrate.
+  - Only tasks that are in a "Ready" state will be disabled, currently running tasks are not stopped.
+```
 ## 2.4.3
 
 Release Date: Aug 23,2023

jumpcloud-ADMU/JumpCloud.ADMU.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
   <metadata>
     <id>JumpCloud.ADMU</id>
-    <version>2.4.3</version>
+    <version>2.5.0.3282</version>
     <description>Powershell Module to run JumpCloud Active Directory Migration Utility.</description>
     <authors>JumpCloud Solutions Architect Team</authors>
     <owners>JumpCloud</owners>

jumpcloud-ADMU/JumpCloud.ADMU.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: JumpCloud Solutions Architect Team
 #
-# Generated on: 8/23/2023
+# Generated on: 8/30/2023
 #
 
 @{
@@ -12,13 +12,13 @@
 RootModule = 'JumpCloud.ADMU.psm1'
 
 # Version number of this module.
-ModuleVersion = '2.4.3'
+ModuleVersion = '2.5.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
 
 # ID used to uniquely identify this module
-GUID = 'd24fb2e2-a7d0-4228-afa4-45767980c10e'
+GUID = 'd61a763b-2d1d-4b4d-ac21-0fb41d17a6ab'
 
 # Author of this module
 Author = 'JumpCloud Solutions Architect Team'

jumpcloud-ADMU/Powershell/Form.ps1

@@ -143,7 +143,7 @@ function show-mtpSelection {
 <Window
         xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
         xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
-        Title="JumpCloud ADMU 2.4.3"
+        Title="JumpCloud ADMU 2.5.0"
         WindowStyle="SingleBorderWindow"
         ResizeMode="NoResize"
         Background="White" ScrollViewer.VerticalScrollBarVisibility="Visible" ScrollViewer.HorizontalScrollBarVisibility="Visible" Width="1000" Height="520">

jumpcloud-ADMU/Powershell/Start-Migration.ps1

@@ -1327,7 +1327,42 @@ function Test-DATFilePermission {
         }
     }
 }
+function Set-ADMUScheduledTask {
+    # Param op "disable" or "enable" then -tasks (array of tasks)
+    param (
+        [Parameter(Mandatory = $true)]
+        [ValidateSet("disable", "enable")]
+        [System.String]
+        $op,
+        [Parameter(Mandatory = $true)]
+        [System.Object[]]
+        $scheduledTasks
+    )
 
+    # Switch op
+    switch ($op) {
+        "disable" {
+            try {
+                $scheduledTasks | ForEach-Object {
+                    Write-ToLog -message:("Disabling Scheduled Task: $($_.TaskName)")
+                    Disable-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath | Out-Null
+                }
+            } catch {
+                Write-ToLog -message:("Failed to disable Scheduled Tasks $($_.Exception.Message)")
+            }
+        }
+        "enable" {
+            try {
+                $scheduledTasks | ForEach-Object {
+                    Write-ToLog -message("Enabling Scheduled Task: $($_.TaskName)")
+                    Enable-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath | Out-Null
+                }
+            } catch {
+                Write-ToLog -message("Could not enable Scheduled Task: $($_.TaskName)") -Level Warn
+            }
+        }
+    }
+ }
 #endregion Agent Install Helper Functions
 Function Start-Migration {
     [CmdletBinding(HelpURI = "https://github.com/TheJumpCloud/jumpcloud-ADMU/wiki/Start-Migration")]
@@ -1350,7 +1385,7 @@ Function Start-Migration {
     Begin {
         Write-ToLog -Message:('####################################' + (get-date -format "dd-MMM-yyyy HH:mm") + '####################################')
         # Start script
-        $admuVersion = '2.4.3'
+        $admuVersion = '2.5.0'
         Write-ToLog -Message:('Running ADMU: ' + 'v' + $admuVersion)
         Write-ToLog -Message:('Script starting; Log file location: ' + $jcAdmuLogFile)
         Write-ToLog -Message:('Gathering system & profile information')
@@ -1490,6 +1525,17 @@ Function Start-Migration {
             new-item -ItemType Directory -Force -Path $jcAdmuTempPath 2>&1 | Write-Verbose
         }
         Write-ToLog -Message:($localComputerName + ' is currently Domain joined to ' + $WmiComputerSystem.Domain + ' NetBiosName is ' + $netBiosName)
+
+        # Get all schedule tasks that have State of "Ready" and not disabled and "Running"
+        $ScheduledTasks = Get-ScheduledTask | Where-Object { $_.TaskPath -notlike "*\Microsoft\Windows*" -and $_.State -ne "Disabled" -and $_.state -ne "Running" }
+        # Disable tasks before migration
+        Write-ToLog -message:("Disabling Scheduled Tasks...")
+        # Check if $ScheduledTasks is not null
+        if ($ScheduledTasks) {
+            Set-ADMUScheduledTask -op "disable" -scheduledTasks $ScheduledTasks
+        } else {
+            Write-ToLog -message:("No Scheduled Tasks to disable")
+        }
     }
     Process {
         # Start Of Console Output
@@ -2049,6 +2095,13 @@ Function Start-Migration {
                 $admuTracker.leaveDomain.pass = $true
             }
 
+            # re-enable scheduled tasks if they were disabled
+            if ($ScheduledTasks) {
+                Set-ADMUScheduledTask -op "enable" -scheduledTasks $ScheduledTasks
+            } else {
+                Write-ToLog -Message:('No Scheduled Tasks to enable')
+            }
+
             # Cleanup Folders Again Before Reboot
             Write-ToLog -Message:('Removing Temp Files & Folders.')
             try {
@@ -2093,6 +2146,12 @@ Function Start-Migration {
                                 Write-ToLog -Message:("Could not remove the $JumpCloudUserName profile and user account") -Level Error
                             }
                             $FixedErrors += "$trackedStep"
+                            # Create a list of scheduled tasks that are disabled
+                            if ($ScheduledTasks) {
+                                Set-ADMUScheduledTask -op "enable" -scheduledTasks $ScheduledTasks
+                            } else {
+                                Write-ToLog -Message:('No Scheduled Tasks to enable')
+                            }
                         }
 
                         Default {
@@ -2116,5 +2175,7 @@ Function Start-Migration {
             }
             throw "JumpCloud ADMU was unable to migrate $selectedUserName"
         }
+
+
     }
 }

jumpcloud-ADMU/Powershell/Tests/Functions.Tests.ps1

@@ -490,7 +490,33 @@ Describe 'Functions' {
         It 'Restart-ComputerWithDelay' {
         }
     }
-
+    Context 'Test Set-ADMUScheduledTask'{
+        BeforeAll {
+            $scheduledTasks = Get-ScheduledTask | Where-Object { $_.TaskPath -notlike "*\Microsoft\Windows*" -and $_.State -ne "Disabled" -and $_.state -ne "Running" }
+            Set-ADMUScheduledTask -op "disable" -scheduledTasks $scheduledTasks
+        }
+        It 'Should disabled tasks'{
+            # Disable tasks that are ready to run
+            $afterDisable = Get-ScheduledTask | Where-Object { $_.TaskPath -notlike "*\Microsoft\Windows*" -and $_.State -eq "Disabled" }
+            # Compare $scheduledTasks and $afterDisable state should not be equal
+            $scheduledTasks | ForEach-Object {
+                $task = $_
+                # Check that the task is disabled
+                $afterDisable | Where-Object { $_.TaskName -eq $task.TaskName -and $_.State -eq "Disabled" } | Should -Not -BeNullOrEmpty
+            }
+        }
+        It 'Should Enable tasks'{
+            Set-ADMUScheduledTask -op "enable" -scheduledTasks $scheduledTasks
+            # Validate that the tasks are enabled
+            $afterEnable = Get-ScheduledTask | Where-Object { $_.TaskPath -notlike "*\Microsoft\Windows*" -and $_.State -eq "Ready" }
+            # Compare $scheduledTasks and $afterDisable state should not be equal
+            $scheduledTasks | ForEach-Object {
+                $task = $_
+                # Check that the task is disabled
+                $afterEnable | Where-Object { $_.TaskName -eq $task.TaskName -and $_.State -eq "Ready" } | Should -Not -BeNullOrEmpty
+            }
+        }
+    }
     Context 'Validates that the  Registry Hive Permissions are correct, given a username' {
         It 'Should return true when a users ntfs permissions are correct' {
             $datUserTrue = "ADMU_dat_" + -join ((65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object { [char]$_ })