https://wiki.itarian.com/frontend/web/topic/how-to-use-custom-script-procedure-monitoring
Tested in Windows 10.
#To define a particular parameter, replace the 'parameterName' inside itsm.getParameter('parameterName') with that parameter's name
drive = itsm.getParameter('DownTo') #Provide the drive which you need to enable Restore Access eg: "c:"
resistry_backup_path = itsm.getParameter('Registry_Backup_path') #Provide the drive which you need to enable Restore Access eg: "C:\Users\xxxx\backups"
from datetime import date
import os
ps_content=r'''
enable-computerrestore -drive "%s\"
'''%drive
BAT=r'''
Wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "My Restore Point", 100, 12
'''
import os
import subprocess
def ecmd(command):
import ctypes
from subprocess import PIPE, Popen
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
with disable_file_system_redirection():
obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)
out, err = obj.communicate()
ret=obj.returncode
if ret==0:
if out:
return out.strip()
else:
return ret
else:
if err:
return err.strip()
else:
return ret
file_name='powershell_file.ps1'
file_path=os.path.join(os.environ['TEMP'], file_name)
with open(file_path, 'wb') as wr:
wr.write(ps_content)
path=os.environ['programdata']+"\Sample.bat"
with open(path,"w") as f:
f.write(BAT)
ecmd('powershell "Set-ExecutionPolicy RemoteSigned"')
print ecmd('powershell "%s"'%file_path)
process = subprocess.Popen([path],stdout=subprocess.PIPE)
stdout = process.communicate()[0]
print "sucessfully created system restore"
os.remove(path)
os.remove(file_path)
print "Registry backup started"
today = date.today()
if not os.path.exists(resistry_backup_path):
os.makedirs(resistry_backup_path)
backup_path = resistry_backup_path + '/reg_backup_'+str(today)+'.reg'
print backup_path
print ecmd('REGEDIT /E /y "%s"'%backup_path)
print "Registry backup completed"
Comments